fix: default 'DefinitionBody' is conflict with disableExecuteApiEndpoint

Author: wchengru

samtranslator/model/api/http_api_generator.py

@@ -48,7 +48,7 @@ def __init__(
         passthrough_resource_attributes=None,
         domain=None,
         fail_on_warnings=False,
-        disable_execute_api_endpoint=False,
+        disable_execute_api_endpoint=None,
     ):
         """Constructs an API Generator class that generates API Gateway resources
 
@@ -106,8 +106,8 @@ def _construct_http_api(self):
         if self.fail_on_warnings:
             http_api.FailOnWarnings = self.fail_on_warnings
 
-        if self.disable_execute_api_endpoint:
-            http_api.DisableExecuteApiEndpoint = self.disable_execute_api_endpoint
+        if self.disable_execute_api_endpoint is not None:
+            self._add_endpoint_configuration()
 
         if self.definition_uri:
             http_api.BodyS3Location = self._construct_body_s3_dict()
@@ -123,6 +123,23 @@ def _construct_http_api(self):
 
         return http_api
 
+    def _add_endpoint_configuration(self):
+        """Add disableExecuteApiEndpoint if it is set in SAM
+        HttpApi doesn't have vpcEndpointIds
+
+        """
+        if isinstance(self.disable_execute_api_endpoint, bool) and not self.definition_body:
+            raise InvalidResourceException(
+                self.logical_id, "Cors works only with inline OpenApi specified in 'DefinitionBody' property."
+            )
+        editor = OpenApiEditor(self.definition_body)
+        # if CORS is set in both definition_body and as a CorsConfiguration property,
+        # SAM merges and overrides the cors headers in definition_body with headers of CorsConfiguration
+        editor.add_endpoint_config(self.disable_execute_api_endpoint)
+
+        # Assign the OpenApi back to template
+        self.definition_body = editor.openapi
+
     def _add_cors(self):
         """
         Add CORS configuration if CORSConfiguration property is set in SAM.

samtranslator/open_api/open_api.py

@@ -20,6 +20,7 @@ class OpenApiEditor(object):
     _X_APIGW_INTEGRATION = "x-amazon-apigateway-integration"
     _X_APIGW_TAG_VALUE = "x-amazon-apigateway-tag-value"
     _X_APIGW_CORS = "x-amazon-apigateway-cors"
+    _X_APIGW_ENDPOINT_CONFIG = "x-amazon-apigateway-endpoint-configuration"
     _CONDITIONAL_IF = "Fn::If"
     _X_ANY_METHOD = "x-amazon-apigateway-any-method"
     _ALL_HTTP_METHODS = ["OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "PATCH"]
@@ -427,6 +428,23 @@ def add_tags(self, tags):
                 tag = {"name": name, self._X_APIGW_TAG_VALUE: value}
                 self.tags.append(tag)
 
+    def add_endpoint_config(self, disable_execute_api_endpoint):
+        """Add endpoint configuration to _X_APIGW_ENDPOINT_CONFIG header in open api definition
+
+        Following this guide:
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html
+        https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-disableexecuteapiendpoint
+
+        :param boolean disable_execute_api_endpoint: Specifies whether clients can invoke your API by using the default execute-api endpoint.
+
+        """
+        DISABLE_EXECUTE_API_ENDPOINT = "disableExecuteApiEndpoint"
+        endpoint_configuration = self._doc.get(self._X_APIGW_ENDPOINT_CONFIG, dict())
+
+        endpoint_configuration[DISABLE_EXECUTE_API_ENDPOINT] = disable_execute_api_endpoint
+
+        self._doc[self._X_APIGW_ENDPOINT_CONFIG] = endpoint_configuration
+
     def add_cors(
         self,
         allow_origins,

tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml

@@ -20,6 +20,10 @@ Parameters:
     Default: another-api-v2-truststore-version
     Type: String
 
+  MyDisableExecuteApiEndpoint:
+    Default: false
+    Type: Bool
+
 Resources:
   MyFunction:
     Condition: C1
@@ -53,6 +57,7 @@ Resources:
     Type: AWS::Serverless::HttpApi
     Properties:
       StageName: Prod
+      DisableExecuteApiEndpoint: !Ref MyDisableExecuteApiEndpoint
       Domain:
         DomainName: !Sub 'example-${AWS::Region}.com'
         CertificateArn: !Ref MyDomainCert

tests/translator/input/error_http_api_invalid_disable_execute_api_endpoint.yaml

@@ -0,0 +1,14 @@
+Resources:
+  MyApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      DisableExecuteApiEndpoint: String
+      StageName: Prod
+      Domain:
+        DomainName: "sam-example.com"
+        CertificateArn: "arn:aws:acm:us-east-1:123455353535:certificate/6c911401-620d-4d41-b89e-366c238bb2f3"
+        EndpointConfiguration: REGIONAL
+        SecurityPolicy: TLS_1_2
+        BasePath: ["/basic", "/begin-here"]
+        Route53:
+          HostedZoneName: sam-example.com.

tests/translator/output/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,7 +217,10 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": true
+          }
         }
       }
     }

tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json

@@ -23,6 +23,10 @@
     "MyMTLSVersionHTTP": {
       "Default": "another-api-v2-truststore-version",
       "Type": "String"
+    },
+    "MyDisableExecuteApiEndpoint": {
+      "Default": false,
+      "Type": "Bool"
     }
   }, 
   "Resources": {
@@ -217,7 +221,12 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": {
+              "Ref": "MyDisableExecuteApiEndpoint"
+            }
+          }
         }
       }, 
       "Condition": "C1"

tests/translator/output/aws-cn/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,7 +217,10 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": true
+          }
         }
       }
     }

tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json

@@ -23,6 +23,10 @@
     "MyMTLSVersionHTTP": {
       "Default": "another-api-v2-truststore-version",
       "Type": "String"
+    },
+    "MyDisableExecuteApiEndpoint": {
+      "Default": false,
+      "Type": "Bool"
     }
   }, 
   "Resources": {
@@ -306,7 +310,12 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": {
+              "Ref": "MyDisableExecuteApiEndpoint"
+            }
+          }
         }
       }, 
       "Condition": "C1"

tests/translator/output/aws-us-gov/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,7 +217,10 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": true
+          }
         }
       }
     }

tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json

@@ -23,6 +23,10 @@
     "MyMTLSVersionHTTP": {
       "Default": "another-api-v2-truststore-version",
       "Type": "String"
+    },
+    "MyDisableExecuteApiEndpoint": {
+      "Default": false,
+      "Type": "Bool"
     }
   }, 
   "Resources": {
@@ -306,7 +310,12 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
-          ]
+          ],
+          "x-amazon-apigateway-endpoint-configuration": {
+            "disableExecuteApiEndpoint": {
+              "Ref": "MyDisableExecuteApiEndpoint"
+            }
+          }
         }
       }, 
       "Condition": "C1"