From 4ef6093f6f0c9e3dbe3545dff47fc1f7b8154f0f Mon Sep 17 00:00:00 2001 From: Tarun Date: Mon, 19 Jul 2021 08:04:58 -0700 Subject: [PATCH] Release/v1.38.0 (#2082) (#2095) * test: New test group to test for side effects (#2046) * test: New test group to test for side effects * refactor: Updated to use _compare_transform and test CN and GOV partitions * docs: fix dead link (#2045) * Percentage-based Enablement for Feature Toggle (#1952) * Percentage-based Enablement for Feature Toggle * Update Feature Toggle to accept stage, account_id and region during instanciation * remove unnecessary uses of dict.get method * Refactor feature toggle methods * Update test names * black reformat * Update FeatureToggle to require stage, region and account_id to instanciate * Update log message * Implement calculating account percentile based on hash of account_id and feature_name * Refactor _is_feature_enabled_for_region_config * Refactor dialup logic into its own classes * Add comments for dialup classes * Rename NeverEnabledDialup to DisabledDialup * chore(tests): Adding any tests (#2053) * Adding api_request_model any tests * Add any to api_request_model_openapi_3 cases * Add rest of relevant any test cases * Fix hashing to match python2 * add api_with_swagger_authorizer_none to be run * fix py2 hashes in api_with_swagger_authorizer_none tests Co-authored-by: Jacob Fuss * Add modes support for RestApi (#2055) * Adding Mode passthrough property to RestApi with unit tests. * Adding integration test for Mode * Fixing sam-translate for manual translation. * running black formatting * Running black formatting, again. * Clearing pip-wheel-metadata. * Clearing tmp folder created by integ test. Co-authored-by: Tarun Mall * chore: bump version to 1.38.0 (#2081) Co-authored-by: Mathieu Grandis <73313235+mgrandis@users.noreply.github.com> Co-authored-by: Chris Rehn Co-authored-by: Wing Fung Lau <4760060+hawflau@users.noreply.github.com> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss Co-authored-by: Tarun Mall Co-authored-by: Raymond Wang <14915548+wchengru@users.noreply.github.com> Co-authored-by: Mathieu Grandis <73313235+mgrandis@users.noreply.github.com> Co-authored-by: Chris Rehn Co-authored-by: Wing Fung Lau <4760060+hawflau@users.noreply.github.com> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss Co-authored-by: Tarun Mall Co-authored-by: Raymond Wang <14915548+wchengru@users.noreply.github.com> --- bin/sam-translate.py | 5 +- docs/safe_lambda_deployments.rst | 2 +- integration/helpers/base_test.py | 27 +- .../expected/single/basic_api_with_mode.json | 11 + .../single/basic_api_with_mode_update.json | 10 + .../templates/single/basic_api_with_mode.yaml | 34 + .../single/basic_api_with_mode_update.yaml | 24 + integration/single/test_basic_api.py | 19 + samtranslator/__init__.py | 2 +- samtranslator/feature_toggle/dialup.py | 74 ++ .../feature_toggle/feature_toggle.py | 83 +- samtranslator/model/api/api_generator.py | 5 + samtranslator/model/apigateway.py | 1 + samtranslator/model/sam_resources.py | 2 + samtranslator/translator/translator.py | 6 +- .../input/feature_toggle_config.json | 17 +- tests/feature_toggle/test_dialup.py | 65 ++ tests/feature_toggle/test_feature_toggle.py | 122 ++- tests/translator/input/api_request_model.yaml | 9 + .../input/api_request_model_openapi_3.yaml | 12 + .../input/api_with_apikey_required.yaml | 8 + .../api_with_apikey_required_openapi_3.yaml | 8 + .../input/api_with_auth_all_maximum.yaml | 52 +- .../api_with_auth_all_maximum_openapi_3.yaml | 52 +- .../input/api_with_auth_all_minimum.yaml | 18 + .../api_with_auth_all_minimum_openapi.yaml | 18 + .../input/api_with_auth_no_default.yaml | 18 + .../input/api_with_aws_account_blacklist.yaml | 6 + .../input/api_with_aws_account_whitelist.yaml | 13 + ...api_with_cors_and_auth_preflight_auth.yaml | 7 + ...cors_and_conditions_no_definitionbody.yaml | 7 + .../input/api_with_cors_and_only_methods.yaml | 5 + .../api_with_cors_no_definitionbody.yaml | 7 + ...efault_aws_iam_auth_and_no_auth_route.yaml | 14 + ...h_if_conditional_with_resource_policy.yaml | 7 + .../input/api_with_method_aws_iam_auth.yaml | 26 + tests/translator/input/api_with_mode.yaml | 22 + .../input/api_with_open_api_version.yaml | 5 + .../input/api_with_open_api_version_2.yaml | 5 + .../input/api_with_path_parameters.yaml | 6 + .../input/api_with_resource_policy.yaml | 7 + ..._with_resource_policy_global_implicit.yaml | 15 + .../input/api_with_resource_refs.yaml | 5 + .../input/api_with_source_vpc_blacklist.yaml | 5 + .../input/api_with_source_vpc_whitelist.yaml | 10 + ...pi_with_swagger_and_openapi_with_auth.yaml | 5 + .../api_with_swagger_authorizer_none.yaml | 24 + .../translator/input/api_with_usageplans.yaml | 7 + ...th_usageplans_shared_no_side_effect_1.yaml | 61 ++ ...th_usageplans_shared_no_side_effect_2.yaml | 34 + .../translator/output/api_request_model.json | 99 +- .../output/api_request_model_openapi_3.json | 57 +- .../output/api_with_apikey_required.json | 202 ++-- .../api_with_apikey_required_openapi_3.json | 198 ++-- .../output/api_with_auth_all_maximum.json | 775 +++++++++----- .../api_with_auth_all_maximum_openapi_3.json | 775 +++++++++----- .../output/api_with_auth_all_minimum.json | 692 +++++++----- .../api_with_auth_all_minimum_openapi.json | 692 +++++++----- .../output/api_with_auth_no_default.json | 655 +++++++----- .../api_with_aws_account_blacklist.json | 232 ++-- .../api_with_aws_account_whitelist.json | 235 +++-- ...api_with_cors_and_auth_preflight_auth.json | 517 +++++---- ...cors_and_conditions_no_definitionbody.json | 490 +++++---- .../api_with_cors_and_only_methods.json | 233 ++-- .../api_with_cors_no_definitionbody.json | 191 +++- ...efault_aws_iam_auth_and_no_auth_route.json | 193 +++- ...h_if_conditional_with_resource_policy.json | 287 ++--- .../output/api_with_method_aws_iam_auth.json | 237 +++-- tests/translator/output/api_with_mode.json | 109 ++ .../output/api_with_open_api_version.json | 239 +++-- .../output/api_with_open_api_version_2.json | 267 +++-- .../output/api_with_path_parameters.json | 115 +- .../output/api_with_resource_policy.json | 281 ++--- ..._with_resource_policy_global_implicit.json | 197 ++-- .../output/api_with_resource_refs.json | 273 ++--- .../output/api_with_source_vpc_blacklist.json | 224 ++-- .../output/api_with_source_vpc_whitelist.json | 430 +++++--- ...pi_with_swagger_and_openapi_with_auth.json | 324 +++--- .../api_with_swagger_authorizer_none.json | 945 +++++++++-------- .../output/api_with_usageplans.json | 770 +++++++------- ...th_usageplans_shared_no_side_effect_1.json | 343 ++++++ ...th_usageplans_shared_no_side_effect_2.json | 191 ++++ .../output/aws-cn/api_request_model.json | 47 +- .../aws-cn/api_request_model_openapi_3.json | 59 +- .../aws-cn/api_with_apikey_required.json | 170 +-- .../api_with_apikey_required_openapi_3.json | 206 ++-- .../aws-cn/api_with_auth_all_maximum.json | 787 +++++++++----- .../api_with_auth_all_maximum_openapi_3.json | 781 +++++++++----- .../aws-cn/api_with_auth_all_minimum.json | 718 +++++++------ .../api_with_auth_all_minimum_openapi.json | 728 +++++++------ .../aws-cn/api_with_auth_no_default.json | 701 +++++++------ .../api_with_aws_account_blacklist.json | 240 +++-- .../api_with_aws_account_whitelist.json | 229 ++-- ...api_with_cors_and_auth_preflight_auth.json | 525 +++++---- ...cors_and_conditions_no_definitionbody.json | 494 +++++---- .../api_with_cors_and_only_methods.json | 243 +++-- .../api_with_cors_no_definitionbody.json | 197 ++-- ...efault_aws_iam_auth_and_no_auth_route.json | 201 ++-- ...h_if_conditional_with_resource_policy.json | 295 +++--- .../aws-cn/api_with_method_aws_iam_auth.json | 271 +++-- .../output/aws-cn/api_with_mode.json | 117 +++ .../aws-cn/api_with_open_api_version.json | 181 +++- .../aws-cn/api_with_open_api_version_2.json | 281 +++-- .../aws-cn/api_with_path_parameters.json | 127 ++- .../aws-cn/api_with_resource_policy.json | 289 ++--- ..._with_resource_policy_global_implicit.json | 205 ++-- .../output/aws-cn/api_with_resource_refs.json | 297 +++--- .../aws-cn/api_with_source_vpc_blacklist.json | 232 ++-- .../aws-cn/api_with_source_vpc_whitelist.json | 452 +++++--- ...pi_with_swagger_and_openapi_with_auth.json | 340 +++--- .../api_with_swagger_authorizer_none.json | 993 ++++++++++-------- .../output/aws-cn/api_with_usageplans.json | 788 +++++++------- ...th_usageplans_shared_no_side_effect_1.json | 359 +++++++ ...th_usageplans_shared_no_side_effect_2.json | 199 ++++ .../output/aws-us-gov/api_request_model.json | 47 +- .../api_request_model_openapi_3.json | 55 +- .../aws-us-gov/api_with_apikey_required.json | 174 +-- .../api_with_apikey_required_openapi_3.json | 206 ++-- .../aws-us-gov/api_with_auth_all_maximum.json | 783 +++++++++----- .../api_with_auth_all_maximum_openapi_3.json | 779 +++++++++----- .../aws-us-gov/api_with_auth_all_minimum.json | 722 +++++++------ .../api_with_auth_all_minimum_openapi.json | 728 +++++++------ .../aws-us-gov/api_with_auth_no_default.json | 695 ++++++------ .../api_with_aws_account_blacklist.json | 240 +++-- .../api_with_aws_account_whitelist.json | 243 +++-- ...api_with_cors_and_auth_preflight_auth.json | 521 +++++---- ...cors_and_conditions_no_definitionbody.json | 498 +++++---- .../api_with_cors_and_only_methods.json | 233 ++-- .../api_with_cors_no_definitionbody.json | 197 ++-- ...efault_aws_iam_auth_and_no_auth_route.json | 199 ++-- ...h_if_conditional_with_resource_policy.json | 295 +++--- .../api_with_method_aws_iam_auth.json | 271 +++-- .../output/aws-us-gov/api_with_mode.json | 117 +++ .../aws-us-gov/api_with_open_api_version.json | 255 +++-- .../api_with_open_api_version_2.json | 281 +++-- .../aws-us-gov/api_with_path_parameters.json | 127 ++- .../aws-us-gov/api_with_resource_policy.json | 289 ++--- ..._with_resource_policy_global_implicit.json | 199 ++-- .../aws-us-gov/api_with_resource_refs.json | 295 +++--- .../api_with_source_vpc_blacklist.json | 232 ++-- .../api_with_source_vpc_whitelist.json | 452 +++++--- ...pi_with_swagger_and_openapi_with_auth.json | 342 +++--- .../api_with_swagger_authorizer_none.json | 993 ++++++++++-------- .../aws-us-gov/api_with_usageplans.json | 816 +++++++------- ...th_usageplans_shared_no_side_effect_1.json | 359 +++++++ ...th_usageplans_shared_no_side_effect_2.json | 199 ++++ tests/translator/test_translator.py | 45 + 147 files changed, 22958 insertions(+), 13156 deletions(-) create mode 100644 integration/resources/expected/single/basic_api_with_mode.json create mode 100644 integration/resources/expected/single/basic_api_with_mode_update.json create mode 100644 integration/resources/templates/single/basic_api_with_mode.yaml create mode 100644 integration/resources/templates/single/basic_api_with_mode_update.yaml create mode 100644 samtranslator/feature_toggle/dialup.py create mode 100644 tests/feature_toggle/test_dialup.py create mode 100644 tests/translator/input/api_with_mode.yaml create mode 100644 tests/translator/input/api_with_usageplans_shared_no_side_effect_1.yaml create mode 100644 tests/translator/input/api_with_usageplans_shared_no_side_effect_2.yaml create mode 100644 tests/translator/output/api_with_mode.json create mode 100644 tests/translator/output/api_with_usageplans_shared_no_side_effect_1.json create mode 100644 tests/translator/output/api_with_usageplans_shared_no_side_effect_2.json create mode 100644 tests/translator/output/aws-cn/api_with_mode.json create mode 100644 tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_1.json create mode 100644 tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_2.json create mode 100644 tests/translator/output/aws-us-gov/api_with_mode.json create mode 100644 tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_1.json create mode 100644 tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_2.json diff --git a/bin/sam-translate.py b/bin/sam-translate.py index 8bf75ba13..3e961031b 100755 --- a/bin/sam-translate.py +++ b/bin/sam-translate.py @@ -99,7 +99,10 @@ def transform_template(input_file_path, output_file_path): feature_toggle = FeatureToggle( FeatureToggleLocalConfigProvider( os.path.join(my_path, "..", "tests", "feature_toggle", "input", "feature_toggle_config.json") - ) + ), + stage=None, + account_id=None, + region=None, ) cloud_formation_template = transform(sam_template, {}, ManagedPolicyLoader(iam_client), feature_toggle) cloud_formation_template_prettified = json.dumps(cloud_formation_template, indent=2) diff --git a/docs/safe_lambda_deployments.rst b/docs/safe_lambda_deployments.rst index 437b9352a..c1d57a854 100644 --- a/docs/safe_lambda_deployments.rst +++ b/docs/safe_lambda_deployments.rst @@ -190,7 +190,7 @@ NOTE: Verify that your AWS SDK version supports PutLifecycleEventHookExecutionSt .. _PutLifecycleEventHookExecutionStatus: https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_PutLifecycleEventHookExecutionStatus.html -.. _Here: https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/lambda_safe_deployments/src/preTrafficHook.js +.. _Here: https://github.com/aws/serverless-application-model/blob/d168f371f494196a57032313075db9faae5587e4/examples/2016-10-31/lambda_safe_deployments/src/preTrafficHook.js Traffic Shifting Configurations ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/integration/helpers/base_test.py b/integration/helpers/base_test.py index 0fa5f32b2..e12410695 100644 --- a/integration/helpers/base_test.py +++ b/integration/helpers/base_test.py @@ -1,3 +1,4 @@ +import json import logging import os @@ -146,6 +147,28 @@ def create_and_verify_stack(self, file_name, parameters=None): self.deploy_stack(parameters) self.verify_stack() + def update_and_verify_stack(self, file_name, parameters=None): + """ + Updates the Cloud Formation stack and verifies it against the expected + result + + Parameters + ---------- + file_name : string + Template file name + parameters : list + List of parameters + """ + if not self.stack_name: + raise Exception("Stack not created.") + self.output_file_path = str(Path(self.output_dir, "cfn_" + file_name + ".yaml")) + self.expected_resource_path = str(Path(self.expected_dir, file_name + ".json")) + + self._fill_template(file_name) + self.transform_template() + self.deploy_stack(parameters) + self.verify_stack(end_state="UPDATE_COMPLETE") + def transform_template(self): transform_template(self.sub_input_file_path, self.output_file_path) @@ -342,12 +365,12 @@ def deploy_stack(self, parameters=None): self.stack_description = self.client_provider.cfn_client.describe_stacks(StackName=self.stack_name) self.stack_resources = self.client_provider.cfn_client.list_stack_resources(StackName=self.stack_name) - def verify_stack(self): + def verify_stack(self, end_state="CREATE_COMPLETE"): """ Gets and compares the Cloud Formation stack against the expect result file """ # verify if the stack was successfully created - self.assertEqual(self.stack_description["Stacks"][0]["StackStatus"], "CREATE_COMPLETE") + self.assertEqual(self.stack_description["Stacks"][0]["StackStatus"], end_state) # verify if the stack contains the expected resources error = verify_stack_resources(self.expected_resource_path, self.stack_resources) if error: diff --git a/integration/resources/expected/single/basic_api_with_mode.json b/integration/resources/expected/single/basic_api_with_mode.json new file mode 100644 index 000000000..fda128f59 --- /dev/null +++ b/integration/resources/expected/single/basic_api_with_mode.json @@ -0,0 +1,11 @@ +[ + {"LogicalResourceId": "MyApi", "ResourceType": "AWS::ApiGateway::RestApi"}, + {"LogicalResourceId": "MyApiDeploymenta808f15210", "ResourceType": "AWS::ApiGateway::Deployment"}, + {"LogicalResourceId": "MyApiMyNewStageNameStage", "ResourceType": "AWS::ApiGateway::Stage"}, + {"LogicalResourceId": "TestFunction", "ResourceType": "AWS::Lambda::Function"}, + {"LogicalResourceId": "TestFunctionAliaslive", "ResourceType": "AWS::Lambda::Alias"}, + {"LogicalResourceId": "TestFunctionGetPermissionMyNewStageName", "ResourceType": "AWS::Lambda::Permission"}, + {"LogicalResourceId": "TestFunctionPutPermissionMyNewStageName", "ResourceType": "AWS::Lambda::Permission"}, + {"LogicalResourceId": "TestFunctionRole", "ResourceType": "AWS::IAM::Role"}, + {"LogicalResourceId": "TestFunctionVersione9898fd501", "ResourceType": "AWS::Lambda::Version"} + ] diff --git a/integration/resources/expected/single/basic_api_with_mode_update.json b/integration/resources/expected/single/basic_api_with_mode_update.json new file mode 100644 index 000000000..bf701eca5 --- /dev/null +++ b/integration/resources/expected/single/basic_api_with_mode_update.json @@ -0,0 +1,10 @@ +[ + {"LogicalResourceId": "MyApi", "ResourceType": "AWS::ApiGateway::RestApi"}, + {"LogicalResourceId": "MyApiDeploymentada889e3ac", "ResourceType": "AWS::ApiGateway::Deployment"}, + {"LogicalResourceId": "MyApiMyNewStageNameStage", "ResourceType": "AWS::ApiGateway::Stage"}, + {"LogicalResourceId": "TestFunction", "ResourceType": "AWS::Lambda::Function"}, + {"LogicalResourceId": "TestFunctionAliaslive", "ResourceType": "AWS::Lambda::Alias"}, + {"LogicalResourceId": "TestFunctionPutPermissionMyNewStageName", "ResourceType": "AWS::Lambda::Permission"}, + {"LogicalResourceId": "TestFunctionRole", "ResourceType": "AWS::IAM::Role"}, + {"LogicalResourceId": "TestFunctionVersion847aaa5fc1", "ResourceType": "AWS::Lambda::Version"} + ] diff --git a/integration/resources/templates/single/basic_api_with_mode.yaml b/integration/resources/templates/single/basic_api_with_mode.yaml new file mode 100644 index 000000000..0aa4556c0 --- /dev/null +++ b/integration/resources/templates/single/basic_api_with_mode.yaml @@ -0,0 +1,34 @@ +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: MyNewStageName + Mode: overwrite + + TestFunction: + Type: 'AWS::Serverless::Function' + Properties: + Handler: index.handler + Runtime: python3.6 + AutoPublishAlias: live + InlineCode: | + import json + def handler(event, context): + return {'statusCode': 200, 'body': json.dumps('Hello World!')} + Events: + Get: + Type: Api + Properties: + Path: /get + Method: get + RestApiId: !Ref MyApi + Put: + Type: Api + Properties: + Path: /put + Method: put + RestApiId: !Ref MyApi + +Outputs: + ApiEndpoint: + Value: !Sub "https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/MyNewStageName" diff --git a/integration/resources/templates/single/basic_api_with_mode_update.yaml b/integration/resources/templates/single/basic_api_with_mode_update.yaml new file mode 100644 index 000000000..33991486a --- /dev/null +++ b/integration/resources/templates/single/basic_api_with_mode_update.yaml @@ -0,0 +1,24 @@ +Resources: + MyApi: + Type: AWS::Serverless::Api + Properties: + StageName: MyNewStageName + Mode: overwrite + + TestFunction: + Type: 'AWS::Serverless::Function' + Properties: + Handler: index.handler + Runtime: python3.6 + AutoPublishAlias: live + InlineCode: | + def handler(event, context): + print("Hello, world!") + Events: + Put: + Type: Api + Properties: + Path: /put + Method: put + RestApiId: !Ref MyApi + diff --git a/integration/single/test_basic_api.py b/integration/single/test_basic_api.py index 5e308d40d..a54fb1fd3 100644 --- a/integration/single/test_basic_api.py +++ b/integration/single/test_basic_api.py @@ -1,4 +1,5 @@ from integration.helpers.base_test import BaseTest +import requests class TestBasicApi(BaseTest): @@ -24,6 +25,24 @@ def test_basic_api(self): self.assertEqual(len(set(first_dep_ids).intersection(second_dep_ids)), 0) + def test_basic_api_with_mode(self): + """ + Creates an API and updates its DefinitionUri + """ + # Create an API with get and put + self.create_and_verify_stack("basic_api_with_mode") + + stack_output = self.get_stack_outputs() + api_endpoint = stack_output.get("ApiEndpoint") + response = requests.get(f"{api_endpoint}/get") + self.assertEqual(response.status_code, 200) + + # Removes get from the API + self.update_and_verify_stack("basic_api_with_mode_update") + response = requests.get(f"{api_endpoint}/get") + # API Gateway by default returns 403 if a path do not exist + self.assertEqual(response.status_code, 403) + def test_basic_api_inline_openapi(self): """ Creates an API with and inline OpenAPI and updates its DefinitionBody basePath diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 9483ec486..4ee5c8be1 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = "1.37.0" +__version__ = "1.38.0" diff --git a/samtranslator/feature_toggle/dialup.py b/samtranslator/feature_toggle/dialup.py new file mode 100644 index 000000000..ad48e5131 --- /dev/null +++ b/samtranslator/feature_toggle/dialup.py @@ -0,0 +1,74 @@ +import hashlib + + +class BaseDialup(object): + """BaseDialup class to provide an interface for all dialup classes""" + + def __init__(self, region_config, **kwargs): + self.region_config = region_config + + def is_enabled(self): + """ + Returns a bool on whether this dialup is enabled or not + """ + raise NotImplementedError + + def __str__(self): + return self.__class__.__name__ + + +class DisabledDialup(BaseDialup): + """ + A dialup that is never enabled + """ + + def __init__(self, region_config, **kwargs): + super(DisabledDialup, self).__init__(region_config) + + def is_enabled(self): + return False + + +class ToggleDialup(BaseDialup): + """ + A simple toggle Dialup + Example of region_config: { "type": "toggle", "enabled": True } + """ + + def __init__(self, region_config, **kwargs): + super(ToggleDialup, self).__init__(region_config) + self.region_config = region_config + + def is_enabled(self): + return self.region_config.get("enabled", False) + + +class SimpleAccountPercentileDialup(BaseDialup): + """ + Simple account percentile dialup, enabling X% of + Example of region_config: { "type": "account-percentile", "enabled-%": 20 } + """ + + def __init__(self, region_config, account_id, feature_name, **kwargs): + super(SimpleAccountPercentileDialup, self).__init__(region_config) + self.account_id = account_id + self.feature_name = feature_name + + def _get_account_percentile(self): + """ + Get account percentile based on sha256 hash of account ID and feature_name + + :returns: integer n, where 0 <= n < 100 + """ + m = hashlib.sha256() + m.update(self.account_id.encode()) + m.update(self.feature_name.encode()) + return int(m.hexdigest(), 16) % 100 + + def is_enabled(self): + """ + Enable when account_percentile falls within target_percentile + Meaning only (target_percentile)% of accounts will be enabled + """ + target_percentile = self.region_config.get("enabled-%", 0) + return self._get_account_percentile() < target_percentile diff --git a/samtranslator/feature_toggle/feature_toggle.py b/samtranslator/feature_toggle/feature_toggle.py index 6e665390c..2eddcfa1e 100644 --- a/samtranslator/feature_toggle/feature_toggle.py +++ b/samtranslator/feature_toggle/feature_toggle.py @@ -3,8 +3,14 @@ import json import boto3 import logging +import hashlib from botocore.config import Config +from samtranslator.feature_toggle.dialup import ( + DisabledDialup, + ToggleDialup, + SimpleAccountPercentileDialup, +) my_path = os.path.dirname(os.path.abspath(__file__)) sys.path.insert(0, my_path + "/..") @@ -18,50 +24,69 @@ class FeatureToggle: SAM is executing or not. """ - def __init__(self, config_provider): + DIALUP_RESOLVER = { + "toggle": ToggleDialup, + "account-percentile": SimpleAccountPercentileDialup, + } + + def __init__(self, config_provider, stage, account_id, region): self.feature_config = config_provider.config + self.stage = stage + self.account_id = account_id + self.region = region - def is_enabled_for_stage_in_region(self, feature_name, stage, region="default"): + def _get_dialup(self, region_config, feature_name): """ - To check if feature is available for a particular stage or not. - :param feature_name: name of feature - :param stage: stage where SAM is running - :param region: region in which SAM is running - :return: + get the right dialup instance + if no dialup type is provided or the specified dialup is not supported, + an instance of DisabledDialup will be returned + + :param region_config: region config + :param feature_name: feature_name + :return: an instance of """ - if feature_name not in self.feature_config: - LOG.warning("Feature '{}' not available in Feature Toggle Config.".format(feature_name)) - return False - stage_config = self.feature_config.get(feature_name, {}).get(stage, {}) - if not stage_config: - LOG.info("Stage '{}' not enabled for Feature '{}'.".format(stage, feature_name)) - return False - region_config = stage_config.get(region, {}) if region in stage_config else stage_config.get("default", {}) - is_enabled = region_config.get("enabled", False) - LOG.info("Feature '{}' is enabled: '{}'".format(feature_name, is_enabled)) - return is_enabled + dialup_type = region_config.get("type") + if dialup_type in FeatureToggle.DIALUP_RESOLVER: + return FeatureToggle.DIALUP_RESOLVER[dialup_type]( + region_config, account_id=self.account_id, feature_name=feature_name + ) + LOG.warning("Dialup type '{}' is None or is not supported.".format(dialup_type)) + return DisabledDialup(region_config) - def is_enabled_for_account_in_region(self, feature_name, stage, account_id, region="default"): + def is_enabled(self, feature_name): """ - To check if feature is available for a particular account or not. + To check if feature is available + :param feature_name: name of feature - :param stage: stage where SAM is running - :param account_id: account_id who is executing SAM template - :param region: region in which SAM is running - :return: """ if feature_name not in self.feature_config: LOG.warning("Feature '{}' not available in Feature Toggle Config.".format(feature_name)) return False + + stage = self.stage + region = self.region + account_id = self.account_id + if not stage or not region or not account_id: + LOG.warning( + "One or more of stage, region and account_id is not set. Feature '{}' not enabled.".format(feature_name) + ) + return False + stage_config = self.feature_config.get(feature_name, {}).get(stage, {}) if not stage_config: LOG.info("Stage '{}' not enabled for Feature '{}'.".format(stage, feature_name)) return False - account_config = stage_config.get(account_id) if account_id in stage_config else stage_config.get("default", {}) - region_config = ( - account_config.get(region, {}) if region in account_config else account_config.get("default", {}) - ) - is_enabled = region_config.get("enabled", False) + + if account_id in stage_config: + account_config = stage_config[account_id] + region_config = account_config[region] if region in account_config else account_config.get("default", {}) + else: + region_config = stage_config[region] if region in stage_config else stage_config.get("default", {}) + + dialup = self._get_dialup(region_config, feature_name=feature_name) + LOG.info("Using Dialip {}".format(dialup)) + is_enabled = dialup.is_enabled() + LOG.info("Feature '{}' is enabled: '{}'".format(feature_name, is_enabled)) return is_enabled diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index c026a9722..91ef47305 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -181,6 +181,7 @@ def __init__( models=None, domain=None, description=None, + mode=None, ): """Constructs an API Generator class that generates API Gateway resources @@ -231,6 +232,7 @@ def __init__( self.description = description self.shared_api_usage_plan = shared_api_usage_plan self.template_conditions = template_conditions + self.mode = mode def _construct_rest_api(self): """Constructs and returns the ApiGateway RestApi. @@ -284,6 +286,9 @@ def _construct_rest_api(self): if self.description: rest_api.Description = self.description + if self.mode: + rest_api.Mode = self.mode + return rest_api def _construct_body_s3_dict(self): diff --git a/samtranslator/model/apigateway.py b/samtranslator/model/apigateway.py index 649f277c6..7c91f894e 100644 --- a/samtranslator/model/apigateway.py +++ b/samtranslator/model/apigateway.py @@ -21,6 +21,7 @@ class ApiGatewayRestApi(Resource): "EndpointConfiguration": PropertyType(False, is_type(dict)), "BinaryMediaTypes": PropertyType(False, is_type(list)), "MinimumCompressionSize": PropertyType(False, is_type(int)), + "Mode": PropertyType(False, is_str()), } runtime_attrs = {"rest_api_id": lambda self: ref(self.logical_id)} diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index 516d5b3de..e8ddd291e 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -835,6 +835,7 @@ class SamApi(SamResourceMacro): "Models": PropertyType(False, is_type(dict)), "Domain": PropertyType(False, is_type(dict)), "Description": PropertyType(False, is_str()), + "Mode": PropertyType(False, is_str()), } referable_properties = { @@ -893,6 +894,7 @@ def to_cloudformation(self, **kwargs): models=self.Models, domain=self.Domain, description=self.Description, + mode=self.Mode, ) ( diff --git a/samtranslator/translator/translator.py b/samtranslator/translator/translator.py index b7449e02e..99e18e80f 100644 --- a/samtranslator/translator/translator.py +++ b/samtranslator/translator/translator.py @@ -92,7 +92,11 @@ def translate(self, sam_template, parameter_values, feature_toggle=None): :returns: a copy of the template with SAM resources replaced with the corresponding CloudFormation, which may \ be dumped into a valid CloudFormation JSON or YAML template """ - self.feature_toggle = feature_toggle if feature_toggle else FeatureToggle(FeatureToggleDefaultConfigProvider()) + self.feature_toggle = ( + feature_toggle + if feature_toggle + else FeatureToggle(FeatureToggleDefaultConfigProvider(), stage=None, account_id=None, region=None) + ) self.function_names = dict() self.redeploy_restapi_parameters = dict() sam_parameter_values = SamParameterValues(parameter_values) diff --git a/tests/feature_toggle/input/feature_toggle_config.json b/tests/feature_toggle/input/feature_toggle_config.json index d4b8ebabf..710f42cff 100644 --- a/tests/feature_toggle/input/feature_toggle_config.json +++ b/tests/feature_toggle/input/feature_toggle_config.json @@ -2,13 +2,20 @@ "__note__": "This is a dummy config for local testing. Any change here need to be migrated to SAM service.", "feature-1": { "beta": { - "us-west-2": {"enabled": true}, - "default": {"enabled": false}, - "123456789123": {"us-west-2": {"enabled": true}, "default": {"enabled": false}} + "us-west-2": {"type": "toggle", "enabled": true}, + "us-east-1": {"type": "account-percentile", "enabled-%": 10}, + "default": {"type": "toggle", "enabled": false}, + "123456789123": { + "us-west-2": {"type": "toggle", "enabled": true}, + "default": {"type": "toggle", "enabled": false} + } }, "gamma": { - "default": {"enabled": false}, - "123456789123": {"us-east-1": {"enabled": false}, "default": {"enabled": false}} + "default": {"type": "toggle", "enabled": false}, + "123456789123": { + "us-east-1": {"type": "toggle", "enabled": false}, + "default": {"type": "toggle", "enabled": false} + } }, "prod": {"default": {"enabled": false}} } diff --git a/tests/feature_toggle/test_dialup.py b/tests/feature_toggle/test_dialup.py new file mode 100644 index 000000000..2a613d862 --- /dev/null +++ b/tests/feature_toggle/test_dialup.py @@ -0,0 +1,65 @@ +from unittest import TestCase + +from parameterized import parameterized, param +from samtranslator.feature_toggle.dialup import * + + +class TestBaseDialup(TestCase): + def test___str__(self): + region_config = {} + dialup = BaseDialup(region_config) + self.assertEqual(str(dialup), "BaseDialup") + + +class TestDisabledDialup(TestCase): + def test_is_enabled(self): + region_config = {} + dialup = DisabledDialup(region_config) + self.assertFalse(dialup.is_enabled()) + + +class TestToggleDialUp(TestCase): + @parameterized.expand( + [ + param({"type": "toggle", "enabled": True}, True), + param({"type": "toggle", "enabled": False}, False), + param({"type": "toggle"}, False), # missing "enabled" key + ] + ) + def test_is_enabled(self, region_config, expected): + dialup = ToggleDialup(region_config) + self.assertEqual(dialup.is_enabled(), expected) + + +class TestSimpleAccountPercentileDialup(TestCase): + @parameterized.expand( + [ + param({"type": "account-percentile", "enabled-%": 10}, "feature-1", "123456789100", True), + param({"type": "account-percentile", "enabled-%": 10}, "feautre-1", "123456789123", False), + param({"type": "account-percentile", "enabled": True}, "feature-1", "123456789100", False), + ] + ) + def test_is_enabled(self, region_config, feature_name, account_id, expected): + dialup = SimpleAccountPercentileDialup( + region_config=region_config, + account_id=account_id, + feature_name=feature_name, + ) + self.assertEqual(dialup.is_enabled(), expected) + + @parameterized.expand( + [ + param("feature-1", "123456789123"), + param("feature-2", "000000000000"), + param("feature-3", "432187654321"), + param("feature-4", "111222333444"), + ] + ) + def test__get_account_percentile(self, account_id, feature_name): + region_config = {"type": "account-percentile", "enabled-%": 10} + dialup = SimpleAccountPercentileDialup( + region_config=region_config, + account_id=account_id, + feature_name=feature_name, + ) + self.assertTrue(0 <= dialup._get_account_percentile() < 100) diff --git a/tests/feature_toggle/test_feature_toggle.py b/tests/feature_toggle/test_feature_toggle.py index c4df7d683..56a432863 100644 --- a/tests/feature_toggle/test_feature_toggle.py +++ b/tests/feature_toggle/test_feature_toggle.py @@ -8,6 +8,7 @@ FeatureToggleLocalConfigProvider, FeatureToggleAppConfigConfigProvider, ) +from samtranslator.feature_toggle.dialup import ToggleDialup, SimpleAccountPercentileDialup, DisabledDialup my_path = os.path.dirname(os.path.abspath(__file__)) sys.path.insert(0, my_path + "/..") @@ -16,87 +17,112 @@ class TestFeatureToggle(TestCase): @parameterized.expand( [ - param("feature-1", "beta", "default", False), - param("feature-1", "beta", "us-west-2", True), - param("feature-2", "beta", "us-west-2", False), # because feature is missing + param("feature-1", "beta", "default", "123456789123", False), + param("feature-1", "beta", "us-west-2", "123456789123", True), + param("feature-2", "beta", "us-west-2", "123456789123", False), # because feature is missing + param("feature-1", "beta", "ap-south-1", "123456789124", False), # because default is used + param("feature-1", "alpha", "us-east-1", "123456789123", False), # non-exist stage + param("feature-1", "beta", "us-east-1", "123456789100", True), + param("feature-1", "beta", "us-east-1", "123456789123", False), + # any None for stage, region and account_id should return False + param("feature-1", None, None, None, False), + param("feature-1", "beta", None, None, False), + param("feature-1", "beta", "us-west-2", None, False), + param("feature-1", "beta", None, "123456789123", False), ] ) - def test_feature_toggle_with_local_provider_for_stage(self, feature_name, stage, region, expected): + def test_feature_toggle_with_local_provider(self, feature_name, stage, region, account_id, expected): feature_toggle = FeatureToggle( - FeatureToggleLocalConfigProvider(os.path.join(my_path, "input", "feature_toggle_config.json")) + FeatureToggleLocalConfigProvider(os.path.join(my_path, "input", "feature_toggle_config.json")), + stage=stage, + region=region, + account_id=account_id, ) - self.assertEqual(feature_toggle.is_enabled_for_stage_in_region(feature_name, stage, region), expected) + self.assertEqual(feature_toggle.is_enabled(feature_name), expected) @parameterized.expand( [ - param("feature-1", "beta", "default", "123456789123", False), - param("feature-1", "beta", "us-west-2", "123456789123", True), - param("feature-2", "beta", "us-west-2", "123456789124", False), # because feature is missing + param("toggle", ToggleDialup), + param("account-percentile", SimpleAccountPercentileDialup), + param("something-else", DisabledDialup), ] ) - def test_feature_toggle_with_local_provider_for_account_id(self, feature_name, stage, region, account_id, expected): + def test__get_dialup(self, dialup_type, expected_class): feature_toggle = FeatureToggle( - FeatureToggleLocalConfigProvider(os.path.join(my_path, "input", "feature_toggle_config.json")) - ) - self.assertEqual( - feature_toggle.is_enabled_for_account_in_region(feature_name, stage, account_id, region), expected + FeatureToggleLocalConfigProvider(os.path.join(my_path, "input", "feature_toggle_config.json")), + stage=None, + region=None, + account_id=None, ) + region_config = {"type": dialup_type} + dialup = feature_toggle._get_dialup(region_config, "some-feature") + self.assertIsInstance(dialup, expected_class) class TestFeatureToggleAppConfig(TestCase): def setUp(self): self.content_stream_mock = Mock() self.content_stream_mock.read.return_value = b""" - { - "feature-1": { - "beta": { - "us-west-2": {"enabled": true}, - "default": {"enabled": false}, - "123456789123": {"us-west-2": {"enabled": true}, "default": {"enabled": false}} - }, - "gamma": { - "default": {"enabled": false}, - "123456789123": {"us-east-1": {"enabled": false}, "default": {"enabled": false}} - }, - "prod": {"default": {"enabled": false}} + { + "feature-1": { + "beta": { + "us-west-2": {"type": "toggle", "enabled": true}, + "us-east-1": {"type": "account-percentile", "enabled-%": 10}, + "default": {"type": "toggle", "enabled": false}, + "123456789123": { + "us-west-2": {"type": "toggle", "enabled": true}, + "default": {"type": "toggle", "enabled": false} + } + }, + "gamma": { + "default": {"type": "toggle", "enabled": false}, + "123456789123": { + "us-east-1": {"type": "toggle", "enabled": false}, + "default": {"type": "toggle", "enabled": false} + } + }, + "prod": {"default": {"type": "toggle", "enabled": false}} + } } - } """ self.app_config_mock = Mock() self.app_config_mock.get_configuration.return_value = {"Content": self.content_stream_mock} - @parameterized.expand( - [ - param("feature-1", "beta", "default", False), - param("feature-1", "beta", "us-west-2", True), - param("feature-2", "beta", "us-west-2", False), # because feature is missing - ] - ) - @patch("samtranslator.feature_toggle.feature_toggle.boto3") - def test_feature_toggle_for_stage(self, feature_name, stage, region, expected, boto3_mock): - boto3_mock.client.return_value = self.app_config_mock - feature_toggle_config_provider = FeatureToggleAppConfigConfigProvider( - "test_app_id", "test_env_id", "test_conf_id" - ) - feature_toggle = FeatureToggle(feature_toggle_config_provider) - self.assertEqual(feature_toggle.is_enabled_for_stage_in_region(feature_name, stage, region), expected) - @parameterized.expand( [ param("feature-1", "beta", "default", "123456789123", False), param("feature-1", "beta", "us-west-2", "123456789123", True), - param("feature-2", "beta", "us-west-2", "123456789124", False), # because feature is missing + param("feature-2", "beta", "us-west-2", "123456789123", False), # because feature is missing + param("feature-1", "beta", "ap-south-1", "123456789124", False), # because default is used + param("feature-1", "alpha", "us-east-1", "123456789123", False), # non-exist stage + param("feature-1", "beta", "us-east-1", "123456789100", True), + param("feature-1", "beta", "us-east-1", "123456789123", False), + # any None for stage, region and account_id returns False + param("feature-1", None, None, None, False), + param("feature-1", "beta", None, None, False), + param("feature-1", "beta", "us-west-2", None, False), + param("feature-1", "beta", None, "123456789123", False), ] ) @patch("samtranslator.feature_toggle.feature_toggle.boto3") - def test_feature_toggle_with_local_provider_for_account_id( + def test_feature_toggle_with_appconfig_provider( self, feature_name, stage, region, account_id, expected, boto3_mock ): boto3_mock.client.return_value = self.app_config_mock feature_toggle_config_provider = FeatureToggleAppConfigConfigProvider( "test_app_id", "test_env_id", "test_conf_id" ) - feature_toggle = FeatureToggle(feature_toggle_config_provider) - self.assertEqual( - feature_toggle.is_enabled_for_account_in_region(feature_name, stage, account_id, region), expected + feature_toggle = FeatureToggle( + feature_toggle_config_provider, stage=stage, region=region, account_id=account_id + ) + self.assertEqual(feature_toggle.is_enabled(feature_name), expected) + + +class TestFeatureToggleAppConfigConfigProvider(TestCase): + @patch("samtranslator.feature_toggle.feature_toggle.boto3") + def test_feature_toggle_with_exception(self, boto3_mock): + boto3_mock.client.raiseError.side_effect = Exception() + feature_toggle_config_provider = FeatureToggleAppConfigConfigProvider( + "test_app_id", "test_env_id", "test_conf_id" ) + self.assertEqual(feature_toggle_config_provider.config, {}) diff --git a/tests/translator/input/api_request_model.yaml b/tests/translator/input/api_request_model.yaml index 4dc0c5f42..5c1d96b07 100644 --- a/tests/translator/input/api_request_model.yaml +++ b/tests/translator/input/api_request_model.yaml @@ -15,6 +15,15 @@ Resources: RequestModel: Model: User Required: true + AnyPath: + Type: Api + Properties: + RestApiId: HtmlApi + Path: /any + Method: any + RequestModel: + Model: User + Required: true HtmlApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_request_model_openapi_3.yaml b/tests/translator/input/api_request_model_openapi_3.yaml index 2e9a7d26d..69e003ebd 100644 --- a/tests/translator/input/api_request_model_openapi_3.yaml +++ b/tests/translator/input/api_request_model_openapi_3.yaml @@ -27,6 +27,18 @@ Resources: Path: /iam Auth: Authorizer: AWS_IAM + AnyIam: + Type: Api + Properties: + RequestModel: + Model: User + Required: true + RestApiId: + Ref: HtmlApi + Method: any + Path: /any/iam + Auth: + Authorizer: AWS_IAM HtmlApi: diff --git a/tests/translator/input/api_with_apikey_required.yaml b/tests/translator/input/api_with_apikey_required.yaml index 4ae8e5268..27dfe9a72 100644 --- a/tests/translator/input/api_with_apikey_required.yaml +++ b/tests/translator/input/api_with_apikey_required.yaml @@ -19,3 +19,11 @@ Resources: Method: get Auth: ApiKeyRequired: true + MyApiWithApiKeyRequiredAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithoutAuth + Path: /any/ApiKeyRequiredTrue + Method: any + Auth: + ApiKeyRequired: true diff --git a/tests/translator/input/api_with_apikey_required_openapi_3.yaml b/tests/translator/input/api_with_apikey_required_openapi_3.yaml index e3140b594..bd962b770 100644 --- a/tests/translator/input/api_with_apikey_required_openapi_3.yaml +++ b/tests/translator/input/api_with_apikey_required_openapi_3.yaml @@ -20,3 +20,11 @@ Resources: Method: get Auth: ApiKeyRequired: true + MyApiWithApiKeyRequiredAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithoutAuth + Path: /any/ApiKeyRequiredTrue + Method: any + Auth: + ApiKeyRequired: true diff --git a/tests/translator/input/api_with_auth_all_maximum.yaml b/tests/translator/input/api_with_auth_all_maximum.yaml index 831425e6d..67e3f4a8e 100644 --- a/tests/translator/input/api_with_auth_all_maximum.yaml +++ b/tests/translator/input/api_with_auth_all_maximum.yaml @@ -50,7 +50,7 @@ Resources: Context: - Authorization4 ReauthorizeEvery: 0 - + MyFunction: Type: AWS::Serverless::Function Properties: @@ -66,6 +66,14 @@ Resources: Method: get Auth: Authorizer: NONE + WithNoAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/noauth + Method: any + Auth: + Authorizer: NONE WithCognitoMultipleUserPoolsAuthorizer: Type: Api Properties: @@ -74,6 +82,14 @@ Resources: Method: post Auth: Authorizer: MyCognitoAuthMultipleUserPools + WithCognitoMultipleUserPoolsAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/cognitomultiple + Method: any + Auth: + Authorizer: MyCognitoAuthMultipleUserPools WithLambdaTokenAuthorizer: Type: Api Properties: @@ -82,7 +98,15 @@ Resources: Method: get Auth: Authorizer: MyLambdaTokenAuth - WithLambdaTokenAuthorizer: + WithLambdaTokenAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdatoken + Method: any + Auth: + Authorizer: MyLambdaTokenAuth + WithLambdaTokenNoneAuthorizer: Type: Api Properties: RestApiId: !Ref MyApi @@ -90,6 +114,14 @@ Resources: Method: patch Auth: Authorizer: MyLambdaTokenAuthNoneFunctionInvokeRole + WithLambdaTokenNoneAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdatokennone + Method: any + Auth: + Authorizer: MyLambdaTokenAuthNoneFunctionInvokeRole WithLambdaRequestAuthorizer: Type: Api Properties: @@ -98,9 +130,23 @@ Resources: Method: delete Auth: Authorizer: MyLambdaRequestAuth + WithLambdaRequestAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdarequest + Method: any + Auth: + Authorizer: MyLambdaRequestAuth WithDefaultAuthorizer: Type: Api Properties: RestApiId: !Ref MyApi Path: /users - Method: put \ No newline at end of file + Method: put + WithDefaultAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/default + Method: any \ No newline at end of file diff --git a/tests/translator/input/api_with_auth_all_maximum_openapi_3.yaml b/tests/translator/input/api_with_auth_all_maximum_openapi_3.yaml index 0012f8bc1..5c8d3597e 100644 --- a/tests/translator/input/api_with_auth_all_maximum_openapi_3.yaml +++ b/tests/translator/input/api_with_auth_all_maximum_openapi_3.yaml @@ -51,7 +51,7 @@ Resources: Context: - Authorization4 ReauthorizeEvery: 0 - + MyFunction: Type: AWS::Serverless::Function Properties: @@ -67,6 +67,14 @@ Resources: Method: get Auth: Authorizer: NONE + WithNoAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/noauth + Method: any + Auth: + Authorizer: NONE WithCognitoMultipleUserPoolsAuthorizer: Type: Api Properties: @@ -75,6 +83,14 @@ Resources: Method: post Auth: Authorizer: MyCognitoAuthMultipleUserPools + WithCognitoMultipleUserPoolsAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/cognitomultiple + Method: any + Auth: + Authorizer: MyCognitoAuthMultipleUserPools WithLambdaTokenAuthorizer: Type: Api Properties: @@ -83,7 +99,15 @@ Resources: Method: get Auth: Authorizer: MyLambdaTokenAuth - WithLambdaTokenAuthorizer: + WithLambdaTokenAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdatoken + Method: any + Auth: + Authorizer: MyLambdaTokenAuth + WithLambdaTokenNoneAuthorizer: Type: Api Properties: RestApiId: !Ref MyApi @@ -91,6 +115,14 @@ Resources: Method: patch Auth: Authorizer: MyLambdaTokenAuthNoneFunctionInvokeRole + WithLambdaTokenNoneAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdatokennone + Method: any + Auth: + Authorizer: MyLambdaTokenAuthNoneFunctionInvokeRole WithLambdaRequestAuthorizer: Type: Api Properties: @@ -99,9 +131,23 @@ Resources: Method: delete Auth: Authorizer: MyLambdaRequestAuth + WithLambdaRequestAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/lambdarequest + Method: any + Auth: + Authorizer: MyLambdaRequestAuth WithDefaultAuthorizer: Type: Api Properties: RestApiId: !Ref MyApi Path: /users - Method: put \ No newline at end of file + Method: put + WithDefaultAuthorizerAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApi + Path: /any/default + Method: any \ No newline at end of file diff --git a/tests/translator/input/api_with_auth_all_minimum.yaml b/tests/translator/input/api_with_auth_all_minimum.yaml index f6eda0af2..399df7612 100644 --- a/tests/translator/input/api_with_auth_all_minimum.yaml +++ b/tests/translator/input/api_with_auth_all_minimum.yaml @@ -51,18 +51,36 @@ Resources: RestApiId: !Ref MyApiWithCognitoAuth Method: get Path: /cognito + CognitoAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithCognitoAuth + Method: any + Path: /any/cognito LambdaToken: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaTokenAuth Method: get Path: /lambda-token + LambdaTokenAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaTokenAuth + Method: any + Path: /any/lambda-token LambdaRequest: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaRequestAuth Method: get Path: /lambda-request + LambdaRequestAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Method: any + Path: /any/lambda-request MyUserPool: Type: AWS::Cognito::UserPool Properties: diff --git a/tests/translator/input/api_with_auth_all_minimum_openapi.yaml b/tests/translator/input/api_with_auth_all_minimum_openapi.yaml index 486bd1250..bfa377bbb 100644 --- a/tests/translator/input/api_with_auth_all_minimum_openapi.yaml +++ b/tests/translator/input/api_with_auth_all_minimum_openapi.yaml @@ -54,18 +54,36 @@ Resources: RestApiId: !Ref MyApiWithCognitoAuth Method: get Path: /cognito + CognitoAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithCognitoAuth + Method: any + Path: /any/cognito LambdaToken: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaTokenAuth Method: get Path: /lambda-token + LambdaTokenAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaTokenAuth + Method: any + Path: /any/lambda-token LambdaRequest: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaRequestAuth Method: get Path: /lambda-request + LambdaRequestAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Method: any + Path: /any/lambda-request MyUserPool: Type: AWS::Cognito::UserPool Properties: diff --git a/tests/translator/input/api_with_auth_no_default.yaml b/tests/translator/input/api_with_auth_no_default.yaml index 85d591b06..3f3900386 100644 --- a/tests/translator/input/api_with_auth_no_default.yaml +++ b/tests/translator/input/api_with_auth_no_default.yaml @@ -48,18 +48,36 @@ Resources: RestApiId: !Ref MyApiWithCognitoAuth Method: get Path: /cognito + CognitoAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithCognitoAuth + Method: any + Path: /any/cognito LambdaToken: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaTokenAuth Method: get Path: /lambda-token + LambdaTokenAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaTokenAuth + Method: any + Path: /any/lambda-token LambdaRequest: Type: Api Properties: RestApiId: !Ref MyApiWithLambdaRequestAuth Method: get Path: /lambda-request + LambdaRequestAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Method: any + Path: /any/lambda-request MyUserPool: Type: AWS::Cognito::UserPool Properties: diff --git a/tests/translator/input/api_with_aws_account_blacklist.yaml b/tests/translator/input/api_with_aws_account_blacklist.yaml index b93e63d9b..19b51412a 100644 --- a/tests/translator/input/api_with_aws_account_blacklist.yaml +++ b/tests/translator/input/api_with_aws_account_blacklist.yaml @@ -23,3 +23,9 @@ Resources: Properties: Method: Put Path: /get + Any: + Type: Api + Properties: + Method: any + Path: /any + diff --git a/tests/translator/input/api_with_aws_account_whitelist.yaml b/tests/translator/input/api_with_aws_account_whitelist.yaml index c69a9b64f..ff55cbae2 100644 --- a/tests/translator/input/api_with_aws_account_whitelist.yaml +++ b/tests/translator/input/api_with_aws_account_whitelist.yaml @@ -26,3 +26,16 @@ Resources: ] Method: Put Path: /get + Any: + Type: Api + Properties: + Auth: + ResourcePolicy: + AwsAccountWhitelist: [ + "12345" + ] + AwsAccountBlacklist: [ + "67890" + ] + Method: any + Path: /any diff --git a/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml index e984428c1..1fb222b89 100644 --- a/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml +++ b/tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml @@ -24,6 +24,13 @@ Resources: Method: post RestApiId: !Ref ServerlessApi + AnyHtml: + Type: Api + Properties: + Path: /any + Method: any + RestApiId: !Ref ServerlessApi + ServerlessApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_cors_and_conditions_no_definitionbody.yaml b/tests/translator/input/api_with_cors_and_conditions_no_definitionbody.yaml index 6070b112d..5075726ae 100644 --- a/tests/translator/input/api_with_cors_and_conditions_no_definitionbody.yaml +++ b/tests/translator/input/api_with_cors_and_conditions_no_definitionbody.yaml @@ -48,6 +48,13 @@ Resources: Path: / Method: post + AnyHtml: + Type: Api + Properties: + RestApiId: !Ref ExplicitApi + Path: /any + Method: any + ExplicitApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_cors_and_only_methods.yaml b/tests/translator/input/api_with_cors_and_only_methods.yaml index 1ee2d9288..724de4301 100644 --- a/tests/translator/input/api_with_cors_and_only_methods.yaml +++ b/tests/translator/input/api_with_cors_and_only_methods.yaml @@ -16,4 +16,9 @@ Resources: Properties: Path: / Method: get + AnyHtml: + Type: Api + Properties: + Path: /any + Method: any diff --git a/tests/translator/input/api_with_cors_no_definitionbody.yaml b/tests/translator/input/api_with_cors_no_definitionbody.yaml index f8b7bcd52..7d496c2f9 100644 --- a/tests/translator/input/api_with_cors_no_definitionbody.yaml +++ b/tests/translator/input/api_with_cors_no_definitionbody.yaml @@ -27,6 +27,13 @@ Resources: Path: / Method: post + AnyHtml: + Type: Api + Properties: + RestApiId: !Ref ExplicitApi + Path: /any + Method: any + ExplicitApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_default_aws_iam_auth_and_no_auth_route.yaml b/tests/translator/input/api_with_default_aws_iam_auth_and_no_auth_route.yaml index 8bad58788..d3d69d577 100644 --- a/tests/translator/input/api_with_default_aws_iam_auth_and_no_auth_route.yaml +++ b/tests/translator/input/api_with_default_aws_iam_auth_and_no_auth_route.yaml @@ -19,6 +19,12 @@ Resources: RestApiId: !Ref MyApiWithAwsIamAuth Path: / Method: post + MyApiWithAwsIamAuthAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithAwsIamAuth + Path: /any/iam + Method: any MyApiWithNoAuth: Type: Api Properties: @@ -27,3 +33,11 @@ Resources: Method: get Auth: Authorizer: 'NONE' + MyApiWithNoAuthAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithAwsIamAuth + Path: /any/none + Method: any + Auth: + Authorizer: 'NONE' diff --git a/tests/translator/input/api_with_if_conditional_with_resource_policy.yaml b/tests/translator/input/api_with_if_conditional_with_resource_policy.yaml index 3ffecb9b7..cfbc74ec1 100644 --- a/tests/translator/input/api_with_if_conditional_with_resource_policy.yaml +++ b/tests/translator/input/api_with_if_conditional_with_resource_policy.yaml @@ -50,5 +50,12 @@ Resources: Ref: ExplicitApi Path: /three Method: put + AnyHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /any + Method: any \ No newline at end of file diff --git a/tests/translator/input/api_with_method_aws_iam_auth.yaml b/tests/translator/input/api_with_method_aws_iam_auth.yaml index 8a1c8c6da..16c06dc43 100644 --- a/tests/translator/input/api_with_method_aws_iam_auth.yaml +++ b/tests/translator/input/api_with_method_aws_iam_auth.yaml @@ -37,3 +37,29 @@ Resources: Auth: Authorizer: AWS_IAM InvokeRole: CALLER_CREDENTIALS + MyApiWithAwsIamAuthAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithoutAuth + Path: /any/one + Method: any + Auth: + Authorizer: AWS_IAM + MyApiWithAwsIamAuthAndCustomInvokeRoleAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithoutAuth + Path: /any/two + Method: any + Auth: + Authorizer: AWS_IAM + InvokeRole: rn:aws:iam::123:role/AUTH_AWS_IAM + MyApiWithAwsIamAuthAndDefaultInvokeRoleAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithoutAuth + Path: /any/three + Method: any + Auth: + Authorizer: AWS_IAM + InvokeRole: CALLER_CREDENTIALS diff --git a/tests/translator/input/api_with_mode.yaml b/tests/translator/input/api_with_mode.yaml new file mode 100644 index 000000000..8df0693af --- /dev/null +++ b/tests/translator/input/api_with_mode.yaml @@ -0,0 +1,22 @@ +Resources: + Function: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/member_portal.zip + Handler: index.gethtml + Runtime: nodejs12.x + Events: + GetHtml: + Type: Api + Properties: + RestApiId: Api + Path: / + Method: get + + Api: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionUri: s3://sam-demo-bucket/webpage_swagger.json + Description: my description + Mode: overwrite diff --git a/tests/translator/input/api_with_open_api_version.yaml b/tests/translator/input/api_with_open_api_version.yaml index 1ffd32bd6..7efa33f62 100644 --- a/tests/translator/input/api_with_open_api_version.yaml +++ b/tests/translator/input/api_with_open_api_version.yaml @@ -16,6 +16,11 @@ Resources: Properties: Path: / Method: get + AnyHtml: + Type: Api + Properties: + Path: /any + Method: any ExplicitApi: Type: AWS::Serverless::Api Properties: diff --git a/tests/translator/input/api_with_open_api_version_2.yaml b/tests/translator/input/api_with_open_api_version_2.yaml index 688344e03..52e653032 100644 --- a/tests/translator/input/api_with_open_api_version_2.yaml +++ b/tests/translator/input/api_with_open_api_version_2.yaml @@ -16,6 +16,11 @@ Resources: Properties: Path: / Method: get + AnyHtml: + Type: Api + Properties: + Path: /any + Method: any ExplicitApi: Type: AWS::Serverless::Api Properties: diff --git a/tests/translator/input/api_with_path_parameters.yaml b/tests/translator/input/api_with_path_parameters.yaml index ac79e312c..e1799d3e7 100644 --- a/tests/translator/input/api_with_path_parameters.yaml +++ b/tests/translator/input/api_with_path_parameters.yaml @@ -12,6 +12,12 @@ Resources: RestApiId: HtmlApi Path: /{prameter}/resources Method: get + AnyHtml: + Type: Api + Properties: + RestApiId: HtmlApi + Path: /any/{prameter}/resources + Method: any HtmlApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_resource_policy.yaml b/tests/translator/input/api_with_resource_policy.yaml index fb9071db2..2c3478384 100644 --- a/tests/translator/input/api_with_resource_policy.yaml +++ b/tests/translator/input/api_with_resource_policy.yaml @@ -37,5 +37,12 @@ Resources: Ref: ExplicitApi Path: /three Method: put + AnyHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /any + Method: any \ No newline at end of file diff --git a/tests/translator/input/api_with_resource_policy_global_implicit.yaml b/tests/translator/input/api_with_resource_policy_global_implicit.yaml index d3599c73c..613f67dc1 100644 --- a/tests/translator/input/api_with_resource_policy_global_implicit.yaml +++ b/tests/translator/input/api_with_resource_policy_global_implicit.yaml @@ -21,3 +21,18 @@ Resources: Action: 'execute-api:blah', Resource: ['execute-api:/*/*/*'] }] + AddItemAnyMethod: + Type: Api + Properties: + Path: /any/add + Method: any + Auth: + ResourcePolicy: + CustomStatements: [{ + Action: 'execute-api:Invoke', + Resource: ['execute-api:/*/*/*'] + }, + { + Action: 'execute-api:blah', + Resource: ['execute-api:/*/*/*'] + }] diff --git a/tests/translator/input/api_with_resource_refs.yaml b/tests/translator/input/api_with_resource_refs.yaml index 3381677ef..e84845cbb 100644 --- a/tests/translator/input/api_with_resource_refs.yaml +++ b/tests/translator/input/api_with_resource_refs.yaml @@ -21,6 +21,11 @@ Resources: Properties: Path: /html Method: GET + GetHtmlAnyMethod: + Type: Api + Properties: + Path: /any/html + Method: any Outputs: ImplicitApiDeployment: diff --git a/tests/translator/input/api_with_source_vpc_blacklist.yaml b/tests/translator/input/api_with_source_vpc_blacklist.yaml index 65073bded..6315a7931 100644 --- a/tests/translator/input/api_with_source_vpc_blacklist.yaml +++ b/tests/translator/input/api_with_source_vpc_blacklist.yaml @@ -23,4 +23,9 @@ Resources: Properties: Method: Put Path: /get + ApiAnyMethod: + Type: Api + Properties: + Method: any + Path: /any/get diff --git a/tests/translator/input/api_with_source_vpc_whitelist.yaml b/tests/translator/input/api_with_source_vpc_whitelist.yaml index 1cacf3941..f67ea34d8 100644 --- a/tests/translator/input/api_with_source_vpc_whitelist.yaml +++ b/tests/translator/input/api_with_source_vpc_whitelist.yaml @@ -31,11 +31,21 @@ Resources: Properties: Method: Put Path: /get + ApiAnyMethod: + Type: Api + Properties: + Method: any + Path: /any/get Fetch: Type: Api Properties: Method: Post Path: /fetch + FetchAnyMethod: + Type: Api + Properties: + Method: any + Path: /any/fetch MyApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_swagger_and_openapi_with_auth.yaml b/tests/translator/input/api_with_swagger_and_openapi_with_auth.yaml index af30762da..1b796e449 100644 --- a/tests/translator/input/api_with_swagger_and_openapi_with_auth.yaml +++ b/tests/translator/input/api_with_swagger_and_openapi_with_auth.yaml @@ -24,6 +24,11 @@ Resources: Properties: Path: / Method: get + GetHtmlAnyMethod: + Type: Api + Properties: + Path: /any + Method: any ExplicitApi: Type: AWS::Serverless::Api diff --git a/tests/translator/input/api_with_swagger_authorizer_none.yaml b/tests/translator/input/api_with_swagger_authorizer_none.yaml index eb0ae32be..98173772e 100644 --- a/tests/translator/input/api_with_swagger_authorizer_none.yaml +++ b/tests/translator/input/api_with_swagger_authorizer_none.yaml @@ -85,6 +85,14 @@ Resources: Auth: Authorizer: NONE Path: /cognito + CognitoAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithCognitoAuth + Method: any + Auth: + Authorizer: NONE + Path: /any/cognito LambdaToken: Type: Api Properties: @@ -93,6 +101,14 @@ Resources: Auth: Authorizer: NONE Path: /lambda-token + LambdaTokenAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaTokenAuth + Method: any + Auth: + Authorizer: NONE + Path: /any/lambda-token LambdaRequest: Type: Api Properties: @@ -101,6 +117,14 @@ Resources: Authorizer: NONE Method: get Path: /lambda-request + LambdaRequestAnyMethod: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Auth: + Authorizer: NONE + Method: any + Path: /any/lambda-request MyUserPool: Type: AWS::Cognito::UserPool diff --git a/tests/translator/input/api_with_usageplans.yaml b/tests/translator/input/api_with_usageplans.yaml index 836d98648..41b08e493 100644 --- a/tests/translator/input/api_with_usageplans.yaml +++ b/tests/translator/input/api_with_usageplans.yaml @@ -63,6 +63,13 @@ Resources: Ref: MyApiOne Method: get Path: /path/one + ApiKeyAnyMethod: + Type: Api + Properties: + RestApiId: + Ref: MyApiOne + Method: any + Path: /any/path/one MyFunctionTwo: Type: AWS::Serverless::Function diff --git a/tests/translator/input/api_with_usageplans_shared_no_side_effect_1.yaml b/tests/translator/input/api_with_usageplans_shared_no_side_effect_1.yaml new file mode 100644 index 000000000..f05fe7511 --- /dev/null +++ b/tests/translator/input/api_with_usageplans_shared_no_side_effect_1.yaml @@ -0,0 +1,61 @@ +Globals: + Api: + Auth: + ApiKeyRequired: true + UsagePlan: + CreateUsagePlan: SHARED + +Resources: + MyApiOne: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + + MyApiTwo: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + + MyFunctionOne: + Type: AWS::Serverless::Function + Properties: + Handler: index.handler + Runtime: nodejs12.x + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Events: + ApiKey: + Type: Api + Properties: + RestApiId: + Ref: MyApiOne + Method: get + Path: /path/one + + MyFunctionTwo: + Type: AWS::Serverless::Function + Properties: + Handler: index.handler + Runtime: nodejs12.x + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Events: + ApiKey: + Type: Api + Properties: + RestApiId: + Ref: MyApiTwo + Method: get + Path: /path/two diff --git a/tests/translator/input/api_with_usageplans_shared_no_side_effect_2.yaml b/tests/translator/input/api_with_usageplans_shared_no_side_effect_2.yaml new file mode 100644 index 000000000..857e38769 --- /dev/null +++ b/tests/translator/input/api_with_usageplans_shared_no_side_effect_2.yaml @@ -0,0 +1,34 @@ +Globals: + Api: + Auth: + ApiKeyRequired: true + UsagePlan: + CreateUsagePlan: SHARED + +Resources: + MyApiFour: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + + MyFunctionFour: + Type: AWS::Serverless::Function + Properties: + Handler: index.handler + Runtime: nodejs12.x + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Events: + ApiKey: + Type: Api + Properties: + RestApiId: + Ref: MyApiFour + Method: get + Path: /path/four diff --git a/tests/translator/output/api_request_model.json b/tests/translator/output/api_request_model.json index 681e277e0..f90ea14b4 100644 --- a/tests/translator/output/api_request_model.json +++ b/tests/translator/output/api_request_model.json @@ -1,7 +1,7 @@ { "Resources": { "HtmlFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" @@ -13,13 +13,13 @@ } ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -29,30 +29,30 @@ ] } } - }, + }, "HtmlApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeploymentdd6198efe6" - }, + "Ref": "HtmlApiDeploymentcb065c609e" + }, "RestApiId": { "Ref": "HtmlApi" - }, + }, "StageName": "Prod" } - }, + }, "HtmlFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "HtmlFunction" - }, + }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { "__Stage__": "*", "__ApiId__": "HtmlApi" @@ -61,18 +61,37 @@ } } }, - "HtmlApiDeploymentdd6198efe6": { - "Type": "AWS::ApiGateway::Deployment", + "HtmlFunctionAnyPathPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } + } + }, + "HtmlApiDeploymentcb065c609e": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" - }, - "Description": "RestApi deployment id: dd6198efe68d8db17c8bf6b680a8a6763e4f36b5", + }, + "Description": "RestApi deployment id: cb065c609e3452b9ac6cc88cd778dce0647a0a10", "StageName": "Stage" } - }, + }, "HtmlApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { @@ -103,6 +122,28 @@ } ] } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + } + }, + "responses": {}, + "parameters": [ + { + "in": "body", + "name": "user", + "schema": { + "$ref": "#/definitions/user" + }, + "required": true + } + ] + } } }, "swagger": "2.0", @@ -118,25 +159,25 @@ } } } - }, + }, "HtmlFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, - "Handler": "index.gethtml", + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "HtmlFunctionRole", + "HtmlFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", + "Value": "SAM", "Key": "lambda:createdBy" } ] diff --git a/tests/translator/output/api_request_model_openapi_3.json b/tests/translator/output/api_request_model_openapi_3.json index 807a0b23a..a753e620a 100644 --- a/tests/translator/output/api_request_model_openapi_3.json +++ b/tests/translator/output/api_request_model_openapi_3.json @@ -34,7 +34,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeployment59eeb787ee" + "Ref": "HtmlApiDeployment8abd7f79f8" }, "RestApiId": { "Ref": "HtmlApi" @@ -62,7 +62,28 @@ ] } } - }, + }, + "HtmlFunctionAnyIamPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "HtmlApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -123,6 +144,34 @@ }, "responses": {} } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/user" + } + } + }, + "required": true + } + } } }, "openapi": "3.0", @@ -149,13 +198,13 @@ } } }, - "HtmlApiDeployment59eeb787ee": { + "HtmlApiDeployment8abd7f79f8": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" }, - "Description": "RestApi deployment id: 59eeb787ee1561329a07e10162ac3718998e9f91" + "Description": "RestApi deployment id: 8abd7f79f8fd0aafe51e2201d63602c78a3e0e2a" } }, "HtmlFunctionGetHtmlPermissionProd": { diff --git a/tests/translator/output/api_with_apikey_required.json b/tests/translator/output/api_with_apikey_required.json index 94759d029..170dd25ae 100644 --- a/tests/translator/output/api_with_apikey_required.json +++ b/tests/translator/output/api_with_apikey_required.json @@ -1,25 +1,39 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -27,114 +41,138 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, "MyApiWithoutAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } } - }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApiWithoutAuthDeploymentc47cf7fb87": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment3ab9d13134" - }, + "Description": "RestApi deployment id: c47cf7fb87aa0c8e202c94eeb1f86c9cdc06e837", "RestApiId": { "Ref": "MyApiWithoutAuth" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } - } - }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + }, + "StageName": "Stage" } - }, - "MyApiWithoutAuthDeployment3ab9d13134": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeploymentc47cf7fb87" + }, "RestApiId": { "Ref": "MyApiWithoutAuth" - }, - "Description": "RestApi deployment id: 3ab9d13134bf550e275a303c6987801dfb7f9d7b", - "StageName": "Stage" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_apikey_required_openapi_3.json b/tests/translator/output/api_with_apikey_required_openapi_3.json index 119728b18..bd07b57de 100644 --- a/tests/translator/output/api_with_apikey_required_openapi_3.json +++ b/tests/translator/output/api_with_apikey_required_openapi_3.json @@ -1,25 +1,39 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -27,115 +41,139 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, - "MyApiWithoutAuthDeployment8770e31c42": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" - }, - "Description": "RestApi deployment id: 8770e31c425e4cc01e67db6627300b459720eff9" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyApiWithoutAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } } } - }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApiWithoutAuthDeploymentb2fabd579c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment8770e31c42" - }, + "Description": "RestApi deployment id: b2fabd579c4423986c964662a3c726a321db962e", "RestApiId": { "Ref": "MyApiWithoutAuth" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] } } - }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeploymentb2fabd579c" + }, + "RestApiId": { + "Ref": "MyApiWithoutAuth" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_auth_all_maximum.json b/tests/translator/output/api_with_auth_all_maximum.json index 9615a989f..f6570f17c 100644 --- a/tests/translator/output/api_with_auth_all_maximum.json +++ b/tests/translator/output/api_with_auth_all_maximum.json @@ -1,378 +1,681 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, + { + "api_key": [] + } + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, { "api_key": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } - } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiDeployment563edb7c42": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "Description": "RestApi deployment id: 563edb7c42f90929db0861af12bcd8046b8cb057", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" } }, - "MyApiDeployment0cec4886a5": { - "Type": "AWS::ApiGateway::Deployment", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment563edb7c42" + }, "RestApiId": { "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 0cec4886a504a36373a7cbd8952ec7aa9643bfbd", - "StageName": "Stage" + }, + "StageName": "Prod" } - }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -381,32 +684,17 @@ ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment0cec4886a5" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -414,20 +702,17 @@ ] } } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -437,4 +722,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_auth_all_maximum_openapi_3.json b/tests/translator/output/api_with_auth_all_maximum_openapi_3.json index 2a80fd35f..9e88df2ff 100644 --- a/tests/translator/output/api_with_auth_all_maximum_openapi_3.json +++ b/tests/translator/output/api_with_auth_all_maximum_openapi_3.json @@ -1,370 +1,682 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } } } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiDeploymentb4703b05b7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] + "Description": "RestApi deployment id: b4703b05b7aed5e2b44438e65cf9811d3f0d6adc", + "RestApiId": { + "Ref": "MyApi" } } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeploymentb4703b05b7" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" } }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -373,29 +685,17 @@ ] } } - }, - "MyApiDeployment98ad824f7d": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 98ad824f7db83981e747e44ba34d318c7fa410c8" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -403,32 +703,17 @@ ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment98ad824f7d" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -438,4 +723,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_auth_all_minimum.json b/tests/translator/output/api_with_auth_all_minimum.json index 640d74f16..186f6c50d 100644 --- a/tests/translator/output/api_with_auth_all_minimum.json +++ b/tests/translator/output/api_with_auth_all_minimum.json @@ -1,145 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment6e52add211" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } - } - }, - "MyApiWithCognitoAuthDeployment62312fa971": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 62312fa9711ad898b40e76b7a4ae1358305b0bcd", - "StageName": "Stage" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -147,327 +115,473 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment62312fa971" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaTokenAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthDeployment6e52add211": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 6e52add211cda52ae10a7cc0e0afcf4afc682f9f", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + } + } + }, + "MyApiWithCognitoAuthDeploymentdcc28e4b5f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: dcc28e4b5f8fbdb114c4da86eae5deddc368c60e", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeploymentdcc28e4b5f" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } } } }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + "MyApiWithLambdaTokenAuthDeployment03cc3fd4fd": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] - } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "Description": "RestApi deployment id: 03cc3fd4fd00e795fb067f94da06cb2fcfe95d3b", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" } - }, - "MyApiWithLambdaTokenAuthDeployment445c6c96e7": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment03cc3fd4fd" + }, "RestApiId": { "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 445c6c96e7f43bd49f83bd67ae0d6813c517348f", - "StageName": "Stage" + }, + "StageName": "Prod" } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment445c6c96e7" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } } + }, + "MyApiWithLambdaRequestAuthDeployment6a32cc7f63": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 6a32cc7f63485b93190f441a47da57f43de6a532", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment6a32cc7f63" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] + } + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_auth_all_minimum_openapi.json b/tests/translator/output/api_with_auth_all_minimum_openapi.json index ecee37eda..3cc8a4f8b 100644 --- a/tests/translator/output/api_with_auth_all_minimum_openapi.json +++ b/tests/translator/output/api_with_auth_all_minimum_openapi.json @@ -1,137 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "openapi": "3.0.1", - "components": { - "securitySchemes": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment14ab3ddf12" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucketname", + "S3Key": "thumbnails.zip" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucketname", + "S3Bucket": "bucketname", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -139,338 +115,476 @@ } } ] - } - } - }, - "MyApiWithLambdaRequestAuthDeployment14ab3ddf12": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 14ab3ddf12ee76d46cac076ecffc24b3acd2fb7f" - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment87cdbda651" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaTokenAuth" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + } + }, + "openapi": "3.0.1", + "components": { + "securitySchemes": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + } + } + } + }, + "MyApiWithCognitoAuthDeployment3d7b08655b": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 3d7b08655b69587e7ecc140471014731e77306ff", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + } + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment3d7b08655b" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } } } } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] - } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucketname", - "S3Key": "thumbnails.zip" - }, - "Role": { - "Fn::GetAtt": [ - "MyFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", + }, + "MyApiWithLambdaTokenAuthDeployment14dd510133": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] + "Description": "RestApi deployment id: 