From 4169ae183f64c5c580d90e653e23cc3c52a6f971 Mon Sep 17 00:00:00 2001
From: franzmango <47043124+franzmango@users.noreply.github.com>
Date: Tue, 8 Nov 2022 14:37:21 +0200
Subject: [PATCH] feat(AWS API Gateway): Allow CF funcs in `authorizer.scopes`
 (#11505)

---
 .../compile/events/api-gateway/index.js       |  7 +++-
 .../api-gateway/lib/method/index.test.js      | 32 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/lib/plugins/aws/package/compile/events/api-gateway/index.js b/lib/plugins/aws/package/compile/events/api-gateway/index.js
index ef7f73c2050..2cf8fa2dd89 100644
--- a/lib/plugins/aws/package/compile/events/api-gateway/index.js
+++ b/lib/plugins/aws/package/compile/events/api-gateway/index.js
@@ -63,7 +63,12 @@ const authorizerSchema = {
         managedExternally: { type: 'boolean' },
         name: { type: 'string' },
         resultTtlInSeconds: { type: 'integer', minimum: 0, maximum: 3600 },
-        scopes: { type: 'array', items: { type: 'string' } },
+        scopes: {
+          type: 'array',
+          items: {
+            anyOf: [{ type: 'string' }, { $ref: '#/definitions/awsCfInstruction' }],
+          },
+        },
         type: {
           anyOf: ['token', 'cognito_user_pools', 'request', 'aws_iam', 'custom'].map(
             caseInsensitive
diff --git a/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/method/index.test.js b/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/method/index.test.js
index e767ee83a8e..61b09f11dc1 100644
--- a/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/method/index.test.js
+++ b/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/method/index.test.js
@@ -749,6 +749,38 @@ describe('#compileMethods()', () => {
     ).to.not.have.property('AuthorizationScopes');
   });
 
+  it('should pass on import functions for a cognito user pool authorizer scopes', () => {
+    awsCompileApigEvents.validated.events = [
+      {
+        functionName: 'First',
+        http: {
+          authorizer: {
+            name: 'authorizer',
+            type: 'COGNITO_USER_POOLS',
+            authorizerId: { Ref: 'CognitoAuthorizer' },
+            scopes: [
+              {
+                'Fn::ImportValue': 'ImportedScope',
+              },
+            ],
+          },
+          integration: 'AWS',
+          path: 'users/create',
+          method: 'post',
+        },
+      },
+    ];
+
+    awsCompileApigEvents.compileMethods();
+    const resource =
+      awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources
+        .ApiGatewayMethodUsersCreatePost;
+
+    expect(resource.Properties.AuthorizationScopes[0]).to.deep.equal({
+      'Fn::ImportValue': 'ImportedScope',
+    });
+  });
+
   it('should set claims for a cognito user pool', () => {
     awsCompileApigEvents.validated.events = [
       {