/
schema.yaml
458 lines (444 loc) · 18.5 KB
/
schema.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
---
name: aws-apigateway
license: Apache-2.0
logoUrl: https://raw.githubusercontent.com/pulumi/pulumi-aws-apigateway/main/assets/logo.png
displayName: AWS API Gateway
publisher: Pulumi
keywords:
- pulumi
- aws
- apigateway
- category/cloud
- kind/component
types:
aws-apigateway:index:Route:
type: object
properties:
path:
type: string
plain: true
description: |
The path on the API that will serve this route. If not prefixed with `/`,
then a `/` will be added automatically to the beginning.
method:
"$ref": "#/types/aws-apigateway:index:Method"
plain: true
description: |
The REST method of the route to match. Only valid with `eventHandler` or `data` routes.
eventHandler:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:lambda%2Ffunction:Function"
description: |
A Lambda function which will handle the route for the given path and method.
localPath:
type: string
plain: true
description: |
The local path on disk to create static S3 resources for. Files will be uploaded into S3
objects, and directories will be recursively walked into.
contentType:
type: string
plain: true
description: |
The `content-type` to serve the file as. Only valid when `localPath` points to a file. If
`localPath` points to a directory, the content types for all files will be inferred.
index:
oneOf:
- type: string
plain: true
- type: boolean
plain: true
plain: true
description: |
By default a `localPath` hosting static content will also serve 'index.html' in response to a request on a directory.
To disable this pass `false` or supply a new index document name.
data:
"$ref": pulumi.json#/Any
plain: true
description: |
A raw Swagger object to include verbatim in the integration for this path.
target:
"$ref": "#/types/aws-apigateway:index:Target"
description: |
The target for an integration route (see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-integration-types.html).
requiredParameters:
type: array
items:
"$ref": "#/types/aws-apigateway:index:RequiredParameter"
plain: true
plain: true
description: |
Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api
gateway will validate these before sending traffic to the event handler.
requestValidator:
"$ref": "#/types/aws-apigateway:index:RequestValidator"
plain: true
description: |
Request Validator specifies the validator to use at the method level. This will override anything
defined at the API level.
apiKeyRequired:
type: boolean
plain: true
description: |
If true, an API key will be required for this route. The source for the API Key can be set at
the API level and by default, the source will be the HEADER.
authorizers:
type: array
items:
"$ref": "#/types/aws-apigateway:index:Authorizer"
plain: true
plain: true
description: |
Authorizers allows you to define Lambda authorizers be applied for authorization when the
the route is called.
iamAuthEnabled:
type: boolean
plain: true
description: |
By default, the route method auth type is set to `NONE`. If true, the auth type will be
set to `AWS_IAM`.
required:
- path
description: |
A route that that APIGateway should accept and forward to some type of destination. All routes
have an incoming path that they match against. However, destinations are determined by the kind
of the route.
aws-apigateway:index:Target:
type: object
properties:
type:
"$ref": "#/types/aws-apigateway:index:IntegrationType"
description: |
Specifies an API method integration type. The valid value is one of the following:
* `aws`: for integrating the API method request with an AWS service action, including the Lambda
function-invoking action. With the Lambda function-invoking action, this is referred to as
the Lambda custom integration. With any other AWS service action, this is known as AWS
integration.
* `aws_proxy`: for integrating the API method request with the Lambda function-invoking action
with the client request passed through as-is. This integration is also referred to as the
Lambda proxy integration.
* `http`: for integrating the API method request with an HTTP endpoint, including a private HTTP
endpoint within a VPC. This integration is also referred to as the HTTP custom integration.
* `http_proxy`: for integrating the API method request with an HTTP endpoint, including a private
HTTP endpoint within a VPC, with the client request passed through as-is. This is also
referred to as the HTTP proxy integration.
* `mock`: for integrating the API method request with API Gateway as a "loop-back" endpoint
without invoking any backend.
httpMethod:
type: string
const: ANY
description: |
Specifies the integration's HTTP method type. Currently, the only supported type is 'ANY'.
uri:
type: string
description: |
Specifies Uniform Resource Identifier (URI) of the integration endpoint.
For HTTP or HTTP_PROXY integrations, the URI must be a fully formed, encoded HTTP(S) URL
according to the RFC-3986 specification, for either standard integration, where
connectionType is not VPC_LINK, or private integration, where connectionType is VPC_LINK. For
a private HTTP integration, the URI is not used for routing.
