Skip to content

Commit

Permalink
fix: normalize the open api version (#3551)
Browse files Browse the repository at this point in the history
  • Loading branch information
@xazhao
xazhao committed Feb 28, 2024
1 parent e302b20 commit 6499b50
Show file tree
Hide file tree
Showing 7 changed files with 1,161 additions and 7 deletions.
12 changes: 5 additions & 7 deletions samtranslator/model/api/api_generator.py
View file
Expand Up @@ -251,7 +251,6 @@ def __init__( # noqa: PLR0913
self.resource_attributes = resource_attributes
self.passthrough_resource_attributes = passthrough_resource_attributes
self.open_api_version = open_api_version
self.remove_extra_stage = open_api_version
self.models = models
self.domain = domain
self.fail_on_warnings = fail_on_warnings
Expand Down Expand Up @@ -400,7 +399,7 @@ def _construct_deployment(self, rest_api: ApiGatewayRestApi) -> ApiGatewayDeploy
self.logical_id + "Deployment", attributes=self.passthrough_resource_attributes
)
deployment.RestApiId = rest_api.get_runtime_attr("rest_api_id")
if not self.remove_extra_stage:
if not self.open_api_version:
deployment.StageName = "Stage"

return deployment
Expand Down Expand Up @@ -438,7 +437,7 @@ def _construct_stage(
if swagger is not None:
deployment.make_auto_deployable(
stage,
self.remove_extra_stage,
self.open_api_version,
swagger,
self.domain,
redeploy_restapi_parameters,
Expand Down Expand Up @@ -1125,11 +1124,10 @@ def _openapi_postprocess(self, definition_body: Dict[str, Any]) -> Dict[str, Any
if definition_body.get("swagger") is not None:
return definition_body

if definition_body.get("openapi") is not None and self.open_api_version is None:
self.open_api_version = definition_body.get("openapi")
normalized_open_api_version = definition_body.get("openapi", self.open_api_version)

