Release v1.31.0 (#1827)

* Fix: Updated Slack Invite Link (#1712) * Updated Slack Invite Link * Restricted jsonschema to Python 2 * Forced pyrsistent to 0.16 in Python 2 * Reverted Changes to enum34 * Merge master back to develop (#1734) * Release v1.26.0 (#1680) * feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> * Update __init__.py (#1704) * Release/v1.27.0 resolveconflict (#1717) * Release v1.26.0 (#1680) * feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> * Fix: Updated Slack Invite Link (#1712) * Updated Slack Invite Link * Restricted jsonschema to Python 2 * Forced pyrsistent to 0.16 in Python 2 * Reverted Changes to enum34 Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> * Lambdaauth (#1733) * Add support for Lambda Authorizers in HttpAPI * Address comments and fix formatting * fix version * Validate input parameters. Update tests * black reformat Co-authored-by: Raymond Wang <14915548+wchengru@users.noreply.github.com> * Feature toggle (#1737) * Adding logic to pipe app config providers. Unit test pending * Adding some documentation to config providers. * Adding some unit tests and making black ignore json files. * minor cleanup. * Addressing PR comments. * feature: Support MTLS auth properties in REST and HTTP API domain names (#1725) * feature: Support MTLS auth properties in REST and HTTP API domain names * fix unicode != str issue in py2.7 * add SecurityPolicy because default RESTAPI is using TLS1.0 * Add new property DisableExecuteApiEndpoint * black reformat * Address comments * Add tests on invalid templates * address test failures in py2.7 * restart travis tests * fix: adding support for passing target id to EventBridgeRule (#1747) * Manage black version using requirement file (#1748) * chore: Manage black version in dev.txt - config pre-commit - config development guide - config travis Refer to the commit below in aws-sam-cli aws/aws-sam-cli@d725db5fbfc698a9f0c7582 * Format using black 20.8b1 * Opt-out black fron dev.txt for Python 2 * fix: Validate API request models (#1757) * Backward merge master branch into develop (#1761) * Release v1.26.0 (#1680) * feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> * Update __init__.py (#1704) * Release/v1.27.0 resolveconflict (#1717) * Release v1.26.0 (#1680) * feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> * Fix: Updated Slack Invite Link (#1712) * Updated Slack Invite Link * Restricted jsonschema to Python 2 * Forced pyrsistent to 0.16 in Python 2 * Reverted Changes to enum34 Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> * Release/v1.28.0 (#1754) (#1756) * Lambdaauth (#1733) * Add support for Lambda Authorizers in HttpAPI * Address comments and fix formatting * fix version * Validate input parameters. Update tests * black reformat Co-authored-by: Raymond Wang <14915548+wchengru@users.noreply.github.com> * bump sam-translator version to v1.28.0 Co-authored-by: Tolledo <ps.tolledo@gmail.com> Co-authored-by: Tolledo <ps.tolledo@gmail.com> * bump version to 1.28.1 (#1758) (#1759) Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Mehmet Nuri Deveci <5735811+mndeveci@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Tolledo <ps.tolledo@gmail.com> * chore: Upgrade outdated dependencies in base.txt and dev.txt (#1744) * chore: Update versions in in base.txt (no effective difference) * chore: Update versions specified with ">=" in dev.txt * Fallback pytest to 4.6.x for python2 * chore: Use Compatible release clause in requirement files (#1762) * Fix: SAM Crashes Invalid swagger models exception (#1765) * Fix: Invalid swagger models exception * Fix: Invalid resource policy exception Co-authored-by: Mufaddal Makati <mmmakati@amazon.com> * Fix: DefaultAuth not a string exception (#1774) * Fix: DefaultAuth not a string exception * fix: userpool ref not a string Co-authored-by: Mufaddal Makati <mmmakati@amazon.com> * Adding PermissionsBoundary property for State Machine resource (#1772) * Adding PermissionsBoundary property for State Machine resource * Add permissions_boundary to StateMachineGenerator and _construct_role docstrings Co-authored-by: Vaib Suri <surivaib@amazon.com> * fix: use newer policy name in gov & cn regions for xray (#1767) * Update __init__.py (#1775) * Release/v1.29.0 (#1769) (#1773) * Mq event source (#60) * Support AmazonMQ as event source * Set black hook language version to python3 * chore: version bump (#64) * Black reformat Co-authored-by: Kaidi He <73141777+kaidih@users.noreply.github.com> Co-authored-by: Wing Fung Lau <4760060+hawflau@users.noreply.github.com> Co-authored-by: Kaidi He <73141777+kaidih@users.noreply.github.com> * Add Description property to Api and HttApi resources (#1719) * Update DEVELOPMENT_GUIDE; moved from rst to md (#1778) * fix: default 'DefinitionBody' is conflict with disableExecuteApiEndpoint (#1790) * fix: default 'DefinitionBody' is conflict with disableExecuteApiEndpoint * update swagger format * Add comment to explain why definitionbody is always defined * Add comments * Fix: Regex issue and Keyerror crash (#1794) * Fix: Regex issue when basepath is / * fix: keyerror in open_api when method is ANY * fixed python 2.7 compatibility issue Co-authored-by: Mufaddal Makati <mmmakati@amazon.com> * feature: Support for Lambda Code Signing (#53) (#1825) * feature: add support for CFN fields for lambda signing (#53) * feature: add support for CFN fields for lambda signing * feature: add support for CFN fields for lambda signing (update formatting) * feature: add support for CFN fields for lambda signing (update patching) * feature: add support for CFN fields for lambda signing (update template) * Revert "feat: add explicit UpdateReplacePolicy (#1481)" (#1568) * docs: document IpV6 option on Domain Configuration object (#1588) * chore: Exclude test modules in whl (#1597) * feat: Add Step Function Resource (#1601) Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> * Release Changes for 1.25.0 * feature: add support for CFN fields for lambda signing * feature: add support for CFN fields for lambda signing (slight code update) * feature: add support for CFN fields for lambda signing (update globals.py) Co-authored-by: Shreya <shreyagangishetty@gmail.com> Co-authored-by: Timo Schilling <timo@schilling.io> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> * Move Tests to Appveyor (#1801) * print python version * update path vars * update linux cmd * update linux cmd * update linux cmd * update whitelist in tox * update passenv * update tox whitelisting * update tox whitelisting Co-authored-by: Shreya <shreyagangishetty@gmail.com> Co-authored-by: Timo Schilling <timo@schilling.io> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> * merge with master Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com> Co-authored-by: Raymond Wang <14915548+wchengru@users.noreply.github.com> Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Tolledo <ps.tolledo@gmail.com> Co-authored-by: _sam <3804518+aahung@users.noreply.github.com> Co-authored-by: Mufaddal Makati <mufaddal@rawbytes.com> Co-authored-by: Mufaddal Makati <mmmakati@amazon.com> Co-authored-by: Adam Wong <55506708+wong-a@users.noreply.github.com> Co-authored-by: Vaib Suri <surivaib@amazon.com> Co-authored-by: Wing Fung Lau <4760060+hawflau@users.noreply.github.com> Co-authored-by: Kaidi He <73141777+kaidih@users.noreply.github.com> Co-authored-by: Anton Grübel <anton.gruebel@gmail.com> Co-authored-by: Shreya <shreyagangishetty@gmail.com> Co-authored-by: Timo Schilling <timo@schilling.io> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com>
aws · Nov 23, 2020 · 2707bb8 · 2707bb8
1 parent 5a780d4
commit 2707bb8
Show file tree

