From 64d384dfd17ae261fd73b2cbf7d538a14e6eef8f Mon Sep 17 00:00:00 2001 From: brendan Date: Thu, 6 Jun 2019 12:43:09 -0400 Subject: [PATCH 1/9] Add AddDefaultAuthorizerToCorsPreflight API Auth Property --- samtranslator/model/api/api_generator.py | 10 +++++----- samtranslator/swagger/swagger.py | 9 ++++++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index 4946f4d92..e25e7ee37 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -19,8 +19,8 @@ # Default the Cors Properties to '*' wildcard and False AllowCredentials. Other properties are actually Optional CorsProperties.__new__.__defaults__ = (None, None, _CORS_WILDCARD, None, False) -AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", "InvokeRole"]) -AuthProperties.__new__.__defaults__ = (None, None, None) +AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", "InvokeRole", "AddDefaultAuthorizerToCorsPreflight"]) +AuthProperties.__new__.__defaults__ = (None, None, None, True) GatewayResponseProperties = ["ResponseParameters", "ResponseTemplates", "StatusCode"] @@ -275,7 +275,7 @@ def _add_auth(self): if authorizers: swagger_editor.add_authorizers(authorizers) - self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer) + self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer, auth_properties.AddDefaultAuthorizerToCorsPreflight) # Assign the Swagger back to template self.definition_body = swagger_editor.swagger @@ -402,7 +402,7 @@ def _construct_authorizer_lambda_permission(self): return permissions - def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer): + def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, add_default_authorizer_to_cors_preflight): if not default_authorizer: return @@ -411,7 +411,7 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize default_authorizer + "' was not defined in 'Authorizers'") for path in swagger_editor.iter_on_path(): - swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers) + swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, addDefaultAuthorizerToCorsPreflight=add_default_authorizer_to_cors_preflight) def _set_endpoint_configuration(self, rest_api, value): """ diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index f1803f33d..e181fa71a 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -394,7 +394,7 @@ def add_authorizers(self, authorizers): for authorizer_name, authorizer in authorizers.items(): self.security_definitions[authorizer_name] = authorizer.generate_swagger() - def set_path_default_authorizer(self, path, default_authorizer, authorizers): + def set_path_default_authorizer(self, path, default_authorizer, authorizers, add_default_authorizer_to_cors_preflight=True): """ Sets the DefaultAuthorizer for each method on this path. The DefaultAuthorizer won't be set if an Authorizer was defined at the Function/Path/Method level @@ -403,10 +403,13 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers): :param string default_authorizer: Name of the authorizer to use as the default. Must be a key in the authorizers param. :param list authorizers: List of Authorizer configurations defined on the related Api. + :param bool add_default_authorizer_to_cors_preflight: Bool of whether to add the default authorizer to OPTIONS preflight requests. """ for method_name, method in self.get_path(path).items(): - self.set_method_authorizer(path, method_name, default_authorizer, authorizers, - default_authorizer=default_authorizer, is_default=True) + normalized_method_name = self._normalize_method_name(method_name) + if not (add_default_authorizer_to_cors_preflight is False and normalized_method_name == "options"): + self.set_method_authorizer(path, method_name, default_authorizer, authorizers, + default_authorizer=default_authorizer, is_default=True) def add_auth_to_method(self, path, method_name, auth, api): """ From 6a9938c0c2b64906cf42dd6d248086182c752daa Mon Sep 17 00:00:00 2001 From: brendan Date: Thu, 6 Jun 2019 14:00:18 -0400 Subject: [PATCH 2/9] Fix name mismatch on method --- samtranslator/model/api/api_generator.py | 4 +- ..._with_cors_and_auth_no_preflight_auth.yaml | 0 tests/translator/test_translator.py | 58 ++++++++++--------- 3 files changed, 32 insertions(+), 30 deletions(-) create mode 100644 tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index e25e7ee37..63c26f921 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -402,7 +402,7 @@ def _construct_authorizer_lambda_permission(self): return permissions - def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, add_default_authorizer_to_cors_preflight): + def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, add_default_authorizer_to_cors_preflight=True): if not default_authorizer: return @@ -411,7 +411,7 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize default_authorizer + "' was not defined in 'Authorizers'") for path in swagger_editor.iter_on_path(): - swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, addDefaultAuthorizerToCorsPreflight=add_default_authorizer_to_cors_preflight) + swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, add_default_authorizer_to_cors_preflight=add_default_authorizer_to_cors_preflight) def _set_endpoint_configuration(self, rest_api, value): """ diff --git a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 88657b15b..b0b330d37 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -165,6 +165,7 @@ class TestTranslatorEndToEnd(TestCase): 'api_with_minimum_compression_size', 'api_with_resource_refs', 'api_with_cors', + 'api_with_cors_and_auth_no_preflight_auth', 'api_with_cors_and_only_methods', 'api_with_cors_and_only_headers', 'api_with_cors_and_only_origins', @@ -244,39 +245,40 @@ class TestTranslatorEndToEnd(TestCase): ] # Run all the above tests against each of the list of partitions to test against ) ) - @patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call) - @patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region) + # @patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call) + # @patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region) def