Skip to content

Commit

Permalink
fix(aws-apigateway): authorizers authorizerUri add partition
Browse files Browse the repository at this point in the history 
The authorizerURI includes the correct partition. Previously, it
always used the aws partition

fixes #<8098>
  • Loading branch information
Danielle Nagar committed May 29, 2020
1 parent 0028778 commit 63e27b1
Show file tree
Hide file tree
Showing 6 changed files with 152 additions and 7 deletions.
11 changes: 9 additions & 2 deletions packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,13 @@ abstract class LambdaAuthorizer extends Authorizer implements IAuthorizer {
},
});
}

/**
* constructs the authorizerURIArn.
*/
protected authorizerURIArn() {
return `arn:${Stack.of(this).partition}:apigateway:${Stack.of(this).region}:lambda:path/2015-03-31/functions/${this.handler.functionArn}/invocations`;
}
}

/**
Expand Down Expand Up @@ -170,7 +177,7 @@ export class TokenAuthorizer extends LambdaAuthorizer {
name: props.authorizerName ?? this.node.uniqueId,
restApiId,
type: 'TOKEN',
authorizerUri: `arn:aws:apigateway:${Stack.of(this).region}:lambda:path/2015-03-31/functions/${props.handler.functionArn}/invocations`,
authorizerUri: this.authorizerURIArn(),
authorizerCredentials: props.assumeRole?.roleArn,
authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds(),
identitySource: props.identitySource || 'method.request.header.Authorization',
Expand Down Expand Up @@ -232,7 +239,7 @@ export class RequestAuthorizer extends LambdaAuthorizer {
name: props.authorizerName ?? this.node.uniqueId,
restApiId,
type: 'REQUEST',
authorizerUri: `arn:aws:apigateway:${Stack.of(this).region}:lambda:path/2015-03-31/functions/${props.handler.functionArn}/invocations`,
authorizerUri: this.authorizerURIArn(),
authorizerCredentials: props.assumeRole?.roleArn,
authorizerResultTtlInSeconds: props.resultsCacheTtl?.toSeconds(),
identitySource: props.identitySources.map(is => is.toString()).join(','),
Expand Down
4 changes: 2 additions & 2 deletions packages/@aws-cdk/aws-apigateway/lib/integration.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,9 +113,9 @@ export interface IntegrationProps {
* - If you specify HTTP for the `type` property, specify the API endpoint URL.
* - If you specify MOCK for the `type` property, don't specify this property.
* - If you specify AWS for the `type` property, specify an AWS service that
* follows this form: `arn:aws:apigateway:region:subdomain.service|service:path|action/service_api.`
* follows this form: `arn:partition:apigateway:region:subdomain.service|service:path|action/service_api.`
* For example, a Lambda function URI follows this form:
* arn:aws:apigateway:region:lambda:path/path. The path is usually in the
* arn:partition:apigateway:region:lambda:path/path. The path is usually in the
* form /2015-03-31/functions/LambdaFunctionARN/invocations.
*
* @see https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#uri
Expand Down
6 changes: 5 additions & 1 deletion packages/@aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,11 @@
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
"arn:",
{
"Ref": "AWS::Partition"
},
":apigateway:",
{
"Ref": "AWS::Region"
},
Expand Down
9 changes: 8 additions & 1 deletion ...es/@aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,14 @@
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
"arn:",
{
"Ref": "AWS::Partition"
},
":apigateway:",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::Region"
},
Expand Down
9 changes: 8 additions & 1 deletion packages/@aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,14 @@
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
"arn:",
{
"Ref": "AWS::Partition"
},
":apigateway:",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::Region"
},
Expand Down
120 changes: 120 additions & 0 deletions packages/@aws-cdk/aws-apigateway/test/authorizers/test.lambda.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,26 @@ export = {
Type: 'TOKEN',
RestApiId: stack.resolve(restApi.restApiId),
IdentitySource: 'method.request.header.Authorization',
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

expect(stack).to(haveResource('AWS::Lambda::Permission', {
Expand Down Expand Up @@ -65,6 +85,26 @@ export = {
expect(stack).to(haveResource('AWS::ApiGateway::Authorizer', {
Type: 'REQUEST',
RestApiId: stack.resolve(restApi.restApiId),
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

expect(stack).to(haveResource('AWS::Lambda::Permission', {
Expand Down Expand Up @@ -125,6 +165,26 @@ export = {
IdentityValidationExpression: 'a-hacker',
Name: 'myauthorizer',
AuthorizerResultTtlInSeconds: 60,
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

test.done();
Expand Down Expand Up @@ -158,6 +218,26 @@ export = {
IdentitySource: 'method.request.header.whoami',
Name: 'myauthorizer',
AuthorizerResultTtlInSeconds: 60,
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

test.done();
Expand Down Expand Up @@ -191,6 +271,26 @@ export = {
expect(stack).to(haveResource('AWS::ApiGateway::Authorizer', {
Type: 'TOKEN',
RestApiId: stack.resolve(restApi.restApiId),
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

expect(stack).to(haveResource('AWS::IAM::Role'));
Expand Down Expand Up @@ -245,6 +345,26 @@ export = {
expect(stack).to(haveResource('AWS::ApiGateway::Authorizer', {
Type: 'REQUEST',
RestApiId: stack.resolve(restApi.restApiId),
AuthorizerUri: {
'Fn::Join': [
'',
[
'arn:',
{
Ref: 'AWS::Partition',
},
':apigateway:',
{
Ref: 'AWS::Region',
},
':lambda:path/2015-03-31/functions/',
{
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
},
'/invocations',
],
],
},
}));

expect(stack).to(haveResource('AWS::IAM::Role'));
Expand Down

0 comments on commit 63e27b1

Please sign in to comment.