For AWS or AWS_PROXY integrations, the URI is of the form
arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}. Here,
{Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated
AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS
service for fast host-name lookup. action can be used for an AWS service action-based API,
using an Action={name}&{p1}={v1}&p2={v2}... query string. The ensuing {service_api} refers to
a supported action {name} plus any required input parameters. Alternatively, path can be used
for an AWS service path-based API. The ensuing service_api refers to the path to an AWS
service resource, including the region of the integrated AWS service, if applicable. For
example, for integration with the S3 API of GetObject, the uri can be either
arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key} or
arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}.
connectionType:
"$ref": "#/types/aws-apigateway:index:IntegrationConnectionType"
description: |
The type of the network connection to the integration endpoint. The valid value is `INTERNET`
for connections through the public routable internet or `VPC_LINK` for private connections
between API Gateway and a network load balancer in a VPC. The default value is `INTERNET`.
connectionId:
type: string
description: |
The (id) of the VpcLink used for the integration when connectionType=VPC_LINK and undefined,
otherwise.
passthroughBehaviour:
"$ref": "#/types/aws-apigateway:index:IntegrationPassthroughBehavior"
description: |
Specifies how the method request body of an unmapped content type will be passed through the
integration request to the back end without transformation.
The valid value is one of the following:
* `WHEN_NO_MATCH`: passes the method request body through the integration request to the back end
without transformation when the method request content type does not match any content type
associated with the mapping templates defined in the integration request.
* `WHEN_NO_TEMPLATES`: passes the method request body through the integration request to the back
end without transformation when no mapping template is defined in the integration request. If
a template is defined when this option is selected, the method request of an unmapped
content-type will be rejected with an HTTP 415 Unsupported Media Type response.
* `NEVER`: rejects the method request with an HTTP 415 Unsupported Media Type response when
either the method request content type does not match any content type associated with the
mapping templates defined in the integration request or no mapping template is defined in the
integration request.
Defaults to `WHEN_NO_MATCH` if unspecified.
required:
- type
- uri
aws-apigateway:index:Method:
type: string
enum:
- value: ANY
- value: GET
- value: PUT
- value: POST
- value: DELETE
- value: PATCH
- value: OPTIONS
- value: HEAD
aws-apigateway:index:RequestValidator:
type: string
enum:
- value: ALL
- value: PARAMS_ONLY
- value: BODY_ONLY
aws-apigateway:index:APIKeySource:
type: string
enum:
- value: HEADER
- value: AUTHORIZER
aws-apigateway:index:IntegrationConnectionType:
type: string
enum:
- value: INTERNET
- value: VPC_LINK
aws-apigateway:index:IntegrationType:
type: string
enum:
- value: aws
- value: aws_proxy
- value: http
- value: http_proxy
- value: mock
aws-apigateway:index:IntegrationPassthroughBehavior:
type: string
enum:
- value: when_no_match
- value: when_no_templates
- value: never
aws-apigateway:index:SwaggerGatewayResponse:
type: object
properties:
statusCode:
type: number
responseTemplates:
type: object
additionalProperties:
type: string
responseParameters:
type: object
additionalProperties:
type: string
aws-apigateway:index:RequiredParameter:
type: object
properties:
name:
type: string
in:
type: string
enum:
- value: path
- value: query
- value: header
aws-apigateway:index:Authorizer:
type: object
properties:
authorizerName:
type: string
plain: true
description: |
The name for the Authorizer to be referenced as. This must be unique for each unique
authorizer within the API. If no name if specified, a name will be generated for you.
parameterName:
type: string
plain: true
description: |
parameterName is the name of the header or query parameter containing the authorization
token. Must be "Unused" for multiple identity sources.
parameterLocation:
type: string
enum:
- value: query
- value: header
plain: true
description: |
Defines where in the request API Gateway should look for identity information. The value must
be "header" or "query". If there are multiple identity sources, the value must be "header".
authType:
type: string
plain: true
description: |
Specifies the authorization mechanism for the client. Typical values are "oauth2" or "custom".
type:
type: string
enum:
- value: token
- value: request
plain: true
description: |
The type of the authorizer. This value must be one of the following:
- "token", for an authorizer with the caller identity embedded in an authorization token
- "request", for an authorizer with the caller identity contained in request parameters
handler:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:lambda%2Ffunction:Function"
description: |
The authorizerHandler specifies information about the authorizing Lambda.