test_transform_success(self, testcase, partition_with_region): - partition = partition_with_region[0] - region = partition_with_region[1] - - manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) - # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict - manifest = json.loads(json.dumps(manifest)) - partition_folder = partition if partition != "aws" else "" - expected = json.load(open(os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json'), 'r')) - - with patch('boto3.session.Session.region_name', region): - parameter_values = get_template_parameter_values() - mock_policy_loader = MagicMock() - mock_policy_loader.load.return_value = { - 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), - 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), - 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), - 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), - } + with patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call), patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region): + partition = partition_with_region[0] + region = partition_with_region[1] + + manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) + # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict + manifest = json.loads(json.dumps(manifest)) + partition_folder = partition if partition != "aws" else "" + expected = json.load(open(os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json'), 'r')) + + with patch('boto3.session.Session.region_name', region): + parameter_values = get_template_parameter_values() + mock_policy_loader = MagicMock() + mock_policy_loader.load.return_value = { + 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), + 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), + 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), + 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), + } - output_fragment = transform( - manifest, parameter_values, mock_policy_loader) + output_fragment = transform( + manifest, parameter_values, mock_policy_loader) - print(json.dumps(output_fragment, indent=2)) + print(json.dumps(output_fragment, indent=2)) - # Only update the deployment Logical Id hash in Py3. - if sys.version_info.major >= 3: - self._update_logical_id_hash(expected) - self._update_logical_id_hash(output_fragment) + # Only update the deployment Logical Id hash in Py3. + if sys.version_info.major >= 3: + self._update_logical_id_hash(expected) + self._update_logical_id_hash(output_fragment) - assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) + assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) def _update_logical_id_hash(self, resources): """ From 72cce1bcd0c5b850f071165a9333d9de728b088f Mon Sep 17 00:00:00 2001 From: brendan Date: Thu, 6 Jun 2019 14:47:13 -0400 Subject: [PATCH 3/9] Add tests for Default with preflight auth and non-default without preflight auth --- ..._with_cors_and_auth_no_preflight_auth.yaml | 41 +++ ...api_with_cors_and_auth_preflight_auth.yaml | 40 +++ ..._with_cors_and_auth_no_preflight_auth.json | 293 +++++++++++++++++ ...api_with_cors_and_auth_preflight_auth.json | 298 ++++++++++++++++++ tests/translator/test_translator.py | 1 + 5 files changed, 673 insertions(+) create mode 100644 tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml create mode 100644 tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json create mode 100644 tests/translator/output/api_with_cors_and_auth_preflight_auth.json diff --git a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml index e69de29bb..cf6c97ec7 100644 --- a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml +++ b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml @@ -0,0 +1,41 @@ +Globals: + Api: + Cors: "origins" + +Resources: + ApiFunction: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/member_portal.zip + Handler: index.gethtml + Runtime: nodejs4.3 + Events: + GetHtml: + Type: Api + Properties: + Path: / + Method: get + RestApiId: !Ref ServerlessApi + + PostHtml: + Type: Api + Properties: + Path: / + Method: post + RestApiId: !Ref ServerlessApi + + + ServerlessApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + Auth: + AddDefaultAuthorizerToCorsPreflight: False + DefaultAuthorizer: MyLambdaRequestAuth + Authorizers: + MyLambdaRequestAuth: + FunctionPayloadType: REQUEST + FunctionArn: !GetAtt MyAuthFn.Arn + Identity: + Headers: + - Authorization1 \ No newline at end of file diff --git a/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml new file mode 100644 index 000000000..4e00e8865 --- /dev/null +++ b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml @@ -0,0 +1,40 @@ +Globals: + Api: + Cors: "origins" + +Resources: + ApiFunction: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/member_portal.zip + Handler: index.gethtml + Runtime: nodejs4.3 + Events: + GetHtml: + Type: Api + Properties: + Path: / + Method: get + RestApiId: !Ref ServerlessApi + + PostHtml: + Type: Api + Properties: + Path: / + Method: post + RestApiId: !Ref ServerlessApi + + + ServerlessApi: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + Auth: + DefaultAuthorizer: MyLambdaRequestAuth + Authorizers: + MyLambdaRequestAuth: + FunctionPayloadType: REQUEST + FunctionArn: !GetAtt MyAuthFn.Arn + Identity: + Headers: + - Authorization1 \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json new file mode 100644 index 000000000..34a1d98a1 --- /dev/null +++ b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json @@ -0,0 +1,293 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "consumes": [ + "application/json" + ], + "summary": "CORS support", + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeploymentc867071f56" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiDeploymentc867071f56": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: c867071f560f871b33a3593a75e7d54052db8ef6", + "StageName": "Stage" + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json new file mode 100644 index 000000000..1931706ed --- /dev/null +++ b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json @@ -0,0 +1,298 