aws · aahung · May 19, 2021 · May 19, 2021
@@ -269,9 +269,8 @@ def _is_missing_identity_source(self, identity):
         query_strings = identity.get("QueryStrings")
         stage_variables = identity.get("StageVariables")
         context = identity.get("Context")
-        ttl = identity.get("ReauthorizeEvery")
 
-        if (ttl is None or int(ttl) > 0) and not headers and not query_strings and not stage_variables and not context:
+        if not headers and not query_strings and not stage_variables and not context:
             return True
 
         return False
@@ -314,9 +313,7 @@ def generate_swagger(self):
                 swagger[APIGATEWAY_AUTHORIZER_KEY]["authorizerCredentials"] = function_invoke_role
 
             if self._get_function_payload_type() == "REQUEST":
-                identity_source = self._get_identity_source()
-                if identity_source:
-                    swagger[APIGATEWAY_AUTHORIZER_KEY]["identitySource"] = self._get_identity_source()
+                swagger[APIGATEWAY_AUTHORIZER_KEY]["identitySource"] = self._get_identity_source()
 
         # Authorizer Validation Expression is only allowed on COGNITO_USER_POOLS and LAMBDA_TOKEN
         is_lambda_token_authorizer = authorizer_type == "LAMBDA" and self._get_function_payload_type() == "TOKEN"

@@ -17,18 +17,3 @@ def test_create_authorizer_fails_with_string_authorization_scopes(self):
             auth = ApiGatewayAuthorizer(
                 api_logical_id="logicalId", name="authName", authorization_scopes="invalid_scope"
             )
-
-    def test_create_authorizer_fails_with_missing_identity_values_and_not_cached(self):
-        with pytest.raises(InvalidResourceException):
-            auth = ApiGatewayAuthorizer(
-                api_logical_id="logicalId",
-                name="authName",
-                identity={"ReauthorizeEvery": 10},
-                function_payload_type="REQUEST",
-            )
-
-    def test_create_authorizer_fails_with_empty_identity(self):
-        with pytest.raises(InvalidResourceException):
-            auth = ApiGatewayAuthorizer(
-                api_logical_id="logicalId", name="authName", identity={}, function_payload_type="REQUEST"
-            )
@@ -32,20 +32,6 @@ Resources:
             Identity:
               Headers:
                 - Authorization1
-
-  MyApiWithNotCachedLambdaRequestAuth:
-    Type: "AWS::Serverless::Api"
-    Properties:
-      StageName: Prod
-      Auth:
-        DefaultAuthorizer: MyLambdaRequestAuth
-        Authorizers:
-          MyLambdaRequestAuth:
-            FunctionPayloadType: REQUEST
-            FunctionArn: !GetAtt MyAuthFn.Arn
-            Identity:
-              ReauthorizeEvery: 0
-
   MyAuthFn:
     Type: AWS::Serverless::Function
     Properties:
@@ -77,12 +63,6 @@ Resources:
             RestApiId: !Ref MyApiWithLambdaRequestAuth
             Method: get
             Path: /lambda-request
-        LambdaNotCachedRequest:
-          Type: Api
-          Properties:
-            RestApiId: !Ref MyApiWithNotCachedLambdaRequestAuth
-            Method: get
-            Path: /not-cached-lambda-request
   MyUserPool:
     Type: AWS::Cognito::UserPool
     Properties:

@@ -63,19 +63,7 @@
         }, 
         "StageName": "Prod"
       }
-    },
-    "MyApiWithNotCachedLambdaRequestAuthProdStage": {
-      "Type": "AWS::ApiGateway::Stage",
-      "Properties": {
-        "DeploymentId": {
-          "Ref": "MyApiWithNotCachedLambdaRequestAuthDeployment444f67cd7c"
-        },
-        "RestApiId": {
-          "Ref": "MyApiWithNotCachedLambdaRequestAuth"
-        },
-        "StageName": "Prod"
-      }
-    },
+    }, 
     "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": {
       "Type": "AWS::Lambda::Permission", 
       "Properties": {
@@ -217,30 +205,7 @@
           ]
         }
       }
-    },
-    "MyApiWithNotCachedLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": {
-      "Type": "AWS::Lambda::Permission",
-      "Properties": {
-        "Action": "lambda:InvokeFunction",
-        "Principal": "apigateway.amazonaws.com",
-        "FunctionName": {
-          "Fn::GetAtt": [
-            "MyAuthFn",
-            "Arn"
-          ]
-        },
-        "SourceArn": {
-          "Fn::Sub": [
-            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*",
-            {
-              "__ApiId__": {
-                "Ref": "MyApiWithNotCachedLambdaRequestAuth"
-              }
-            }
-          ]
-        }
-      }
-    },
+    }, 
     "MyFnLambdaTokenPermissionProd": {
       "Type": "AWS::Lambda::Permission", 
       "Properties": {
@@ -271,17 +236,7 @@
         "Description": "RestApi deployment id: 6e52add211cda52ae10a7cc0e0afcf4afc682f9f", 
         "StageName": "Stage"
       }
-    },
-    "MyApiWithNotCachedLambdaRequestAuthDeployment444f67cd7c": {
-      "Type": "AWS::ApiGateway::Deployment",
-      "Properties": {
-        "RestApiId": {
-          "Ref": "MyApiWithNotCachedLambdaRequestAuth"
-        },
-        "Description": "RestApi deployment id: 444f67cd7c6475a698a0101480ba99b498325e90",
-        "StageName": "Stage"
-      }
-    },
+    }, 
     "MyFnLambdaRequestPermissionProd": {
       "Type": "AWS::Lambda::Permission", 
       "Properties": {
@@ -302,28 +257,7 @@
           ]
         }
       }
-    },
-    "MyFnLambdaNotCachedRequestPermissionProd": {
-      "Type": "AWS::Lambda::Permission",
-      "Properties": {
-        "Action": "lambda:InvokeFunction",
-        "Principal": "apigateway.amazonaws.com",
-        "FunctionName": {
-          "Ref": "MyFn"
-        },
-        "SourceArn": {
-          "Fn::Sub": [
-            "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/not-cached-lambda-request",
-            {
-              "__Stage__": "*",
-              "__ApiId__": {
-                "Ref": "MyApiWithNotCachedLambdaRequestAuth"
-              }
-            }
-          ]
-        }
-      }
-    },
+    }, 
     "MyApiWithLambdaTokenAuth": {
       "Type": "AWS::ApiGateway::RestApi", 
       "Properties": {
@@ -534,64 +468,6 @@
           }
         }
       }
-    },
-    "MyApiWithNotCachedLambdaRequestAuth": {
-      "Type": "AWS::ApiGateway::RestApi",
-      "Properties": {
-        "Body": {
-          "info": {
-            "version": "1.0",
-            "title": {
-              "Ref": "AWS::StackName"
-            }
-          },
-          "paths": {
-            "/not-cached-lambda-request": {
-              "get": {
-                "x-amazon-apigateway-integration": {
-                  "httpMethod": "POST",
-                  "type": "aws_proxy",
-                  "uri": {
-                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations"
-                  }
-                },
-                "security": [
-                  {
-                    "MyLambdaRequestAuth": []
-                  }
-                ],
-                "responses": {}
-              }
-            }
-          },
-          "swagger": "2.0",
-          "securityDefinitions": {
-            "MyLambdaRequestAuth": {
-              "in": "header",
-              "type": "apiKey",
-              "name": "Unused",
-              "x-amazon-apigateway-authorizer": {
-                "type": "request",
-                "authorizerUri": {
-                  "Fn::Sub": [
-                    "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations",
-                    {
-                      "__FunctionArn__": {
-                        "Fn::GetAtt": [
-                          "MyAuthFn",
-                          "Arn"
-                        ]
-                      }
-                    }
-                  ]
-                },
-                "authorizerResultTtlInSeconds": 0
-              },
-              "x-amazon-apigateway-authtype": "custom"
-            }
-          }
-        }
-      }
     }
   }
 }