14dd510133f6a5a3dc89de6e8f9c3ddf06471479", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" } } - }, + }, "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment4fdb5f4e3c" - }, + "Ref": "MyApiWithLambdaTokenAuthDeployment14dd510133" + }, "RestApiId": { "Ref": "MyApiWithLambdaTokenAuth" - }, + }, "StageName": "Prod" } - }, - "MyApiWithCognitoAuthDeployment87cdbda651": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 87cdbda651523df8d04d15fc50f72ae8ead08c1d" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + } + } + ] + } } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } } } - }, - "MyApiWithLambdaTokenAuthDeployment4fdb5f4e3c": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaRequestAuthDeploymente12f2a6380": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: e12f2a6380194a4b680d60fcf8280f19975a6df2", "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 4fdb5f4e3c6e0e2b12af6d7a637ce66bb5bf7d0a" + "Ref": "MyApiWithLambdaRequestAuth" + } + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeploymente12f2a6380" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] + } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_auth_no_default.json b/tests/translator/output/api_with_auth_no_default.json index 48d756acc..f03d2eee1 100644 --- a/tests/translator/output/api_with_auth_no_default.json +++ b/tests/translator/output/api_with_auth_no_default.json @@ -1,130 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment7d0d103fdf" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -132,327 +115,443 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment039b508d89" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithCognitoAuthDeployment039b508d89": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 039b508d8974255326ad180948c0f232635032d8", - "StageName": "Stage" - } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthDeployment7d0d103fdf": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 7d0d103fdf357021c9e3f88a03f27a766045308f", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + } + } + }, + "MyApiWithCognitoAuthDeployment2e051a46ac": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 2e051a46ac5aa5cc0d75c4e1120425e22439be9f", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment2e051a46ac" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } } } - }, - "MyApiWithLambdaTokenAuthDeployment50695ee60b": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthDeployment284a4a60d9": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 284a4a60d9b720f60d83ab6d114b98256d769d5a", "RestApiId": { "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 50695ee60b97eeade77bcc6137fa5dabc526938d", + }, "StageName": "Stage" } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment284a4a60d9" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment50695ee60b" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } } + }, + "MyApiWithLambdaRequestAuthDeployment4f5f651644": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 4f5f651644c30d447f147bed005f544561e01954", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment4f5f651644" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] + } + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_aws_account_blacklist.json b/tests/translator/output/api_with_aws_account_blacklist.json index 41e8598c6..a5b504d42 100644 --- a/tests/translator/output/api_with_aws_account_blacklist.json +++ b/tests/translator/output/api_with_aws_account_blacklist.json @@ -1,69 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment58caafe4ca" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "ServerlessRestApiDeployment58caafe4ca": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 58caafe4ca843d2d259f522ee6c408cfd9523ea1", - "StageName": "Stage" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -71,79 +40,164 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } - }, + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", - "Statement": { - "Action": "execute-api:Invoke", - "Resource": [ - { - "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", - { - "__Stage__": "Prod" - } + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" ] } - ], - "Effect": "Deny", - "Principal": { - "AWS": [ - "12345" - ] } - } + ] } } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment4377b16cc6": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 4377b16cc6df576ca5315d2e7ab9a5752a3b7ef1", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment4377b16cc6" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_aws_account_whitelist.json b/tests/translator/output/api_with_aws_account_whitelist.json index 3972c4599..59fc463b9 100644 --- a/tests/translator/output/api_with_aws_account_whitelist.json +++ b/tests/translator/output/api_with_aws_account_whitelist.json @@ -1,69 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeployment3727797069": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 3727797069c39cb2513220baab9ed7c4bb74d882", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment3727797069" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -71,69 +40,170 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/*/any", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": { "AWS": [ "12345" ] } - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/*/any", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": { + "AWS": [ + "67890" + ] + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": { "AWS": [ "67890" @@ -144,27 +214,28 @@ } } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment71c7b72862": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 71c7b728620efd03a357cac7a004e60dd5ec9b53", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment71c7b72862" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json index 9dc875a08..4a9d4629e 100644 --- a/tests/translator/output/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/api_with_cors_and_auth_preflight_auth.json @@ -1,307 +1,390 @@ { "Resources": { + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, "ServerlessApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} - }, + ] + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], "produces": [ "application/json" - ], + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, "responseTemplates": { "application/json": "{}\n" - }, - "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "origins", - "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" } } } - }, - "summary": "CORS support", - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "consumes": [ - "application/json" - ] - }, - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } } - }, + }, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } } - }, - "ServerlessApiDeployment5355b9449d": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessApiDeployment4aa96ccd97": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 4aa96ccd971260f4d80fdd6f49d4377196c3ecaa", "RestApiId": { "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 5355b9449d512736d24b6b328925b4b0635fee89", + }, "StageName": "Stage" } - }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } }, - "ApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessApiDeployment5355b9449d" - }, + "Ref": "ServerlessApiDeployment4aa96ccd97" + }, "RestApiId": { "Ref": "ServerlessApi" - }, + }, "StageName": "Prod" } - }, - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyAuthFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } - }, "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "ServerlessApi" @@ -312,4 +395,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_conditions_no_definitionbody.json b/tests/translator/output/api_with_cors_and_conditions_no_definitionbody.json index 432861ca3..76f91c08f 100644 --- a/tests/translator/output/api_with_cors_and_conditions_no_definitionbody.json +++ b/tests/translator/output/api_with_cors_and_conditions_no_definitionbody.json @@ -1,58 +1,124 @@ { - "AWSTemplateFormatVersion": "2010-09-09", + "AWSTemplateFormatVersion": "2010-09-09", "Conditions": { "MyCondition": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { - "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "ImplicitApiFunction2": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunction2Role", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] - }, - "Condition": "MyCondition" - }, - "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + } + }, + "ImplicitApiFunction2Role": { + "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "ImplicitApiFunction2DeleteHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction2" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -60,269 +126,301 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] } - }, - "Condition": "MyCondition" + } }, "ImplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } - }, - "Condition": "MyCondition" - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeploymentae0b2acf4c" - }, - "RestApiId": { - "Ref": "ExplicitApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { - "post": { + "delete": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } + }, + "responses": {} + }, + "get": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, - "get": { + }, + "post": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ] - }, - "delete": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } } - }, - "responses": {} + } } + }, + "/any": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-any-method": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::If": [ + "MyCondition", + { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + }, + { + "Ref": "AWS::NoValue" + } + ] + } + }, + "responses": {} + }, + { + "Ref": "AWS::NoValue" + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } + } + }, + { + "Ref": "AWS::NoValue" + } + ] } - }, - "swagger": "2.0" + } } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - }, - "Condition": "MyCondition" - }, - "ExplicitApiDeploymentae0b2acf4c": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiDeploymentd48b267250": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: d48b2672506d5937bfde8356b3c5c2866eb85f11", "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: ae0b2acf4cfdd4c81368721712133182f70ebdae", + }, "StageName": "Stage" } }, - "ImplicitApiFunction2Role": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } - }, - "ImplicitApiFunction2DeleteHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction2" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ImplicitApiFunction2": { - "Type": "AWS::Lambda::Function", + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ImplicitApiFunction2Role", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "DeploymentId": { + "Ref": "ExplicitApiDeploymentd48b267250" + }, + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_and_only_methods.json b/tests/translator/output/api_with_cors_and_only_methods.json index 860e79702..a9c8d8fc8 100644 --- a/tests/translator/output/api_with_cors_and_only_methods.json +++ b/tests/translator/output/api_with_cors_and_only_methods.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, - "Handler": "index.gethtml", + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,119 +41,201 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiDeploymentfd83ca0941": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: fd83ca0941692bedca5c918b809a21bf44feca9e", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentfd83ca0941" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" + } } } + }, + "ServerlessRestApiDeploymentcf3f77842f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: cf3f77842fe2e5ebf6562c4d0bd1e23072711122", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentcf3f77842f" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } } \ No newline at end of file diff --git a/tests/translator/output/api_with_cors_no_definitionbody.json b/tests/translator/output/api_with_cors_no_definitionbody.json index 4adbce835..1c5b0abff 100644 --- a/tests/translator/output/api_with_cors_no_definitionbody.json +++ b/tests/translator/output/api_with_cors_no_definitionbody.json @@ -16,37 +16,62 @@ ] }, "Runtime": "nodejs12.x", - "Tags": [{ - "Value": "SAM", - "Key": "lambda:createdBy" - }] + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [{ - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" } - }] + ] } } }, @@ -54,39 +79,39 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } }, - "ImplicitApiFunctionGetHtmlPermissionProd": { + "ImplicitApiFunctionAnyHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } @@ -96,6 +121,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -104,10 +130,20 @@ }, "paths": { "/": { - "post": { + "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, + "post": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } @@ -115,6 +151,13 @@ "responses": {} }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { "type": "mock", "requestTemplates": { @@ -123,22 +166,19 @@ "responses": { "default": { "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, "responseParameters": { "method.response.header.Access-Control-Allow-Origin": "origins", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" @@ -146,51 +186,88 @@ "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" + } } } }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ExplicitApiDeploymenta5504ed018": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment4be3cdc28b" - }, + "Description": "RestApi deployment id: a5504ed018ecb1b0af8d00e3a4ab4afb199541b6", "RestApiId": { "Ref": "ExplicitApi" }, - "StageName": "Prod" + "StageName": "Stage" } }, - "ExplicitApiDeployment4be3cdc28b": { - "Type": "AWS::ApiGateway::Deployment", + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeploymenta5504ed018" + }, "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: 4be3cdc28b991a26bed9da1180e59e9cc5467355", - "StageName": "Stage" + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_default_aws_iam_auth_and_no_auth_route.json b/tests/translator/output/api_with_default_aws_iam_auth_and_no_auth_route.json index 0f4214ea7..dcd9745ec 100644 --- a/tests/translator/output/api_with_default_aws_iam_auth_and_no_auth_route.json +++ b/tests/translator/output/api_with_default_aws_iam_auth_and_no_auth_route.json @@ -3,11 +3,11 @@ "MyFunctionWithAwsIamAuth": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "S3Bucket": "bucket", "S3Key": "key" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionWithAwsIamAuthRole", @@ -17,49 +17,121 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/none", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } @@ -69,6 +141,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -79,100 +152,104 @@ "/": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/none": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" } }, + "responses": {}, "security": [ { "NONE": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { - "in": "header", "type": "apiKey", "name": "Authorization", + "in": "header", "x-amazon-apigateway-authtype": "awsSigv4" } } } } }, - "MyApiWithAwsIamAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiWithAwsIamAuthDeployment093beda14c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithAwsIamAuthDeploymentd4892df344" - }, + "Description": "RestApi deployment id: 093beda14c569aec5939596a6b12b8fda3695560", "RestApiId": { "Ref": "MyApiWithAwsIamAuth" }, - "StageName": "Prod" + "StageName": "Stage" } }, - "MyApiWithAwsIamAuthDeploymentd4892df344": { - "Type": "AWS::ApiGateway::Deployment", + "MyApiWithAwsIamAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiWithAwsIamAuthDeployment093beda14c" + }, "RestApiId": { "Ref": "MyApiWithAwsIamAuth" }, - "Description": "RestApi deployment id: d4892df3448eaab6a467b44ffd4ed87f18f9a5d8", - "StageName": "Stage" - } - }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_if_conditional_with_resource_policy.json b/tests/translator/output/api_with_if_conditional_with_resource_policy.json index 74572a17f..fe98c4f2a 100644 --- a/tests/translator/output/api_with_if_conditional_with_resource_policy.json +++ b/tests/translator/output/api_with_if_conditional_with_resource_policy.json @@ -2,126 +2,221 @@ "Conditions": { "C1": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ExplicitApiDeploymenta1d4cfbf94": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: a1d4cfbf94fc1b83780825310ec70e2a1c5e42b4", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { "Fn::If": [ - "C1", + "C1", { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { "Ref": "AWS::NoValue" } @@ -130,90 +225,28 @@ } } } - }, + }, + "ExplicitApiDeployment8041a8ddc7": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 8041a8ddc7a29838548794b950dd519113e31442", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + } + }, "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymenta1d4cfbf94" - }, + "Ref": "ExplicitApiDeployment8041a8ddc7" + }, "RestApiId": { "Ref": "ExplicitApi" - }, + }, "StageName": "Prod" } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } } } } \ No newline at end of file diff --git a/tests/translator/output/api_with_method_aws_iam_auth.json b/tests/translator/output/api_with_method_aws_iam_auth.json index 09de6a24d..3b60b06a7 100644 --- a/tests/translator/output/api_with_method_aws_iam_auth.json +++ b/tests/translator/output/api_with_method_aws_iam_auth.json @@ -1,21 +1,74 @@ { "Resources": { + "MyFunctionWithAwsIamAuth": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithAwsIamAuthRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithoutAuth" - } + }, + "__Stage__": "*" } ] } @@ -25,18 +78,60 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithoutAuth" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/one", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" } ] } @@ -46,6 +141,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -54,57 +150,74 @@ }, "paths": { "/": { - "put": { + "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "rn:aws:iam::123:role/AUTH_AWS_IAM" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, - "get": { + "put": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { "x-amazon-apigateway-authtype": "awsSigv4", @@ -116,101 +229,27 @@ } } }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithAwsIamAuth" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } - } - }, - "MyFunctionWithAwsIamAuth": { - "Type": "AWS::Lambda::Function", + "MyApiWithoutAuthDeployment917ecd4b70": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithAwsIamAuthRole", - "Arn" - ] + "Description": "RestApi deployment id: 917ecd4b7051b27ff6f3806a8cbfd2d2e8972dee", + "RestApiId": { + "Ref": "MyApiWithoutAuth" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Stage" } }, "MyApiWithoutAuthProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment0cf1ab8c4c" + "Ref": "MyApiWithoutAuthDeployment917ecd4b70" }, "RestApiId": { "Ref": "MyApiWithoutAuth" }, "StageName": "Prod" } - }, - "MyApiWithoutAuthDeployment0cf1ab8c4c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" - }, - "Description": "RestApi deployment id: 0cf1ab8c4caae4435015b3256bce0daaa087bd5e", - "StageName": "Stage" - } - }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_mode.json b/tests/translator/output/api_with_mode.json new file mode 100644 index 000000000..0598e3230 --- /dev/null +++ b/tests/translator/output/api_with_mode.json @@ -0,0 +1,109 @@ +{ + "Resources": { + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + } + }, + "FunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "Function" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": "Api" + } + ] + } + } + }, + "ApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "Api" + }, + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "StageName": "Stage" + } + }, + "Api": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "Description": "my description", + "Mode": "overwrite" + } + }, + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} diff --git a/tests/translator/output/api_with_open_api_version.json b/tests/translator/output/api_with_open_api_version.json index 165c18aa8..406cfeff8 100644 --- a/tests/translator/output/api_with_open_api_version.json +++ b/tests/translator/output/api_with_open_api_version.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,121 +41,141 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "ServerlessRestApiDeployment1471b71104": { - "Type": "AWS::ApiGateway::Deployment", + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 1471b711047af5f4fd8c5c957e2b2075ddcc76be" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, - "paths": {}, + }, + "paths": {}, "openapi": "3.0.1" } } - }, + }, "ExplicitApiDeploymentd9a0f2ae4f": { - "Type": "AWS::ApiGateway::Deployment", + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3", "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment1471b71104" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + } } - }, + }, "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { "Ref": "ExplicitApiDeploymentd9a0f2ae4f" - }, + }, "RestApiId": { "Ref": "ExplicitApi" - }, + }, "StageName": "Prod" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "schema": { @@ -176,26 +187,86 @@ "type": "string" } } - }, - "description": "Default response for CORS method" + } } } - }, - "get": { + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Allow-Methods": { + "schema": { + "type": "string" + } + } + } + } + } } } - }, + }, "openapi": "3.0.1" } } + }, + "ServerlessRestApiDeployment059bfb64b3": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 059bfb64b3022d253616b67db8dafbf6ae59ae33", + "RestApiId": { + "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment059bfb64b3" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_open_api_version_2.json b/tests/translator/output/api_with_open_api_version_2.json index b357135d6..a9351fbac 100644 --- a/tests/translator/output/api_with_open_api_version_2.json +++ b/tests/translator/output/api_with_open_api_version_2.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,154 +41,236 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, - "paths": {}, - "swagger": "2.0" + }, + "paths": {} } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment4154e1c30c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment4154e1c30c" - }, + "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15", "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "Prod" + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment32f05a472e" - }, + "Ref": "ExplicitApiDeployment4154e1c30c" + }, "RestApiId": { - "Ref": "ServerlessRestApi" - }, + "Ref": "ExplicitApi" + }, "StageName": "Prod" } - }, - "ServerlessRestApiDeployment32f05a472e": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 32f05a472e885a4cf62d1ae534486511f6152624" - } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" + } } } - }, - "ExplicitApiDeployment4154e1c30c": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeploymentbe85f0cab0": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: be85f0cab0a0d5d60f4b700227b2636ef79a93a8", "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15" + "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentbe85f0cab0" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_path_parameters.json b/tests/translator/output/api_with_path_parameters.json index 7415250d2..f66da7a71 100644 --- a/tests/translator/output/api_with_path_parameters.json +++ b/tests/translator/output/api_with_path_parameters.json @@ -1,17 +1,31 @@ { "Resources": { - "HtmlFunctionRole": { - "Type": "AWS::IAM::Role", + "HtmlFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "HtmlFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "HtmlFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -27,50 +41,56 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "HtmlApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "HtmlFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "HtmlApiDeploymentf117c932f7" - }, - "RestApiId": { - "Ref": "HtmlApi" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" }, - "StageName": "Prod" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/*/resources", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } } }, "HtmlFunctionGetHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "HtmlFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/*/resources", { - "__Stage__": "*", - "__ApiId__": "HtmlApi" + "__ApiId__": "HtmlApi", + "__Stage__": "*" } ] } } }, - "HtmlApiDeploymentf117c932f7": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "HtmlApi" - }, - "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", - "StageName": "Stage" - } - }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -80,27 +100,26 @@ } } }, - "HtmlFunction": { - "Type": "AWS::Lambda::Function", + "HtmlApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "HtmlApi" }, - "Handler": "index.gethtml", - "Role": { - "Fn::GetAtt": [ - "HtmlFunctionRole", - "Arn" - ] + "StageName": "Stage" + } + }, + "HtmlApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "HtmlApiDeploymentf117c932f7" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "RestApiId": { + "Ref": "HtmlApi" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/api_with_resource_policy.json b/tests/translator/output/api_with_resource_policy.json index 4fd6e00f6..f99868645 100644 --- a/tests/translator/output/api_with_resource_policy.json +++ b/tests/translator/output/api_with_resource_policy.json @@ -1,102 +1,207 @@ { "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] @@ -104,99 +209,27 @@ } } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment8bc819edf7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment215ee6137d" - }, + "Description": "RestApi deployment id: 8bc819edf722dc6b9e6ab0811488a94683dd79d1", "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "Prod" - } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + }, + "StageName": "Stage" } - }, - "ExplicitApiDeployment215ee6137d": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeployment8bc819edf7" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 215ee6137d74bceebd1cd5a2b8fb2d8f8604e708", - "StageName": "Stage" - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/api_with_resource_policy_global_implicit.json b/tests/translator/output/api_with_resource_policy_global_implicit.json index b8a576235..6a191b414 100644 --- a/tests/translator/output/api_with_resource_policy_global_implicit.json +++ b/tests/translator/output/api_with_resource_policy_global_implicit.json @@ -1,46 +1,39 @@ { "Resources": { - "MinimalFunctionAddItemPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MinimalFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MinimalFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" ] - } - } - }, - "MinimalFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MinimalFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -48,90 +41,108 @@ } } ] - } - } - }, - "MinimalFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "hello.handler", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "hello.zip" - }, - "Role": { - "Fn::GetAtt": [ - "MinimalFunctionRole", - "Arn" - ] - }, - "Runtime": "python2.7", + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MinimalFunctionAddItemPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment1ecad21e32" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ServerlessRestApiDeployment1ecad21e32": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MinimalFunctionAddItemAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 1ecad21e325b9a3167fd5c2d6399ef59ccab0df9", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/add": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/add": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { - "Action": "execute-api:blah", + "Action": "execute-api:blah", "Resource": [ "execute-api:/*/*/*" ] @@ -140,6 +151,28 @@ } } } + }, + "ServerlessRestApiDeployment7195c7fb8d": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 7195c7fb8d4c3b983caf56419db67bec5249cfa6", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment7195c7fb8d" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_resource_refs.json b/tests/translator/output/api_with_resource_refs.json index 2765deb4e..e32db402a 100644 --- a/tests/translator/output/api_with_resource_refs.json +++ b/tests/translator/output/api_with_resource_refs.json @@ -1,181 +1,214 @@ { - "Outputs": { - "ImplicitApiDeployment": { - "Value": { - "Ref": "ServerlessRestApiDeploymente468b80e17" - } - }, - "ExplicitApiDeployment": { - "Value": { - "Ref": "MyApiDeployment359f256a3b" - } - }, - "ExplicitApiStage": { - "Value": { - "Ref": "MyApifooStage" - } - }, - "ImplicitApiStage": { - "Value": { - "Ref": "ServerlessRestApiProdStage" - } - } - }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "hello.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "hello.zip" - }, + }, + "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, - "Runtime": "python2.7", + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyApiDeployment359f256a3b": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", - "StageName": "Stage" - } - }, - "MyApifooStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment359f256a3b" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "foo" + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "ServerlessRestApiDeploymente468b80e17": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: e468b80e1715e63b38c5d140bd0bb264fd0eedf8", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/html", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymente468b80e17" - }, + "Body": { + "this": "is", + "a": "swagger" + } + } + }, + "MyApiDeployment359f256a3b": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Ref": "MyApi" + }, + "StageName": "Stage" } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyApifooStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment359f256a3b" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "foo" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/html": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/html": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0" + } } } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + }, + "ServerlessRestApiDeployment84667018a8": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Body": { - "this": "is", - "a": "swagger" - } + "Description": "RestApi deployment id: 84667018a87e0a0cfdf5df74340e57e8ffaf7ce5", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment84667018a8" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ImplicitApiDeployment": { + "Value": { + "Ref": "ServerlessRestApiDeployment84667018a8" + } + }, + "ImplicitApiStage": { + "Value": { + "Ref": "ServerlessRestApiProdStage" + } + }, + "ExplicitApiDeployment": { + "Value": { + "Ref": "MyApiDeployment359f256a3b" + } + }, + "ExplicitApiStage": { + "Value": { + "Ref": "MyApifooStage" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_source_vpc_blacklist.json b/tests/translator/output/api_with_source_vpc_blacklist.json index 3923d1d60..0608fe577 100644 --- a/tests/translator/output/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/api_with_source_vpc_blacklist.json @@ -1,60 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeployment0e25d06cd3": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 0e25d06cd3bcb2adf9b3cd988ce86aa2d9370cb3", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment0e25d06cd3" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -62,107 +40,199 @@ } } ] - }, + }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringEquals": { "aws:SourceVpce": [ "vpce-3456" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringEquals": { + "aws:SourceVpce": [ + "vpce-3456" + ] + } + } } ] } } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment4add408372": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 4add4083725c01f871dba289c1db5c8876994311", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment4add408372" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/api_with_source_vpc_whitelist.json b/tests/translator/output/api_with_source_vpc_whitelist.json index 715b18831..8b452ffcf 100644 --- a/tests/translator/output/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/api_with_source_vpc_whitelist.json @@ -1,283 +1,425 @@ { "Parameters": { "Vpc1": { - "Default": "vpc-1234", - "Type": "String" + "Type": "String", + "Default": "vpc-1234" } - }, + }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionFetchPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionFetchAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/fetch", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment5332c373d4" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment276f3672ac" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "MyApiDeployment5332c373d4": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ServerlessRestApiDeployment276f3672ac": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFunctionFetchPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 276f3672acc0db05468d66e75218112e92b84253", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + }, + "paths": {} + } } - }, + }, + "MyApiDeployment5332c373d4": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" + } + }, + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/fetch": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/fetch": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/*/any/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/POST/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } } ] } } } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + }, + "ServerlessRestApiDeploymente76e291d74": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": {}, - "swagger": "2.0" - } + "Description": "RestApi deployment id: e76e291d74b93709a6c6093ca05608700bb61fa6", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymente76e291d74" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/api_with_swagger_and_openapi_with_auth.json b/tests/translator/output/api_with_swagger_and_openapi_with_auth.json index 03c070ad7..3e6de658b 100644 --- a/tests/translator/output/api_with_swagger_and_openapi_with_auth.json +++ b/tests/translator/output/api_with_swagger_and_openapi_with_auth.json @@ -1,48 +1,60 @@ { "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 + } + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] + } + }, "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,211 +62,237 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "openapi": "3.1.1", + "swagger": 2.0, "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "httpMethod": "POST", + "type": "aws_proxy", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] } } - }, - "openapi": "3.1.1", - "swagger": 2.0, + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, "Name": "some api" } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod", - "CacheClusterSize": "1.6", - "Variables": { - "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentdb4b9da82a" - } - } - }, - "ServerlessRestApiDeploymentdb4b9da82a": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiDeployment7c4f7dda23": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: db4b9da82adc6031fcd32bf3a4954485464fc009", + "Ref": "ExplicitApi" + }, "StageName": "Stage" } - }, + }, "ExplicitApiSomeStageStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ExplicitApiDeployment7c4f7dda23" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "SomeStage", - "CacheClusterSize": "1.6", + }, + "StageName": "SomeStage", "Variables": { "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ExplicitApiDeployment7c4f7dda23" } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] - } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, "Name": "some api" } - }, - "ExplicitApiDeployment7c4f7dda23": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeploymente091b9b9a0": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: e091b9b9a0d7b8b9db6fee8c4ad295eb98edde08", "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", + "Ref": "ServerlessRestApi" + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymente091b9b9a0" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod", + "Variables": { + "SomeVar": "Value" + } + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/api_with_swagger_authorizer_none.json b/tests/translator/output/api_with_swagger_authorizer_none.json index be6d32c56..ba153a131 100644 --- a/tests/translator/output/api_with_swagger_authorizer_none.json +++ b/tests/translator/output/api_with_swagger_authorizer_none.json @@ -1,475 +1,572 @@ { - "Resources": { - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithCognitoAuth" - } - } - ] + "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - }, - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false } - } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeploymentfeb40d0e71" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" - } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } - } - ] + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } - ] + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] + ] + } + }, + "MyFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/lambda-token": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] - } - }, - "x-amazon-apigateway-authtype": "custom" + ] + } + }, + "MyFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } + ] + } + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment4644d735d8" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" + } + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyApiWithLambdaRequestAuthDeploymentfeb40d0e71": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: feb40d0e712dce07ba2392d6bb86eff0c5b22b7b", - "StageName": "Stage" + } + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 + } + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } - }, - "Schema": [ + ] + } + } + }, + "MyFnLambdaRequestPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "AttributeDataType": "String", - "Required": false, - "Name": "email" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" } ] } - }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyAuthFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" } ] } - }, - "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } }, - "paths": { - "/lambda-request": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "passthroughBehavior": "when_no_match", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } - }, - "swagger": 2.0, - "schemes": [ - "https" - ], - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } + } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" ] } - }, - "x-amazon-apigateway-authtype": "custom" + ] } } } } - }, - "MyApiWithLambdaTokenAuthDeployment4644d735d8": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" + } + }, + "MyApiWithCognitoAuthDeploymentbbb7da3922": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: bbb7da3922ad233fdb9e35bda022b508620330e7", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeploymentbbb7da3922" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } }, - "Description": "RestApi deployment id: 4644d735d869a70806f7145ca725b1c8cb248fb7", - "StageName": "Stage" - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" + "paths": { + "/lambda-token": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + }, + "securityDefinitions": { + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] } } - ] + } } } - }, - "MyApiWithCognitoAuthDeploymentf67b169f98": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: f67b169f98fefb4627c6065af2d5e26ca6ea4da8", - "StageName": "Stage" - } - }, - "MyFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ + } + }, + "MyApiWithLambdaTokenAuthDeploymentfc08a5662f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: fc08a5662f8d2ea42fa3ba34ec4bade80bfb144b", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeploymentfc08a5662f" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + } + } + ] + } + } + }, + "MyApiWithLambdaRequestAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": 2.0, + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } + }, + "schemes": [ + "https" ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + "paths": { + "/lambda-request": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + }, + "passthroughBehavior": "when_no_match" + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + } + }, + "securityDefinitions": { + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "request", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] - } + }, + "identitySource": "method.request.header.Authorization1" } - ] + } } } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeploymentf67b169f98" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" - } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyApiWithLambdaRequestAuthDeployment6c7d4d239e": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 6c7d4d239ebc281207f7684b2b51eb16610d88fc", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment6c7d4d239e" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } } ] } } } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/tests/translator/output/api_with_usageplans.json b/tests/translator/output/api_with_usageplans.json index 488548465..9fd2ac153 100644 --- a/tests/translator/output/api_with_usageplans.json +++ b/tests/translator/output/api_with_usageplans.json @@ -1,44 +1,28 @@ { - "Outputs": { - "ApiTwoUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiThreeUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiOneUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiKey": { - "Description": "Api Key", - "Value": { - "Ref": "ServerlessApiKey" - } - }, - "UsagePlanKey": { - "Description": "Usage Plan Key", - "Value": { - "Ref": "MyApiTwoUsagePlanKey" + "Resources": { + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "UsagePlan": { - "Description": "Usage Plan physical Id", - "Value": { - "Ref": "MyApiTwoUsagePlan" - } - } - }, - "Resources": { - "MyFunctionThreeRole": { + "MyFunctionOneRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -62,105 +46,49 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment7a26848ac9" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "MyApiTwoUsagePlanKey": { - "Type": "AWS::ApiGateway::UsagePlanKey", + "MyFunctionOneApiKeyAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "KeyType": "API_KEY", - "KeyId": { - "Ref": "MyApiTwoApiKey" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionOne" }, - "UsagePlanId": { - "Ref": "MyApiTwoUsagePlan" - } - }, - "DependsOn": [ - "MyApiTwoApiKey" - ] - }, - "MyApiThree": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/path/three": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" - } - }, - "security": [ - { - "api_key": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "api_key": { - "type": "apiKey", - "name": "x-api-key", - "in": "header" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/path/one", + { + "__ApiId__": { + "Ref": "MyApiOne" + }, + "__Stage__": "*" } - } + ] } } }, - "ServerlessRestApiDeployment7a26848ac9": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 7a26848ac97d678aaf266a8a883d0abd463b3bbc", - "StageName": "Stage" - } - }, - "MyFunctionThreeApiKeyPermissionProd": { + "MyFunctionOneApiKeyPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionThree" + "Ref": "MyFunctionOne" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiThree" - } + "Ref": "MyApiOne" + }, + "__Stage__": "*" } ] } @@ -169,10 +97,10 @@ "MyFunctionTwo": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionTwoRole", @@ -182,65 +110,107 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionOneApiKeyPermissionProd": { + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionTwoImplicitApiEventPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionOne" + "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiOne" - } + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } }, - "MyApiOneDeployment46fb22a429": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiOne" - }, - "Description": "RestApi deployment id: 46fb22a42926db6f64e09966936d074ec6bb9392", - "StageName": "Stage" - } - }, "MyFunctionTwoApiKeyPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiTwo" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionOneRole": { + "MyFunctionThree": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionThreeRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionThreeRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -264,16 +234,38 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyApiTwo": { + "MyFunctionThreeApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionThree" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + { + "__ApiId__": { + "Ref": "MyApiThree" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiOne": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -281,28 +273,44 @@ } }, "paths": { - "/path/two": { + "/path/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "api_key": { - "type": "apiKey", + }, + "/any/path/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + } + }, + "securityDefinitions": { + "api_key": { + "type": "apiKey", "name": "x-api-key", "in": "header" } @@ -310,155 +318,78 @@ } } }, - "MyFunctionTwoRole": { - "Type": "AWS::IAM::Role", + "MyApiOneDeploymente137b7d111": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] + "Description": "RestApi deployment id: e137b7d11103c574a56f89fda57c1929002da60a", + "RestApiId": { + "Ref": "MyApiOne" }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Stage" } }, - "MyFunctionOne": { - "Type": "AWS::Lambda::Function", + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + "DeploymentId": { + "Ref": "MyApiOneDeploymente137b7d111" }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionOneRole", - "Arn" - ] + "RestApiId": { + "Ref": "MyApiOne" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Prod" } }, - "ServerlessUsagePlan": { - "Type": "AWS::ApiGateway::UsagePlan", + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "ApiStages": [ - { - "ApiId": { - "Ref": "MyApiThree" - }, - "Stage": { - "Ref": "MyApiThreeProdStage" + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } }, - { - "ApiId": { - "Ref": "ServerlessRestApi" - }, - "Stage": { - "Ref": "ServerlessRestApiProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiThree", - "ServerlessRestApi" - ] - }, - "MyApiTwoUsagePlan": { - "Type": "AWS::ApiGateway::UsagePlan", - "Properties": { - "ApiStages": [ - { - "ApiId": { - "Ref": "MyApiTwo" - }, - "Stage": { - "Ref": "MyApiTwoProdStage" + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } } - } - ], - "Description": "Description for usage plan", - "Tags": [ - { - "Value": "value1", - "Key": "key1" }, - { - "Value": "value2", - "Key": "key2" + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } } - ], - "Quota": { - "Limit": 10, - "Period": "MONTH", - "Offset": 10 - }, - "Throttle": { - "RateLimit": 1000, - "BurstLimit": 1000 - }, - "UsagePlanName": "SomeRandomName" - }, - "DependsOn": [ - "MyApiTwo" - ] + } + } }, - "MyApiThreeDeployment1d9cff47dc": { + "MyApiTwoDeploymente9d97923b9": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: e9d97923b94d0801cd85a8970b3c3f84aa274003", "RestApiId": { - "Ref": "MyApiThree" + "Ref": "MyApiTwo" }, - "Description": "RestApi deployment id: 1d9cff47dc9b822750c668c73b4534022483de6d", "StageName": "Stage" } }, - "MyFunctionTwoImplicitApiEventPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionTwo" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } - }, "MyApiTwoProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { @@ -471,81 +402,84 @@ "StageName": "Prod" } }, - "MyApiOneProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiTwoUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiTwo" + ], "Properties": { - "DeploymentId": { - "Ref": "MyApiOneDeployment46fb22a429" - }, - "RestApiId": { - "Ref": "MyApiOne" + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiTwo" + }, + "Stage": { + "Ref": "MyApiTwoProdStage" + } + } + ], + "Description": "Description for usage plan", + "Quota": { + "Limit": 10, + "Offset": 10, + "Period": "MONTH" }, - "StageName": "Prod" - } - }, - "MyApiTwoDeploymente9d97923b9": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiTwo" + "Tags": [ + { + "Key": "key1", + "Value": "value1" + }, + { + "Key": "key2", + "Value": "value2" + } + ], + "Throttle": { + "BurstLimit": 1000, + "RateLimit": 1000 }, - "Description": "RestApi deployment id: e9d97923b94d0801cd85a8970b3c3f84aa274003", - "StageName": "Stage" + "UsagePlanName": "SomeRandomName" } }, - "MyFunctionThree": { - "Type": "AWS::Lambda::Function", + "MyApiTwoApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "MyApiTwoUsagePlan" + ], "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionThreeRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + "Enabled": true, + "StageKeys": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } } ] } }, - "MyApiThreeProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiThreeDeployment1d9cff47dc" - }, - "RestApiId": { - "Ref": "MyApiThree" - }, - "StageName": "Prod" - } - }, - "ServerlessUsagePlanKey": { + "MyApiTwoUsagePlanKey": { "Type": "AWS::ApiGateway::UsagePlanKey", + "DependsOn": [ + "MyApiTwoApiKey" + ], "Properties": { - "KeyType": "API_KEY", "KeyId": { - "Ref": "ServerlessApiKey" + "Ref": "MyApiTwoApiKey" }, + "KeyType": "API_KEY", "UsagePlanId": { - "Ref": "ServerlessUsagePlan" + "Ref": "MyApiTwoUsagePlan" } - }, - "DependsOn": [ - "ServerlessApiKey" - ] + } }, - "MyApiOne": { + "MyApiThree": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -553,25 +487,24 @@ } }, "paths": { - "/path/one": { + "/path/three": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -582,8 +515,60 @@ } } }, + "MyApiThreeDeployment1d9cff47dc": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 1d9cff47dc9b822750c668c73b4534022483de6d", + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": "Stage" + } + }, + "MyApiThreeProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiThreeDeployment1d9cff47dc" + }, + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": "Prod" + } + }, + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiThree", + "ServerlessRestApi" + ], + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiThree" + }, + "Stage": { + "Ref": "MyApiThreeProdStage" + } + }, + { + "ApiId": { + "Ref": "ServerlessRestApi" + }, + "Stage": { + "Ref": "ServerlessRestApiProdStage" + } + } + ] + } + }, "ServerlessApiKey": { "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "ServerlessUsagePlan" + ], "Properties": { "Enabled": true, "StageKeys": [ @@ -604,15 +589,28 @@ } } ] - }, + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", "DependsOn": [ - "ServerlessUsagePlan" - ] + "ServerlessApiKey" + ], + "Properties": { + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "KeyType": "API_KEY", + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + } }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -623,22 +621,21 @@ "/path/event": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -649,24 +646,65 @@ } } }, - "MyApiTwoApiKey": { - "Type": "AWS::ApiGateway::ApiKey", + "ServerlessRestApiDeployment7a26848ac9": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Enabled": true, - "StageKeys": [ - { - "RestApiId": { - "Ref": "MyApiTwo" - }, - "StageName": { - "Ref": "MyApiTwoProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiTwoUsagePlan" - ] + "Description": "RestApi deployment id: 7a26848ac97d678aaf266a8a883d0abd463b3bbc", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment7a26848ac9" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ApiOneUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiTwoUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiThreeUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "UsagePlan": { + "Description": "Usage Plan physical Id", + "Value": { + "Ref": "MyApiTwoUsagePlan" + } + }, + "UsagePlanKey": { + "Description": "Usage Plan Key", + "Value": { + "Ref": "MyApiTwoUsagePlanKey" + } + }, + "ApiKey": { + "Description": "Api Key", + "Value": { + "Ref": "ServerlessApiKey" + } } } } \ No newline at end of file diff --git a/tests/translator/output/api_with_usageplans_shared_no_side_effect_1.json b/tests/translator/output/api_with_usageplans_shared_no_side_effect_1.json new file mode 100644 index 000000000..c54e7afab --- /dev/null +++ b/tests/translator/output/api_with_usageplans_shared_no_side_effect_1.json @@ -0,0 +1,343 @@ +{ + "Resources": { + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiOne" + }, + "Stage": { + "Ref": "MyApiOneProdStage" + } + }, + { + "ApiId": { + "Ref": "MyApiTwo" + }, + "Stage": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiOne", + "MyApiTwo" + ] + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": { + "Ref": "MyApiOneProdStage" + } + }, + { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "MyApiTwoProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiTwoDeploymente9d97923b9" + }, + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": "Prod" + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + }, + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiOneDeployment46fb22a429" + }, + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": "Prod" + } + }, + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyApiTwoDeploymente9d97923b9": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "Description": "RestApi deployment id: e9d97923b94d0801cd85a8970b3c3f84aa274003", + "StageName": "Stage" + } + }, + "MyFunctionTwo": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionTwoRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyFunctionOneApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionOne" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiOne" + } + } + ] + } + } + }, + "MyApiOneDeployment46fb22a429": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiOne" + }, + "Description": "RestApi deployment id: 46fb22a42926db6f64e09966936d074ec6bb9392", + "StageName": "Stage" + } + }, + "MyFunctionTwoApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionTwo" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiTwo" + } + } + ] + } + } + }, + "MyFunctionOneRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + } + } + }, + "MyApiOne": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/one": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + } + } + }, + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/api_with_usageplans_shared_no_side_effect_2.json b/tests/translator/output/api_with_usageplans_shared_no_side_effect_2.json new file mode 100644 index 000000000..1c521417e --- /dev/null +++ b/tests/translator/output/api_with_usageplans_shared_no_side_effect_2.json @@ -0,0 +1,191 @@ +{ + "Resources": { + "MyApiFour": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/four": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionFour.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + } + } + }, + "MyFunctionFourRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyFunctionFourApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionFour" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/four", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiFour" + } + } + ] + } + } + }, + "MyFunctionFour": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionFourRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiFour" + }, + "Stage": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiFour" + ] + }, + "MyApiFourDeploymente7cfed53d1": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiFour" + }, + "Description": "RestApi deployment id: e7cfed53d17a05b03ea5e2606faa4f13707b32f8", + "StageName": "Stage" + } + }, + "MyApiFourProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiFourDeploymente7cfed53d1" + }, + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": "Prod" + } + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_request_model.json b/tests/translator/output/aws-cn/api_request_model.json index 1e9c27cef..ddda610e7 100644 --- a/tests/translator/output/aws-cn/api_request_model.json +++ b/tests/translator/output/aws-cn/api_request_model.json @@ -34,7 +34,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeploymentd7bcfbe715" + "Ref": "HtmlApiDeployment37c4e9609d" }, "RestApiId": { "Ref": "HtmlApi" @@ -61,13 +61,32 @@ } } }, - "HtmlApiDeploymentd7bcfbe715": { + "HtmlFunctionAnyPathPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } + } + }, + "HtmlApiDeployment37c4e9609d": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" }, - "Description": "RestApi deployment id: d7bcfbe7157513b0b1a2debffbe44655fb332d60", + "Description": "RestApi deployment id: 37c4e9609d82528be3f2388c7b7e80b7b78cd31f", "StageName": "Stage" } }, @@ -108,6 +127,28 @@ } ] } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + } + }, + "responses": {}, + "parameters": [ + { + "in": "body", + "name": "user", + "schema": { + "$ref": "#/definitions/user" + }, + "required": true + } + ] + } } }, "swagger": "2.0", diff --git a/tests/translator/output/aws-cn/api_request_model_openapi_3.json b/tests/translator/output/aws-cn/api_request_model_openapi_3.json index df8c77769..8b4533ff2 100644 --- a/tests/translator/output/aws-cn/api_request_model_openapi_3.json +++ b/tests/translator/output/aws-cn/api_request_model_openapi_3.json @@ -1,12 +1,12 @@ { "Resources": { - "HtmlApiDeployment5ae7e42cea": { + "HtmlApiDeploymentf84be626f3": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" }, - "Description": "RestApi deployment id: 5ae7e42cea0640a3318bf508535850cd792a52dc" + "Description": "RestApi deployment id: f84be626f359fc9697fd8e228c5ffe53e252f82c" } }, "HtmlFunctionRole": { @@ -43,7 +43,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeployment5ae7e42cea" + "Ref": "HtmlApiDeploymentf84be626f3" }, "RestApiId": { "Ref": "HtmlApi" @@ -71,7 +71,28 @@ ] } } - }, + }, + "HtmlFunctionAnyIamPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "HtmlApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -132,8 +153,36 @@ }, "responses": {} } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/user" + } + } + }, + "required": true + } + } } - }, + }, "openapi": "3.0", "components": { "securitySchemes": { diff --git a/tests/translator/output/aws-cn/api_with_apikey_required.json b/tests/translator/output/aws-cn/api_with_apikey_required.json index 3738c9ec9..6daf47459 100644 --- a/tests/translator/output/aws-cn/api_with_apikey_required.json +++ b/tests/translator/output/aws-cn/api_with_apikey_required.json @@ -1,17 +1,31 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -27,23 +41,65 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, - "MyApiWithoutAuthDeploymentcc6d6fc40a": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" }, - "Description": "RestApi deployment id: cc6d6fc40a37188fe0115a039b24e397dc149478", - "StageName": "Stage" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } } }, "MyApiWithoutAuth": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -54,22 +110,38 @@ "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -78,71 +150,37 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiWithoutAuthDeployment5fcd45e1a7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeploymentcc6d6fc40a" - }, + "Description": "RestApi deployment id: 5fcd45e1a72dcd08c8b7c4381f8ab3450c0e14d7", "RestApiId": { "Ref": "MyApiWithoutAuth" }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } + "StageName": "Stage" } }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeployment5fcd45e1a7" }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] + "RestApiId": { + "Ref": "MyApiWithoutAuth" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_apikey_required_openapi_3.json b/tests/translator/output/aws-cn/api_with_apikey_required_openapi_3.json index 0d683135f..7d6290753 100644 --- a/tests/translator/output/aws-cn/api_with_apikey_required_openapi_3.json +++ b/tests/translator/output/aws-cn/api_with_apikey_required_openapi_3.json @@ -1,25 +1,39 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -27,123 +41,147 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, - "MyApiWithoutAuthDeployment44fb9ac597": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" - }, - "Description": "RestApi deployment id: 44fb9ac5971a18de67dd843c5c069f07726ad36c" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyApiWithoutAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApiWithoutAuthDeployment51b7925214": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment44fb9ac597" - }, + "Description": "RestApi deployment id: 51b79252148f5047ff4fbaf5ac3d5e58261cc67f", "RestApiId": { "Ref": "MyApiWithoutAuth" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] } } - }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeployment51b7925214" + }, + "RestApiId": { + "Ref": "MyApiWithoutAuth" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_auth_all_maximum.json b/tests/translator/output/aws-cn/api_with_auth_all_maximum.json index 8ecb38ec8..b88e837fb 100644 --- a/tests/translator/output/aws-cn/api_with_auth_all_maximum.json +++ b/tests/translator/output/aws-cn/api_with_auth_all_maximum.json @@ -1,376 +1,689 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiDeployment871773b7c8": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "Description": "RestApi deployment id: 871773b7c8b2767ed6c1ed3908f8bb97cbf343a4", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment871773b7c8" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" } }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -379,42 +692,17 @@ ] } } - }, - "MyApiDeployment2b4f028142": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 2b4f028142eb38900e00f362b76751032ac4e464", - "StageName": "Stage" - } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment2b4f028142" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -422,20 +710,17 @@ ] } } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -445,4 +730,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_auth_all_maximum_openapi_3.json b/tests/translator/output/aws-cn/api_with_auth_all_maximum_openapi_3.json index b170e1769..aa3463d3f 100644 --- a/tests/translator/output/aws-cn/api_with_auth_all_maximum_openapi_3.json +++ b/tests/translator/output/aws-cn/api_with_auth_all_maximum_openapi_3.json @@ -1,387 +1,690 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] } } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiDeployment47e57a77cb": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] + "Description": "RestApi deployment id: 47e57a77cb90238a47075df80fea7b8c6c1306e0", + "RestApiId": { + "Ref": "MyApi" } } }, - "MyApiDeploymentcc3ee70601": { - "Type": "AWS::ApiGateway::Deployment", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment47e57a77cb" + }, "RestApiId": { "Ref": "MyApi" - }, - "Description": "RestApi deployment id: cc3ee706016a512ef6fe9e3608b7b637fd4c7abd" + }, + "StageName": "Prod" } - }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -390,32 +693,17 @@ ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeploymentcc3ee70601" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -423,20 +711,17 @@ ] } } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -446,4 +731,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_auth_all_minimum.json b/tests/translator/output/aws-cn/api_with_auth_all_minimum.json index f568fdaa8..b9e408189 100644 --- a/tests/translator/output/aws-cn/api_with_auth_all_minimum.json +++ b/tests/translator/output/aws-cn/api_with_auth_all_minimum.json @@ -1,143 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeploymentd3ee2721bc" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -145,353 +115,497 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeploymenta9cf768eaa" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaTokenAuthDeploymenta48b731095": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: a48b7310952ed029bd212c380e89a1bd39c74eae", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] } } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, + }, + "MyApiWithCognitoAuthDeployment5d6fbaaea5": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 5d6fbaaea5286fd32d64239db8b7f2247cb3f2b5", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment5d6fbaaea5" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiWithCognitoAuthDeploymenta9cf768eaa": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthDeployment79a03805ba": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 79a03805ba3abc1f005e1282f19bb79af68b4f96", "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: a9cf768eaa1ac6804c7a7b05b79d7ee79d369fcf", + "Ref": "MyApiWithLambdaTokenAuth" + }, "StageName": "Stage" } - }, - "MyApiWithLambdaRequestAuthDeploymentd3ee2721bc": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment79a03805ba" + }, "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: d3ee2721bcff60c4d00d26138ccf8007434bb862", - "StageName": "Stage" - } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeploymenta48b731095" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeployment12aa7114ad": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 12aa7114ad8cd8aaeffd832e49f6f8aa8b6c2062", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment12aa7114ad" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_auth_all_minimum_openapi.json b/tests/translator/output/aws-cn/api_with_auth_all_minimum_openapi.json index 1dcfe3d15..80863fcc9 100644 --- a/tests/translator/output/aws-cn/api_with_auth_all_minimum_openapi.json +++ b/tests/translator/output/aws-cn/api_with_auth_all_minimum_openapi.json @@ -1,154 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "openapi": "3.0.1", - "components": { - "securitySchemes": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiWithCognitoAuthDeployment1ecccf8f28": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 1ecccf8f2823a4777fc271569a1688db777f1302" - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment81b8e9784c" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucketname", + "S3Key": "thumbnails.zip" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucketname", + "S3Bucket": "bucketname", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -156,345 +115,500 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment1ecccf8f28" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiWithCognitoAuth" - } + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthDeployment81b8e9784c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 81b8e9784c9a74f2875713fd92384bb67e756f82" - } - }, - "MyApiWithLambdaTokenAuthDeployment53baac2c0b": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 53baac2c0b5f582d951d933f66c102f8f467770b" - } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + } + }, + "openapi": "3.0.1", + "components": { + "securitySchemes": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } } } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, + }, + "MyApiWithCognitoAuthDeployment7466d476a3": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 7466d476a34b78d8e06a6be03de27e8b5cd75bba", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + } + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment7466d476a3" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthDeploymenta1cc16b088": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "Description": "RestApi deployment id: a1cc16b088e0bb4f73733d3ee6a6a33e9e96f47b", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + } } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucketname", - "S3Key": "thumbnails.zip" - }, - "Role": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeploymenta1cc16b088" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment53baac2c0b" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeployment6651bb8922": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 6651bb8922689747e94c85fa151a7800dea15b1d", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment6651bb8922" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_auth_no_default.json b/tests/translator/output/aws-cn/api_with_auth_no_default.json index 727875379..ee39a94de 100644 --- a/tests/translator/output/aws-cn/api_with_auth_no_default.json +++ b/tests/translator/output/aws-cn/api_with_auth_no_default.json @@ -1,169 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] - } - } - }, - "MyApiWithCognitoAuthDeployment6a169547ee": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 6a169547eef02f4a0cd9fdc97aca9d1e8a106b11", - "StageName": "Stage" - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment93e0147508" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -171,312 +115,467 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] } } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment6a169547ee" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyApiWithLambdaTokenAuthDeploymente838608f2f": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: e838608f2f6897932f7883ba5afaa855145e38f5", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] } } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, - "MyApiWithLambdaRequestAuthDeployment93e0147508": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithCognitoAuthDeploymentaa41464509": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: aa414645093f59df9e1d0461c5d796a1f6bf91a3", "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 93e01475088ff4675852021a99279d60fc93cd6a", + "Ref": "MyApiWithCognitoAuth" + }, "StageName": "Stage" } - }, + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeploymentaa41464509" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthDeployment1e1bd59275": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "Description": "RestApi deployment id: 1e1bd59275be76c79386a22ea0f5104f317785b2", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment1e1bd59275" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeploymente838608f2f" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeploymenta717d330fe": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: a717d330fee14ce75f148c4fbf2c3dd4d6a1acf1", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeploymenta717d330fe" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json b/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json index 54412b7fe..7d6b08779 100644 --- a/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json +++ b/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json @@ -1,69 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentc4450d906c" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "ServerlessRestApiDeploymentc4450d906c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: c4450d906c6986feebcc880fb891417511ce0106", - "StageName": "Stage" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -71,87 +40,172 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } - }, + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", - "Statement": { - "Action": "execute-api:Invoke", - "Resource": [ - { - "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", - { - "__Stage__": "Prod" - } + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" ] } - ], - "Effect": "Deny", - "Principal": { - "AWS": [ - "12345" - ] } - } + ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeploymentfed6286f35": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: fed6286f35e2d221984f3f4ece0897e385efadd0", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentfed6286f35" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json b/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json index fc12df61c..203ccc904 100644 --- a/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json +++ b/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json @@ -1,150 +1,209 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment441a70783b" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "67890" + ] + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": { "AWS": [ "12345" ] } - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], "Principal": { "AWS": [ "67890" @@ -153,26 +212,38 @@ } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiDeployment441a70783b": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeployment41ca369f74": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 41ca369f74fd0e0dd14c28e4db79e04494fb926a", "RestApiId": { "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 441a70783b8bddfd09ec6cd4033f27e5094e7511", + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment41ca369f74" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json index a6f758d87..eb39c45cc 100644 --- a/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/aws-cn/api_with_cors_and_auth_preflight_auth.json @@ -1,315 +1,398 @@ { "Resources": { + "ApiFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, "ServerlessApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} - }, + ] + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], "produces": [ "application/json" - ], + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, "responseTemplates": { "application/json": "{}\n" - }, - "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "origins", - "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" } } } - }, - "summary": "CORS support", - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "consumes": [ - "application/json" - ] - }, - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } } - }, + }, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } - }, - "ServerlessApiDeployment25b7a1be29": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessApiDeployment4f438627b9": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 4f438627b99c6a82f8b37e212f35f486c5998740", "RestApiId": { "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 25b7a1be294e163c52d9c94528502872e4fced34", + }, "StageName": "Stage" } }, - "ApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } - }, "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessApiDeployment25b7a1be29" - }, + "Ref": "ServerlessApiDeployment4f438627b9" + }, "RestApiId": { "Ref": "ServerlessApi" - }, + }, "StageName": "Prod" } - }, - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessApi" - } - } - ] - } - } }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyAuthFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } - }, "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "ServerlessApi" @@ -320,4 +403,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_and_conditions_no_definitionbody.json b/tests/translator/output/aws-cn/api_with_cors_and_conditions_no_definitionbody.json index 7ecad73f6..fddff4ed7 100644 --- a/tests/translator/output/aws-cn/api_with_cors_and_conditions_no_definitionbody.json +++ b/tests/translator/output/aws-cn/api_with_cors_and_conditions_no_definitionbody.json @@ -1,58 +1,124 @@ { - "AWSTemplateFormatVersion": "2010-09-09", + "AWSTemplateFormatVersion": "2010-09-09", "Conditions": { "MyCondition": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { - "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "ImplicitApiFunction2": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunction2Role", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] - }, - "Condition": "MyCondition" - }, - "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + } + }, + "ImplicitApiFunction2Role": { + "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "ImplicitApiFunction2DeleteHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction2" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -60,277 +126,309 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] } - }, - "Condition": "MyCondition" + } }, "ImplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } - }, - "Condition": "MyCondition" - }, - "ExplicitApiDeployment7ad5aed108": { - "Type": "AWS::ApiGateway::Deployment", + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 7ad5aed108e331557a5b989ae8809e26632b89df", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { - "post": { + "delete": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } + }, + "responses": {} + }, + "get": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, - "get": { + }, + "post": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ] - }, - "delete": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } } - }, - "responses": {} + } } + }, + "/any": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-any-method": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::If": [ + "MyCondition", + { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + }, + { + "Ref": "AWS::NoValue" + } + ] + } + }, + "responses": {} + }, + { + "Ref": "AWS::NoValue" + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } + } + }, + { + "Ref": "AWS::NoValue" + } + ] } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - }, - "Condition": "MyCondition" }, - "ImplicitApiFunction2Role": { - "Type": "AWS::IAM::Role", + "ExplicitApiDeployment6f2bd0dddd": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "Description": "RestApi deployment id: 6f2bd0dddd4e3f72c4ae0c49eac0238610bfb537", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" } - }, + }, "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment7ad5aed108" - }, + "Ref": "ExplicitApiDeployment6f2bd0dddd" + }, "RestApiId": { "Ref": "ExplicitApi" - }, + }, "StageName": "Prod" } - }, - "ImplicitApiFunction2DeleteHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction2" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ImplicitApiFunction2": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ImplicitApiFunction2Role", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_and_only_methods.json b/tests/translator/output/aws-cn/api_with_cors_and_only_methods.json index 1d5a9b27d..38ab5dd0a 100644 --- a/tests/translator/output/aws-cn/api_with_cors_and_only_methods.json +++ b/tests/translator/output/aws-cn/api_with_cors_and_only_methods.