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "summary": "CORS support", + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "consumes": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiDeploymentd87c56f148": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: d87c56f148fde0eb59be2a49570243f2befb198f", + "StageName": "Stage" + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeploymentd87c56f148" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + } + } +} \ No newline at end of file diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index b0b330d37..331279daa 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -166,6 +166,7 @@ class TestTranslatorEndToEnd(TestCase): 'api_with_resource_refs', 'api_with_cors', 'api_with_cors_and_auth_no_preflight_auth', + 'api_with_cors_and_auth_preflight_auth', 'api_with_cors_and_only_methods', 'api_with_cors_and_only_headers', 'api_with_cors_and_only_origins', From 2aa0d9454069589049b8e91757bdba5dbe6f50ab Mon Sep 17 00:00:00 2001 From: brendan Date: Thu, 6 Jun 2019 14:53:33 -0400 Subject: [PATCH 4/9] Fix flake tests --- samtranslator/model/api/api_generator.py | 12 ++++++++---- samtranslator/swagger/swagger.py | 8 +++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index 63c26f921..0f89a9380 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -19,7 +19,8 @@ # Default the Cors Properties to '*' wildcard and False AllowCredentials. Other properties are actually Optional CorsProperties.__new__.__defaults__ = (None, None, _CORS_WILDCARD, None, False) -AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", "InvokeRole", "AddDefaultAuthorizerToCorsPreflight"]) +AuthProperties = namedtuple("_AuthProperties", + ["Authorizers", "DefaultAuthorizer", "InvokeRole", "AddDefaultAuthorizerToCorsPreflight"]) AuthProperties.__new__.__defaults__ = (None, None, None, True) GatewayResponseProperties = ["ResponseParameters", "ResponseTemplates", "StatusCode"] @@ -275,7 +276,8 @@ def _add_auth(self): if authorizers: swagger_editor.add_authorizers(authorizers) - self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer, auth_properties.AddDefaultAuthorizerToCorsPreflight) + self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer, + auth_properties.AddDefaultAuthorizerToCorsPreflight) # Assign the Swagger back to template self.definition_body = swagger_editor.swagger @@ -402,7 +404,8 @@ def _construct_authorizer_lambda_permission(self): return permissions - def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, add_default_authorizer_to_cors_preflight=True): + def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer, + add_default_auth_to_preflight=True): if not default_authorizer: return @@ -411,7 +414,8 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize default_authorizer + "' was not defined in 'Authorizers'") for path in swagger_editor.iter_on_path(): - swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, add_default_authorizer_to_cors_preflight=add_default_authorizer_to_cors_preflight) + swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers, + add_default_auth_to_preflight=add_default_auth_to_preflight) def _set_endpoint_configuration(self, rest_api, value): """ diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index e181fa71a..5ce945d8e 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -394,7 +394,8 @@ def add_authorizers(self, authorizers): for authorizer_name, authorizer in authorizers.items(): self.security_definitions[authorizer_name] = authorizer.generate_swagger() - def set_path_default_authorizer(self, path, default_authorizer, authorizers, add_default_authorizer_to_cors_preflight=True): + def set_path_default_authorizer(self, path, default_authorizer, authorizers, + add_default_auth_to_preflight=True): """ Sets the DefaultAuthorizer for each method on this path. The DefaultAuthorizer won't be set if an Authorizer was defined at the Function/Path/Method level @@ -403,11 +404,12 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers, add :param string default_authorizer: Name of the authorizer to use as the default. Must be a key in the authorizers param. :param list authorizers: List of Authorizer configurations defined on the related Api. - :param bool add_default_authorizer_to_cors_preflight: Bool of whether to add the default authorizer to OPTIONS preflight requests. + :param bool add_default_auth_to_preflight: Bool of whether to add the default + authorizer to OPTIONS preflight requests. """ for method_name, method in self.get_path(path).items(): normalized_method_name = self._normalize_method_name(method_name) - if not (add_default_authorizer_to_cors_preflight is False and normalized_method_name == "options"): + if not (add_default_auth_to_preflight is False and normalized_method_name == "options"): self.set_method_authorizer(path, method_name, default_authorizer, authorizers, default_authorizer=default_authorizer, is_default=True) From 6a0fe3ec42dc880228d70155f65f9bbe92a9448e Mon Sep 17 00:00:00 2001 From: Praneeta Date: Tue, 11 Jun 2019 14:11:46 -0700 Subject: [PATCH 5/9] Fix for tests --- ..._with_cors_and_auth_no_preflight_auth.json | 6 +- ...api_with_cors_and_auth_preflight_auth.json | 22 +- ..._with_cors_and_auth_no_preflight_auth.json | 303 +++++++++++++++++ ...api_with_cors_and_auth_preflight_auth.json | 306 ++++++++++++++++++ ..._with_cors_and_auth_no_preflight_auth.json | 301 +++++++++++++++++ ...api_with_cors_and_auth_preflight_auth.json | 306 ++++++++++++++++++ 6 files changed, 1230 insertions(+), 14 deletions(-) create mode 100644 tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json create mode 100644 tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json create mode 100644 tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json create mode 100644 tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json diff --git a/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json index 34a1d98a1..e8fd0279b 100644 --- a/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json +++ b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json @@ -229,7 +229,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessApiDeploymentc867071f56" + "Ref": "ServerlessApiDeploymente70e322247" }, "RestApiId": { "Ref": "ServerlessApi" @@ -279,13 +279,13 @@ } } }, - "ServerlessApiDeploymentc867071f56": { + "ServerlessApiDeploymente70e322247": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessApi" }, - "Description": "RestApi deployment id: c867071f560f871b33a3593a75e7d54052db8ef6", + "Description": "RestApi deployment id: e70e322247bd7d33ec444c4732e7f532a222d44e", "StageName": "Stage" } } diff --git a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json index 1931706ed..aa65f83c5 100644 --- a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json @@ -206,16 +206,6 @@ } } }, - "ServerlessApiDeploymentd87c56f148": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: d87c56f148fde0eb59be2a49570243f2befb198f", - "StageName": "Stage" - } - }, "ApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -240,6 +230,16 @@ } } }, + "ServerlessApiDeployment5355b9449d": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 5355b9449d512736d24b6b328925b4b0635fee89", + "StageName": "Stage" + } + }, "ApiFunctionPostHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -286,7 +286,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessApiDeploymentd87c56f148" + "Ref": "ServerlessApiDeployment5355b9449d" }, "RestApiId": { "Ref": "ServerlessApi" diff --git a/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json new file mode 100644 index 000000000..3a7bd9fb4 --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json @@ -0,0 +1,303 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "consumes": [ + "application/json" + ], + "summary": "CORS support", + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiDeployment6050a96a0f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 6050a96a0f36baa9bc42da60f16427b8e3f34291", + "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment6050a96a0f" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + } + } +} + + diff --git a/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json new file mode 100644 index 000000000..91fd33f65 --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json @@ -0,0 +1,306 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "summary": "CORS support", + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "consumes": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiDeployment25b7a1be29": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 25b7a1be294e163c52d9c94528502872e4fced34", + "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment25b7a1be29" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + } + } + } \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json new file mode 100644 index 000000000..c5bb41db8 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json @@ -0,0 +1,301 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "consumes": [ + "application/json" + ], + "summary": "CORS support", + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "ServerlessApiDeployment0aae939ae6": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 0aae939ae622ada18aa063187fce7bef5605e7a6", + "StageName": "Stage" + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment0aae939ae6" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json new file mode 100644 index 000000000..b2c5a45d3 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json @@ -0,0 +1,306 @@ +{ + "Resources": { + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + }, + "description": "Default response for CORS method" + } + }, + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + } + } + } + }, + "summary": "CORS support", + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "consumes": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiDeployment1aab931299": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 1aab931299afa9c61fe2f0d56427e1f4ce6191e8", + "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment1aab931299" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + } + } + } \ No newline at end of file From 78a1b3a9f7203c9962ecd0da65274c6f6ffb9447 Mon Sep 17 00:00:00 2001 From: Keeton Hodgson Date: Wed, 12 Jun 2019 15:54:02 -0700 Subject: [PATCH 6/9] Update test_translator.py --- tests/translator/test_translator.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 413e3c13f..0eb9aef70 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -267,8 +267,6 @@ class TestTranslatorEndToEnd(TestCase): ] # Run all the above tests against each of the list of partitions to test against ) ) - # @patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call) - # @patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region) def test_transform_success(self, testcase, partition_with_region): with (patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call), patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region)): From 12bcd47e98e58e2525c6b8be1e3ec70efefb02d9 Mon Sep 17 00:00:00 2001 From: Keeton Hodgson Date: Wed, 12 Jun 2019 15:56:25 -0700 Subject: [PATCH 7/9] Update test_translator.py --- tests/translator/test_translator.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 0eb9aef70..24c8d4525 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -361,10 +361,10 @@ def test_transform_success_openapi3(self, testcase, partition_with_region): 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), } - output_fragment = transform( - manifest, parameter_values, mock_policy_loader) + output_fragment = transform( + manifest, parameter_values, mock_policy_loader) - print(json.dumps(output_fragment, indent=2)) + print(json.dumps(output_fragment, indent=2)) # Run cfn-lint on translator test output files. rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) From 131f876648603f80bce6a651e2450d3fa69fae7d Mon Sep 17 00:00:00 2001 From: Keeton Hodgson Date: Wed, 12 Jun 2019 22:40:49 -0700 Subject: [PATCH 8/9] Fix tests --- ..._with_cors_and_auth_no_preflight_auth.yaml | 9 +- ...api_with_cors_and_auth_preflight_auth.yaml | 9 +- ..._with_cors_and_auth_no_preflight_auth.json | 237 ++++--- ...api_with_cors_and_auth_preflight_auth.json | 235 ++++--- ..._with_cors_and_auth_no_preflight_auth.json | 239 ++++--- ...api_with_cors_and_auth_preflight_auth.json | 603 ++++++++++-------- ..._with_cors_and_auth_no_preflight_auth.json | 227 ++++--- ...api_with_cors_and_auth_preflight_auth.json | 603 ++++++++++-------- tests/translator/test_translator.py | 184 +++--- 9 files changed, 1320 insertions(+), 1026 deletions(-) diff --git a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml index cf6c97ec7..e33f486ba 100644 --- a/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml +++ b/tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml @@ -38,4 +38,11 @@ Resources: FunctionArn: !GetAtt MyAuthFn.Arn Identity: Headers: - - Authorization1 \ No newline at end of file + - Authorization1 + + MyAuthFn: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://bucket/key + Handler: index.handler + Runtime: nodejs8.10 \ No newline at end of file diff --git a/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml index 4e00e8865..45032209c 100644 --- a/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml +++ b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml @@ -37,4 +37,11 @@ Resources: FunctionArn: !GetAtt MyAuthFn.Arn Identity: Headers: - - Authorization1 \ No newline at end of file + - Authorization1 + + MyAuthFn: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://bucket/key + Handler: index.handler + Runtime: nodejs8.10 \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json index e8fd0279b..35a0159cc 100644 --- a/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json +++ b/tests/translator/output/api_with_cors_and_auth_no_preflight_auth.json @@ -1,68 +1,13 @@ { "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", + "ServerlessApiDeploymente70e322247": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] + "RestApiId": { + "Ref": "ServerlessApi" }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "Description": "RestApi deployment id: e70e322247bd7d33ec444c4732e7f532a222d44e", + "StageName": "Stage" } }, "ServerlessApi": { @@ -178,21 +123,43 @@ } } }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] + "Ref": "ApiFunction" }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { + "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessApi" } @@ -201,24 +168,21 @@ } } }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" } } ] @@ -237,7 +201,7 @@ "StageName": "Prod" } }, - "ApiFunctionPostHtmlPermissionTest": { + "ApiFunctionGetHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", @@ -247,9 +211,9 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", + "__Stage__": "Prod", "__ApiId__": { "Ref": "ServerlessApi" } @@ -258,7 +222,7 @@ } } }, - "ApiFunctionPostHtmlPermissionProd": { + "ApiFunctionGetHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", @@ -268,9 +232,9 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "Prod", + "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessApi" } @@ -279,14 +243,97 @@ } } }, - "ServerlessApiDeploymente70e322247": { - "Type": "AWS::ApiGateway::Deployment", + "ApiFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" }, - "Description": "RestApi deployment id: e70e322247bd7d33ec444c4732e7f532a222d44e", - "StageName": "Stage" + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } } } } diff --git a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json index aa65f83c5..9f1646eea 100644 --- a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json @@ -1,70 +1,5 @@ { "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, "ServerlessApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -183,27 +118,14 @@ } } }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "ServerlessApiDeployment5355b9449d": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] + "RestApiId": { + "Ref": "ServerlessApi" }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } + "Description": "RestApi deployment id: 5355b9449d512736d24b6b328925b4b0635fee89", + "StageName": "Stage" } }, "ApiFunctionRole": { @@ -230,16 +152,6 @@ } } }, - "ServerlessApiDeployment5355b9449d": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 5355b9449d512736d24b6b328925b4b0635fee89", - "StageName": "Stage" - } - }, "ApiFunctionPostHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -293,6 +205,141 @@ }, "StageName": "Prod" } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json index 3a7bd9fb4..65138b781 100644 --- a/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json +++ b/tests/translator/output/aws-cn/api_with_cors_and_auth_no_preflight_auth.json @@ -1,70 +1,5 @@ { "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, "ServerlessApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -186,27 +121,14 @@ } } }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "ServerlessApiDeployment6050a96a0f": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] + "RestApiId": { + "Ref": "ServerlessApi" }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } + "Description": "RestApi deployment id: 6050a96a0f36baa9bc42da60f16427b8e3f34291", + "StageName": "Stage" } }, "ApiFunctionRole": { @@ -233,16 +155,6 @@ } } }, - "ServerlessApiDeployment6050a96a0f": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 6050a96a0f36baa9bc42da60f16427b8e3f34291", - "StageName": "Stage" - } - }, "ApiFunctionPostHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -296,8 +208,141 @@ }, "StageName": "Prod" } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } + } } } -} - - +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json index 91fd33f65..7c89d4f3b 100644 --- a/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json @@ -1,306 +1,353 @@ { - "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" + "Resources": { + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } - ] - } - }, - "ServerlessApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/": { - "post": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } - }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } }, - "options": { - "responses": { - "200": { - "headers": { - "Access-Control-Allow-Origin": { - "type": "string" - }, - "Access-Control-Allow-Methods": { - "type": "string" - } + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ], - "x-amazon-apigateway-integration": { - "type": "mock", - "requestTemplates": { - "application/json": "{\n \"statusCode\" : 200\n}\n" - }, - "responses": { - "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, - "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "origins", - "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" - } + "Access-Control-Allow-Methods": { + "type": "string" } - } - }, - "summary": "CORS support", - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "consumes": [ - "application/json" - ] + }, + "description": "Default response for CORS method" + } }, - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" } - ] + } } }, - "x-amazon-apigateway-authtype": "custom" + "summary": "CORS support", + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "consumes": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" } - }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } - ] - } + } + ] } - }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + } + }, + "ServerlessApiDeployment25b7a1be29": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 25b7a1be294e163c52d9c94528502872e4fced34", + "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] - } + } + ] } - }, - "ServerlessApiDeployment25b7a1be29": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 25b7a1be294e163c52d9c94528502872e4fced34", - "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] } - }, - "ApiFunctionPostHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment25b7a1be29" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] - } + } + ] } - }, - "ApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] } - }, - "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessApiDeployment25b7a1be29" - }, - "RestApiId": { - "Ref": "ServerlessApi" - }, - "StageName": "Prod" + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] } } } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json index c5bb41db8..68e5eae09 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_no_preflight_auth.json @@ -1,70 +1,5 @@ { "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, "ServerlessApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -186,16 +121,6 @@ } } }, - "ServerlessApiDeployment0aae939ae6": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 0aae939ae622ada18aa063187fce7bef5605e7a6", - "StageName": "Stage" - } - }, "ApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -220,21 +145,62 @@ } } }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "ApiFunctionPostHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } ] + } + } + }, + "ServerlessApiDeployment0aae939ae6": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 0aae939ae622ada18aa063187fce7bef5605e7a6", + "StageName": "Stage" + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment0aae939ae6" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" }, "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { + "__Stage__": "Prod", "__ApiId__": { "Ref": "ServerlessApi" } @@ -243,7 +209,7 @@ } } }, - "ApiFunctionPostHtmlPermissionTest": { + "ApiFunctionGetHtmlPermissionTest": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", @@ -253,7 +219,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { "__Stage__": "*", "__ApiId__": { @@ -264,6 +230,52 @@ } } }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, "ApiFunctionPostHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { @@ -285,16 +297,51 @@ } } }, - "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", "Properties": { - "DeploymentId": { - "Ref": "ServerlessApiDeployment0aae939ae6" - }, - "RestApiId": { - "Ref": "ServerlessApi" + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] }, - "StageName": "Prod" + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] + } } } } diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json index b2c5a45d3..2501af9a1 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json @@ -1,306 +1,353 @@ { - "Resources": { - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunctionGetHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs4.3", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" + "Resources": { + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } - ] - } - }, - "ServerlessApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/": { - "post": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } - }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} + }, + "paths": { + "/": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } }, - "options": { - "responses": { - "200": { - "headers": { - "Access-Control-Allow-Origin": { - "type": "string" - }, - "Access-Control-Allow-Methods": { - "type": "string" - } + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} + }, + "options": { + "responses": { + "200": { + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ], - "x-amazon-apigateway-integration": { - "type": "mock", - "requestTemplates": { - "application/json": "{\n \"statusCode\" : 200\n}\n" - }, - "responses": { - "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, - "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "origins", - "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" - } + "Access-Control-Allow-Methods": { + "type": "string" } - } - }, - "summary": "CORS support", - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "consumes": [ - "application/json" - ] + }, + "description": "Default response for CORS method" + } }, - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } + "responses": { + "default": { + "statusCode": "200", + "responseTemplates": { + "application/json": "{}\n" + }, + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" } - ] + } } }, - "x-amazon-apigateway-authtype": "custom" + "summary": "CORS support", + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "consumes": [ + "application/json" + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ], + "responses": {} } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + "swagger": "2.0", + "securityDefinitions": { + "MyLambdaRequestAuth": { + "in": "header", + "type": "apiKey", + "name": "Unused", + "x-amazon-apigateway-authorizer": { + "type": "request", + "identitySource": "method.request.header.Authorization1", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + } + }, + "x-amazon-apigateway-authtype": "custom" + } } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" } - }, - "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } - ] - } + } + ] } - }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + } + }, + "ServerlessApiDeployment1aab931299": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessApi" + }, + "Description": "RestApi deployment id: 1aab931299afa9c61fe2f0d56427e1f4ce6191e8", + "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] - } + } + ] } - }, - "ServerlessApiDeployment1aab931299": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 1aab931299afa9c61fe2f0d56427e1f4ce6191e8", - "StageName": "Stage" + } + }, + "ApiFunctionPostHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] } - }, - "ApiFunctionPostHtmlPermissionTest": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "Prod", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] - } + } + ] } - }, - "ApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "Prod", - "__ApiId__": { - "Ref": "ServerlessApi" - } + } + }, + "ApiFunctionGetHtmlPermissionTest": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessApi" } - ] + } + ] + } + } + }, + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.gethtml", + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs4.3", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] } - }, - "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessApiDeployment1aab931299" - }, - "RestApiId": { - "Ref": "ServerlessApi" - }, - "StageName": "Prod" + } + }, + "ServerlessApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessApiDeployment1aab931299" + }, + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Prod" + } + }, + "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "ServerlessApi" + } + } + ] } } } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 24c8d4525..83dc8eef2 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -267,57 +267,57 @@ class TestTranslatorEndToEnd(TestCase): ] # Run all the above tests against each of the list of partitions to test against ) ) + @patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call) + @patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region) def test_transform_success(self, testcase, partition_with_region): - with (patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call), - patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region)): - partition = partition_with_region[0] - region = partition_with_region[1] - - manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) - # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict - manifest = json.loads(json.dumps(manifest)) - partition_folder = partition if partition != "aws" else "" - expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json') - expected = json.load(open(expected_filepath, 'r')) - - with patch('boto3.session.Session.region_name', region): - parameter_values = get_template_parameter_values() - mock_policy_loader = MagicMock() - mock_policy_loader.load.return_value = { - 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), - 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), - 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), - 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), - } - - output_fragment = transform( - manifest, parameter_values, mock_policy_loader) + partition = partition_with_region[0] + region = partition_with_region[1] + + manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) + # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict + manifest = json.loads(json.dumps(manifest)) + partition_folder = partition if partition != "aws" else "" + expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json') + expected = json.load(open(expected_filepath, 'r')) + + with patch('boto3.session.Session.region_name', region): + parameter_values = get_template_parameter_values() + mock_policy_loader = MagicMock() + mock_policy_loader.load.return_value = { + 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), + 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), + 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), + 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), + } - print(json.dumps(output_fragment, indent=2)) + output_fragment = transform( + manifest, parameter_values, mock_policy_loader) - # Run cfn-lint on translator test output files. - rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) + print(json.dumps(output_fragment, indent=2)) - # Only update the deployment Logical Id hash in Py3. - if sys.version_info.major >= 3: - self._update_logical_id_hash(expected) - self._update_logical_id_hash(output_fragment) + # Run cfn-lint on translator test output files. + rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) + + # Only update the deployment Logical Id hash in Py3. + if sys.version_info.major >= 3: + self._update_logical_id_hash(expected) + self._update_logical_id_hash(output_fragment) + output_template = cfnlint.decode.cfn_json.load(expected_filepath) + else: # deprecation warning catching in py2 + import warnings + with warnings.catch_warnings(): + warnings.filterwarnings("ignore",category=DeprecationWarning) output_template = cfnlint.decode.cfn_json.load(expected_filepath) - else: # deprecation warning catching in py2 - import warnings - with warnings.catch_warnings(): - warnings.filterwarnings("ignore",category=DeprecationWarning) - output_template = cfnlint.decode.cfn_json.load(expected_filepath) - runner = cfnlint.Runner(rules, expected_filepath, output_template, [region]) - matches = [] - - # Only run linter on