fix: add error message when JwtConfiguration is not a map (#3567)

samtranslator/model/apigatewayv2.py

@@ -129,7 +129,9 @@ def __init__(  # type: ignore[no-untyped-def] # noqa: PLR0913
         self.api_logical_id = api_logical_id
         self.name = name
         self.authorization_scopes = authorization_scopes
-        self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration(jwt_configuration)
+        self.jwt_configuration: Optional[JwtConfiguration] = self._get_jwt_configuration(
+            jwt_configuration, api_logical_id
+        )
         self.id_source = id_source
         self.function_arn = function_arn
         self.function_invoke_role = function_invoke_role
@@ -344,7 +346,9 @@ def _get_identity_source(self, auth_identity: Dict[str, Any]) -> List[str]:
         return identity_source
 
     @staticmethod
-    def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) -> Optional[JwtConfiguration]:
+    def _get_jwt_configuration(
+        props: Optional[Dict[str, Union[str, List[str]]]], api_logical_id: str
+    ) -> Optional[JwtConfiguration]:
         """Make sure that JWT configuration dict keys are lower case.
 
         ApiGatewayV2Authorizer doesn't create `AWS::ApiGatewayV2::Authorizer` but generates
@@ -359,13 +363,14 @@ def _get_jwt_configuration(props: Optional[Dict[str, Union[str, List[str]]]]) ->
 
         Parameters
         ----------
-        props
-            jwt configuration dict with the keys either lower case or capitalized
+        props: jwt configuration dict with the keys either lower case or capitalized
+        api_logical_id: logical id of the Serverless Api resource with the jwt configuration
 
         Returns
         -------
             jwt configuration dict with low case keys
         """
         if not props:
             return None
+        sam_expect(props, api_logical_id, "JwtConfiguration").to_be_a_map()
         return {k.lower(): v for k, v in props.items()}

tests/translator/input/error_http_api_with_invalid_jwt_configuration.yaml

@@ -0,0 +1,37 @@
+Resources:
+  MyApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      Tags:
+        Tag1: value1
+        Tag2: value2
+      Auth:
+        Authorizers:
+          MyLambdaAuth:
+            FunctionArn:
+              Fn::GetAtt:
+              - MyAuthFn
+              - Arn
+            FunctionInvokeRole:
+              Fn::GetAtt:
+              - MyAuthFnRole
+              - Arn
+            Identity:
+              Context:
+              - contextVar
+              Headers:
+              - Authorization
+              QueryStrings:
+              - petId
+              StageVariables:
+              - stageVar
+              ReauthorizeEvery: 23
+            EnableSimpleResponses: true
+            AuthorizerPayloadFormatVersion: 2.0
+          MyOAuth2Auth:
+            AuthorizationScopes:
+            - scope4
+            JwtConfiguration:
+            - issuer: https://openid-connect.onelogin.com/oidc
+            IdentitySource: $request.querystring.param
+        DefaultAuthorizer: MyOAuth2Auth

tests/translator/output/error_http_api_with_invalid_jwt_configuration.json

@@ -0,0 +1,9 @@
+{
+  "_autoGeneratedBreakdownErrorMessage": [
+    "Invalid Serverless Application Specification document. ",
+    "Number of errors found: 1. ",
+    "Resource with id [MyApi] is invalid. ",
+    "Property 'JwtConfiguration' should be a map."
+  ],
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyApi] is invalid. Property 'JwtConfiguration' should be a map."
+}