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, - "Handler": "index.gethtml", + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,127 +41,209 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment06ae8f0cfb" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "ServerlessRestApiDeployment06ae8f0cfb": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 06ae8f0cfbb76234c64a9c7491fcceaca003887b", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeployment5277de8b80": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 5277de8b80bb6b1d6d9ab9bf93f151e78629a3a4", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment5277de8b80" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_cors_no_definitionbody.json b/tests/translator/output/aws-cn/api_with_cors_no_definitionbody.json index 978abf900..af8f0af8f 100644 --- a/tests/translator/output/aws-cn/api_with_cors_no_definitionbody.json +++ b/tests/translator/output/aws-cn/api_with_cors_no_definitionbody.json @@ -16,37 +16,62 @@ ] }, "Runtime": "nodejs12.x", - "Tags": [{ - "Value": "SAM", - "Key": "lambda:createdBy" - }] + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [{ - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" } - }] + ] } } }, @@ -54,39 +79,39 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } }, - "ImplicitApiFunctionGetHtmlPermissionProd": { + "ImplicitApiFunctionAnyHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } @@ -96,6 +121,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -104,10 +130,20 @@ }, "paths": { "/": { - "post": { + "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, + "post": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } @@ -115,6 +151,13 @@ "responses": {} }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { "type": "mock", "requestTemplates": { @@ -123,22 +166,19 @@ "responses": { "default": { "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, "responseParameters": { "method.response.header.Access-Control-Allow-Origin": "origins", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" @@ -146,59 +186,96 @@ "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ExplicitApiDeployment421c84890d": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeploymentb4ba0b8ae8" - }, + "Description": "RestApi deployment id: 421c84890dc6500d03ebae76efaeb8f172a10c9b", "RestApiId": { "Ref": "ExplicitApi" }, - "StageName": "Prod" + "StageName": "Stage" } }, - "ExplicitApiDeploymentb4ba0b8ae8": { - "Type": "AWS::ApiGateway::Deployment", + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeployment421c84890d" + }, "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: b4ba0b8ae8163e6dd52040648ae4ebda76cc5d99", - "StageName": "Stage" + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_default_aws_iam_auth_and_no_auth_route.json b/tests/translator/output/aws-cn/api_with_default_aws_iam_auth_and_no_auth_route.json index 23ee4b243..08b3d0b79 100644 --- a/tests/translator/output/aws-cn/api_with_default_aws_iam_auth_and_no_auth_route.json +++ b/tests/translator/output/aws-cn/api_with_default_aws_iam_auth_and_no_auth_route.json @@ -1,25 +1,13 @@ { "Resources": { - "MyApiWithAwsIamAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithAwsIamAuthDeployment0c9ba99bc2" - }, - "RestApiId": { - "Ref": "MyApiWithAwsIamAuth" - }, - "StageName": "Prod" - } - }, "MyFunctionWithAwsIamAuth": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "S3Bucket": "bucket", "S3Key": "key" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionWithAwsIamAuthRole", @@ -29,49 +17,121 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/none", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } @@ -81,6 +141,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -91,96 +152,112 @@ "/": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/none": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" } }, + "responses": {}, "security": [ { "NONE": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { - "in": "header", "type": "apiKey", "name": "Authorization", + "in": "header", "x-amazon-apigateway-authtype": "awsSigv4" } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiWithAwsIamAuthDeployment0c9ba99bc2": { + "MyApiWithAwsIamAuthDeploymentfbe9aee08e": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: fbe9aee08eb164bd4de9a7a7c91782c10b86d7df", "RestApiId": { "Ref": "MyApiWithAwsIamAuth" }, - "Description": "RestApi deployment id: 0c9ba99bc2ed182c6a3d16969b5a717b081713a6", "StageName": "Stage" } }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", + "MyApiWithAwsIamAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiWithAwsIamAuthDeploymentfbe9aee08e" + }, + "RestApiId": { + "Ref": "MyApiWithAwsIamAuth" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_if_conditional_with_resource_policy.json b/tests/translator/output/aws-cn/api_with_if_conditional_with_resource_policy.json index a5ab0daf8..f3b5ca796 100644 --- a/tests/translator/output/aws-cn/api_with_if_conditional_with_resource_policy.json +++ b/tests/translator/output/aws-cn/api_with_if_conditional_with_resource_policy.json @@ -2,226 +2,259 @@ "Conditions": { "C1": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ExplicitApiDeployment1864127303": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 1864127303922f015249dddc233722580882c9ad", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { "Fn::If": [ - "C1", + "C1", { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { "Ref": "AWS::NoValue" } ] } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, + }, + "ExplicitApiDeployment80cc69e78e": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 80cc69e78e41e167db71ceb084808e61c9235318", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + } + }, "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment1864127303" - }, + "Ref": "ExplicitApiDeployment80cc69e78e" + }, "RestApiId": { "Ref": "ExplicitApi" - }, + }, "StageName": "Prod" } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_method_aws_iam_auth.json b/tests/translator/output/aws-cn/api_with_method_aws_iam_auth.json index cb9023e9e..ab6cc030f 100644 --- a/tests/translator/output/aws-cn/api_with_method_aws_iam_auth.json +++ b/tests/translator/output/aws-cn/api_with_method_aws_iam_auth.json @@ -1,40 +1,147 @@ { "Resources": { + "MyFunctionWithAwsIamAuth": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithAwsIamAuthRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithoutAuth" - } + }, + "__Stage__": "*" } ] } } }, - "MyApiWithoutAuthDeployment82d56c6578": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndCustomInvokeRolePermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" }, - "Description": "RestApi deployment id: 82d56c65786c0de97eebda5ce6fdc9561ae3ee1f", - "StageName": "Stage" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/one", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } } }, "MyApiWithoutAuth": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -43,57 +150,74 @@ }, "paths": { "/": { - "put": { + "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "rn:aws:iam::123:role/AUTH_AWS_IAM" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, - "get": { + "put": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { "x-amazon-apigateway-authtype": "awsSigv4", @@ -103,122 +227,37 @@ } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithAwsIamAuth" }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } }, - "MyFunctionWithAwsIamAuth": { - "Type": "AWS::Lambda::Function", + "MyApiWithoutAuthDeployment467c912da1": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithAwsIamAuthRole", - "Arn" - ] + "Description": "RestApi deployment id: 467c912da1971538d628768c65d8008b454fdf27", + "RestApiId": { + "Ref": "MyApiWithoutAuth" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Stage" } }, "MyApiWithoutAuthProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment82d56c6578" + "Ref": "MyApiWithoutAuthDeployment467c912da1" }, "RestApiId": { "Ref": "MyApiWithoutAuth" }, "StageName": "Prod" } - }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndCustomInvokeRolePermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithAwsIamAuth" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } - } - }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_mode.json b/tests/translator/output/aws-cn/api_with_mode.json new file mode 100644 index 000000000..46332e2e4 --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_mode.json @@ -0,0 +1,117 @@ +{ + "Resources": { + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + } + }, + "FunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "Function" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": "Api" + } + ] + } + } + }, + "ApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "Api" + }, + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "StageName": "Stage" + } + }, + "Api": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "Description": "my description", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Mode": "overwrite", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} diff --git a/tests/translator/output/aws-cn/api_with_open_api_version.json b/tests/translator/output/aws-cn/api_with_open_api_version.json index 5a8bc7db5..b29f1cc49 100644 --- a/tests/translator/output/aws-cn/api_with_open_api_version.json +++ b/tests/translator/output/aws-cn/api_with_open_api_version.json @@ -1,40 +1,31 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -50,25 +41,55 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } @@ -87,35 +108,23 @@ "paths": {}, "openapi": "3.0.1" }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, "ExplicitApiDeploymentd9a0f2ae4f": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3", "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment75f93f5c08" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + } } }, "ExplicitApiProdStage": { @@ -142,7 +151,18 @@ }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", "x-amazon-apigateway-integration": { "type": "mock", "requestTemplates": { @@ -151,19 +171,19 @@ "responses": { "default": { "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, "responseParameters": { "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "schema": { @@ -175,43 +195,94 @@ "type": "string" } } - }, - "description": "Default response for CORS method" + } } } - }, - "get": { + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } }, "responses": {} + }, + "options": { + "summary": "CORS support", + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Allow-Methods": { + "schema": { + "type": "string" + } + } + } + } + } } } }, "openapi": "3.0.1" }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "ServerlessRestApiDeployment75f93f5c08": { + "ServerlessRestApiDeploymentd5853601f5": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: d5853601f56a2ac553fd346fd4b02b5fbd727be7", "RestApiId": { "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentd5853601f5" }, - "Description": "RestApi deployment id: 75f93f5c08b6bd3326e74e6b22854de32481e155" + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_open_api_version_2.json b/tests/translator/output/aws-cn/api_with_open_api_version_2.json index c86109c06..c8c25f565 100644 --- a/tests/translator/output/aws-cn/api_with_open_api_version_2.json +++ b/tests/translator/output/aws-cn/api_with_open_api_version_2.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,170 +41,252 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, - "paths": {}, - "swagger": "2.0" - }, + }, + "paths": {} + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiDeployment3146d7e6fb": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiDeployment4154e1c30c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 3146d7e6fbaece0e0eb82d0c91c86c9b74dc217b" + "Ref": "ExplicitApi" + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment3146d7e6fb" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "ExplicitApiDeployment4154e1c30c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { + "Ref": "ExplicitApiDeployment4154e1c30c" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15" + }, + "StageName": "Prod" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ServerlessRestApiDeployment332dfbf8ff": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 332dfbf8ff85ff84812777af394f9f427b87611c", + "RestApiId": { + "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment4154e1c30c" - }, + "Ref": "ServerlessRestApiDeployment332dfbf8ff" + }, "RestApiId": { - "Ref": "ExplicitApi" - }, + "Ref": "ServerlessRestApi" + }, "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_path_parameters.json b/tests/translator/output/aws-cn/api_with_path_parameters.json index 89289052b..a509e28fa 100644 --- a/tests/translator/output/aws-cn/api_with_path_parameters.json +++ b/tests/translator/output/aws-cn/api_with_path_parameters.json @@ -1,17 +1,31 @@ { "Resources": { - "HtmlFunctionRole": { - "Type": "AWS::IAM::Role", + "HtmlFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "HtmlFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "HtmlFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -27,89 +41,94 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "HtmlApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "HtmlFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "HtmlApiDeploymentf117c932f7" - }, - "RestApiId": { - "Ref": "HtmlApi" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" }, - "StageName": "Prod" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/*/resources", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } } }, "HtmlFunctionGetHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "HtmlFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/*/resources", { - "__Stage__": "*", - "__ApiId__": "HtmlApi" + "__ApiId__": "HtmlApi", + "__Stage__": "*" } ] } } }, - "HtmlApiDeploymentf117c932f7": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "HtmlApi" - }, - "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", - "StageName": "Stage" - } - }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, "BodyS3Location": { "Bucket": "sam-demo-bucket", "Key": "webpage_swagger.json" }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } } }, - "HtmlFunction": { - "Type": "AWS::Lambda::Function", + "HtmlApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "HtmlApi" }, - "Handler": "index.gethtml", - "Role": { - "Fn::GetAtt": [ - "HtmlFunctionRole", - "Arn" - ] + "StageName": "Stage" + } + }, + "HtmlApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "HtmlApiDeploymentf117c932f7" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "RestApiId": { + "Ref": "HtmlApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_resource_policy.json b/tests/translator/output/aws-cn/api_with_resource_policy.json index b7299850f..bcc3feffd 100644 --- a/tests/translator/output/aws-cn/api_with_resource_policy.json +++ b/tests/translator/output/aws-cn/api_with_resource_policy.json @@ -1,210 +1,243 @@ { "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment521a434bab": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment39d7eca1e3" - }, + "Description": "RestApi deployment id: 521a434babdb65e910faa56d55382e6d84f9d789", "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "Prod" - } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } + }, + "StageName": "Stage" } - }, - "ExplicitApiDeployment39d7eca1e3": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeployment521a434bab" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 39d7eca1e3352a144ce8a9f729862b19b28a8734", - "StageName": "Stage" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/aws-cn/api_with_resource_policy_global_implicit.json b/tests/translator/output/aws-cn/api_with_resource_policy_global_implicit.json index d693a4805..636e82756 100644 --- a/tests/translator/output/aws-cn/api_with_resource_policy_global_implicit.json +++ b/tests/translator/output/aws-cn/api_with_resource_policy_global_implicit.json @@ -1,46 +1,39 @@ { "Resources": { - "MinimalFunctionAddItemPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MinimalFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MinimalFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" ] - } - } - }, - "MinimalFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MinimalFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -48,106 +41,146 @@ } } ] - } - } - }, - "MinimalFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "hello.handler", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "hello.zip" - }, - "Role": { - "Fn::GetAtt": [ - "MinimalFunctionRole", - "Arn" - ] - }, - "Runtime": "python2.7", + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MinimalFunctionAddItemPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment0ff9f5a989" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ServerlessRestApiDeployment0ff9f5a989": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MinimalFunctionAddItemAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 0ff9f5a9899528e1cb050311c49f15a88071a275", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/add": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/add": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { - "Action": "execute-api:blah", + "Action": "execute-api:blah", "Resource": [ "execute-api:/*/*/*" ] } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeployment98196e5fed": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 98196e5feda626038eec9106c55ff6fa75bcd98a", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment98196e5fed" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_resource_refs.json b/tests/translator/output/aws-cn/api_with_resource_refs.json index 78488a30b..42444227a 100644 --- a/tests/translator/output/aws-cn/api_with_resource_refs.json +++ b/tests/translator/output/aws-cn/api_with_resource_refs.json @@ -1,197 +1,230 @@ { - "Outputs": { - "ImplicitApiDeployment": { - "Value": { - "Ref": "ServerlessRestApiDeployment8b5ecabf9b" - } - }, - "ExplicitApiDeployment": { - "Value": { - "Ref": "MyApiDeployment359f256a3b" - } - }, - "ExplicitApiStage": { - "Value": { - "Ref": "MyApifooStage" - } - }, - "ImplicitApiStage": { - "Value": { - "Ref": "ServerlessRestApiProdStage" - } - } - }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "hello.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "hello.zip" - }, + }, + "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, - "Runtime": "python2.7", + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyApiDeployment359f256a3b": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", - "StageName": "Stage" - } - }, - "MyApifooStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment359f256a3b" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "foo" + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "ServerlessRestApiDeployment8b5ecabf9b": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 8b5ecabf9b24c707a9734a6b94b0e0565572efb6", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/html", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment8b5ecabf9b" - }, + "Body": { + "this": "is", + "a": "swagger" + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + } + } + }, + "MyApiDeployment359f256a3b": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Ref": "MyApi" + }, + "StageName": "Stage" } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyApifooStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment359f256a3b" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "foo" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/html": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/html": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0" - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, + } + }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "this": "is", - "a": "swagger" - }, + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeploymentc6687f83a5": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: c6687f83a5e49bc8768e484d2933dae0ed857fa5", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentc6687f83a5" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ImplicitApiDeployment": { + "Value": { + "Ref": "ServerlessRestApiDeploymentc6687f83a5" + } + }, + "ImplicitApiStage": { + "Value": { + "Ref": "ServerlessRestApiProdStage" + } + }, + "ExplicitApiDeployment": { + "Value": { + "Ref": "MyApiDeployment359f256a3b" + } + }, + "ExplicitApiStage": { + "Value": { + "Ref": "MyApifooStage" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json b/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json index 6dfbef3fa..f7f963051 100644 --- a/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json @@ -1,60 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeploymentb8219b2586": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: b8219b2586b8c860b699470c380956bb09244f77", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentb8219b2586" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -62,115 +40,207 @@ } } ] - }, + }, "ManagedPolicyArns": [ "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringEquals": { "aws:SourceVpce": [ "vpce-3456" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringEquals": { + "aws:SourceVpce": [ + "vpce-3456" + ] + } + } } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment81f9873837": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 81f9873837e5d87c31bf575bf103161ecb7abc44", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment81f9873837" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json b/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json index 0d238d2a2..2ed837446 100644 --- a/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json @@ -1,300 +1,442 @@ { "Parameters": { "Vpc1": { - "Default": "vpc-1234", - "Type": "String" + "Type": "String", + "Default": "vpc-1234" } - }, + }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionFetchPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionFetchAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/fetch", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment5332c373d4" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "ServerlessRestApiDeploymentf39840708b": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: f39840708b20c848b8e57aa8a8b97de327b40de6", - "StageName": "Stage" - } - }, - "MyApiDeployment5332c373d4": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionFetchPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentf39840708b" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } + }, + "paths": {} + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] - }, - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + } + } + }, + "MyApiDeployment5332c373d4": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" } - }, + }, + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/fetch": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/fetch": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" - }, + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } + }, { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } } ] } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, + }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": {}, - "swagger": "2.0" - }, + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeploymentc62c165bfb": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: c62c165bfb751bc0db21849d287f7065a7a0e8f8", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentc62c165bfb" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_swagger_and_openapi_with_auth.json b/tests/translator/output/aws-cn/api_with_swagger_and_openapi_with_auth.json index 553c9fc90..2558c47ca 100644 --- a/tests/translator/output/aws-cn/api_with_swagger_and_openapi_with_auth.json +++ b/tests/translator/output/aws-cn/api_with_swagger_and_openapi_with_auth.json @@ -1,48 +1,60 @@ { "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 + } + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] + } + }, "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,227 +62,253 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "openapi": "3.1.1", + "swagger": 2.0, "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "httpMethod": "POST", + "type": "aws_proxy", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] } } - }, - "openapi": "3.1.1", - "swagger": 2.0, + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, + "Name": "some api", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Name": "some api", - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod", - "CacheClusterSize": "1.6", - "Variables": { - "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymente1212668e0" } } - }, - "ServerlessRestApiDeploymente1212668e0": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiDeployment7c4f7dda23": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: e1212668e096994ab32167666f5a877bd6ac5fad", + "Ref": "ExplicitApi" + }, "StageName": "Stage" } - }, + }, "ExplicitApiSomeStageStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ExplicitApiDeployment7c4f7dda23" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "SomeStage", - "CacheClusterSize": "1.6", + }, + "StageName": "SomeStage", "Variables": { "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ExplicitApiDeployment7c4f7dda23" } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] - } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, + "Name": "some api", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Name": "some api", - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiDeployment7c4f7dda23": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeployment614ec93e15": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 614ec93e159f50797f73789c416660484070ee2e", "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", + "Ref": "ServerlessRestApi" + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment614ec93e15" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod", + "Variables": { + "SomeVar": "Value" + } + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_swagger_authorizer_none.json b/tests/translator/output/aws-cn/api_with_swagger_authorizer_none.json index 8ed6a1d1d..a850d1674 100644 --- a/tests/translator/output/aws-cn/api_with_swagger_authorizer_none.json +++ b/tests/translator/output/aws-cn/api_with_swagger_authorizer_none.json @@ -1,499 +1,596 @@ { - "Resources": { - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithCognitoAuth" - } - } - ] + "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - }, - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false } - } - }, - "MyApiWithLambdaRequestAuthDeploymentbad519dbd8": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: bad519dbd801b0e2c63dc6f2011f43bce33c262a", - "StageName": "Stage" - } - }, - "MyApiWithLambdaTokenAuthDeployment29918bbdc1": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 29918bbdc180ceedbabcf34c01ca5342e8c019cd", - "StageName": "Stage" - } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } - } - ] + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } - ] + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] + ] + } + }, + "MyFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/lambda-token": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] - } - }, - "x-amazon-apigateway-authtype": "custom" + ] + } + }, + "MyFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } + ] + } + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment29918bbdc1" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" + } + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeploymentbad519dbd8" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + } + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 + } + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } - }, - "Schema": [ + ] + } + } + }, + "MyFnLambdaRequestPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "AttributeDataType": "String", - "Required": false, - "Name": "email" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" } ] } - }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyAuthFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" } ] } - }, - "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/lambda-request": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "passthroughBehavior": "when_no_match", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } }, - "swagger": 2.0, - "schemes": [ - "https" - ], - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } }, - "x-amazon-apigateway-authtype": "custom" + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyApiWithCognitoAuthDeployment77726cd3cb": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" + } + }, + "MyApiWithCognitoAuthDeployment260db70e0f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 260db70e0f3f53af19cc705a80e50b434facfc0b", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment260db70e0f" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } }, - "Description": "RestApi deployment id: 77726cd3cb8eddd94a4856ca8d65ee0f39d03b2e", - "StageName": "Stage" - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" + "paths": { + "/lambda-token": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + }, + "securityDefinitions": { + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] } } - ] + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ + } + }, + "MyApiWithLambdaTokenAuthDeployment8433bd70aa": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 8433bd70aa60c25c2c977feacfaa84dcc96f4f86", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment8433bd70aa" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + } + } + ] + } + } + }, + "MyApiWithLambdaRequestAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": 2.0, + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } + }, + "schemes": [ + "https" ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + "paths": { + "/lambda-request": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + }, + "passthroughBehavior": "when_no_match" + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + } + }, + "securityDefinitions": { + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "request", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] - } + }, + "identitySource": "method.request.header.Authorization1" } - ] + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment77726cd3cb" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" - } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyApiWithLambdaRequestAuthDeployment11375c81e1": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 11375c81e1f1e173c5b9558d011de4088c6212de", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment11375c81e1" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } } ] } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] - } - } } } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_usageplans.json b/tests/translator/output/aws-cn/api_with_usageplans.json index 60dc7b392..8e3e14490 100644 --- a/tests/translator/output/aws-cn/api_with_usageplans.json +++ b/tests/translator/output/aws-cn/api_with_usageplans.json @@ -1,44 +1,28 @@ { - "Outputs": { - "ApiTwoUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiThreeUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiOneUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiKey": { - "Description": "Api Key", - "Value": { - "Ref": "ServerlessApiKey" - } - }, - "UsagePlanKey": { - "Description": "Usage Plan Key", - "Value": { - "Ref": "MyApiTwoUsagePlanKey" + "Resources": { + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "UsagePlan": { - "Description": "Usage Plan physical Id", - "Value": { - "Ref": "MyApiTwoUsagePlan" - } - } - }, - "Resources": { - "MyFunctionThreeRole": { + "MyFunctionOneRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -62,113 +46,49 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyApiOneDeployment7997029260": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiOne" - }, - "Description": "RestApi deployment id: 79970292604071da8105ffd8503f82af32b30550", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment40b50dc688" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "MyApiTwoUsagePlanKey": { - "Type": "AWS::ApiGateway::UsagePlanKey", + "MyFunctionOneApiKeyAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "KeyType": "API_KEY", - "KeyId": { - "Ref": "MyApiTwoApiKey" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionOne" }, - "UsagePlanId": { - "Ref": "MyApiTwoUsagePlan" - } - }, - "DependsOn": [ - "MyApiTwoApiKey" - ] - }, - "MyApiThree": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/path/three": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" - } - }, - "security": [ - { - "api_key": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "api_key": { - "type": "apiKey", - "name": "x-api-key", - "in": "header" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/path/one", + { + "__ApiId__": { + "Ref": "MyApiOne" + }, + "__Stage__": "*" } - } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyFunctionThreeApiKeyPermissionProd": { + "MyFunctionOneApiKeyPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionThree" + "Ref": "MyFunctionOne" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiThree" - } + "Ref": "MyApiOne" + }, + "__Stage__": "*" } ] } @@ -177,10 +97,10 @@ "MyFunctionTwo": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionTwoRole", @@ -190,28 +110,58 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionOneApiKeyPermissionProd": { + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionTwoImplicitApiEventPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionOne" + "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiOne" - } + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } @@ -221,24 +171,46 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiTwo" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionOneRole": { + "MyFunctionThree": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionThreeRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionThreeRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -262,16 +234,38 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyApiTwo": { + "MyFunctionThreeApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionThree" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + { + "__ApiId__": { + "Ref": "MyApiThree" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiOne": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -279,134 +273,156 @@ } }, "paths": { - "/path/two": { + "/path/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "api_key": { - "type": "apiKey", - "name": "x-api-key", - "in": "header" - } - } + }, + "/any/path/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + } + }, + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyFunctionTwoRole": { - "Type": "AWS::IAM::Role", + "MyApiOneDeployment4fc70a300d": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] + "Description": "RestApi deployment id: 4fc70a300d60c86fcdf4076c1dca96c6195a9aa0", + "RestApiId": { + "Ref": "MyApiOne" }, - "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Stage" } }, - "MyFunctionOne": { - "Type": "AWS::Lambda::Function", + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + "DeploymentId": { + "Ref": "MyApiOneDeployment4fc70a300d" }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionOneRole", - "Arn" - ] + "RestApiId": { + "Ref": "MyApiOne" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" + "StageName": "Prod" + } + }, + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + } + }, + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } } - ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + } } }, - "ServerlessRestApiDeployment40b50dc688": { + "MyApiTwoDeployment03730b64c4": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 03730b64c486cc490deefb3b8225244b0fe85d34", "RestApiId": { - "Ref": "ServerlessRestApi" + "Ref": "MyApiTwo" }, - "Description": "RestApi deployment id: 40b50dc6888e5b556b1073ba4304ec9b550659db", "StageName": "Stage" } }, - "ServerlessUsagePlan": { - "Type": "AWS::ApiGateway::UsagePlan", + "MyApiTwoProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "ApiStages": [ - { - "ApiId": { - "Ref": "MyApiThree" - }, - "Stage": { - "Ref": "MyApiThreeProdStage" - } - }, - { - "ApiId": { - "Ref": "ServerlessRestApi" - }, - "Stage": { - "Ref": "ServerlessRestApiProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiThree", - "ServerlessRestApi" - ] + "DeploymentId": { + "Ref": "MyApiTwoDeployment03730b64c4" + }, + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": "Prod" + } }, "MyApiTwoUsagePlan": { "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiTwo" + ], "Properties": { "ApiStages": [ { @@ -419,139 +435,67 @@ } ], "Description": "Description for usage plan", + "Quota": { + "Limit": 10, + "Offset": 10, + "Period": "MONTH" + }, "Tags": [ { - "Value": "value1", - "Key": "key1" + "Key": "key1", + "Value": "value1" }, { - "Value": "value2", - "Key": "key2" + "Key": "key2", + "Value": "value2" } ], - "Quota": { - "Limit": 10, - "Period": "MONTH", - "Offset": 10 - }, "Throttle": { - "RateLimit": 1000, - "BurstLimit": 1000 + "BurstLimit": 1000, + "RateLimit": 1000 }, "UsagePlanName": "SomeRandomName" - }, - "DependsOn": [ - "MyApiTwo" - ] - }, - "MyFunctionTwoImplicitApiEventPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionTwo" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } - }, - "MyApiTwoProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiTwoDeployment03730b64c4" - }, - "RestApiId": { - "Ref": "MyApiTwo" - }, - "StageName": "Prod" } }, - "MyApiOneProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiOneDeployment7997029260" - }, - "RestApiId": { - "Ref": "MyApiOne" - }, - "StageName": "Prod" - } - }, - "MyApiTwoDeployment03730b64c4": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiTwo" - }, - "Description": "RestApi deployment id: 03730b64c486cc490deefb3b8225244b0fe85d34", - "StageName": "Stage" - } - }, - "MyFunctionThree": { - "Type": "AWS::Lambda::Function", + "MyApiTwoApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "MyApiTwoUsagePlan" + ], "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionThreeRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + "Enabled": true, + "StageKeys": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } } ] } }, - "MyApiThreeProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiThreeDeploymentfa9f73f027" - }, - "RestApiId": { - "Ref": "MyApiThree" - }, - "StageName": "Prod" - } - }, - "ServerlessUsagePlanKey": { + "MyApiTwoUsagePlanKey": { "Type": "AWS::ApiGateway::UsagePlanKey", + "DependsOn": [ + "MyApiTwoApiKey" + ], "Properties": { - "KeyType": "API_KEY", "KeyId": { - "Ref": "ServerlessApiKey" + "Ref": "MyApiTwoApiKey" }, + "KeyType": "API_KEY", "UsagePlanId": { - "Ref": "ServerlessUsagePlan" + "Ref": "MyApiTwoUsagePlan" } - }, - "DependsOn": [ - "ServerlessApiKey" - ] + } }, - "MyApiOne": { + "MyApiThree": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -559,25 +503,24 @@ } }, "paths": { - "/path/one": { + "/path/three": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -586,18 +529,70 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, + "MyApiThreeDeploymentfa9f73f027": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: fa9f73f0272017527c24cc93cc4440dd4476b9f4", + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": "Stage" + } + }, + "MyApiThreeProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiThreeDeploymentfa9f73f027" + }, + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": "Prod" + } + }, + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiThree", + "ServerlessRestApi" + ], + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiThree" + }, + "Stage": { + "Ref": "MyApiThreeProdStage" + } + }, + { + "ApiId": { + "Ref": "ServerlessRestApi" + }, + "Stage": { + "Ref": "ServerlessRestApiProdStage" + } + } + ] + } + }, "ServerlessApiKey": { "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "ServerlessUsagePlan" + ], "Properties": { "Enabled": true, "StageKeys": [ @@ -618,15 +613,28 @@ } } ] - }, + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", "DependsOn": [ - "ServerlessUsagePlan" - ] + "ServerlessApiKey" + ], + "Properties": { + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "KeyType": "API_KEY", + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + } }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -637,22 +645,21 @@ "/path/event": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -661,44 +668,75 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiThreeDeploymentfa9f73f027": { + "ServerlessRestApiDeployment40b50dc688": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 40b50dc6888e5b556b1073ba4304ec9b550659db", "RestApiId": { - "Ref": "MyApiThree" + "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: fa9f73f0272017527c24cc93cc4440dd4476b9f4", "StageName": "Stage" } }, - "MyApiTwoApiKey": { - "Type": "AWS::ApiGateway::ApiKey", + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Enabled": true, - "StageKeys": [ - { - "RestApiId": { - "Ref": "MyApiTwo" - }, - "StageName": { - "Ref": "MyApiTwoProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiTwoUsagePlan" - ] + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment40b50dc688" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ApiOneUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiTwoUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiThreeUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "UsagePlan": { + "Description": "Usage Plan physical Id", + "Value": { + "Ref": "MyApiTwoUsagePlan" + } + }, + "UsagePlanKey": { + "Description": "Usage Plan Key", + "Value": { + "Ref": "MyApiTwoUsagePlanKey" + } + }, + "ApiKey": { + "Description": "Api Key", + "Value": { + "Ref": "ServerlessApiKey" + } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_1.json b/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_1.json new file mode 100644 index 000000000..8305db4df --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_1.json @@ -0,0 +1,359 @@ +{ + "Resources": { + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiOne" + }, + "Stage": { + "Ref": "MyApiOneProdStage" + } + }, + { + "ApiId": { + "Ref": "MyApiTwo" + }, + "Stage": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiOne", + "MyApiTwo" + ] + }, + "MyApiOneDeployment7997029260": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiOne" + }, + "Description": "RestApi deployment id: 79970292604071da8105ffd8503f82af32b30550", + "StageName": "Stage" + } + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": { + "Ref": "MyApiOneProdStage" + } + }, + { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "MyApiTwoProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiTwoDeployment03730b64c4" + }, + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": "Prod" + } + }, + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiOneDeployment7997029260" + }, + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": "Prod" + } + }, + "MyApiTwoDeployment03730b64c4": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "Description": "RestApi deployment id: 03730b64c486cc490deefb3b8225244b0fe85d34", + "StageName": "Stage" + } + }, + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + }, + "MyFunctionOneApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionOne" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiOne" + } + } + ] + } + } + }, + "MyFunctionTwo": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionTwoRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyFunctionTwoApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionTwo" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiTwo" + } + } + ] + } + } + }, + "MyFunctionOneRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiOne": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/one": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_2.json b/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_2.json new file mode 100644 index 000000000..ee9bdd13e --- /dev/null +++ b/tests/translator/output/aws-cn/api_with_usageplans_shared_no_side_effect_2.json @@ -0,0 +1,199 @@ +{ + "Resources": { + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiFour" + }, + "Stage": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiFour" + ] + }, + "MyFunctionFourApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionFour" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/four", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiFour" + } + } + ] + } + } + }, + "MyApiFourDeploymentf92b67251a": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiFour" + }, + "Description": "RestApi deployment id: f92b67251a066bec5ee160eeff9c5ab747d9f417", + "StageName": "Stage" + } + }, + "MyFunctionFourRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "MyApiFour": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/four": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionFour.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyFunctionFour": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionFourRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyApiFourProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiFourDeploymentf92b67251a" + }, + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": "Prod" + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_request_model.json b/tests/translator/output/aws-us-gov/api_request_model.json index fd5005a28..9cd385cd9 100644 --- a/tests/translator/output/aws-us-gov/api_request_model.json +++ b/tests/translator/output/aws-us-gov/api_request_model.json @@ -34,7 +34,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeployment3744537077" + "Ref": "HtmlApiDeploymenta918aefe10" }, "RestApiId": { "Ref": "HtmlApi" @@ -61,13 +61,32 @@ } } }, - "HtmlApiDeployment3744537077": { + "HtmlFunctionAnyPathPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } + } + }, + "HtmlApiDeploymenta918aefe10": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" }, - "Description": "RestApi deployment id: 374453707756d2ce5439fb8f0995a4ced3659a0e", + "Description": "RestApi deployment id: a918aefe10cedb759cd5d8b070774d1e1804de32", "StageName": "Stage" } }, @@ -108,6 +127,28 @@ } ] } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + } + }, + "responses": {}, + "parameters": [ + { + "in": "body", + "name": "user", + "schema": { + "$ref": "#/definitions/user" + }, + "required": true + } + ] + } } }, "swagger": "2.0", diff --git a/tests/translator/output/aws-us-gov/api_request_model_openapi_3.json b/tests/translator/output/aws-us-gov/api_request_model_openapi_3.json index 008a26bc1..a8bb14db3 100644 --- a/tests/translator/output/aws-us-gov/api_request_model_openapi_3.json +++ b/tests/translator/output/aws-us-gov/api_request_model_openapi_3.json @@ -34,7 +34,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "HtmlApiDeploymenta488cfa4f9" + "Ref": "HtmlApiDeployment2274fb58ae" }, "RestApiId": { "Ref": "HtmlApi" @@ -63,6 +63,27 @@ } } }, + "HtmlFunctionAnyIamPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "HtmlApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -123,6 +144,34 @@ }, "responses": {} } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HtmlFunction.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/user" + } + } + }, + "required": true + } + } } }, "openapi": "3.0", @@ -157,13 +206,13 @@ } } }, - "HtmlApiDeploymenta488cfa4f9": { + "HtmlApiDeployment2274fb58ae": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "HtmlApi" }, - "Description": "RestApi deployment id: a488cfa4f9c73604187a3a5dfa5f333ef2c52e1e" + "Description": "RestApi deployment id: 2274fb58ae60fc2a69a3feb3b433d9bcf6947be5" } }, "HtmlFunctionGetHtmlPermissionProd": { diff --git a/tests/translator/output/aws-us-gov/api_with_apikey_required.json b/tests/translator/output/aws-us-gov/api_with_apikey_required.json index b18a21e4a..c2b004cdb 100644 --- a/tests/translator/output/aws-us-gov/api_with_apikey_required.json +++ b/tests/translator/output/aws-us-gov/api_with_apikey_required.json @@ -1,17 +1,31 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -27,6 +41,57 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, @@ -34,6 +99,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -44,22 +110,38 @@ "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -68,81 +150,37 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiWithoutAuthDeployment21dacab558": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment1f6bf4c0d5" - }, + "Description": "RestApi deployment id: 21dacab558603b40cc8f8528fd85cc226e8769c5", "RestApiId": { "Ref": "MyApiWithoutAuth" }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } + "StageName": "Stage" } }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeployment21dacab558" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyApiWithoutAuthDeployment1f6bf4c0d5": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { "RestApiId": { "Ref": "MyApiWithoutAuth" }, - "Description": "RestApi deployment id: 1f6bf4c0d5babf513c5623a65931134211ad3d0b", - "StageName": "Stage" + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_apikey_required_openapi_3.json b/tests/translator/output/aws-us-gov/api_with_apikey_required_openapi_3.json index c6dc6a9ca..4f3bd96f2 100644 --- a/tests/translator/output/aws-us-gov/api_with_apikey_required_openapi_3.json +++ b/tests/translator/output/aws-us-gov/api_with_apikey_required_openapi_3.json @@ -1,25 +1,39 @@ { "Resources": { - "MyFunctionWithApiKeyRequiredRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithApiKeyRequired": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithApiKeyRequiredRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MyFunctionWithApiKeyRequiredRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -27,123 +41,147 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] } } }, - "MyApiWithoutAuthDeployment36e0aae784": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithoutAuth" - }, - "Description": "RestApi deployment id: 36e0aae784b2c12681164079395d2d416638051f" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithApiKeyRequired" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/ApiKeyRequiredTrue", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyApiWithoutAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/ApiKeyRequiredTrue": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/ApiKeyRequiredTrue": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithApiKeyRequired.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiWithoutAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyApiWithoutAuthDeployment9d2e3e35ec": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithoutAuthDeployment36e0aae784" - }, + "Description": "RestApi deployment id: 9d2e3e35ec48e8d035a3fcd56a245a84688c2fda", "RestApiId": { "Ref": "MyApiWithoutAuth" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithApiKeyRequiredMyApiWithApiKeyRequiredPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithApiKeyRequired" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/ApiKeyRequiredTrue", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] } } - }, - "MyFunctionWithApiKeyRequired": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithoutAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithApiKeyRequiredRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "DeploymentId": { + "Ref": "MyApiWithoutAuthDeployment9d2e3e35ec" + }, + "RestApiId": { + "Ref": "MyApiWithoutAuth" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_auth_all_maximum.json b/tests/translator/output/aws-us-gov/api_with_auth_all_maximum.json index d2731e6dc..9cc7479c5 100644 --- a/tests/translator/output/aws-us-gov/api_with_auth_all_maximum.json +++ b/tests/translator/output/aws-us-gov/api_with_auth_all_maximum.json @@ -1,386 +1,689 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyApiDeployment7939ed72e3": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 7939ed72e39cf5e3c86aaa365a531790a1d244e6", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, + { + "api_key": [] + } + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, { "api_key": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiDeployment275e8e0d8c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "Description": "RestApi deployment id: 275e8e0d8cf3a111a995e674cad920e51ff02de7", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment275e8e0d8c" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" } }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -389,32 +692,17 @@ ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment7939ed72e3" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -422,20 +710,17 @@ ] } } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -445,4 +730,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_auth_all_maximum_openapi_3.json b/tests/translator/output/aws-us-gov/api_with_auth_all_maximum_openapi_3.json index 3195b25b9..d5aef29ac 100644 --- a/tests/translator/output/aws-us-gov/api_with_auth_all_maximum_openapi_3.json +++ b/tests/translator/output/aws-us-gov/api_with_auth_all_maximum_openapi_3.json @@ -1,387 +1,690 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithNoAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionWithCognitoMultipleUserPoolsAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognitomultiple", { "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/default", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaRequestAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdarequest", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatoken", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithLambdaTokenNoneAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambdatokennone", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithNoAuthorizerAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/noauth", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } }, "MyFunctionWithCognitoMultipleUserPoolsAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/users", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyFunctionWithLambdaTokenAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/users", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" } ] } } - }, - "MyApiDeployment57e8e73ac5": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFunctionWithLambdaTokenNoneAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 57e8e73ac5d3dea833fbbfb4d0d67328fb198a35" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PATCH/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, + "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithDefaultAuthorizerPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + { + "__ApiId__": { + "Ref": "MyApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "NONE": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] } - }, - "/users": { - "put": { + }, + "/any/noauth": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { - "MyCognitoAuth": [] - }, + "NONE": [] + }, { "api_key": [] } - ], - "responses": {} - }, + ] + } + }, + "/users": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuthMultipleUserPools": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + }, "patch": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuthNoneFunctionInvokeRole": [] - }, + }, { "api_key": [] } - ], - "responses": {} - }, + ] + }, "delete": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + }, + { + "api_key": [] + } + ] + }, + "put": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/cognitomultiple": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {}, + "security": [ + { + "MyCognitoAuthMultipleUserPools": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatoken": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdatokennone": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuthNoneFunctionInvokeRole": [] + }, + { + "api_key": [] + } + ] + } + }, + "/any/lambdarequest": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] - }, + }, { "api_key": [] } - ], - "responses": {} + ] + } + }, + "/any/default": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + }, + { + "api_key": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { - "MyLambdaTokenAuthNoneFunctionInvokeRole": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "MyCognitoAuth": { + "type": "apiKey", + "name": "MyAuthorizationHeader", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 0, + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:1" + ], + "identityValidationExpression": "myauthvalidationexpression" + } + }, + "MyCognitoAuthMultipleUserPools": { + "type": "apiKey", + "name": "MyAuthorizationHeader2", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + "arn:aws:2", + "arn:aws:3" + ], + "identityValidationExpression": "myauthvalidationexpression2" + } + }, + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "MyCustomAuthHeader", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - } - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuthMultipleUserPools": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader2", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression2", - "providerARNs": [ - "arn:aws:2", - "arn:aws:3" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + }, + "authorizerResultTtlInSeconds": 20, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identityValidationExpression": "mycustomauthexpression" + } + }, + "MyLambdaTokenAuthNoneFunctionInvokeRole": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "authorizerResultTtlInSeconds": 0, - "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access" - }, - "x-amazon-apigateway-authtype": "custom" - }, - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "MyAuthorizationHeader", - "x-amazon-apigateway-authorizer": { - "identityValidationExpression": "myauthvalidationexpression", - "providerARNs": [ - "arn:aws:1" - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - }, - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "MyCustomAuthHeader", + }, + "authorizerResultTtlInSeconds": 0 + } + }, + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerResultTtlInSeconds": 20, + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": "arn:aws" } ] - }, - "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", - "identityValidationExpression": "mycustomauthexpression" - }, - "x-amazon-apigateway-authtype": "custom" - }, + }, + "authorizerResultTtlInSeconds": 0, + "authorizerCredentials": "arn:aws:iam::123456789012:role/S3Access", + "identitySource": "method.request.header.Authorization1, method.request.querystring.Authorization2, stageVariables.Authorization3, context.Authorization4" + } + }, "api_key": { - "type": "apiKey", - "name": "x-api-key", + "type": "apiKey", + "name": "x-api-key", "in": "header" } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiDeployment0cb1804921": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApi" - } - } - ] + "Description": "RestApi deployment id: 0cb1804921207c455f8eaaf3c704ecee88ec286f", + "RestApiId": { + "Ref": "MyApi" } } }, - "MyFunctionWithLambdaRequestAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/users", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApi" - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment0cb1804921" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" } }, - "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "MyApiMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": "arn:aws", + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "MyApi" @@ -390,32 +693,17 @@ ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment57e8e73ac5" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyFunctionWithNoAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaTokenAuthNoneFunctionInvokeRoleAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -423,20 +711,17 @@ ] } } - }, - "MyFunctionWithDefaultAuthorizerPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyApiMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, + "Action": "lambda:InvokeFunction", + "FunctionName": "arn:aws", + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/users", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApi" } @@ -446,4 +731,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_auth_all_minimum.json b/tests/translator/output/aws-us-gov/api_with_auth_all_minimum.json index b108f7b43..9b583ee6f 100644 --- a/tests/translator/output/aws-us-gov/api_with_auth_all_minimum.json +++ b/tests/translator/output/aws-us-gov/api_with_auth_all_minimum.json @@ -1,153 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeploymentca86749bcd" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyApiWithLambdaTokenAuthDeployment5192789870": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 5192789870157c12b0fb5a78c7e570d22c4e46f5", - "StageName": "Stage" - } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -155,343 +115,497 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment9b695a6dd5" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaTokenAuth" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] } } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, + }, + "MyApiWithCognitoAuthDeployment492f1347b1": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 492f1347b1194457232f0e99ced4a86954fdeec9", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment492f1347b1" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyApiWithLambdaRequestAuthDeploymentca86749bcd": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApiWithLambdaTokenAuthDeployment5f3dce4e5c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 5f3dce4e5c196ff885a155dd8cc0ffeebd5b93b1", "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: ca86749bcd339b4d6564954e2e12b20ebf9fb2ff", + "Ref": "MyApiWithLambdaTokenAuth" + }, "StageName": "Stage" } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment5f3dce4e5c" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment5192789870" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, - "MyApiWithCognitoAuthDeployment9b695a6dd5": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 9b695a6dd5c12bb346b4163227f398c34128a49a", - "StageName": "Stage" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeployment468dce6129": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 468dce61296ac92bf536be6fc55751d9553dbc4b", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment468dce6129" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_auth_all_minimum_openapi.json b/tests/translator/output/aws-us-gov/api_with_auth_all_minimum_openapi.json index d64968c4e..bcccf7104 100644 --- a/tests/translator/output/aws-us-gov/api_with_auth_all_minimum_openapi.json +++ b/tests/translator/output/aws-us-gov/api_with_auth_all_minimum_openapi.json @@ -1,172 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "MyCognitoAuth": [] - } - ], - "responses": {} - } - } - }, - "openapi": "3.0.1", - "components": { - "securitySchemes": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiWithLambdaRequestAuthDeployment7c3972b020": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 7c3972b020afc5a3f348a527f9cbf5108557b930" - } - }, - "MyApiWithCognitoAuthDeploymente1765ad6c1": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: e1765ad6c129adfb32be52dea3fa053e2ce02d51" - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment7c3972b020" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucketname", + "S3Key": "thumbnails.zip" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } - } - }, - "MyApiWithLambdaTokenAuthDeploymentfc5424e34c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: fc5424e34c86d9c2c71ee87d32bc82555a3c577d" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucketname", + "S3Bucket": "bucketname", "S3Key": "thumbnails.zip" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -174,327 +115,500 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeploymente1765ad6c1" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaTokenAuth" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + } + }, + "openapi": "3.0.1", + "components": { + "securitySchemes": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } } } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, + }, + "MyApiWithCognitoAuthDeploymentd15cd5215f": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: d15cd5215f8dc24b832be6e0143c03a7226ffbeb", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + } + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeploymentd15cd5215f" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaTokenAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaTokenAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthDeployment81ca64a86a": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "Description": "RestApi deployment id: 81ca64a86a839b7e8f545ef75080e4782b938375", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + } } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucketname", - "S3Key": "thumbnails.zip" - }, - "Role": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment81ca64a86a" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeploymentfc5424e34c" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyLambdaRequestAuth": [] } - ], - "responses": {} + ] + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] } } - }, - "openapi": "3.0.1", + }, + "openapi": "3.0.1", "components": { "securitySchemes": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeployment2866a2663d": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 2866a2663d620ea5e87834fa7ade690f394dd9a1", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeployment2866a2663d" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_auth_no_default.json b/tests/translator/output/aws-us-gov/api_with_auth_no_default.json index 06783f5d9..e1b516b19 100644 --- a/tests/translator/output/aws-us-gov/api_with_auth_no_default.json +++ b/tests/translator/output/aws-us-gov/api_with_auth_no_default.json @@ -1,138 +1,113 @@ { "Resources": { - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment9a21d88fe2" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFnRole", "Arn" ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "MyFn": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -140,343 +115,467 @@ } } ] - } - } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeployment2da3114321" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithCognitoAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithCognitoAuthDeployment2da3114321": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: 2da3114321f3a31e83ea7029e5b167e14f36e7fb", - "StageName": "Stage" - } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", { "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiWithLambdaTokenAuthDeployment613e605d96": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 613e605d962dfc3e8ac8e456357d807af4264223", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } } - }, + }, "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFn" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} } } + }, + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } - }, + }, + "MyApiWithCognitoAuthDeployment7a90d1a343": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 7a90d1a343091df72446e32dd94c5229b9178d2c", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment7a90d1a343" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-token": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "token", + "type": "token", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] } - }, - "x-amazon-apigateway-authtype": "custom" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", + }, + "MyApiWithLambdaTokenAuthDeployment094f29ed11": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] + "Description": "RestApi deployment id: 094f29ed11748846f0541bbcba9b2e67a14a9724", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment094f29ed11" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "MyFnRole", + "MyAuthFn", "Arn" ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" } } ] } } - }, - "MyApiWithLambdaRequestAuthDeployment9a21d88fe2": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 9a21d88fe25a74e9f2ca61175f4dd4d281b61d12", - "StageName": "Stage" - } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment613e605d96" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" - } - }, + }, "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/lambda-request": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/lambda-request": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", + "type": "request", "authorizerUri": { "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", { "__FunctionArn__": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] } } ] - } - }, - "x-amazon-apigateway-authtype": "custom" + }, + "identitySource": "method.request.header.Authorization1" + } } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiWithLambdaRequestAuthDeploymentd964e6a5ba": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: d964e6a5ba7a5a0a4b49190e4f9100535f45d401", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeploymentd964e6a5ba" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } + } + ] } } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json b/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json index 317b6255e..79f06fdbb 100644 --- a/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json +++ b/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json @@ -1,69 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeployment589bc02957": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 589bc02957d5c0cd37766f5b4ad15db34e339c67", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment589bc02957" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -71,87 +40,172 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } - }, + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", - "Statement": { - "Action": "execute-api:Invoke", - "Resource": [ - { - "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", - { - "__Stage__": "Prod" - } + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" ] } - ], - "Effect": "Deny", - "Principal": { - "AWS": [ - "12345" - ] } - } + ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment6a8eed6b70": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 6a8eed6b70acc4370ccf1562322a4119ecb9efbc", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment6a8eed6b70" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json b/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json index 2b0dfff75..1d72b8542 100644 --- a/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json +++ b/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json @@ -1,69 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeployment1455f86734": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 1455f86734ed594d0b04ccd0bfb035c00f838cca", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment1455f86734" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -71,69 +40,170 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionAnyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } - }, + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/*/any", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": { "AWS": [ "12345" ] } - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/*/any", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": { + "AWS": [ + "67890" + ] + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": { + "AWS": [ + "12345" + ] + } + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/PUT/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": { "AWS": [ "67890" @@ -142,37 +212,38 @@ } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeploymentada5c7703b": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: ada5c7703b63b68dc786a5c07c597a85018bd2cf", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentada5c7703b" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json index 8130f7908..409391c8a 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_auth_preflight_auth.json @@ -1,151 +1,39 @@ { "Resources": { - "ServerlessApi": { - "Type": "AWS::ApiGateway::RestApi", + "ApiFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/": { - "post": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } - }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} - }, - "options": { - "responses": { - "200": { - "headers": { - "Access-Control-Allow-Origin": { - "type": "string" - }, - "Access-Control-Allow-Methods": { - "type": "string" - } - }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ], - "x-amazon-apigateway-integration": { - "type": "mock", - "requestTemplates": { - "application/json": "{\n \"statusCode\" : 200\n}\n" - }, - "responses": { - "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, - "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "origins", - "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" - } - } - } - }, - "summary": "CORS support", - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "consumes": [ - "application/json" - ] - }, - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" - } - }, - "security": [ - { - "MyLambdaRequestAuth": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] - } - }, - "x-amazon-apigateway-authtype": "custom" - } - } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ApiFunctionRole", + "Arn" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "ApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "ApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -153,127 +41,115 @@ } } ] - } - } - }, - "ServerlessApiDeployment1aab931299": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessApi" - }, - "Description": "RestApi deployment id: 1aab931299afa9c61fe2f0d56427e1f4ce6191e8", - "StageName": "Stage" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "ApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessApi" - } + }, + "__Stage__": "*" } ] } } }, - "ApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "ApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessApi" - } + }, + "__Stage__": "*" } ] } } }, - "ApiFunction": { - "Type": "AWS::Lambda::Function", + "ApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ApiFunctionRole", - "Arn" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessApi" + }, + "__Stage__": "*" + } ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + } } - }, + }, "MyAuthFn": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { - "S3Bucket": "bucket", + "S3Bucket": "bucket", "S3Key": "key" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyAuthFnRole", + "MyAuthFnRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "MyAuthFnRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -281,35 +157,242 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ServerlessApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + }, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + } + }, + "securityDefinitions": { + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "request", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } + ] + }, + "identitySource": "method.request.header.Authorization1" + } + } + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } } - }, + }, + "ServerlessApiDeploymentc2a3913910": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: c2a3913910ac757cced600f36f4fef45b2e4bfa8", + "RestApiId": { + "Ref": "ServerlessApi" + }, + "StageName": "Stage" + } + }, "ServerlessApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessApiDeployment1aab931299" - }, + "Ref": "ServerlessApiDeploymentc2a3913910" + }, "RestApiId": { "Ref": "ServerlessApi" - }, + }, "StageName": "Prod" } - }, + }, "ServerlessApiMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ - "MyAuthFn", + "MyAuthFn", "Arn" ] - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { "__ApiId__": { "Ref": "ServerlessApi" @@ -320,4 +403,4 @@ } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_conditions_no_definitionbody.json b/tests/translator/output/aws-us-gov/api_with_cors_and_conditions_no_definitionbody.json index 035b35918..79de7572e 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_and_conditions_no_definitionbody.