fix: default 'DefinitionBody' is conflict with disableExecuteApiEndpoint (#1790)

* fix: default 'DefinitionBody' is conflict with disableExecuteApiEndpoint

* update swagger format

* Add comment to explain why definitionbody is always defined

* Add comments

Author: wchengru

samtranslator/model/api/http_api_generator.py

@@ -49,7 +49,7 @@ def __init__(
         domain=None,
         fail_on_warnings=False,
         description=None,
-        disable_execute_api_endpoint=False,
+        disable_execute_api_endpoint=None,
     ):
         """Constructs an API Generator class that generates API Gateway resources
 
@@ -109,8 +109,8 @@ def _construct_http_api(self):
         if self.fail_on_warnings:
             http_api.FailOnWarnings = self.fail_on_warnings
 
-        if self.disable_execute_api_endpoint:
-            http_api.DisableExecuteApiEndpoint = self.disable_execute_api_endpoint
+        if self.disable_execute_api_endpoint is not None:
+            self._add_endpoint_configuration()
 
         if self.definition_uri:
             http_api.BodyS3Location = self._construct_body_s3_dict()
@@ -129,6 +129,32 @@ def _construct_http_api(self):
 
         return http_api
 
+    def _add_endpoint_configuration(self):
+        """Add disableExecuteApiEndpoint if it is set in SAM
+        HttpApi doesn't have vpcEndpointIds
+
+        Note:
+        DisableExecuteApiEndpoint as a property of AWS::ApiGatewayV2::Api needs both DefinitionBody and
+        DefinitionUri to be None. However, if neither DefinitionUri nor DefinitionBody are specified,
+        SAM will generate a openapi definition body based on template configuration.
+        https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-api-definitionbody
+        For this reason, we always put DisableExecuteApiEndpoint into openapi object.
+
+        """
+        if self.disable_execute_api_endpoint and not self.definition_body:
+            raise InvalidResourceException(
+                self.logical_id, "DisableExecuteApiEndpoint works only within 'DefinitionBody' property."
+            )
+        editor = OpenApiEditor(self.definition_body)
+
+        # if DisableExecuteApiEndpoint is set in both definition_body and as a property,
+        # SAM merges and overrides the disableExecuteApiEndpoint in definition_body with headers of
+        # "x-amazon-apigateway-endpoint-configuration"
+        editor.add_endpoint_config(self.disable_execute_api_endpoint)
+
+        # Assign the OpenApi back to template
+        self.definition_body = editor.openapi
+
     def _add_cors(self):
         """
         Add CORS configuration if CORSConfiguration property is set in SAM.

samtranslator/open_api/open_api.py

@@ -20,6 +20,8 @@ class OpenApiEditor(object):
     _X_APIGW_INTEGRATION = "x-amazon-apigateway-integration"
     _X_APIGW_TAG_VALUE = "x-amazon-apigateway-tag-value"
     _X_APIGW_CORS = "x-amazon-apigateway-cors"
+    _X_APIGW_ENDPOINT_CONFIG = "x-amazon-apigateway-endpoint-configuration"
+    _SERVERS = "servers"
     _CONDITIONAL_IF = "Fn::If"
     _X_ANY_METHOD = "x-amazon-apigateway-any-method"
     _ALL_HTTP_METHODS = ["OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "PATCH"]
@@ -427,6 +429,27 @@ def add_tags(self, tags):
                 tag = {"name": name, self._X_APIGW_TAG_VALUE: value}
                 self.tags.append(tag)
 
+    def add_endpoint_config(self, disable_execute_api_endpoint):
+        """Add endpoint configuration to _X_APIGW_ENDPOINT_CONFIG header in open api definition
+
+        Following this guide:
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html
+        https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-disableexecuteapiendpoint
+
+        :param boolean disable_execute_api_endpoint: Specifies whether clients can invoke your API by using the default execute-api endpoint.
+
+        """
+
+        DISABLE_EXECUTE_API_ENDPOINT = "disableExecuteApiEndpoint"
+
+        servers_configurations = self._doc.get(self._SERVERS, [{}])
+        for config in servers_configurations:
+            endpoint_configuration = config.get(self._X_APIGW_ENDPOINT_CONFIG, dict())
+            endpoint_configuration[DISABLE_EXECUTE_API_ENDPOINT] = disable_execute_api_endpoint
+            config[self._X_APIGW_ENDPOINT_CONFIG] = endpoint_configuration
+
+        self._doc[self._SERVERS] = servers_configurations
+
     def add_cors(
         self,
         allow_origins,

tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml

@@ -53,6 +53,7 @@ Resources:
     Type: AWS::Serverless::HttpApi
     Properties:
       StageName: Prod
+      DisableExecuteApiEndpoint: False
       Domain:
         DomainName: !Sub 'example-${AWS::Region}.com'
         CertificateArn: !Ref MyDomainCert

tests/translator/input/error_http_api_invalid_disable_execute_api_endpoint.yaml

@@ -0,0 +1,14 @@
+Resources:
+  MyApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      DisableExecuteApiEndpoint: String
+      StageName: Prod
+      Domain:
+        DomainName: "sam-example.com"
+        CertificateArn: "arn:aws:acm:us-east-1:123455353535:certificate/6c911401-620d-4d41-b89e-366c238bb2f3"
+        EndpointConfiguration: REGIONAL
+        SecurityPolicy: TLS_1_2
+        BasePath: ["/basic", "/begin-here"]
+        Route53:
+          HostedZoneName: sam-example.com.

tests/translator/output/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": true
+              }
+            }
           ]
         }
       }

tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json

@@ -217,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": false
+              }
+            }
           ]
         }
       }, 

tests/translator/output/aws-cn/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": true
+              }
+            }
           ]
         }
       }

tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json

@@ -306,6 +306,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": false
+              }
+            }
           ]
         }
       }, 

tests/translator/output/aws-us-gov/api_with_basic_custom_domain_http.json

@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": true
+              }
+            }
           ]
         }
       }

tests/translator/output/aws-us-gov/api_with_basic_custom_domain_intrinsics_http.json

@@ -306,6 +306,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": false
+              }
+            }
           ]
         }
       },