diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index 95ee8628d4..deed6b834c 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -18,8 +18,9 @@ # Default the Cors Properties to '*' wildcard and False AllowCredentials. Other properties are actually Optional CorsProperties.__new__.__defaults__ = (None, None, _CORS_WILDCARD, None, False) -AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer"]) -AuthProperties.__new__.__defaults__ = (None, None) +AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", + "AddDefaultAuthorizerToCorsPreflight"]) +AuthProperties.__new__.__defaults__ = (None, None, True) class ApiGenerator(object): @@ -264,7 +265,8 @@ def _add_auth(self): if authorizers: swagger_editor.add_authorizers(authorizers) - self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer) + self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer, + auth_properties.AddDefaultAuthorizerToCorsPreflight) # Assign the Swagger back to template self.definition_body = swagger_editor.swagger @@ -335,7 +337,8 @@ def _construct_authorizer_lambda_permission(self): return permissions - def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer): + def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, + add_default_authorizer_to_cors_preflight): if not default_authorizer: return @@ -344,7 +347,8 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize default_authorizer + "' was not defined in 'Authorizers'") for path in swagger_editor.iter_on_path(): - swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers) + swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, + addDefaultAuthorizerToCorsPreflight=add_default_authorizer_to_cors_preflight) def _set_endpoint_configuration(self, rest_api, value): """ diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index bc7a5e54f4..11c955135b 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -310,7 +310,8 @@ def add_authorizers(self, authorizers): for authorizerName, authorizer in authorizers.items(): self.security_definitions[authorizerName] = authorizer.generate_swagger() - def set_path_default_authorizer(self, path, default_authorizer, authorizers): + def set_path_default_authorizer(self, path, default_authorizer, authorizers, + add_default_authorizer_to_cors_preflight = True): """ Sets the DefaultAuthorizer for each method on this path. The DefaultAuthorizer won't be set if an Authorizer was defined at the Function/Path/Method level @@ -321,8 +322,10 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers): :param list authorizers: List of Authorizer configurations defined on the related Api. """ for method_name, method in self.paths[path].items(): - self.set_method_authorizer(path, method_name, default_authorizer, authorizers, - default_authorizer=default_authorizer, is_default=True) + normalized_method_name = self._normalize_method_name(method_name) + if not (add_default_authorizer_to_cors_preflight is False and normalized_method_name == "options"): + self.set_method_authorizer(path, normalized_method_name, default_authorizer, authorizers, + default_authorizer=default_authorizer, is_default=True) def add_auth_to_method(self, path, method_name, auth, api): """ diff --git a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml new file mode 100644 index 0000000000..cf6c97ec79 --- /dev/null +++ b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml @@ -0,0 +1,41 @@ +Globals: + Api: + Cors: "origins" + +Resources: + ApiFunction: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/member_portal.zip + Handler: index.gethtml + Runtime: nodejs4.3 + Events: + GetHtml: + Type: Api + Properties: + Path: / + Method: get + RestApiId: !Ref ServerlessApi + + PostHtml: + Type: Api + Properties: + Path: / + Method: post + RestApiId: !Ref ServerlessApi + + + ServerlessApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + Auth: + AddDefaultAuthorizerToCorsPreflight: False + DefaultAuthorizer: MyLambdaRequestAuth + Authorizers: + MyLambdaRequestAuth: + FunctionPayloadType: REQUEST + FunctionArn: !GetAtt MyAuthFn.Arn + Identity: + Headers: + - Authorization1 \ No newline at end of file diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 7200f878e8..5729a7ef02 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -167,6 +167,7 @@ class TestTranslatorEndToEnd(TestCase): 'api_with_cors_and_only_maxage', 'api_with_cors_and_only_credentials_false', 'api_with_cors_no_definitionbody', + 'api_with_cors_and_auth_no_preflight_auth', 'api_cache', 'api_with_access_log_setting', 'api_with_canary_setting',