Hide file tree

Showing 25 changed files with 484 additions and 16 deletions.
diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py
@@ -1 +1 @@
-__version__ = "1.30.1"
+__version__ = "1.31.0"
diff --git a/samtranslator/model/api/http_api_generator.py b/samtranslator/model/api/http_api_generator.py
@@ -49,7 +49,7 @@ def __init__(
         domain=None,
         fail_on_warnings=False,
         description=None,
-        disable_execute_api_endpoint=False,
+        disable_execute_api_endpoint=None,
     ):
         """Constructs an API Generator class that generates API Gateway resources
 
@@ -109,8 +109,8 @@ def _construct_http_api(self):
         if self.fail_on_warnings:
             http_api.FailOnWarnings = self.fail_on_warnings
 
-        if self.disable_execute_api_endpoint:
-            http_api.DisableExecuteApiEndpoint = self.disable_execute_api_endpoint
+        if self.disable_execute_api_endpoint is not None:
+            self._add_endpoint_configuration()
 
         if self.definition_uri:
             http_api.BodyS3Location = self._construct_body_s3_dict()
@@ -129,6 +129,32 @@ def _construct_http_api(self):
 
         return http_api
 
+    def _add_endpoint_configuration(self):
+        """Add disableExecuteApiEndpoint if it is set in SAM
+        HttpApi doesn't have vpcEndpointIds
+
+        Note:
+        DisableExecuteApiEndpoint as a property of AWS::ApiGatewayV2::Api needs both DefinitionBody and
+        DefinitionUri to be None. However, if neither DefinitionUri nor DefinitionBody are specified,
+        SAM will generate a openapi definition body based on template configuration.
+        https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-api-definitionbody
+        For this reason, we always put DisableExecuteApiEndpoint into openapi object.
+
+        """
+        if self.disable_execute_api_endpoint and not self.definition_body:
+            raise InvalidResourceException(
+                self.logical_id, "DisableExecuteApiEndpoint works only within 'DefinitionBody' property."
+            )
+        editor = OpenApiEditor(self.definition_body)
+
+        # if DisableExecuteApiEndpoint is set in both definition_body and as a property,
+        # SAM merges and overrides the disableExecuteApiEndpoint in definition_body with headers of
+        # "x-amazon-apigateway-endpoint-configuration"
+        editor.add_endpoint_config(self.disable_execute_api_endpoint)
+
+        # Assign the OpenApi back to template
+        self.definition_body = editor.openapi
+
     def _add_cors(self):
         """
         Add CORS configuration if CORSConfiguration property is set in SAM.
@@ -314,11 +340,16 @@ def _construct_basepath_mappings(self, basepaths, http_api):
                 invalid_regex = r"[^0-9a-zA-Z\/\-\_]+"
                 if re.search(invalid_regex, path) is not None:
                     raise InvalidResourceException(self.logical_id, "Invalid Basepath name provided.")
-                # ignore leading and trailing `/` in the path name
-                m = re.search(r"[a-zA-Z0-9]+[\-\_]?[a-zA-Z0-9]+", path)
-                path = m.string[m.start(0) : m.end(0)]
-                if path is None:
-                    raise InvalidResourceException(self.logical_id, "Invalid Basepath name provided.")
+
+                if path == "/":
+                    path = ""
+                else:
+                    # ignore leading and trailing `/` in the path name
+                    m = re.search(r"[a-zA-Z0-9]+[\-\_]?[a-zA-Z0-9]+", path)
+                    path = m.string[m.start(0) : m.end(0)]
+                    if path is None:
+                        raise InvalidResourceException(self.logical_id, "Invalid Basepath name provided.")
+
                 logical_id = "{}{}{}".format(self.logical_id, re.sub(r"[\-\_]+", "", path), "ApiMapping")
                 basepath_mapping = ApiGatewayV2ApiMapping(logical_id, attributes=self.passthrough_resource_attributes)
                 basepath_mapping.DomainName = ref(self.domain.get("ApiDomainName"))

diff --git a/samtranslator/model/lambda_.py b/samtranslator/model/lambda_.py
@@ -23,6 +23,7 @@ class LambdaFunction(Resource):
         "Layers": PropertyType(False, list_of(one_of(is_str(), is_type(dict)))),
         "ReservedConcurrentExecutions": PropertyType(False, any_type()),
         "FileSystemConfigs": PropertyType(False, list_of(is_type(dict))),
+        "CodeSigningConfigArn": PropertyType(False, is_str()),
     }
 
     runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")}

diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py
@@ -82,6 +82,7 @@ class SamFunction(SamResourceMacro):
         "VersionDescription": PropertyType(False, is_str()),
         "ProvisionedConcurrencyConfig": PropertyType(False, is_type(dict)),
         "FileSystemConfigs": PropertyType(False, list_of(is_type(dict))),
+        "CodeSigningConfigArn": PropertyType(False, is_str()),
     }
     event_resolver = ResourceTypeResolver(
         samtranslator.model.eventsources,
@@ -412,6 +413,8 @@ def _construct_lambda_function(self):
         if self.DeadLetterQueue:
             lambda_function.DeadLetterConfig = {"TargetArn": self.DeadLetterQueue["TargetArn"]}
 