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_conditions_no_definitionbody.json @@ -1,58 +1,124 @@ { - "AWSTemplateFormatVersion": "2010-09-09", + "AWSTemplateFormatVersion": "2010-09-09", "Conditions": { "MyCondition": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { - "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "ImplicitApiFunction2": { + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunction2Role", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] - }, - "Condition": "MyCondition" - }, - "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + } + }, + "ImplicitApiFunction2Role": { + "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "ImplicitApiFunction2DeleteHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction2" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "ImplicitApiFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -60,277 +126,309 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] } - }, - "Condition": "MyCondition" + } }, "ImplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } - }, - "Condition": "MyCondition" - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeploymentc140480269" - }, - "RestApiId": { - "Ref": "ExplicitApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { - "post": { + "delete": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } + }, + "responses": {} + }, + "get": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, - "get": { + }, + "post": { "Fn::If": [ - "MyCondition", + "MyCondition", { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::If": [ - "MyCondition", + "MyCondition", { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" - }, + }, { "Ref": "AWS::NoValue" } ] } - }, + }, "responses": {} - }, + }, { "Ref": "AWS::NoValue" } ] - }, + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" - } - }, - "produces": [ - "application/json" - ] - }, - "delete": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction2.Arn}/invocations" + } } - }, - "responses": {} + } } + }, + "/any": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-any-method": { + "Fn::If": [ + "MyCondition", + { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::If": [ + "MyCondition", + { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + }, + { + "Ref": "AWS::NoValue" + } + ] + } + }, + "responses": {} + }, + { + "Ref": "AWS::NoValue" + } + ] + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'www.example.com'", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } + } + }, + { + "Ref": "AWS::NoValue" + } + ] } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - }, - "Condition": "MyCondition" }, - "ExplicitApiDeploymentc140480269": { - "Type": "AWS::ApiGateway::Deployment", + "ExplicitApiDeploymentc78ebf0832": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: c78ebf083257039f9ac5b13d52c7ff7ae8ba90e7", "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: c1404802698c32d804a36387b8267984809dad27", + }, "StageName": "Stage" } - }, - "ImplicitApiFunction2Role": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } - }, - "ImplicitApiFunction2DeleteHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction2" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/DELETE/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ImplicitApiFunction2": { - "Type": "AWS::Lambda::Function", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.gethtml", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ImplicitApiFunction2Role", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "DeploymentId": { + "Ref": "ExplicitApiDeploymentc78ebf0832" + }, + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_and_only_methods.json b/tests/translator/output/aws-us-gov/api_with_cors_and_only_methods.json index 1955ea1fe..e85d393d6 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_and_only_methods.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_and_only_methods.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, - "Handler": "index.gethtml", + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,127 +41,209 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment50aa0cc33c" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Origin": "'*'", "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Allow-Methods": "methods" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiDeployment50aa0cc33c": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeployment82f9bf33a1": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 82f9bf33a18bf398cbc6b03f415b9f6c2280c982", "RestApiId": { "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 50aa0cc33c04fa6949a5f0e9cd22667b2677d9af", + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment82f9bf33a1" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_cors_no_definitionbody.json b/tests/translator/output/aws-us-gov/api_with_cors_no_definitionbody.json index e384a6395..cd0a40e3c 100644 --- a/tests/translator/output/aws-us-gov/api_with_cors_no_definitionbody.json +++ b/tests/translator/output/aws-us-gov/api_with_cors_no_definitionbody.json @@ -16,37 +16,62 @@ ] }, "Runtime": "nodejs12.x", - "Tags": [{ - "Value": "SAM", - "Key": "lambda:createdBy" - }] + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, "ManagedPolicyArns": [ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [{ - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" } - }] + ] } } }, @@ -54,39 +79,39 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } }, - "ImplicitApiFunctionGetHtmlPermissionProd": { + "ImplicitApiFunctionAnyHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "ImplicitApiFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } @@ -96,6 +121,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -104,10 +130,20 @@ }, "paths": { "/": { - "post": { + "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, + "post": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } @@ -115,6 +151,13 @@ "responses": {} }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { "type": "mock", "requestTemplates": { @@ -123,22 +166,19 @@ "responses": { "default": { "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, "responseParameters": { "method.response.header.Access-Control-Allow-Origin": "origins", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" @@ -146,59 +186,96 @@ "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "origins", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ExplicitApiDeployment9080d99115": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeploymentc934a493f3" - }, + "Description": "RestApi deployment id: 9080d99115784303ab348562cca88235c3a131aa", "RestApiId": { "Ref": "ExplicitApi" }, - "StageName": "Prod" + "StageName": "Stage" } }, - "ExplicitApiDeploymentc934a493f3": { - "Type": "AWS::ApiGateway::Deployment", + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeployment9080d99115" + }, "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: c934a493f3473efce5bb2acbf1d54e9c2ce0fef3", - "StageName": "Stage" + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_default_aws_iam_auth_and_no_auth_route.json b/tests/translator/output/aws-us-gov/api_with_default_aws_iam_auth_and_no_auth_route.json index 0b0daf61f..e56679cde 100644 --- a/tests/translator/output/aws-us-gov/api_with_default_aws_iam_auth_and_no_auth_route.json +++ b/tests/translator/output/aws-us-gov/api_with_default_aws_iam_auth_and_no_auth_route.json @@ -3,11 +3,11 @@ "MyFunctionWithAwsIamAuth": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "S3Bucket": "bucket", "S3Key": "key" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionWithAwsIamAuthRole", @@ -17,49 +17,121 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/iam", + { + "__ApiId__": { + "Ref": "MyApiWithAwsIamAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithNoAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/none", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithAwsIamAuth" - } + }, + "__Stage__": "*" } ] } @@ -69,6 +141,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -79,108 +152,112 @@ "/": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "get": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/iam": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/none": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" } }, + "responses": {}, "security": [ { "NONE": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { - "in": "header", "type": "apiKey", "name": "Authorization", + "in": "header", "x-amazon-apigateway-authtype": "awsSigv4" } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiWithAwsIamAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiWithAwsIamAuthDeploymentf50d541bef": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "MyApiWithAwsIamAuthDeploymentce96ce9f89" - }, + "Description": "RestApi deployment id: f50d541bef5f3b607af4650464da9c65103e8dc3", "RestApiId": { "Ref": "MyApiWithAwsIamAuth" }, - "StageName": "Prod" + "StageName": "Stage" } }, - "MyApiWithAwsIamAuthDeploymentce96ce9f89": { - "Type": "AWS::ApiGateway::Deployment", + "MyApiWithAwsIamAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "MyApiWithAwsIamAuthDeploymentf50d541bef" + }, "RestApiId": { "Ref": "MyApiWithAwsIamAuth" }, - "Description": "RestApi deployment id: ce96ce9f89cd76c41cf8194b117ee9ae6a81e240", - "StageName": "Stage" - } - }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_if_conditional_with_resource_policy.json b/tests/translator/output/aws-us-gov/api_with_if_conditional_with_resource_policy.json index b0bd1013b..1b1b52d70 100644 --- a/tests/translator/output/aws-us-gov/api_with_if_conditional_with_resource_policy.json +++ b/tests/translator/output/aws-us-gov/api_with_if_conditional_with_resource_policy.json @@ -2,226 +2,259 @@ "Conditions": { "C1": { "Fn::Equals": [ - true, + true, true ] } - }, + }, "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ExplicitApiDeploymente252ad8b51": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: e252ad8b5121d1fcb94bf7ef489dbbd46a3dd461", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { "Fn::If": [ - "C1", + "C1", { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { "Ref": "AWS::NoValue" } ] } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, + }, + "ExplicitApiDeployment6c75921e70": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 6c75921e70c9e79fa98611cad36e4af5d3e002d6", + "RestApiId": { + "Ref": "ExplicitApi" + }, + "StageName": "Stage" + } + }, "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymente252ad8b51" - }, + "Ref": "ExplicitApiDeployment6c75921e70" + }, "RestApiId": { "Ref": "ExplicitApi" - }, + }, "StageName": "Prod" } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_method_aws_iam_auth.json b/tests/translator/output/aws-us-gov/api_with_method_aws_iam_auth.json index 730d83d09..06cbf8a55 100644 --- a/tests/translator/output/aws-us-gov/api_with_method_aws_iam_auth.json +++ b/tests/translator/output/aws-us-gov/api_with_method_aws_iam_auth.json @@ -1,21 +1,137 @@ { "Resources": { + "MyFunctionWithAwsIamAuth": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucket", + "S3Key": "key" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionWithAwsIamAuthRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionWithAwsIamAuthRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionWithAwsIamAuth" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiWithoutAuth" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndCustomInvokeRolePermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionWithAwsIamAuth" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/one", + { + "__ApiId__": { + "Ref": "MyApiWithoutAuth" + }, + "__Stage__": "*" } ] } @@ -25,6 +141,7 @@ "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -33,57 +150,74 @@ }, "paths": { "/": { - "put": { + "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "rn:aws:iam::123:role/AUTH_AWS_IAM" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] }, - "get": { + "put": { "x-amazon-apigateway-integration": { + "type": "aws_proxy", "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" + }, + "credentials": "arn:aws:iam::*:user/*" + }, + "responses": {}, + "security": [ + { + "AWS_IAM": [] + } + ] + } + }, + "/any/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionWithAwsIamAuth.Arn}/invocations" }, "credentials": "arn:aws:iam::*:user/*" }, + "responses": {}, "security": [ { "AWS_IAM": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "AWS_IAM": { "x-amazon-apigateway-authtype": "awsSigv4", @@ -93,67 +227,23 @@ } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndDefaultInvokeRolePermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithAwsIamAuth" }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] } } }, - "MyFunctionWithAwsIamAuth": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "S3Bucket": "bucket", - "S3Key": "key" - }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionWithAwsIamAuthRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] - } - }, - "MyApiWithoutAuthDeploymentd7b0de15e2": { + "MyApiWithoutAuthDeployment60e94c7d4c": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 60e94c7d4c7027bdd55b188a3e78764ec1fe52da", "RestApiId": { "Ref": "MyApiWithoutAuth" }, - "Description": "RestApi deployment id: d7b0de15e29c2d947cc5a2004fd545fec3260faf", "StageName": "Stage" } }, @@ -161,64 +251,13 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "MyApiWithoutAuthDeploymentd7b0de15e2" + "Ref": "MyApiWithoutAuthDeployment60e94c7d4c" }, "RestApiId": { "Ref": "MyApiWithoutAuth" }, "StageName": "Prod" } - }, - "MyFunctionWithAwsIamAuthMyApiWithAwsIamAuthAndCustomInvokeRolePermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionWithAwsIamAuth" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithoutAuth" - } - } - ] - } - } - }, - "MyFunctionWithAwsIamAuthRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } - } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_mode.json b/tests/translator/output/aws-us-gov/api_with_mode.json new file mode 100644 index 000000000..bcee5b4e4 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_mode.json @@ -0,0 +1,117 @@ +{ + "Resources": { + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ], + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + } + } + }, + "ApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ApiDeploymentf117c932f7" + }, + "RestApiId": { + "Ref": "Api" + }, + "StageName": "Prod" + } + }, + "FunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "Function" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__Stage__": "*", + "__ApiId__": "Api" + } + ] + } + } + }, + "ApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "Api" + }, + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "StageName": "Stage" + } + }, + "Api": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "BodyS3Location": { + "Bucket": "sam-demo-bucket", + "Key": "webpage_swagger.json" + }, + "Description": "my description", + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Mode": "overwrite", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_with_open_api_version.json b/tests/translator/output/aws-us-gov/api_with_open_api_version.json index 1ddc31fc3..8efe48e71 100644 --- a/tests/translator/output/aws-us-gov/api_with_open_api_version.json +++ b/tests/translator/output/aws-us-gov/api_with_open_api_version.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,168 +41,248 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, - "paths": {}, + }, + "paths": {}, "openapi": "3.0.1" - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, + }, "ExplicitApiDeploymentd9a0f2ae4f": { - "Type": "AWS::ApiGateway::Deployment", + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3", "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: d9a0f2ae4fe2d97b9b91644934a878b6a08cf1c3" + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymenta4ffcdf019" - }, + "Ref": "ExplicitApiDeploymentd9a0f2ae4f" + }, "RestApiId": { - "Ref": "ServerlessRestApi" - }, + "Ref": "ExplicitApi" + }, "StageName": "Prod" } - }, - "ServerlessRestApiDeploymenta4ffcdf019": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: a4ffcdf0196ece94bc157dc06c21dfa3c2df13a1" - } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } }, - "summary": "CORS support", "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "schema": { "type": "string" } - }, + }, "Access-Control-Allow-Methods": { "schema": { "type": "string" } } - }, - "description": "Default response for CORS method" + } } } - }, - "get": { + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Allow-Methods": { + "schema": { + "type": "string" + } + } + } + } + } } } - }, + }, "openapi": "3.0.1" - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ServerlessRestApiDeploymentcecfa4a1a7": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: cecfa4a1a7d95801494452e34ba03f6e033c8f5a", + "RestApiId": { + "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymentd9a0f2ae4f" - }, + "Ref": "ServerlessRestApiDeploymentcecfa4a1a7" + }, "RestApiId": { - "Ref": "ExplicitApi" - }, + "Ref": "ServerlessRestApi" + }, "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_open_api_version_2.json b/tests/translator/output/aws-us-gov/api_with_open_api_version_2.json index 49655c0d2..6f75e51c9 100644 --- a/tests/translator/output/aws-us-gov/api_with_open_api_version_2.json +++ b/tests/translator/output/aws-us-gov/api_with_open_api_version_2.json @@ -1,48 +1,39 @@ { "Resources": { "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,170 +41,252 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ImplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } } - }, + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, - "paths": {}, - "swagger": "2.0" - }, + }, + "paths": {} + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment4154e1c30c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment4154e1c30c" - }, + "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15", "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "Prod" + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment2ce765616b" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "ExplicitApiDeployment4154e1c30c": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { + "Ref": "ExplicitApiDeployment4154e1c30c" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 4154e1c30c97469d4946280461125dbfd4324f15" + }, + "StageName": "Prod" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + }, "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], "x-amazon-apigateway-integration": { - "type": "mock", + "type": "mock", "requestTemplates": { "application/json": "{\n \"statusCode\" : 200\n}\n" - }, + }, "responses": { "default": { - "statusCode": "200", - "responseTemplates": { - "application/json": "{}\n" - }, + "statusCode": "200", "responseParameters": { - "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Origin": "*", "method.response.header.Access-Control-Allow-Methods": "'GET,OPTIONS'" + }, + "responseTemplates": { + "application/json": "{}\n" } } } - }, - "consumes": [ - "application/json" - ], - "summary": "CORS support", + }, "responses": { "200": { + "description": "Default response for CORS method", "headers": { "Access-Control-Allow-Origin": { "type": "string" - }, + }, "Access-Control-Allow-Methods": { "type": "string" } - }, - "description": "Default response for CORS method" + } } - }, - "produces": [ - "application/json" - ] - }, - "get": { + } + } + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} + }, + "options": { + "summary": "CORS support", + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "x-amazon-apigateway-integration": { + "type": "mock", + "requestTemplates": { + "application/json": "{\n \"statusCode\" : 200\n}\n" + }, + "responses": { + "default": { + "statusCode": "200", + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "*", + "method.response.header.Access-Control-Allow-Methods": "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" + }, + "responseTemplates": { + "application/json": "{}\n" + } + } + } + }, + "responses": { + "200": { + "description": "Default response for CORS method", + "headers": { + "Access-Control-Allow-Origin": { + "type": "string" + }, + "Access-Control-Allow-Methods": { + "type": "string" + } + } + } + } } } - }, - "swagger": "2.0" - }, + } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiDeployment2ce765616b": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeploymenta4a375efae": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: a4a375efae9da8fb80b2ea99cd0b1040f292cdf3", + "RestApiId": { + "Ref": "ServerlessRestApi" + } + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymenta4a375efae" + }, "RestApiId": { "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 2ce765616b7cfaba8ae0ad0877bd94cfbe0bc0fb" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_path_parameters.json b/tests/translator/output/aws-us-gov/api_with_path_parameters.json index da74d7fc9..69c7f9408 100644 --- a/tests/translator/output/aws-us-gov/api_with_path_parameters.json +++ b/tests/translator/output/aws-us-gov/api_with_path_parameters.json @@ -1,17 +1,31 @@ { "Resources": { - "HtmlFunctionRole": { - "Type": "AWS::IAM::Role", + "HtmlFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "member_portal.zip" + }, + "Handler": "index.gethtml", + "Role": { + "Fn::GetAtt": [ + "HtmlFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "HtmlFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ @@ -27,89 +41,94 @@ } } ] - } + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "HtmlApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "HtmlFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "HtmlApiDeploymentf117c932f7" - }, - "RestApiId": { - "Ref": "HtmlApi" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "HtmlFunction" }, - "StageName": "Prod" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/*/resources", + { + "__ApiId__": "HtmlApi", + "__Stage__": "*" + } + ] + } } }, "HtmlFunctionGetHtmlPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "HtmlFunction" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/*/resources", { - "__Stage__": "*", - "__ApiId__": "HtmlApi" + "__ApiId__": "HtmlApi", + "__Stage__": "*" } ] } } }, - "HtmlApiDeploymentf117c932f7": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "HtmlApi" - }, - "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", - "StageName": "Stage" - } - }, "HtmlApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, "BodyS3Location": { "Bucket": "sam-demo-bucket", "Key": "webpage_swagger.json" }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } } }, - "HtmlFunction": { - "Type": "AWS::Lambda::Function", + "HtmlApiDeploymentf117c932f7": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "member_portal.zip" + "Description": "RestApi deployment id: f117c932f75cfa87d23dfed64e9430d0081ef289", + "RestApiId": { + "Ref": "HtmlApi" }, - "Handler": "index.gethtml", - "Role": { - "Fn::GetAtt": [ - "HtmlFunctionRole", - "Arn" - ] + "StageName": "Stage" + } + }, + "HtmlApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "HtmlApiDeploymentf117c932f7" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "RestApiId": { + "Ref": "HtmlApi" + }, + "StageName": "Prod" } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_resource_policy.json b/tests/translator/output/aws-us-gov/api_with_resource_policy.json index 086f0655d..bb2272c17 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_policy.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_policy.json @@ -1,210 +1,243 @@ { "Resources": { "ExplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ExplicitApiFunctionRole", + "ExplicitApiFunctionRole", "Arn" ] - }, - "Runtime": "nodejs12.x", + }, + "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "ExplicitApiFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ExplicitApiFunctionAnyHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ExplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApiFunctionPutHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "ExplicitApiFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", { - "__Stage__": "*", "__ApiId__": { "Ref": "ExplicitApi" - } + }, + "__Stage__": "*" } ] } } - }, + }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__ApiId__": { + "Ref": "ExplicitApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/three": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, - "/two": { - "post": { + }, + "/any": { + "x-amazon-apigateway-any-method": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] } } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment5c27484b15": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeploymentb5a112ecdf" - }, + "Description": "RestApi deployment id: 5c27484b15a09a4bdfefb251767543b7b351a50d", "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "Prod" - } - }, - "ExplicitApiFunctionPostHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } - } - }, - "ExplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + }, + "StageName": "Stage" } - }, - "ExplicitApiDeploymentb5a112ecdf": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ExplicitApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeployment5c27484b15" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: b5a112ecdfe9f71fbad3f114ad9aeddc73ce44e5", - "StageName": "Stage" - } - }, - "ExplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ExplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ExplicitApi" - } - } - ] - } + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/aws-us-gov/api_with_resource_policy_global_implicit.json b/tests/translator/output/aws-us-gov/api_with_resource_policy_global_implicit.json index fcfb7e108..6e774b923 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_policy_global_implicit.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_policy_global_implicit.json @@ -1,46 +1,39 @@ { "Resources": { - "MinimalFunctionAddItemPermissionProd": { - "Type": "AWS::Lambda::Permission", + "MinimalFunction": { + "Type": "AWS::Lambda::Function", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MinimalFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" ] - } - } - }, - "MinimalFunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } - ], + ] + } + }, + "MinimalFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -48,106 +41,146 @@ } } ] - } - } - }, - "MinimalFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "hello.handler", - "Code": { - "S3Bucket": "sam-demo-bucket", - "S3Key": "hello.zip" - }, - "Role": { - "Fn::GetAtt": [ - "MinimalFunctionRole", - "Arn" - ] - }, - "Runtime": "python2.7", + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MinimalFunctionAddItemPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment9558094c1e" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MinimalFunctionAddItemAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MinimalFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/add", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/add": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/add": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MinimalFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*/*/*" ] - }, + }, { - "Action": "execute-api:blah", + "Action": "execute-api:blah", "Resource": [ "execute-api:/*/*/*" ] } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiDeployment9558094c1e": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeployment96851cbcc5": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 96851cbcc51bf1b545cdaf293a4c302a35a7e355", "RestApiId": { "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 9558094c1ecacce5e02be40fdb03356118d9ccac", + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment96851cbcc5" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_resource_refs.json b/tests/translator/output/aws-us-gov/api_with_resource_refs.json index f54274e54..488db17e9 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_refs.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_refs.json @@ -1,197 +1,230 @@ { - "Outputs": { - "ImplicitApiDeployment": { - "Value": { - "Ref": "ServerlessRestApiDeployment2657ea030d" - } - }, - "ExplicitApiDeployment": { - "Value": { - "Ref": "MyApiDeployment359f256a3b" - } - }, - "ExplicitApiStage": { - "Value": { - "Ref": "MyApifooStage" - } - }, - "ImplicitApiStage": { - "Value": { - "Ref": "ServerlessRestApiProdStage" - } - } - }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "hello.handler", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "hello.zip" - }, + }, + "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, - "Runtime": "python2.7", + }, + "Runtime": "python2.7", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyApiDeployment359f256a3b": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", - "StageName": "Stage" - } - }, - "MyApifooStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment359f256a3b" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "foo" + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment2657ea030d" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/html", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/html", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "ServerlessRestApiDeployment2657ea030d": { - "Type": "AWS::ApiGateway::Deployment", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "this": "is", + "a": "swagger" + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + } + } + }, + "MyApiDeployment359f256a3b": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 359f256a3b3ff2e1102e335a4d603f02df9b4988", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 2657ea030d72028e06bfb9d0bd82ced7c574f4b5", + "Ref": "MyApi" + }, "StageName": "Stage" } }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "MyApifooStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - } + "DeploymentId": { + "Ref": "MyApiDeployment359f256a3b" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "foo" } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/html": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/html": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0" - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, + } + }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "this": "is", - "a": "swagger" - }, + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeployment8d814b9726": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 8d814b9726e535cb84c0737ea3d4f9b02de35b06", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment8d814b9726" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ImplicitApiDeployment": { + "Value": { + "Ref": "ServerlessRestApiDeployment8d814b9726" + } + }, + "ImplicitApiStage": { + "Value": { + "Ref": "ServerlessRestApiProdStage" + } + }, + "ExplicitApiDeployment": { + "Value": { + "Ref": "MyApiDeployment359f256a3b" + } + }, + "ExplicitApiStage": { + "Value": { + "Ref": "MyApifooStage" + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json b/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json index 349d33670..2bba5cd9b 100644 --- a/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json @@ -1,60 +1,38 @@ { "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "ServerlessRestApiDeployment8123e1b4d0": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 8123e1b4d0dbc08e51be7b4c910cacad26d29673", - "StageName": "Stage" - } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment8123e1b4d0" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, + }, "MyFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -62,115 +40,207 @@ } } ] - }, + }, "ManagedPolicyArns": [ "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], + ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, + "responses": {} + } + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringEquals": { "aws:SourceVpce": [ "vpce-3456" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringEquals": { + "aws:SourceVpce": [ + "vpce-3456" + ] + } + } } ] } - }, + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "ServerlessRestApiDeployment23380bf0b1": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 23380bf0b1dd78bf73e4d0173752489c37262bc4", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment23380bf0b1" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" } } } diff --git a/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json b/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json index f6b28aa07..dd73d0ebc 100644 --- a/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json @@ -1,300 +1,442 @@ { "Parameters": { "Vpc1": { - "Default": "vpc-1234", - "Type": "String" + "Type": "String", + "Default": "vpc-1234" } - }, + }, "Resources": { "MyFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n const response = {\n statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n };\n return response;\n};\n" - }, + }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ - "MyFunctionRole", + "MyFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, - "MyFunctionFetchPermissionProd": { - "Type": "AWS::Lambda::Permission", + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionFetchAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/fetch", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionApiAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "MyApiDeployment5332c373d4" - }, - "RestApiId": { - "Ref": "MyApi" - }, - "StageName": "Prod" - } - }, - "MyApiDeployment5332c373d4": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApi" - }, - "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", - "StageName": "Stage" - } - }, - "ServerlessRestApiDeploymente6268e43cf": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: e6268e43cf1f64034297b37a261d5d5a0cc7375b", - "StageName": "Stage" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/get", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "MyFunctionFetchPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymente6268e43cf" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } } - }, + }, "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + "Type": "AWS::Lambda::Permission", "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", + "Action": "lambda:InvokeFunction", "FunctionName": { "Ref": "MyFunction" - }, + }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", { - "__Stage__": "*", "__ApiId__": { "Ref": "ServerlessRestApi" - } + }, + "__Stage__": "*" } ] } } - }, - "MyFunctionRole": { - "Type": "AWS::IAM::Role", + }, + "MyApi": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } + }, + "paths": {} + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" ] - }, - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + } + } + }, + "MyApiDeployment5332c373d4": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Stage" } - }, + }, + "MyApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiDeployment5332c373d4" + }, + "RestApiId": { + "Ref": "MyApi" + }, + "StageName": "Prod" + } + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/get": { "put": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } - }, + }, + "/any/get": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, "/fetch": { "post": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/any/fetch": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" } - }, + }, "responses": {} } } - }, - "swagger": "2.0", + }, "x-amazon-apigateway-policy": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" - }, + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/get", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } + }, { - "Action": "execute-api:Invoke", + "Effect": "Allow", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { "__Stage__": "Prod" } ] } - ], - "Effect": "Allow", + ], "Principal": "*" - }, + }, { - "Action": "execute-api:Invoke", + "Effect": "Deny", + "Action": "execute-api:Invoke", "Resource": [ { "Fn::Sub": [ - "execute-api:/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { "__Stage__": "Prod" } ] } - ], - "Effect": "Deny", + ], + "Principal": "*", "Condition": { "StringNotEquals": { "aws:SourceVpc": [ - "vpc-1234", + "vpc-1234", "vpc-5678" ] } - }, + } + }, + { + "Effect": "Allow", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], "Principal": "*" + }, + { + "Effect": "Deny", + "Action": "execute-api:Invoke", + "Resource": [ + { + "Fn::Sub": [ + "execute-api:/${__Stage__}/*/any/fetch", + { + "__Stage__": "Prod" + } + ] + } + ], + "Principal": "*", + "Condition": { + "StringNotEquals": { + "aws:SourceVpc": [ + "vpc-1234", + "vpc-5678" + ] + } + } } ] } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, + }, "Parameters": { "endpointConfigurationTypes": "REGIONAL" - } - } - }, - "MyApi": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": {}, - "swagger": "2.0" - }, + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } + }, + "ServerlessRestApiDeployment7ac89a5c9d": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 7ac89a5c9dea985081529cc0baa2eeecd04a3981", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment7ac89a5c9d" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_swagger_and_openapi_with_auth.json b/tests/translator/output/aws-us-gov/api_with_swagger_and_openapi_with_auth.json index 898e3ae3b..b5f056d54 100644 --- a/tests/translator/output/aws-us-gov/api_with_swagger_and_openapi_with_auth.json +++ b/tests/translator/output/aws-us-gov/api_with_swagger_and_openapi_with_auth.json @@ -1,48 +1,60 @@ { "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 + } + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false + } + ] + } + }, "ImplicitApiFunction": { - "Type": "AWS::Lambda::Function", + "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.gethtml", "Code": { - "S3Bucket": "sam-demo-bucket", + "S3Bucket": "sam-demo-bucket", "S3Key": "member_portal.zip" - }, + }, + "Handler": "index.gethtml", "Role": { "Fn::GetAtt": [ - "ImplicitApiFunctionRole", + "ImplicitApiFunctionRole", "Arn" ] - }, + }, "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } - }, + }, "ImplicitApiFunctionRole": { - "Type": "AWS::IAM::Role", + "Type": "AWS::IAM::Role", "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ], "AssumeRolePolicyDocument": { - "Version": "2012-10-17", + "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" - ], - "Effect": "Allow", + ], + "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" @@ -50,227 +62,253 @@ } } ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "ImplicitApiFunctionGetHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + } + }, + "ImplicitApiFunctionGetHtmlAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "ImplicitApiFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] } } }, "ExplicitApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "openapi": "3.1.1", + "swagger": 2.0, "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "httpMethod": "POST", + "type": "aws_proxy", "uri": { "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] } } - }, - "openapi": "3.1.1", - "swagger": 2.0, + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, + "Name": "some api", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Name": "some api", - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + }, + "ExplicitApiDeployment7c4f7dda23": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod", - "CacheClusterSize": "1.6", - "Variables": { - "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentc969c99f9d" - } + "Ref": "ExplicitApi" + }, + "StageName": "Stage" } - }, + }, "ExplicitApiSomeStageStage": { - "Type": "AWS::ApiGateway::Stage", + "Type": "AWS::ApiGateway::Stage", "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ExplicitApiDeployment7c4f7dda23" + }, "RestApiId": { "Ref": "ExplicitApi" - }, - "StageName": "SomeStage", - "CacheClusterSize": "1.6", + }, + "StageName": "SomeStage", "Variables": { "SomeVar": "Value" - }, - "CacheClusterEnabled": true, - "DeploymentId": { - "Ref": "ExplicitApiDeployment7c4f7dda23" - } - } - }, - "ImplicitApiFunctionGetHtmlPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "ImplicitApiFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] } } - }, - "ServerlessRestApiDeploymentc969c99f9d": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: c969c99f9d6b6921dff605a206e8989bdb7d1bc7", - "StageName": "Stage" - } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 - } - }, - "Schema": [ - { - "AttributeDataType": "String", - "Required": false, - "Name": "email" - } - ] - } - }, + }, "ServerlessRestApi": { - "Type": "AWS::ApiGateway::RestApi", + "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { - "version": "1.0", + "version": "1.0", "title": { "Ref": "AWS::StackName" } - }, + }, "paths": { "/": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "MyCognitoAuth": [] + } + ] + } + }, + "/any": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ImplicitApiFunction.Arn}/invocations" } - }, + }, + "responses": {}, "security": [ { "MyCognitoAuth": [] } - ], - "responses": {} + ] } } - }, - "swagger": "2.0", + }, "securityDefinitions": { "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", "providerARNs": [ { "Fn::GetAtt": [ - "MyUserPool", + "MyUserPool", "Arn" ] } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" + ] + } } } - }, + }, + "Name": "some api", + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Name": "some api", - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } - }, - "ExplicitApiDeployment7c4f7dda23": { - "Type": "AWS::ApiGateway::Deployment", + }, + "ServerlessRestApiDeployment05a3d3687d": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 05a3d3687d4bfb804b237d40817879c6559ac61c", "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 7c4f7dda23acd71e4a653861510d82ad7809e562", + "Ref": "ServerlessRestApi" + }, "StageName": "Stage" } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "CacheClusterEnabled": true, + "CacheClusterSize": "1.6", + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment05a3d3687d" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod", + "Variables": { + "SomeVar": "Value" + } + } } } -} +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_swagger_authorizer_none.json b/tests/translator/output/aws-us-gov/api_with_swagger_authorizer_none.json index 1fe5153a1..c65310adc 100644 --- a/tests/translator/output/aws-us-gov/api_with_swagger_authorizer_none.json +++ b/tests/translator/output/aws-us-gov/api_with_swagger_authorizer_none.json @@ -1,499 +1,596 @@ { - "Resources": { - "MyFnCognitoPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithCognitoAuth" - } - } - ] + "Resources": { + "MyUserPool": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "UserPoolName": "UserPoolName", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8 } - } - }, - "MyApiWithCognitoAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/cognito": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyCognitoAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "providerARNs": [ - { - "Fn::GetAtt": [ - "MyUserPool", - "Arn" - ] - } - ], - "type": "cognito_user_pools" - }, - "x-amazon-apigateway-authtype": "cognito_user_pools" - } - } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + }, + "UsernameAttributes": [ + "email" + ], + "Schema": [ + { + "AttributeDataType": "String", + "Name": "email", + "Required": false } - } - }, - "MyApiWithLambdaRequestAuthDeployment9c20de6c65": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "Description": "RestApi deployment id: 9c20de6c65c8aa8750d3136af13b9a69bc7d3e5e", - "StageName": "Stage" - } - }, - "MyApiWithLambdaTokenAuthDeployment4f66714fd8": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "Description": "RestApi deployment id: 4f66714fd88af2798cc2462bd8ce435aa77a340c", - "StageName": "Stage" - } - }, - "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] + ] + } + }, + "MyAuthFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyAuthFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithCognitoAuthDeploymentbac15a89c4": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "Description": "RestApi deployment id: bac15a89c4ef70c7a908f93d9f39dc7ce56fa1e3", - "StageName": "Stage" - } - }, - "MyApiWithLambdaRequestAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaRequestAuthDeployment9c20de6c65" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaRequestAuth" - }, - "StageName": "Prod" - } - }, - "MyFnLambdaTokenPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + ] + } + }, + "MyAuthFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } - ] + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyFnLambdaRequestPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFn" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "MyApiWithLambdaRequestAuth" - } - } - ] + ] + } + }, + "MyFn": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFnRole", + "Arn" + ] + }, + "Runtime": "nodejs8.10", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } - } - }, - "MyApiWithLambdaTokenAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/lambda-token": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "MyLambdaTokenAuth": { - "in": "header", - "type": "apiKey", - "name": "Authorization", - "x-amazon-apigateway-authorizer": { - "type": "token", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] - } - }, - "x-amazon-apigateway-authtype": "custom" + ] + } + }, + "MyFnRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] } } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" } + ] + } + }, + "MyFnCognitoAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/cognito", + { + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyApiWithLambdaTokenAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithLambdaTokenAuthDeployment4f66714fd8" - }, - "RestApiId": { - "Ref": "MyApiWithLambdaTokenAuth" - }, - "StageName": "Prod" + } + }, + "MyFnLambdaRequestAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-request", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" + } + ] } - }, - "MyUserPool": { - "Type": "AWS::Cognito::UserPool", - "Properties": { - "UsernameAttributes": [ - "email" - ], - "UserPoolName": "UserPoolName", - "Policies": { - "PasswordPolicy": { - "MinimumLength": 8 + } + }, + "MyFnLambdaTokenAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" } - }, - "Schema": [ + ] + } + } + }, + "MyFnCognitoPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cognito", { - "AttributeDataType": "String", - "Required": false, - "Name": "email" + "__ApiId__": { + "Ref": "MyApiWithCognitoAuth" + }, + "__Stage__": "*" } ] } - }, - "MyAuthFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyAuthFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyFnLambdaRequestPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-request", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "__Stage__": "*" } ] } - }, - "MyApiWithLambdaRequestAuth": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/lambda-request": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "passthroughBehavior": "when_no_match", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" - } - }, - "security": [ - { - "NONE": [] - } - ], - "responses": {} - } + } + }, + "MyFnLambdaTokenPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFn" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/lambda-token", + { + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiWithCognitoAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/cognito": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } }, - "swagger": 2.0, - "schemes": [ - "https" - ], - "securityDefinitions": { - "MyLambdaRequestAuth": { - "in": "header", - "type": "apiKey", - "name": "Unused", - "x-amazon-apigateway-authorizer": { - "type": "request", - "identitySource": "method.request.header.Authorization1", - "authorizerUri": { - "Fn::Sub": [ - "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", - { - "__FunctionArn__": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] - } - } - ] + "/any/cognito": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" } }, - "x-amazon-apigateway-authtype": "custom" + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } } }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" - ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" + "securityDefinitions": { + "MyCognitoAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "cognito_user_pools", + "x-amazon-apigateway-authorizer": { + "type": "cognito_user_pools", + "providerARNs": [ + { + "Fn::GetAtt": [ + "MyUserPool", + "Arn" + ] + } + ] + } + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Fn::GetAtt": [ - "MyAuthFn", - "Arn" - ] + } + }, + "MyApiWithCognitoAuthDeployment137d859db2": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 137d859db29250f90c64fe19daa84543603d48ad", + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithCognitoAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithCognitoAuthDeployment137d859db2" + }, + "RestApiId": { + "Ref": "MyApiWithCognitoAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", - { - "__ApiId__": { - "Ref": "MyApiWithLambdaTokenAuth" - } + "paths": { + "/lambda-token": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] + } + }, + "/any/lambda-token": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "NONE": [] + } + ] } - ] - } - } - }, - "MyAuthFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" } - ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + }, + "securityDefinitions": { + "MyLambdaTokenAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "token", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] } } - ] + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyFnRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ + } + }, + "MyApiWithLambdaTokenAuthDeployment950b8f93fb": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: 950b8f93fb50121b8dbc1c4cccd69cd65db388ff", + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaTokenAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaTokenAuthDeployment950b8f93fb" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaTokenAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaTokenAuthMyLambdaTokenAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaTokenAuth" + } } + ] + } + } + }, + "MyApiWithLambdaRequestAuth": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "swagger": 2.0, + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "schemes": [ + "https" ], - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" + "paths": { + "/lambda-request": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations" + }, + "passthroughBehavior": "when_no_match" + }, + "responses": {}, + "security": [ + { + "MyLambdaRequestAuth": [] + } + ] + } + } + }, + "securityDefinitions": { + "MyLambdaRequestAuth": { + "type": "apiKey", + "name": "Unused", + "in": "header", + "x-amazon-apigateway-authtype": "custom", + "x-amazon-apigateway-authorizer": { + "type": "request", + "authorizerUri": { + "Fn::Sub": [ + "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations", + { + "__FunctionArn__": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + } + } ] - } + }, + "identitySource": "method.request.header.Authorization1" } - ] + } } + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] } - }, - "MyApiWithCognitoAuthProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "MyApiWithCognitoAuthDeploymentbac15a89c4" - }, - "RestApiId": { - "Ref": "MyApiWithCognitoAuth" - }, - "StageName": "Prod" - } - }, - "MyFn": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" - }, - "Role": { - "Fn::GetAtt": [ - "MyFnRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x", - "Tags": [ + } + }, + "MyApiWithLambdaRequestAuthDeploymentd295fdcc4d": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "Description": "RestApi deployment id: d295fdcc4db4c5e43af22589d4031c48b792615e", + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Stage" + } + }, + "MyApiWithLambdaRequestAuthProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiWithLambdaRequestAuthDeploymentd295fdcc4d" + }, + "RestApiId": { + "Ref": "MyApiWithLambdaRequestAuth" + }, + "StageName": "Prod" + } + }, + "MyApiWithLambdaRequestAuthMyLambdaRequestAuthAuthorizerPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "MyAuthFn", + "Arn" + ] + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/authorizers/*", { - "Value": "SAM", - "Key": "lambda:createdBy" + "__ApiId__": { + "Ref": "MyApiWithLambdaRequestAuth" + } } ] } } } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_usageplans.json b/tests/translator/output/aws-us-gov/api_with_usageplans.json index bda4c204a..689e93aad 100644 --- a/tests/translator/output/aws-us-gov/api_with_usageplans.json +++ b/tests/translator/output/aws-us-gov/api_with_usageplans.json @@ -1,44 +1,28 @@ { - "Outputs": { - "ApiTwoUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiThreeUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiOneUrl": { - "Description": "API endpoint URL for Prod environment", - "Value": { - "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" - } - }, - "ApiKey": { - "Description": "Api Key", - "Value": { - "Ref": "ServerlessApiKey" - } - }, - "UsagePlanKey": { - "Description": "Usage Plan Key", - "Value": { - "Ref": "MyApiTwoUsagePlanKey" + "Resources": { + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] } }, - "UsagePlan": { - "Description": "Usage Plan physical Id", - "Value": { - "Ref": "MyApiTwoUsagePlan" - } - } - }, - "Resources": { - "MyFunctionThreeRole": { + "MyFunctionOneRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -62,134 +46,61 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", - "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentd197b03bdf" - }, - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": "Prod" - } - }, - "MyApiTwoUsagePlanKey": { - "Type": "AWS::ApiGateway::UsagePlanKey", + "MyFunctionOneApiKeyAnyMethodPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "KeyType": "API_KEY", - "KeyId": { - "Ref": "MyApiTwoApiKey" + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionOne" }, - "UsagePlanId": { - "Ref": "MyApiTwoUsagePlan" - } - }, - "DependsOn": [ - "MyApiTwoApiKey" - ] - }, - "MyApiThree": { - "Type": "AWS::ApiGateway::RestApi", - "Properties": { - "Body": { - "info": { - "version": "1.0", - "title": { - "Ref": "AWS::StackName" - } - }, - "paths": { - "/path/three": { - "get": { - "x-amazon-apigateway-integration": { - "httpMethod": "POST", - "type": "aws_proxy", - "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" - } - }, - "security": [ - { - "api_key": [] - } - ], - "responses": {} - } - } - }, - "swagger": "2.0", - "securityDefinitions": { - "api_key": { - "type": "apiKey", - "name": "x-api-key", - "in": "header" + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/*/any/path/one", + { + "__ApiId__": { + "Ref": "MyApiOne" + }, + "__Stage__": "*" } - } - }, - "EndpointConfiguration": { - "Types": [ - "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyFunctionThreeApiKeyPermissionProd": { + "MyFunctionOneApiKeyPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionThree" + "Ref": "MyFunctionOne" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiThree" - } + "Ref": "MyApiOne" + }, + "__Stage__": "*" } ] } } }, - "MyApiTwoApiKey": { - "Type": "AWS::ApiGateway::ApiKey", - "Properties": { - "Enabled": true, - "StageKeys": [ - { - "RestApiId": { - "Ref": "MyApiTwo" - }, - "StageName": { - "Ref": "MyApiTwoProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiTwoUsagePlan" - ] - }, "MyFunctionTwo": { "Type": "AWS::Lambda::Function", "Properties": { - "Handler": "index.handler", "Code": { "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" }, + "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "MyFunctionTwoRole", @@ -199,28 +110,58 @@ "Runtime": "nodejs12.x", "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyFunctionOneApiKeyPermissionProd": { + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionTwoImplicitApiEventPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { - "Ref": "MyFunctionOne" + "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", { - "__Stage__": "*", "__ApiId__": { - "Ref": "MyApiOne" - } + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" } ] } @@ -230,24 +171,46 @@ "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", "FunctionName": { "Ref": "MyFunctionTwo" }, + "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Sub": [ "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", { - "__Stage__": "*", "__ApiId__": { "Ref": "MyApiTwo" - } + }, + "__Stage__": "*" } ] } } }, - "MyFunctionOneRole": { + "MyFunctionThree": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionThreeRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionThreeRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -271,16 +234,38 @@ ], "Tags": [ { - "Value": "SAM", - "Key": "lambda:createdBy" + "Key": "lambda:createdBy", + "Value": "SAM" } ] } }, - "MyApiTwo": { + "MyFunctionThreeApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunctionThree" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/three", + { + "__ApiId__": { + "Ref": "MyApiThree" + }, + "__Stage__": "*" + } + ] + } + } + }, + "MyApiOne": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -288,25 +273,41 @@ } }, "paths": { - "/path/two": { + "/path/one": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } - } + }, + "/any/path/one": { + "x-amazon-apigateway-any-method": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } + } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -315,202 +316,96 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyFunctionTwoRole": { - "Type": "AWS::IAM::Role", + "MyApiOneDeployment9f1f899b82": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] + "Description": "RestApi deployment id: 9f1f899b827f502a0c49212b7f2368322724360b", + "RestApiId": { + "Ref": "MyApiOne" }, - "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Stage" } }, - "MyFunctionOne": { - "Type": "AWS::Lambda::Function", + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + "DeploymentId": { + "Ref": "MyApiOneDeployment9f1f899b82" }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionOneRole", - "Arn" - ] + "RestApiId": { + "Ref": "MyApiOne" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "StageName": "Prod" } }, - "ServerlessUsagePlan": { - "Type": "AWS::ApiGateway::UsagePlan", + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", "Properties": { - "ApiStages": [ - { - "ApiId": { - "Ref": "MyApiThree" - }, - "Stage": { - "Ref": "MyApiThreeProdStage" + "Body": { + "swagger": "2.0", + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" } }, - { - "ApiId": { - "Ref": "ServerlessRestApi" - }, - "Stage": { - "Ref": "ServerlessRestApiProdStage" - } - } - ] - }, - "DependsOn": [ - "MyApiThree", - "ServerlessRestApi" - ] - }, - "ServerlessApiKey": { - "Type": "AWS::ApiGateway::ApiKey", - "Properties": { - "Enabled": true, - "StageKeys": [ - { - "RestApiId": { - "Ref": "MyApiThree" - }, - "StageName": { - "Ref": "MyApiThreeProdStage" + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "type": "aws_proxy", + "httpMethod": "POST", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "responses": {}, + "security": [ + { + "api_key": [] + } + ] + } } }, - { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "StageName": { - "Ref": "ServerlessRestApiProdStage" - } - } - ] - }, - "DependsOn": [ - "ServerlessUsagePlan" - ] - }, - "MyApiTwoUsagePlan": { - "Type": "AWS::ApiGateway::UsagePlan", - "Properties": { - "ApiStages": [ - { - "ApiId": { - "Ref": "MyApiTwo" - }, - "Stage": { - "Ref": "MyApiTwoProdStage" + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" } } - ], - "Description": "Description for usage plan", - "Tags": [ - { - "Value": "value1", - "Key": "key1" - }, - { - "Value": "value2", - "Key": "key2" - } - ], - "Quota": { - "Limit": 10, - "Period": "MONTH", - "Offset": 10 }, - "Throttle": { - "RateLimit": 1000, - "BurstLimit": 1000 - }, - "UsagePlanName": "SomeRandomName" - }, - "DependsOn": [ - "MyApiTwo" - ] - }, - "ServerlessRestApiDeploymentd197b03bdf": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" }, - "Description": "RestApi deployment id: d197b03bdfab8dddfb221e8c7f1becff9a9b1d9d", - "StageName": "Stage" + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + } } }, "MyApiTwoDeployment0e45b81469": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 0e45b814691166a59217a088512ee30710a12369", "RestApiId": { "Ref": "MyApiTwo" }, - "Description": "RestApi deployment id: 0e45b814691166a59217a088512ee30710a12369", "StageName": "Stage" } }, - "MyFunctionTwoImplicitApiEventPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunctionTwo" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/event", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } - }, "MyApiTwoProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { @@ -523,59 +418,84 @@ "StageName": "Prod" } }, - "MyApiOneProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiTwoUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiTwo" + ], "Properties": { - "DeploymentId": { - "Ref": "MyApiOneDeploymentdccbc5fda1" - }, - "RestApiId": { - "Ref": "MyApiOne" + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiTwo" + }, + "Stage": { + "Ref": "MyApiTwoProdStage" + } + } + ], + "Description": "Description for usage plan", + "Quota": { + "Limit": 10, + "Offset": 10, + "Period": "MONTH" }, - "StageName": "Prod" - } - }, - "MyApiThreeDeployment5206882d23": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "MyApiThree" + "Tags": [ + { + "Key": "key1", + "Value": "value1" + }, + { + "Key": "key2", + "Value": "value2" + } + ], + "Throttle": { + "BurstLimit": 1000, + "RateLimit": 1000 }, - "Description": "RestApi deployment id: 5206882d23d2cf7913f0fffea98644f959b433f2", - "StageName": "Stage" + "UsagePlanName": "SomeRandomName" } }, - "MyApiThreeProdStage": { - "Type": "AWS::ApiGateway::Stage", + "MyApiTwoApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "MyApiTwoUsagePlan" + ], "Properties": { - "DeploymentId": { - "Ref": "MyApiThreeDeployment5206882d23" - }, - "RestApiId": { - "Ref": "MyApiThree" - }, - "StageName": "Prod" + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } + } + ] } }, - "ServerlessUsagePlanKey": { + "MyApiTwoUsagePlanKey": { "Type": "AWS::ApiGateway::UsagePlanKey", + "DependsOn": [ + "MyApiTwoApiKey" + ], "Properties": { - "KeyType": "API_KEY", "KeyId": { - "Ref": "ServerlessApiKey" + "Ref": "MyApiTwoApiKey" }, + "KeyType": "API_KEY", "UsagePlanId": { - "Ref": "ServerlessUsagePlan" + "Ref": "MyApiTwoUsagePlan" } - }, - "DependsOn": [ - "ServerlessApiKey" - ] + } }, - "MyApiOne": { + "MyApiThree": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -583,25 +503,24 @@ } }, "paths": { - "/path/one": { + "/path/three": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { - "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionThree.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -610,30 +529,112 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyApiOneDeploymentdccbc5fda1": { + "MyApiThreeDeployment5206882d23": { "Type": "AWS::ApiGateway::Deployment", "Properties": { + "Description": "RestApi deployment id: 5206882d23d2cf7913f0fffea98644f959b433f2", "RestApiId": { - "Ref": "MyApiOne" + "Ref": "MyApiThree" }, - "Description": "RestApi deployment id: dccbc5fda163e1abe712073ffacdcc47776a5a09", "StageName": "Stage" } }, + "MyApiThreeProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiThreeDeployment5206882d23" + }, + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": "Prod" + } + }, + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "DependsOn": [ + "MyApiThree", + "ServerlessRestApi" + ], + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiThree" + }, + "Stage": { + "Ref": "MyApiThreeProdStage" + } + }, + { + "ApiId": { + "Ref": "ServerlessRestApi" + }, + "Stage": { + "Ref": "ServerlessRestApiProdStage" + } + } + ] + } + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "DependsOn": [ + "ServerlessUsagePlan" + ], + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiThree" + }, + "StageName": { + "Ref": "MyApiThreeProdStage" + } + }, + { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": { + "Ref": "ServerlessRestApiProdStage" + } + } + ] + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "DependsOn": [ + "ServerlessApiKey" + ], + "Properties": { + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "KeyType": "API_KEY", + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + } + }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { + "swagger": "2.0", "info": { "version": "1.0", "title": { @@ -644,22 +645,21 @@ "/path/event": { "get": { "x-amazon-apigateway-integration": { - "httpMethod": "POST", "type": "aws_proxy", + "httpMethod": "POST", "uri": { "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" } }, + "responses": {}, "security": [ { "api_key": [] } - ], - "responses": {} + ] } } }, - "swagger": "2.0", "securityDefinitions": { "api_key": { "type": "apiKey", @@ -668,36 +668,74 @@ } } }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + }, "EndpointConfiguration": { "Types": [ "REGIONAL" ] - }, - "Parameters": { - "endpointConfigurationTypes": "REGIONAL" } } }, - "MyFunctionThree": { - "Type": "AWS::Lambda::Function", + "ServerlessRestApiDeploymentd197b03bdf": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Handler": "index.handler", - "Code": { - "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + "Description": "RestApi deployment id: d197b03bdfab8dddfb221e8c7f1becff9a9b1d9d", + "RestApiId": { + "Ref": "ServerlessRestApi" }, - "Role": { - "Fn::GetAtt": [ - "MyFunctionThreeRole", - "Arn" - ] + "StageName": "Stage" + } + }, + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentd197b03bdf" }, - "Runtime": "nodejs12.x", - "Tags": [ - { - "Value": "SAM", - "Key": "lambda:createdBy" - } - ] + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + } + } + }, + "Outputs": { + "ApiOneUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiOne}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiTwoUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiTwo}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "ApiThreeUrl": { + "Description": "API endpoint URL for Prod environment", + "Value": { + "Fn::Sub": "https://${MyApiThree}.execute-api.${AWS::Region}.amazonaws.com/Prod/" + } + }, + "UsagePlan": { + "Description": "Usage Plan physical Id", + "Value": { + "Ref": "MyApiTwoUsagePlan" + } + }, + "UsagePlanKey": { + "Description": "Usage Plan Key", + "Value": { + "Ref": "MyApiTwoUsagePlanKey" + } + }, + "ApiKey": { + "Description": "Api Key", + "Value": { + "Ref": "ServerlessApiKey" } } } diff --git a/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_1.json b/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_1.json new file mode 100644 index 000000000..b17f3638b --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_1.json @@ -0,0 +1,359 @@ +{ + "Resources": { + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiOne" + }, + "Stage": { + "Ref": "MyApiOneProdStage" + } + }, + { + "ApiId": { + "Ref": "MyApiTwo" + }, + "Stage": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiOne", + "MyApiTwo" + ] + }, + "MyFunctionOneRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyApiTwoDeployment0e45b81469": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "Description": "RestApi deployment id: 0e45b814691166a59217a088512ee30710a12369", + "StageName": "Stage" + } + }, + "MyApiTwoProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiTwoDeployment0e45b81469" + }, + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": "Prod" + } + }, + "MyApiOneProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiOneDeploymentdccbc5fda1" + }, + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": "Prod" + } + }, + "MyFunctionTwoRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiOne" + }, + "StageName": { + "Ref": "MyApiOneProdStage" + } + }, + { + "RestApiId": { + "Ref": "MyApiTwo" + }, + "StageName": { + "Ref": "MyApiTwoProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + }, + "MyFunctionOneApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionOne" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/one", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiOne" + } + } + ] + } + } + }, + "MyFunctionTwo": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionTwoRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyFunctionTwoApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionTwo" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiTwo" + } + } + ] + } + } + }, + "MyApiOneDeploymentdccbc5fda1": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiOne" + }, + "Description": "RestApi deployment id: dccbc5fda163e1abe712073ffacdcc47776a5a09", + "StageName": "Stage" + } + }, + "MyApiTwo": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/two": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionTwo.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiOne": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/one": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionOne.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyFunctionOne": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionOneRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_2.json b/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_2.json new file mode 100644 index 000000000..441f68ed1 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_with_usageplans_shared_no_side_effect_2.json @@ -0,0 +1,199 @@ +{ + "Resources": { + "ServerlessUsagePlan": { + "Type": "AWS::ApiGateway::UsagePlan", + "Properties": { + "ApiStages": [ + { + "ApiId": { + "Ref": "MyApiFour" + }, + "Stage": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "MyApiFour" + ] + }, + "MyFunctionFourApiKeyPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunctionFour" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/path/four", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "MyApiFour" + } + } + ] + } + } + }, + "ServerlessUsagePlanKey": { + "Type": "AWS::ApiGateway::UsagePlanKey", + "Properties": { + "KeyType": "API_KEY", + "KeyId": { + "Ref": "ServerlessApiKey" + }, + "UsagePlanId": { + "Ref": "ServerlessUsagePlan" + } + }, + "DependsOn": [ + "ServerlessApiKey" + ] + }, + "MyFunctionFourRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "MyFunctionFour": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Code": { + "ZipFile": "exports.handler = async (event) => {\n return {\n statusCode: 200,\n body: JSON.stringify(event),\n headers: {}\n }\n}\n" + }, + "Role": { + "Fn::GetAtt": [ + "MyFunctionFourRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Tags": [ + { + "Value": "SAM", + "Key": "lambda:createdBy" + } + ] + } + }, + "ServerlessApiKey": { + "Type": "AWS::ApiGateway::ApiKey", + "Properties": { + "Enabled": true, + "StageKeys": [ + { + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": { + "Ref": "MyApiFourProdStage" + } + } + ] + }, + "DependsOn": [ + "ServerlessUsagePlan" + ] + }, + "MyApiFour": { + "Type": "AWS::ApiGateway::RestApi", + "Properties": { + "Body": { + "info": { + "version": "1.0", + "title": { + "Ref": "AWS::StackName" + } + }, + "paths": { + "/path/four": { + "get": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunctionFour.Arn}/invocations" + } + }, + "security": [ + { + "api_key": [] + } + ], + "responses": {} + } + } + }, + "swagger": "2.0", + "securityDefinitions": { + "api_key": { + "type": "apiKey", + "name": "x-api-key", + "in": "header" + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + } + }, + "MyApiFourDeploymentb6dc37f7cc": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "MyApiFour" + }, + "Description": "RestApi deployment id: b6dc37f7cc5eef500a43cb766cd9336e4956b0d2", + "StageName": "Stage" + } + }, + "MyApiFourProdStage": { + "Type": "AWS::ApiGateway::Stage", + "Properties": { + "DeploymentId": { + "Ref": "MyApiFourDeploymentb6dc37f7cc" + }, + "RestApiId": { + "Ref": "MyApiFour" + }, + "StageName": "Prod" + } + } + } +} \ No newline at end of file diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index c66891ba0..ba244dd0b 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -294,6 +294,7 @@ class TestTranslatorEndToEnd(AbstractTestTranslator): "api_with_default_aws_iam_auth_and_no_auth_route", "api_with_method_aws_iam_auth", "api_with_aws_iam_auth_overrides", + "api_with_swagger_authorizer_none", "api_with_method_settings", "api_with_binary_media_types", "api_with_binary_media_types_definition_body", @@ -320,6 +321,7 @@ class TestTranslatorEndToEnd(AbstractTestTranslator): "api_with_xray_tracing", "api_request_model", "api_with_stage_tags", + "api_with_mode", "s3", "s3_create_remove", "s3_existing_lambda_notification_configuration", @@ -600,6 +602,49 @@ def test_transform_success_resource_policy(self, testcase, partition_with_region self.assertEqual(deep_sort_lists(output_fragment), deep_sort_lists(expected)) + @parameterized.expand( + itertools.product( + [ + ( + "usage_plans", + ("api_with_usageplans_shared_no_side_effect_1", "api_with_usageplans_shared_no_side_effect_2"), + ), + ], + [ + ("aws", "ap-southeast-1"), + ("aws-cn", "cn-north-1"), + ("aws-us-gov", "us-gov-west-1"), + ], + ) + ) + @patch( + "samtranslator.plugins.application.serverless_app_plugin.ServerlessAppPlugin._sar_service_call", + mock_sar_service_call, + ) + @patch("botocore.client.ClientEndpointBridge._check_default_region", mock_get_region) + def test_transform_success_no_side_effect(self, testcase, partition_with_region): + """ + Tests that the transform does not leak/leave data in shared caches/lists between executions + Performs the transform of the templates in a row without reinitialization + Data from template X should not leak in template X+1 + + Parameters + ---------- + testcase : Tuple + Test name (unused) and Templates + templates : List + List of templates to transform + """ + partition = partition_with_region[0] + region = partition_with_region[1] + + for template in testcase[1]: + print(template, partition, region) + manifest = self._read_input(template) + expected = self._read_expected_output(template, partition) + + self._compare_transform(manifest, expected, partition, region) + @pytest.mark.parametrize( "testcase",