diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py index cb07b26b9..0cea74e13 100644 --- a/samtranslator/model/eventsources/push.py +++ b/samtranslator/model/eventsources/push.py @@ -755,7 +755,11 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # We make the call to add_auth_to_swagger() in two separate places because _add_swagger_integration() deals # specifically with cases where DefinitionBody is not defined, and below for when DefinitionBody is defined. if swagger_body and self.Auth and self.Auth.get("OverrideApiAuth"): - # TODO: refactor to remove this cast + if not (self.Auth.get("Authorizer") or self.Auth.get("ApiKeyRequired") or self.Auth.get("ResourcePolicy")): + raise InvalidEventException( + self.relative_id, + "Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property.", + ) stage = cast(str, self.Stage) editor = SwaggerEditor(swagger_body) self.add_auth_to_swagger( diff --git a/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml b/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml new file mode 100644 index 000000000..f0730e7b8 --- /dev/null +++ b/tests/translator/input/error_api_override_api_auth_without_authorizer.yaml @@ -0,0 +1,67 @@ +Resources: + MyApiWithLambdaRequestAuth: + Type: AWS::Serverless::Api + Properties: + StageName: Prod + DefinitionBody: + swagger: 2.0 + info: + version: '1.0' + title: !Ref AWS::StackName + schemes: + - https + paths: + /lambda-request: + get: + x-amazon-apigateway-integration: + httpMethod: POST + type: aws_proxy + uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFn.Arn}/invocations + passthroughBehavior: when_no_match + responses: {} + Auth: + Authorizers: + MyLambdaRequestAuth: + FunctionPayloadType: REQUEST + FunctionArn: !GetAtt MyAuthFn.Arn + Identity: + Headers: + - Authorization1 + DefaultAuthorizer: MyLambdaRequestAuth + + MyAuthFn: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Handler: index.handler + Runtime: nodejs8.10 + + MyFn: + Type: AWS::Serverless::Function + Properties: + InlineCode: | + exports.handler = async (event) => { + return { + statusCode: 200, + body: JSON.stringify(event), + headers: {} + } + } + Handler: index.handler + Runtime: nodejs8.10 + Events: + LambdaRequest: + Type: Api + Properties: + RestApiId: !Ref MyApiWithLambdaRequestAuth + Auth: + OverrideApiAuth: true + Method: get + Path: /lambda-request diff --git a/tests/translator/output/error_api_override_api_auth_without_authorizer.json b/tests/translator/output/error_api_override_api_auth_without_authorizer.json new file mode 100644 index 000000000..6e4c815e9 --- /dev/null +++ b/tests/translator/output/error_api_override_api_auth_without_authorizer.json @@ -0,0 +1,15 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFn] is invalid. ", + "Event with id [LambdaRequest] is invalid. ", + "Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFn] is invalid. Event with id [LambdaRequest] is invalid. Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property.", + "errors": [ + { + "errorMessage": "Resource with id [MyFn] is invalid. Event with id [LambdaRequest] is invalid. Must define one of: Authorizer, ApiKeyRequired or ResourcePolicy when using the OverrideApiAuth property." + } + ] +}