+        lambda_function.CodeSigningConfigArn = self.CodeSigningConfigArn
+
         return lambda_function
 
     def _add_event_invoke_managed_policy(self, dest_config, logical_id, condition, dest_arn):

diff --git a/samtranslator/open_api/open_api.py b/samtranslator/open_api/open_api.py
@@ -20,6 +20,8 @@ class OpenApiEditor(object):
     _X_APIGW_INTEGRATION = "x-amazon-apigateway-integration"
     _X_APIGW_TAG_VALUE = "x-amazon-apigateway-tag-value"
     _X_APIGW_CORS = "x-amazon-apigateway-cors"
+    _X_APIGW_ENDPOINT_CONFIG = "x-amazon-apigateway-endpoint-configuration"
+    _SERVERS = "servers"
     _CONDITIONAL_IF = "Fn::If"
     _X_ANY_METHOD = "x-amazon-apigateway-any-method"
     _ALL_HTTP_METHODS = ["OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "PATCH"]
@@ -334,6 +336,14 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers, api
             if normalized_method_name != "options":
                 normalized_method_name = self._normalize_method_name(method_name)
                 # It is possible that the method could have two definitions in a Fn::If block.
+                if normalized_method_name not in self.get_path(path):
+                    raise InvalidDocumentException(
+                        [
+                            InvalidTemplateException(
+                                "Could not find {} in {} within DefinitionBody.".format(normalized_method_name, path)
+                            )
+                        ]
+                    )
                 for method_definition in self.get_method_contents(self.get_path(path)[normalized_method_name]):
                     # If no integration given, then we don't need to process this definition (could be AWS::NoValue)
                     if not self.method_definition_has_integration(method_definition):
@@ -427,6 +437,27 @@ def add_tags(self, tags):
                 tag = {"name": name, self._X_APIGW_TAG_VALUE: value}
                 self.tags.append(tag)
 
+    def add_endpoint_config(self, disable_execute_api_endpoint):
+        """Add endpoint configuration to _X_APIGW_ENDPOINT_CONFIG header in open api definition
+
+        Following this guide:
+        https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html
+        https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-disableexecuteapiendpoint
+
+        :param boolean disable_execute_api_endpoint: Specifies whether clients can invoke your API by using the default execute-api endpoint.
+
+        """
+
+        DISABLE_EXECUTE_API_ENDPOINT = "disableExecuteApiEndpoint"
+
+        servers_configurations = self._doc.get(self._SERVERS, [{}])
+        for config in servers_configurations:
+            endpoint_configuration = config.get(self._X_APIGW_ENDPOINT_CONFIG, dict())
+            endpoint_configuration[DISABLE_EXECUTE_API_ENDPOINT] = disable_execute_api_endpoint
+            config[self._X_APIGW_ENDPOINT_CONFIG] = endpoint_configuration
+
+        self._doc[self._SERVERS] = servers_configurations
+
     def add_cors(
         self,
         allow_origins,

diff --git a/samtranslator/plugins/globals/globals.py b/samtranslator/plugins/globals/globals.py
@@ -41,6 +41,7 @@ class Globals(object):
             "AssumeRolePolicyDocument",
             "EventInvokeConfig",
             "FileSystemConfigs",
+            "CodeSigningConfigArn",
         ],
         # Everything except
         #   DefinitionBody: because its hard to reason about merge of Swagger dictionaries

diff --git a/tests/model/api/test_http_api_generator.py b/tests/model/api/test_http_api_generator.py
@@ -237,14 +237,14 @@ def test_basepaths(self):
         self.kwargs["domain"] = {
             "DomainName": "example.com",
             "CertificateArn": "some-url",
-            "BasePath": ["one-1", "two_2", "three"],
+            "BasePath": ["one-1", "two_2", "three", "/"],
             "Route53": {"HostedZoneId": "xyz", "HostedZoneName": "abc", "IpV6": True},
         }
         http_api = HttpApiGenerator(**self.kwargs)._construct_http_api()
         domain, basepath, route = HttpApiGenerator(**self.kwargs)._construct_api_domain(http_api)
         self.assertIsNotNone(domain, None)
         self.assertIsNotNone(basepath, None)
-        self.assertEqual(len(basepath), 3)
+        self.assertEqual(len(basepath), 4)
         self.assertIsNotNone(route, None)
         self.assertEqual(route.HostedZoneName, None)
         self.assertEqual(route.HostedZoneId, "xyz")