identitySource:
type: array
items:
type: string
plain: true
plain: true
description: |
List of mapping expressions of the request parameters as the identity source. This indicates
where in the request identity information is expected. Applicable for the authorizer of the
"request" type only. Example: ["method.request.header.HeaderAuth1",
"method.request.querystring.QueryString1"]
identityValidationExpression:
type: string
plain: true
description: |
A regular expression for validating the token as the incoming identity. It only invokes the
authorizer's lambda if there is a match, else it will return a 401. This does not apply to
REQUEST Lambda Authorizers. Example: "^x-[a-z]+".
authorizerResultTtlInSeconds:
type: number
plain: true
description: |
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You
can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an
authorizer across more than one route you will want to disable the cache or else it will
cause problems for you.
providerARNs:
type: array
items:
type: string
plain: true
description: |
The ARNs of the Cognito User Pools to use.
methodsToAuthorize:
type: array
items:
type: string
plain: true
plain: true
description: |
For method authorization, you can define resource servers and custom scopes by specifying the
"resource-server/scope". e.g. ["com.hamuta.movies/drama.view",
"http://my.resource.com/file.read"] For more information on resource servers and custom
scopes visit the AWS documentation -
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html
required:
- parameterName
description: |
LambdaAuthorizer provides the definition for a custom Authorizer for API Gateway.
resources:
aws-apigateway:index:RestAPI:
isComponent: true
inputProperties:
routes:
type: array
items:
"$ref": "#/types/aws-apigateway:index:Route"
plain: true
plain: true
description: |
Routes to use to initialize the APIGateway. These will be used to create the Swagger
specification for the API.
Either `swaggerString` or `routes` must be specified.
swaggerString:
type: string
description: |
A Swagger specification already in string form to use to initialize the APIGateway. Note
that you must manually provide permission for any route targets to be invoked by API Gateway
when using `swaggerString`.
Either `swaggerString` or `routes` must be specified.
stageName:
type: string
description: |
The stage name for your API. This will get added as a base path to your API url.
requestValidator:
"$ref": "#/types/aws-apigateway:index:RequestValidator"
plain: true
description: |
Request Validator specifies the validator to use at the API level. Note method level validators
override this.
apiKeySource:
"$ref": "#/types/aws-apigateway:index:APIKeySource"
plain: true
description: |
The source for the apikey. This can either be a HEADER or AUTHORIZER. If `apiKeyRequired` is
set to true on a route, and this is not defined the value will default to HEADER.
staticRoutesBucket:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:s3%2Fbucket:Bucket"
description: |
Bucket to use for placing resources for static resources. If not provided a default one will
be created on your behalf if any `StaticRoute`s are provided.
gatewayResponses:
type: object
additionalProperties:
"$ref": "#/types/aws-apigateway:index:SwaggerGatewayResponse"
plain: true
description: |
Define custom gateway responses for the API. This can be used to properly enable
CORS for Lambda Authorizers.
properties:
url:
type: string
description: |
The URL where the Rest API is exposed.
api:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:apigateway%2FrestApi:RestApi"
description: |
The underlying RestAPI resource.
deployment:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:apigateway%2Fdeployment:Deployment"
description: |
The underlying Deployment resource.
stage:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:apigateway%2Fstage:Stage"
description: |
The underlying Stage resource.
apiPolicy:
"$ref": "/aws/v5.21.0/schema.json#/resources/aws:apigateway%2FrestApiPolicy:RestApiPolicy"
description: |
The underlying RestAPIPolicy resource.
required:
- url
- api
- deployment
- stage
description: |
The RestAPI component offers a simple interface for creating a fully functional API Gateway REST API. The
REST API can define any number of routes, each of which maps a path and HTTP method to one of (1) an event
hander route that invokes a Lambda Function (2) a local path route which uploads local files into an S3 bucket
and serves them or (3) an integration target such as an HTTP proxy or service integration.
language:
csharp:
namespaces:
aws-apigateway: AwsApiGateway
packageReferences:
Pulumi: 3.*
Pulumi.Aws: 5.*
respectSchemaVersion: true
go:
importBasePath: github.com/pulumi/pulumi-aws-apigateway/sdk/apigateway
respectSchemaVersion: true
generateExtraInputTypes: true
nodejs:
dependencies:
"@pulumi/aws": "^5.4.0"
respectSchemaVersion: true
python:
requires:
pulumi: ">=3.0.0,<4.0.0"
pulumi-aws: ">=5.0.0,<6.0.0"
respectSchemaVersion: true
java:
packages:
"com.pulumi:aws": "5.4.0"