normal/gov partitions. It errors on china regions - if testcase not in LINT_IGNORE_TESTS and partition != 'aws-cn': - matches = runner.run() - print('cfn-lint ({}): {}'.format(expected_filepath, matches)) - - assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) - assert len(matches) == 0 + runner = cfnlint.Runner(rules, expected_filepath, output_template, [region]) + matches = [] + + # Only run linter on normal/gov partitions. It errors on china regions + if testcase not in LINT_IGNORE_TESTS and partition != 'aws-cn': + matches = runner.run() + print('cfn-lint ({}): {}'.format(expected_filepath, matches)) + + assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) + assert len(matches) == 0 @parameterized.expand( itertools.product([ @@ -338,57 +338,57 @@ def test_transform_success(self, testcase, partition_with_region): ] # Run all the above tests against each of the list of partitions to test against ) ) + @patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call) + @patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region) def test_transform_success_openapi3(self, testcase, partition_with_region): - with (patch('samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call', mock_sar_service_call), - patch('botocore.client.ClientEndpointBridge._check_default_region', mock_get_region)): - partition = partition_with_region[0] - region = partition_with_region[1] - - manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) - # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict - manifest = json.loads(json.dumps(manifest)) - partition_folder = partition if partition != "aws" else "" - expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json') - expected = json.load(open(expected_filepath, 'r')) - - with patch('boto3.session.Session.region_name', region): - parameter_values = get_template_parameter_values() - mock_policy_loader = MagicMock() - mock_policy_loader.load.return_value = { - 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), - 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), - 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), - 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), - } - - output_fragment = transform( - manifest, parameter_values, mock_policy_loader) + partition = partition_with_region[0] + region = partition_with_region[1] + + manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) + # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict + manifest = json.loads(json.dumps(manifest)) + partition_folder = partition if partition != "aws" else "" + expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json') + expected = json.load(open(expected_filepath, 'r')) + + with patch('boto3.session.Session.region_name', region): + parameter_values = get_template_parameter_values() + mock_policy_loader = MagicMock() + mock_policy_loader.load.return_value = { + 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), + 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), + 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), + 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), + } - print(json.dumps(output_fragment, indent=2)) + output_fragment = transform( + manifest, parameter_values, mock_policy_loader) - # Run cfn-lint on translator test output files. - rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) + print(json.dumps(output_fragment, indent=2)) - # Only update the deployment Logical Id hash in Py3. - if sys.version_info.major >= 3: - self._update_logical_id_hash(expected) - self._update_logical_id_hash(output_fragment) + # Run cfn-lint on translator test output files. + rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) + + # Only update the deployment Logical Id hash in Py3. + if sys.version_info.major >= 3: + self._update_logical_id_hash(expected) + self._update_logical_id_hash(output_fragment) + output_template = cfnlint.decode.cfn_json.load(expected_filepath) + else: # deprecation warning catching in py2 + import warnings + with warnings.catch_warnings(): + warnings.filterwarnings("ignore",category=DeprecationWarning) output_template = cfnlint.decode.cfn_json.load(expected_filepath) - else: # deprecation warning catching in py2 - import warnings - with warnings.catch_warnings(): - warnings.filterwarnings("ignore",category=DeprecationWarning) - output_template = cfnlint.decode.cfn_json.load(expected_filepath) - runner = cfnlint.Runner(rules, expected_filepath, output_template, [region]) - matches = [] - - # Only run linter on normal/gov partitions. It errors on china regions - if testcase not in LINT_IGNORE_TESTS and partition != 'aws-cn': - matches = runner.run() - print('cfn-lint ({}): {}'.format(expected_filepath, matches)) - - assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) - assert len(matches) == 0 + runner = cfnlint.Runner(rules, expected_filepath, output_template, [region]) + matches = [] + + # Only run linter on normal/gov partitions. It errors on china regions + if testcase not in LINT_IGNORE_TESTS and partition != 'aws-cn': + matches = runner.run() + print('cfn-lint ({}): {}'.format(expected_filepath, matches)) + + assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) + assert len(matches) == 0 def _update_logical_id_hash(self, resources): """ From d9de066bb7dc365093b4aea9523b3a69cbcd3886 Mon Sep 17 00:00:00 2001 From: Keeton Hodgson Date: Fri, 14 Jun 2019 12:53:43 -0700 Subject: [PATCH 9/9] Update swagger.py --- samtranslator/swagger/swagger.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index 4f33f262a..7524b4f7e 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -418,7 +418,7 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers, # Excluding paramters section if normalized_method_name == "parameters": continue - if not (add_default_auth_to_preflight is False and normalized_method_name == "options"): + if add_default_auth_to_preflight or normalized_method_name != "options": self.set_method_authorizer(path, method_name, default_authorizer, authorizers, default_authorizer=default_authorizer, is_default=True)