if self.open_api_version and SwaggerEditor.safe_compare_regex_with_string(
SwaggerEditor._OPENAPI_VERSION_3_REGEX, self.open_api_version
if normalized_open_api_version and SwaggerEditor.safe_compare_regex_with_string(
SwaggerEditor._OPENAPI_VERSION_3_REGEX, normalized_open_api_version
):
if definition_body.get("securityDefinitions"):
components = definition_body.get("components", Py27Dict())
Expand Down
166 changes: 166 additions & 0 deletions tests/translator/input/api_open_api_version_override.yaml
View file
@@ -0,0 +1,166 @@
Transform:
- AWS::Serverless-2016-10-31
Resources:
ApiGatewayCognitoExecutionRole4F7CB5C8:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: apigateway.amazonaws.com
Version: '2012-10-17'
Policies:
- PolicyDocument:
Statement:
- Action: lambda:Invoke*
Effect: Allow
Resource:
Fn::GetAtt:
- LambdaFunction7804BD21
- Arn
Version: '2012-10-17'
PolicyName: apigInvokeLambda
LambdaFunctionServiceRoleD6E423C9:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- Fn::Join:
- ''
- - 'arn:'
- Ref: AWS::Partition
- :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
LambdaFunctionServiceRoleDefaultPolicyF01A7EDC:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action: sns:Publish
Effect: Allow
Resource: '*'
Version: '2012-10-17'
PolicyName: LambdaFunctionServiceRoleDefaultPolicyF01A7EDC
Roles:
- Ref: LambdaFunctionServiceRoleD6E423C9
LambdaFunction7804BD21:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
exports.handler = async (event, context, callback) => {
const auth = event.queryStringParameters.authorization
const policyDocument = {
Version: '2012-10-17',
Statement: [{
Action: 'execute-api:Invoke',
Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',
Resource: event.methodArn
}]
}
return {
principalId: 'user',
context: {},
policyDocument
}
}
Role:
Fn::GetAtt:
- LambdaFunctionServiceRoleD6E423C9
- Arn
Handler: index.handler
Runtime: nodejs16.x
MyCognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: MyCognitoUserPool
ApiGatewayCognitoService15108F0B:
Type: AWS::Serverless::Api
Properties:
StageName: prod
Auth:
AddDefaultAuthorizerToCorsPreflight: false
Authorizers:
CognitoAuthorizer:
UserPoolArn:
Fn::GetAtt: MyCognitoUserPool.Arn
DefaultAuthorizer: CognitoAuthorizer
DefinitionBody:
openapi: 3.0.2
info:
title: RxtHofApprovalServiceLambdaCognito
version: '2018-05-10'
paths:
/reviews:
post:
operationId: CreateReview
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateReviewRequestContent'
required: true
responses:
'200':
description: CreateReview 200 response
headers:
Access-Control-Allow-Origin:
schema:
type: string
Access-Control-Expose-Headers:
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/CreateReviewResponseContent'
x-amazon-apigateway-integration:
type: aws_proxy
httpMethod: POST
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations
credentials:
Fn::Sub: ${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}
responses:
default:
statusCode: '200'
responseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
method.response.header.Access-Control-Expose-Headers: "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'"
components:
schemas:
CreateReviewRequestContent:
type: object
properties:
reviewId:
type: string
CreateReviewResponseContent:
type: object
properties:
reviewId:
type: string
securitySchemes:
aws.auth.sigv4:
type: apiKey
description: AWS Signature Version 4 authentication
name: Authorization
in: header
x-amazon-apigateway-authtype: awsSigv4
security:
- aws.auth.sigv4: []
x-amazon-apigateway-gateway-responses:
DEFAULT_5XX:
responseTemplates:
application/json: '{"message":$context.error.messageString}'
responseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
OpenApiVersion: '2.0'
TracingEnabled: true
165 changes: 165 additions & 0 deletions tests/translator/input/error_api_openapi_not_set.yaml
View file
@@ -0,0 +1,165 @@
Transform:
- AWS::Serverless-2016-10-31
Resources:
ApiGatewayCognitoExecutionRole4F7CB5C8:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: apigateway.amazonaws.com
Version: '2012-10-17'
Policies:
- PolicyDocument:
Statement:
- Action: lambda:Invoke*
Effect: Allow
Resource:
Fn::GetAtt:
- LambdaFunction7804BD21
- Arn
Version: '2012-10-17'
PolicyName: apigInvokeLambda
LambdaFunctionServiceRoleD6E423C9:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- Fn::Join:
- ''
- - 'arn:'
- Ref: AWS::Partition
- :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
LambdaFunctionServiceRoleDefaultPolicyF01A7EDC:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action: sns:Publish
Effect: Allow
Resource: '*'
Version: '2012-10-17'
PolicyName: LambdaFunctionServiceRoleDefaultPolicyF01A7EDC
Roles:
- Ref: LambdaFunctionServiceRoleD6E423C9
LambdaFunction7804BD21:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
exports.handler = async (event, context, callback) => {
const auth = event.queryStringParameters.authorization
const policyDocument = {
Version: '2012-10-17',
Statement: [{
Action: 'execute-api:Invoke',
Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',
Resource: event.methodArn
}]
}
return {
principalId: 'user',
context: {},
policyDocument
}
}
Role:
Fn::GetAtt:
- LambdaFunctionServiceRoleD6E423C9
- Arn
Handler: index.handler
Runtime: nodejs16.x
MyCognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: MyCognitoUserPool
ApiGatewayCognitoService15108F0B:
Type: AWS::Serverless::Api
Properties:
StageName: prod
Auth:
AddDefaultAuthorizerToCorsPreflight: false
Authorizers:
CognitoAuthorizer:
UserPoolArn:
Fn::GetAtt: MyCognitoUserPool.Arn
DefaultAuthorizer: CognitoAuthorizer
DefinitionBody:
info:
title: RxtHofApprovalServiceLambdaCognito
version: '2018-05-10'
paths:
/reviews:
post:
operationId: CreateReview
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateReviewRequestContent'
required: true
responses:
'200':
description: CreateReview 200 response
headers:
Access-Control-Allow-Origin:
schema:
type: string
Access-Control-Expose-Headers:
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/CreateReviewResponseContent'
x-amazon-apigateway-integration:
type: aws_proxy
httpMethod: POST
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations
credentials:
Fn::Sub: ${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}
responses:
default:
statusCode: '200'
responseParameters:
method.response.header.Access-Control-Allow-Origin: "'*'"
method.response.header.Access-Control-Expose-Headers: "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'"
components:
schemas:
CreateReviewRequestContent:
type: object
properties:
reviewId:
type: string
CreateReviewResponseContent:
type: object
properties:
reviewId:
type: string
securitySchemes:
aws.auth.sigv4:
type: apiKey
description: AWS Signature Version 4 authentication
name: Authorization
in: header
x-amazon-apigateway-authtype: awsSigv4
security:
- aws.auth.sigv4: []
x-amazon-apigateway-gateway-responses:
DEFAULT_5XX:
responseTemplates:
application/json: '{"message":$context.error.messageString}'
responseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
OpenApiVersion: '3.0'
TracingEnabled: true

0 comments on commit 6499b50

Please sign in to comment.