From a27a085dfe2049565376cd8f0b4aea7edcd2ff1f Mon Sep 17 00:00:00 2001 From: Sriram Madapusi Vasudevan Date: Tue, 28 Apr 2020 15:43:52 -0700 Subject: [PATCH] fix: resource policy generation for {path+} Why is this change necessary? * To transfrom the arn in the api gateway resource policy to be "*" instead of the name of the path itself. How does it address the issue? * Allow to address the appropriate resource. What side effects does this change have? * None that are known at this point. --- samtranslator/swagger/swagger.py | 3 ++- .../model/eventsources/test_api_event_source.py | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index abd15b92c..1e79961a8 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -1144,4 +1144,5 @@ def safe_compare_regex_with_string(regex, data): @staticmethod def get_path_without_trailing_slash(path): - return re.sub(r"{([a-zA-Z0-9._-]+|proxy\+)}", "*", path) + # convert greedy paths to such as {greedy+}, {proxy+} to "*" + return re.sub(r"{([a-zA-Z0-9._-]+|[a-zA-Z0-9._-]+\+|proxy\+)}", "*", path) diff --git a/tests/model/eventsources/test_api_event_source.py b/tests/model/eventsources/test_api_event_source.py index 040e0aba0..6357e1d69 100644 --- a/tests/model/eventsources/test_api_event_source.py +++ b/tests/model/eventsources/test_api_event_source.py @@ -51,6 +51,23 @@ def test_get_permission_with_trailing_slash(self): self.assertEqual(arn, "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo") + @patch("boto3.session.Session.region_name", "eu-west-2") + def test_get_permission_with_path_parameter_to_any_path(self): + self.api_event_source.Path = "/foo/{userId+}" + cfn = self.api_event_source.to_cloudformation(function=self.func, explicit_api={}) + + perm = cfn[0] + self.assertIsInstance(perm, LambdaPermission) + + try: + arn = self._extract_path_from_arn("{}PermissionProd".format(self.logical_id), perm) + except AttributeError: + self.fail("Permission class isn't valid") + + self.assertEqual( + arn, "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo/*" + ) + @patch("boto3.session.Session.region_name", "eu-west-2") def test_get_permission_with_path_parameter(self): self.api_event_source.Path = "/foo/{userId}/bar"