def _get_authorizers(self, authorizers_config, default_authorizer=None):
        authorizers = {}
        if default_authorizer == "AWS_IAM":
            authorizers[default_authorizer] = ApiGatewayAuthorizer(
                api_logical_id=self.logical_id, name=default_authorizer, is_aws_iam_authorizer=True
            )

        if not authorizers_config:
            if "AWS_IAM" in authorizers:
                return authorizers
            return None

        if not isinstance(authorizers_config, dict):
            raise InvalidResourceException(self.logical_id, "Authorizers must be a dictionary.")

        for authorizer_name, authorizer in authorizers_config.items():
            if not isinstance(authorizer, dict):
                raise InvalidResourceException(
                    self.logical_id, "Authorizer %s must be a dictionary." % (authorizer_name)
                )

            authorizers[authorizer_name] = ApiGatewayAuthorizer(
                api_logical_id=self.logical_id,
                name=authorizer_name,
                user_pool_arn=authorizer.get("UserPoolArn"),
                function_arn=authorizer.get("FunctionArn"),
                identity=authorizer.get("Identity"),
                function_payload_type=authorizer.get("FunctionPayloadType"),
                function_invoke_role=authorizer.get("FunctionInvokeRole"),
                authorization_scopes=authorizer.get("AuthorizationScopes"),
            )
        return authorizers
Exemplo n.º 2
0
 def test_create_authorizer_fails_with_missing_identity_values_and_not_cached(
         self):
     with pytest.raises(InvalidResourceException):
         ApiGatewayAuthorizer(
             api_logical_id="logicalId",
             name="authName",
             identity={"ReauthorizeEvery": 10},
             function_payload_type="REQUEST",
         )
Exemplo n.º 3
0
    def test_create_authorizer_doesnt_fail_with_identity_reauthorization_every_as_zero(
            self):
        auth = ApiGatewayAuthorizer(
            api_logical_id="logicalId",
            name="authName",
            identity={"ReauthorizeEvery": 0},
            function_payload_type="REQUEST",
        )

        self.assertIsNotNone(auth)
Exemplo n.º 4
0
 def test_create_authorizer_with_identity_intrinsic_is_invalid_if_no_querystring_stagevariables_context_headers(
     self, ):
     with pytest.raises(InvalidResourceException):
         ApiGatewayAuthorizer(
             api_logical_id="logicalId",
             name="authName",
             identity={"ReauthorizeEvery": {
                 "FN:If": ["isProd", 10, 0]
             }},
             function_payload_type="REQUEST",
         )
Exemplo n.º 5
0
    def test_create_authorizer_with_non_integer_identity(self):
        auth = ApiGatewayAuthorizer(
            api_logical_id="logicalId",
            name="authName",
            identity={
                "ReauthorizeEvery": [],
                "Headers": ["Accept"]
            },
            function_payload_type="REQUEST",
        )

        self.assertIsNotNone(auth)
Exemplo n.º 6
0
    def test_create_authorizer_with_identity_ReauthorizeEvery_asNone_valid_with_query_strings(
            self):
        auth = ApiGatewayAuthorizer(
            api_logical_id="logicalId",
            name="authName",
            identity={
                "ReauthorizeEvery": None,
                "QueryStrings": ["AQueryString"]
            },
            function_payload_type="REQUEST",
        )

        self.assertIsNotNone(auth)
Exemplo n.º 7
0
    def test_create_authorizer_with_identity_intrinsic_is_valid_with_context(
            self):
        auth = ApiGatewayAuthorizer(
            api_logical_id="logicalId",
            name="authName",
            identity={
                "ReauthorizeEvery": {
                    "FN:If": ["isProd", 10, 0]
                },
                "Context": ["Accept"]
            },
            function_payload_type="REQUEST",
        )

        self.assertIsNotNone(auth)
Exemplo n.º 8
0
    def _get_authorizers(self, authorizers_config):
        if not authorizers_config:
            return None

        if not isinstance(authorizers_config, dict):
            raise InvalidResourceException(self.logical_id,
                                           "Authorizers must be a dictionary")
        authorizers = {}

        for authorizer_name, authorizer in authorizers_config.items():
            authorizers[authorizer_name] = ApiGatewayAuthorizer(
                api_logical_id=self.logical_id,
                name=authorizer_name,
                user_pool_arn=authorizer.get('UserPoolArn'),
                function_arn=authorizer.get('FunctionArn'),
                identity=authorizer.get('Identity'),
                function_payload_type=authorizer.get('FunctionPayloadType'),
                function_invoke_role=authorizer.get('FunctionInvokeRole'))

        return authorizers
Exemplo n.º 9
0
 def test_create_oauth2_auth(self):
     auth = ApiGatewayAuthorizer(api_logical_id="logicalId",
                                 name="authName",
                                 authorization_scopes=["scope1", "scope2"])
     self.assertIsNotNone(auth)
Exemplo n.º 10
0
 def test_create_authorizer_fails_with_empty_identity(self):
     with pytest.raises(InvalidResourceException):
         ApiGatewayAuthorizer(api_logical_id="logicalId",
                              name="authName",
                              identity={},
                              function_payload_type="REQUEST")
Exemplo n.º 11
0
 def test_create_authorizer_fails_with_string_authorization_scopes(self):
     with pytest.raises(InvalidResourceException):
         ApiGatewayAuthorizer(api_logical_id="logicalId",
                              name="authName",
                              authorization_scopes="invalid_scope")