diff --git a/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml b/tests/translator/input/api_with_basic_custom_domain_intrinsics_http.yaml
@@ -53,6 +53,7 @@ Resources:
     Type: AWS::Serverless::HttpApi
     Properties:
       StageName: Prod
+      DisableExecuteApiEndpoint: False
       Domain:
         DomainName: !Sub 'example-${AWS::Region}.com'
         CertificateArn: !Ref MyDomainCert

diff --git a/tests/translator/input/error_http_api_invalid_disable_execute_api_endpoint.yaml b/tests/translator/input/error_http_api_invalid_disable_execute_api_endpoint.yaml
@@ -0,0 +1,14 @@
+Resources:
+  MyApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      DisableExecuteApiEndpoint: String
+      StageName: Prod
+      Domain:
+        DomainName: "sam-example.com"
+        CertificateArn: "arn:aws:acm:us-east-1:123455353535:certificate/6c911401-620d-4d41-b89e-366c238bb2f3"
+        EndpointConfiguration: REGIONAL
+        SecurityPolicy: TLS_1_2
+        BasePath: ["/basic", "/begin-here"]
+        Route53:
+          HostedZoneName: sam-example.com.
diff --git a/tests/translator/input/error_implicit_http_api_auth_any_method.yaml b/tests/translator/input/error_implicit_http_api_auth_any_method.yaml
@@ -0,0 +1,24 @@
+Resources:
+  SomeHttpApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      DefinitionBody:
+        paths:
+          "/{domain}":
+            any:
+              responses: {}
+          "/{domain/}{id}":
+            any:
+              responses: {}
+        openapi: 3.0.1
+      Auth:
+        Authorizers:
+          OAuth2Authorizer:
+            AuthorizationScopes:
+            - email
+            JwtConfiguration:
+              audience:
+              - randomnumber
+              issuer: https://some/issuer
+            IdentitySource: "$request.headers.Authorization"
+        DefaultAuthorizer: OAuth2Authorizer
diff --git a/tests/translator/input/function_with_signing_profile.yaml b/tests/translator/input/function_with_signing_profile.yaml
@@ -0,0 +1,24 @@
+Resources:
+
+  FunctionWithSigningProfile:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.gethtml
+      Runtime: nodejs12.x
+      CodeSigningConfigArn: !Ref MySignedFunctionCodeSigningConfig
+
+  MySignedFunctionCodeSigningConfig:
+    Type: AWS::Lambda::CodeSigningConfig
+    Properties:
+      Description: "Code Signing for MySignedLambdaFunction"
+      AllowedPublishers:
+        SigningProfileVersionArns:
+          - !GetAtt SigningProfile.ProfileVersionArn
+      CodeSigningPolicies:
+        UntrustedArtifactOnDeployment: "Enforce"
+
+  SigningProfile:
+    Type: AWS::Signer::SigningProfile
+    Properties:
+      PlatformId: AWSLambda-SHA384-ECDSA
diff --git a/tests/translator/output/api_with_basic_custom_domain_http.json b/tests/translator/output/api_with_basic_custom_domain_http.json
@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": true
+              }
+            }
           ]
         }
       }

diff --git a/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json b/tests/translator/output/api_with_basic_custom_domain_intrinsics_http.json
@@ -217,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": false
+              }
+            }
           ]
         }
       }, 

diff --git a/tests/translator/output/aws-cn/api_with_basic_custom_domain_http.json b/tests/translator/output/aws-cn/api_with_basic_custom_domain_http.json
@@ -175,7 +175,6 @@
     "MyApi": {
       "Type": "AWS::ApiGatewayV2::Api", 
       "Properties": {
-        "DisableExecuteApiEndpoint": true,
         "Body": {
           "info": {
             "version": "1.0", 
@@ -218,6 +217,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": true
+              }
+            }
           ]
         }
       }

diff --git a/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json b/tests/translator/output/aws-cn/api_with_basic_custom_domain_intrinsics_http.json
@@ -306,6 +306,13 @@
               "name": "httpapi:createdBy", 
               "x-amazon-apigateway-tag-value": "SAM"
             }
+          ],
+          "servers": [
+            {
+              "x-amazon-apigateway-endpoint-configuration": {
+                "disableExecuteApiEndpoint": false
+              }
+            }
           ]
         }
       },