def _get_authorizers(self, authorizers_config, default_authorizer=None): """ Returns all authorizers for an API as an ApiGatewayV2Authorizer object :param authorizers_config: authorizer configuration from the API Auth section :param default_authorizer: name of the default authorizer """ authorizers = {} if not isinstance(authorizers_config, dict): raise InvalidResourceException( self.logical_id, "Authorizers must be a dictionary.") for authorizer_name, authorizer in authorizers_config.items(): if not isinstance(authorizer, dict): raise InvalidResourceException( self.logical_id, "Authorizer %s must be a dictionary." % (authorizer_name)) if "OpenIdConnectUrl" in authorizer: raise InvalidResourceException( self.logical_id, "'OpenIdConnectUrl' is no longer a supported property for authorizer '%s'. Please refer to the AWS SAM documentation." % (authorizer_name), ) authorizers[authorizer_name] = ApiGatewayV2Authorizer( api_logical_id=self.logical_id, name=authorizer_name, authorization_scopes=authorizer.get("AuthorizationScopes"), jwt_configuration=authorizer.get("JwtConfiguration"), id_source=authorizer.get("IdentitySource"), ) return authorizers
def _get_authorizers(self, authorizers_config, default_authorizer=None): """ Returns all authorizers for an API as an ApiGatewayV2Authorizer object :param authorizers_config: authorizer configuration from the API Auth section :param default_authorizer: name of the default authorizer """ authorizers = {} if not isinstance(authorizers_config, dict): raise InvalidResourceException(self.logical_id, "Authorizers must be a dictionary") for authorizer_name, authorizer in authorizers_config.items(): if not isinstance(authorizer, dict): raise InvalidResourceException( self.logical_id, "Authorizer %s must be a dictionary." % (authorizer_name) ) authorizers[authorizer_name] = ApiGatewayV2Authorizer( api_logical_id=self.logical_id, name=authorizer_name, open_id_connect_url=authorizer.get("OpenIdConnectUrl"), authorization_scopes=authorizer.get("AuthorizationScopes"), jwt_configuration=authorizer.get("JwtConfiguration"), id_source=authorizer.get("IdentitySource"), ) return authorizers
def test_create_jwt_authorizer_no_jwt_configuration(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer(api_logical_id="logicalId", name="authName") self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "authName OAuth2 Authorizer must define 'JwtConfiguration'.", )
def test_create_oauth2_auth(self): auth = ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, id_source="https://example.com", ) self.assertEquals(auth.auth_type, "oauth2")
def test_create_authorizer_fails_with_string_authorization_scopes(self): with pytest.raises(InvalidResourceException): auth = ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, authorization_scopes="invalid_scope", )
def test_create_lambda_auth_no_function_arn(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="lambdaAuth", ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "lambdaAuth Lambda Authorizer must define 'FunctionArn'.", )
def test_create_authorizer_fails_with_id_source_non_oauth2(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", id_source="https://example.com", ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "IdentitySource must be defined only for OAuth2 Authorizer.", )
def test_create_authorizer_fails_with_jtw_configuration_non_oauth2(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "JwtConfiguration must be defined only for OAuth2 Authorizer.", )
def test_create_authorizer_fails_with_authorization_scopes_non_oauth2( self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", authorization_scopes=["scope1", "scope2"], ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "AuthorizationScopes must be defined only for OAuth2 Authorizer.", )
def test_create_oauth2_auth(self): auth = ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, id_source="https://example.com", authorization_scopes=["scope1", "scope2"], ) self.assertEquals(auth.api_logical_id, "logicalId") self.assertEquals(auth.name, "authName") self.assertEquals(auth.jwt_configuration, {"config": "value"}) self.assertEquals(auth.id_source, "https://example.com") self.assertEquals(auth.authorization_scopes, ["scope1", "scope2"])
def test_create_authorizer_fails_with_string_authorization_scopes(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, authorization_scopes="invalid_scope", ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "AuthorizationScopes must be a list.", )
def test_create_authorizer_fails_with_function_arn_non_lambda(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, authorization_scopes=["scope1", "scope2"], function_arn="lambdaArn", ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "FunctionArn must be defined only for Lambda Authorizer.", )
def test_create_authorizer_fails_with_enable_simple_responses_non_lambda( self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, authorization_scopes=["scope1", "scope2"], enable_simple_responses=True, ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "EnableSimpleResponses must be defined only for Lambda Authorizer.", )
def test_create_authorizer_fails_with_identity_non_lambda(self): with pytest.raises(InvalidResourceException) as e: ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"}, authorization_scopes=["scope1", "scope2"], identity={ "Headers": ["Authorization"], "ReauthorizeEvery": 42 }, ) self.assertEqual( e.value.message, "Resource with id [logicalId] is invalid. " + "Identity must be defined only for Lambda Authorizer.", )
def test_create_lambda_auth(self): auth = ApiGatewayV2Authorizer( api_logical_id="logicalId", name="lambdaAuth", function_arn="lambdaArn", function_invoke_role="iamRole", identity={ "Headers": ["Authorization"], "ReauthorizeEvery": 42 }, authorizer_payload_format_version="2.0", enable_simple_responses=True, ) self.assertEquals(auth.api_logical_id, "logicalId") self.assertEquals(auth.name, "lambdaAuth") self.assertEquals(auth.function_arn, "lambdaArn") self.assertEquals(auth.identity, { "Headers": ["Authorization"], "ReauthorizeEvery": 42 }) self.assertEquals(auth.authorizer_payload_format_version, "2.0") self.assertEquals(auth.enable_simple_responses, True)
def test_create_authorizer_no_jwt_config(self): with pytest.raises(InvalidResourceException): auth = ApiGatewayV2Authorizer(api_logical_id="logicalId", name="authName", id_source="https://example.com")
def test_create_authorizer_no_id_source(self): with pytest.raises(InvalidResourceException): auth = ApiGatewayV2Authorizer( api_logical_id="logicalId", name="authName", jwt_configuration={"config": "value"})