-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(Conditions): add support for Conditions on API event resources #804
feat(Conditions): add support for Conditions on API event resources #804
Conversation
…cation-model into release/v1.10.0
…cation-model into release/v1.10.0
…cation-model into release/v1.10.0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I need to add a few more unit tests, but this contains all the implementation as well as end-to-end tests that show this feature.
tests/translator/output/api_with_cors_and_conditions_no_definitionbody.json
Outdated
Show resolved
Hide resolved
tests/translator/output/aws-cn/api_with_auth_and_conditions_all_max.json
Outdated
Show resolved
Hide resolved
tests/translator/output/aws-us-gov/implicit_api_with_many_conditions.json
Outdated
Show resolved
Hide resolved
Codecov Report
@@ Coverage Diff @@
## release/v1.10.0 #804 +/- ##
===================================================
- Coverage 94.54% 94.54% -0.01%
===================================================
Files 67 67
Lines 2696 2824 +128
Branches 481 508 +27
===================================================
+ Hits 2549 2670 +121
- Misses 77 81 +4
- Partials 70 73 +3
Continue to review full report at Codecov.
|
samtranslator/swagger/swagger.py
Outdated
:return: swagger components of the method | ||
""" | ||
if self._CONDITIONAL_IF in method: | ||
return method[self._CONDITIONAL_IF][1] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This assumes the method is in this position, but this is not always true. For example, I could have a condition that when evaluated to true returns NoValue and when false returns the method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. SAM doesn't set something like that up, but someone writing Swagger could.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very good callout. Will have to think about this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. Couple of thoughts here.
This has never worked up to this point, which means that no existing SAM templates will have a conditional inside of a method configuration. So, whatever we do here won't break any existing customers, but could potentially affect future uses of SAM.
SAM uses this code, I think, only for two things:
- Creating Swagger for the user (generating APIGW paths and methods)
- Adding an authorizer to a method.
This means that the only time (at least as SAM is now) a customer would have SAM read their swagger is when they are using custom authorizers. We should still assume that other use cases could arise.
Possible solutions:
- Leave as is:
- Document that SAM only modifies the first element of a Condition that is nested under a method.
- This means that, with authorizers, SAM would only add an authorizer to the first item in the conditional and ignore the second entirely.
- SAM will also throw an error if the first item is invalid.
- Check the first item to see if it is a valid path, and, if not, return the second item.
- This is an either/or situation. It still wouldn't handle the case where both paths would need to be modified.
- Just do whatever we're doing to both items in the list, and throw an error only if both of them are invalid paths.
- Might be the safest approach.
- Would a customer ever want SAM to only modify the first one and not touch the second?
- Or should we return both parts of this conditional list and make sure that it is a valid path before modifying it (for authorizers or other similar things we do in the future)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The third option might be the best option here, should we go ahead and modify all valid method configurations that are in the conditional list? The change is pretty small I think
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3rd option sounds the best
tests/translator/input/api_with_cors_and_conditions_no_definitionbody.yaml
Show resolved
Hide resolved
Ok. Several things need to happen that come out of a discussion about paths. Problem Description: Solution:
Example JSON: The "" should be replaced with the name given to the condition that is created that contains both "Cond" and "MyCondition" conditions that are found on the methods inside of the "/sub" path. "paths": {
"Fn::If": [
"<GeneratedPathConditionName>",
{
"/sub": {
"post": {
"Fn::If": [
"Cond",
{
"x-amazon-apigateway-integration": {
"httpMethod": "POST",
"type": "aws_proxy",
"uri": {
"Fn::If": [
"Cond",
{
"Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${helloworld.Arn}/invocations"
},
{
"Ref": "AWS::NoValue"
}
]
}
},
"responses": {}
},
{
"Ref": "AWS::NoValue"
}
]
},
"get": {
"Fn::If": [
"MyCondition",
{
"x-amazon-apigateway-integration": {
"httpMethod": "POST",
"type": "aws_proxy",
"uri": {
"Fn::If": [
"MyCondition",
{
"Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${hello.Arn}/invocations"
},
{
"Ref": "AWS::NoValue"
}
]
}
},
"responses": {}
},
{
"Ref": "AWS::NoValue"
}
]
}
}
},
{
"Ref": "AWS::NoValue"
},
]
} Implementation Ideas: I don't really know how to make this work well with generated swagger on an explicit API, but for implicit APIs it would be much easier. You would aggregate conditions, as is currently done, but do it in a dictionary of Necessary Updates: Swagger tests:
All new API integration tests (included inside of this PR) |
tests/translator/output/implicit_api_with_auth_and_conditions_max.json
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving since I'm a reviewer on this. However, Keeton reviewed my commits and gave me verbal approval.
Issue #, if available:
#758
Description of changes:
Add ability to honor conditions placed on functions with API events.
Testing:
Templates were generated using SAM locally and deployed via CFN to test parts of this implementation. I did this with the normal and CORS templates; I have not tested the Auth example (should work the same).
Note to reviewers:
This PR is very long, mostly because I am testing several things related to APIs. The actual code difference is about ~170 lines, all the rest are for tests. The output files for these templates with APIs are very large and hard to read; I have run the translator on similar templates and verified that they deploy to CFN.
Callout:
I have not tested to see if CFN will allow SAM to create extra Conditions. I assume that this is something that is allowed by CFN.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.