Skip to content

Fix Issue #717 Cannot set DefaultAuthorizer and have CORS enabled #958

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jun 14, 2019
Merged

Fix Issue #717 Cannot set DefaultAuthorizer and have CORS enabled #958

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
64d384d
Add AddDefaultAuthorizerToCorsPreflight API Auth Property
xrendan Jun 6, 2019
6a9938c
Fix name mismatch on method
xrendan Jun 6, 2019
72cce1b
Add tests for Default with preflight auth and non-default without pre…
xrendan Jun 6, 2019
2aa0d94
Fix flake tests
xrendan Jun 6, 2019
6a0fe3e
Fix for tests
Jun 11, 2019
970fddb
Merge pull request #1 from praneetap/pull958
xrendan Jun 12, 2019
bbfe89a
Merge branch 'develop' into master
keetonian Jun 12, 2019
78a1b3a
Update test_translator.py
keetonian Jun 12, 2019
12bcd47
Update test_translator.py
keetonian Jun 12, 2019
131f876
Fix tests
keetonian Jun 13, 2019
550346d
Merge pull request #2 from keetonian/xrendan-test-failures
xrendan Jun 13, 2019
d9de066
Update swagger.py
keetonian Jun 14, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions samtranslator/model/api/api_generator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@
# Default the Cors Properties to '*' wildcard and False AllowCredentials. Other properties are actually Optional
CorsProperties.__new__.__defaults__ = (None, None, _CORS_WILDCARD, None, False)

AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", "InvokeRole"])
AuthProperties.__new__.__defaults__ = (None, None, None)
AuthProperties = namedtuple("_AuthProperties",
["Authorizers", "DefaultAuthorizer", "InvokeRole", "AddDefaultAuthorizerToCorsPreflight"])
AuthProperties.__new__.__defaults__ = (None, None, None, True)

GatewayResponseProperties = ["ResponseParameters", "ResponseTemplates", "StatusCode"]

Expand Down Expand Up @@ -305,7 +306,8 @@ def _add_auth(self):

if authorizers:
swagger_editor.add_authorizers(authorizers)
self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer)
self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer,
auth_properties.AddDefaultAuthorizerToCorsPreflight)

# Assign the Swagger back to template

Expand Down Expand Up @@ -454,7 +456,8 @@ def _construct_authorizer_lambda_permission(self):

return permissions

def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer):
def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer,
add_default_auth_to_preflight=True):
if not default_authorizer:
return

Expand All @@ -463,7 +466,8 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize
default_authorizer + "' was not defined in 'Authorizers'")

for path in swagger_editor.iter_on_path():
swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers)
swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers,
add_default_auth_to_preflight=add_default_auth_to_preflight)

def _set_endpoint_configuration(self, rest_api, value):
"""
Expand Down
13 changes: 9 additions & 4 deletions samtranslator/swagger/swagger.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,7 +399,8 @@ def add_authorizers(self, authorizers):
for authorizer_name, authorizer in authorizers.items():
self.security_definitions[authorizer_name] = authorizer.generate_swagger()

def set_path_default_authorizer(self, path, default_authorizer, authorizers):
def set_path_default_authorizer(self, path, default_authorizer, authorizers,
add_default_auth_to_preflight=True):
"""
Sets the DefaultAuthorizer for each method on this path. The DefaultAuthorizer won't be set if an Authorizer
was defined at the Function/Path/Method level
Expand All @@ -408,14 +409,18 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers):
:param string default_authorizer: Name of the authorizer to use as the default. Must be a key in the
authorizers param.
:param list authorizers: List of Authorizer configurations defined on the related Api.
:param bool add_default_auth_to_preflight: Bool of whether to add the default
authorizer to OPTIONS preflight requests.
"""

for method_name, method in self.get_path(path).items():
normalized_method_name = self._normalize_method_name(method_name)
# Excluding paramters section
if method_name == "parameters":
if normalized_method_name == "parameters":
continue
self.set_method_authorizer(path, method_name, default_authorizer, authorizers,
default_authorizer=default_authorizer, is_default=True)
if add_default_auth_to_preflight or normalized_method_name != "options":
self.set_method_authorizer(path, method_name, default_authorizer, authorizers,
default_authorizer=default_authorizer, is_default=True)

def add_auth_to_method(self, path, method_name, auth, api):
"""
Expand Down
48 changes: 48 additions & 0 deletions tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
Globals:
Api:
Cors: "origins"

Resources:
ApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/member_portal.zip
Handler: index.gethtml
Runtime: nodejs4.3
Events:
GetHtml:
Type: Api
Properties:
Path: /
Method: get
RestApiId: !Ref ServerlessApi

PostHtml:
Type: Api
Properties:
Path: /
Method: post
RestApiId: !Ref ServerlessApi


ServerlessApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
AddDefaultAuthorizerToCorsPreflight: False
DefaultAuthorizer: MyLambdaRequestAuth
Authorizers:
MyLambdaRequestAuth:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt MyAuthFn.Arn
Identity:
Headers:
- Authorization1

MyAuthFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://bucket/key
Handler: index.handler
Runtime: nodejs8.10
47 changes: 47 additions & 0 deletions tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
Globals:
Api:
Cors: "origins"

Resources:
ApiFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/member_portal.zip
Handler: index.gethtml
Runtime: nodejs4.3
Events:
GetHtml:
Type: Api
Properties:
Path: /
Method: get
RestApiId: !Ref ServerlessApi

PostHtml:
Type: Api
Properties:
Path: /
Method: post
RestApiId: !Ref ServerlessApi


ServerlessApi:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: MyLambdaRequestAuth
Authorizers:
MyLambdaRequestAuth:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt MyAuthFn.Arn
Identity:
Headers:
- Authorization1

MyAuthFn:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://bucket/key
Handler: index.handler
Runtime: nodejs8.10
Loading