def test_can_auto_resource_policy_with_cfn(sample_app): swagger_gen = CFNSwaggerGenerator() rest_api = RestAPI( resource_name='dev', swagger_doc={}, lambda_function=None, minimum_compression="", api_gateway_stage="xyz", endpoint_type="PRIVATE", policy=IAMPolicy({ 'Statement': [{ "Effect": "Allow", "Principal": "*", "Action": "execute-api:Invoke", "Resource": "arn:aws:execute-api:*:*:*/*", "Condition": { "StringEquals": { "aws:SourceVpce": "vpce-abc123" } } }] }) ) doc = swagger_gen.generate_swagger(sample_app, rest_api) assert doc['x-amazon-apigateway-policy'] == { 'Statement': [{ 'Action': 'execute-api:Invoke', 'Condition': {'StringEquals': { 'aws:SourceVpce': 'vpce-abc123'}}, 'Effect': 'Allow', 'Principal': '*', 'Resource': 'arn:aws:execute-api:*:*:*/*', }] }
def test_will_custom_auth_with_cfn(sample_app): swagger_gen = CFNSwaggerGenerator() # No "name=" kwarg provided should default # to a name of "auth". @sample_app.authorizer(ttl_seconds=10, execution_role='arn:role') def auth(auth_request): pass @sample_app.route('/auth', authorizer=auth) def foo(): pass doc = swagger_gen.generate_swagger(sample_app) assert 'securityDefinitions' in doc assert doc['securityDefinitions']['auth'] == { 'in': 'header', 'name': 'Authorization', 'type': 'apiKey', 'x-amazon-apigateway-authtype': 'custom', 'x-amazon-apigateway-authorizer': { 'type': 'token', 'authorizerCredentials': 'arn:role', 'authorizerResultTtlInSeconds': 10, 'authorizerUri': { 'Fn::Sub': ('arn:aws:apigateway:${AWS::Region}:lambda:path' '/2015-03-31/functions/${Auth.Arn}/invocations') } } }
def test_will_custom_auth_with_cfn(sample_app): swagger_gen = CFNSwaggerGenerator() # No "name=" kwarg provided should default # to a name of "auth". @sample_app.authorizer(ttl_seconds=10, execution_role='arn:role') def auth(auth_request): pass @sample_app.route('/auth', authorizer=auth) def foo(): pass doc = swagger_gen.generate_swagger(sample_app) assert 'securityDefinitions' in doc assert doc['securityDefinitions']['auth'] == { 'in': 'header', 'name': 'Authorization', 'type': 'apiKey', 'x-amazon-apigateway-authtype': 'custom', 'x-amazon-apigateway-authorizer': { 'type': 'token', 'authorizerCredentials': 'arn:role', 'authorizerResultTtlInSeconds': 10, 'authorizerUri': { 'Fn::Sub': ( 'arn:aws:apigateway:${AWS::Region}:lambda:path' '/2015-03-31/functions/${Auth.Arn}/invocations' ) } } }