Update and fix integration tests

aws · Jul 31, 2022 · 712562c · 712562c
1 parent f225497
commit 712562c
Show file tree

Hide file tree

Showing 6 changed files with 387 additions and 159 deletions.
diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/README.md b/packages/@aws-cdk/aws-apigatewayv2-authorizers/README.md
@@ -264,24 +264,17 @@ IAM authorizers can be used to allow identity-based access to your WebSocket API
 
 ```ts
 import { WebSocketIamAuthorizer } from '@aws-cdk/aws-apigatewayv2-authorizers';
+import { WebSocketLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations';
 
 // This function handles your connect route
 declare const connectHandler: lambda.Function;
 
-// This function handles your WebSocket requests
-declare const handler: lambda.Function;
+const webSocketApi = new apigwv2.WebSocketApi(this, 'WebSocketApi');
 
-const authorizer = new WebSocketIamAuthorizer();
+webSocketApi.addRoute('$connect', {
+  integration: new WebSocketLambdaIntegration('Integration', connectHandler),
+  authorizer: new WebSocketIamAuthorizer()
+});
 
-const integration = new WebSocketLambdaIntegration(
-  'Integration',
-  handler,
-);
 
-new apigwv2.WebSocketApi(this, 'WebSocketApi', {
-  connectRouteOptions: {
-    connectHandler,
-    authorizer,
-  },
-});
 ```
diff --git a/...atewayv2-authorizers/test/websocket/iam.integ.snapshot/IntegApiGatewayV2Iam.template.json b/...atewayv2-authorizers/test/websocket/iam.integ.snapshot/IntegApiGatewayV2Iam.template.json
@@ -1,5 +1,66 @@
 {
  "Resources": {
+  "User00B015A1": {
+   "Type": "AWS::IAM::User"
+  },
+  "UserAccessEC42ADF7": {
+   "Type": "AWS::IAM::AccessKey",
+   "Properties": {
+    "UserName": {
+     "Ref": "User00B015A1"
+    }
+   }
+  },
+  "authfunctionServiceRoleFCB72198": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "authfunction96361832": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Code": {
+     "ZipFile": "exports.handler = () => {return true}"
+    },
+    "Role": {
+     "Fn::GetAtt": [
+      "authfunctionServiceRoleFCB72198",
+      "Arn"
+     ]
+    },
+    "Handler": "index.handler",
+    "Runtime": "nodejs14.x"
+   },
+   "DependsOn": [
+    "authfunctionServiceRoleFCB72198"
+   ]
+  },
   "WebSocketApi34BCF99B": {
    "Type": "AWS::ApiGatewayV2::Api",
    "Properties": {
@@ -98,55 +159,68 @@
     }
    }
   },
-  "authfunctionServiceRoleFCB72198": {
-   "Type": "AWS::IAM::Role",
+  "AllowInvoke767865EA": {
+   "Type": "AWS::IAM::Policy",
    "Properties": {
-    "AssumeRolePolicyDocument": {
+    "PolicyDocument": {
      "Statement": [
       {
-       "Action": "sts:AssumeRole",
+       "Action": "execute-api:Invoke",
        "Effect": "Allow",
-       "Principal": {
-        "Service": "lambda.amazonaws.com"
+       "Resource": {
+        "Fn::Join": [
+         "",
+         [
+          "arn:",
+          {
+           "Ref": "AWS::Partition"
+          },
+          ":execute-api:",
+          {
+           "Ref": "AWS::Region"
+          },
+          ":",
+          {
+           "Ref": "AWS::AccountId"
+          },
+          ":",
+          {
+           "Ref": "WebSocketApi34BCF99B"
+          }
+         ]
+        ]
        }
       }
      ],
      "Version": "2012-10-17"
     },
-    "ManagedPolicyArns": [
+    "PolicyName": "AllowInvoke767865EA",
+    "Users": [
      {
-      "Fn::Join": [
-       "",
-       [
-        "arn:",
-        {
-         "Ref": "AWS::Partition"
-        },
-        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-       ]
-      ]
+      "Ref": "User00B015A1"
      }
     ]
    }
+  }
+ },
+ "Outputs": {
+  "TESTACCESSKEYID": {
+   "Value": {
+    "Ref": "UserAccessEC42ADF7"
+   }
   },
-  "authfunction96361832": {
-   "Type": "AWS::Lambda::Function",
-   "Properties": {
-    "Code": {
-     "ZipFile": "exports.handler = () => {return true}"
-    },
-    "Role": {
-     "Fn::GetAtt": [
-      "authfunctionServiceRoleFCB72198",
-      "Arn"
-     ]
-    },
-    "Handler": "index.handler",
-    "Runtime": "nodejs14.x"
-   },
-   "DependsOn": [
-    "authfunctionServiceRoleFCB72198"
-   ]
+  "TESTSECRETACCESSKEY": {
+   "Value": {
+    "Fn::GetAtt": [
+     "UserAccessEC42ADF7",
+     "SecretAccessKey"
+    ]
+   }
+  },
+  "TESTREGION": {
+   "Value": {
+    "Ref": "AWS::Region"
+   }
   }
  }
 }
diff --git a/...ges/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/iam.integ.snapshot/manifest.json b/...ges/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/iam.integ.snapshot/manifest.json
@@ -15,6 +15,30 @@
         "validateOnSynth": false
       },
       "metadata": {
+        "/IntegApiGatewayV2Iam/User/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "User00B015A1"
+          }
+        ],
+        "/IntegApiGatewayV2Iam/UserAccess/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "UserAccessEC42ADF7"
+          }
+        ],
+        "/IntegApiGatewayV2Iam/auth-function/ServiceRole/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "authfunctionServiceRoleFCB72198"
+          }
+        ],
+        "/IntegApiGatewayV2Iam/auth-function/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "authfunction96361832"
+          }
+        ],
         "/IntegApiGatewayV2Iam/WebSocketApi/Resource": [
           {
             "type": "aws:cdk:logicalId",
@@ -39,16 +63,28 @@
             "data": "WebSocketApiconnectRoute846149DD"
           }
         ],
-        "/IntegApiGatewayV2Iam/auth-function/ServiceRole/Resource": [
+        "/IntegApiGatewayV2Iam/AllowInvoke/Resource": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "authfunctionServiceRoleFCB72198"
+            "data": "AllowInvoke767865EA"
           }
         ],
-        "/IntegApiGatewayV2Iam/auth-function/Resource": [
+        "/IntegApiGatewayV2Iam/TESTACCESSKEYID": [
           {
             "type": "aws:cdk:logicalId",
-            "data": "authfunction96361832"
+            "data": "TESTACCESSKEYID"
+          }
+        ],
+        "/IntegApiGatewayV2Iam/TESTSECRETACCESSKEY": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "TESTSECRETACCESSKEY"
+          }
+        ],
+        "/IntegApiGatewayV2Iam/TESTREGION": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "TESTREGION"
           }
         ]
       },