fix(apigatewayv2): websocket api: allow all methods in grant manage c…

…onnections Current code only grants POST method, but GET and DELETE methods are also needed for full connection management. closes #18410
aws · Jan 19, 2022 · c2b1221 · c2b1221
1 parent c7f39ca
commit c2b1221
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/api.ts
@@ -150,7 +150,7 @@ export class WebSocketApi extends ApiBase implements IWebSocketApi {
     return Grant.addToPrincipal({
       grantee: identity,
       actions: ['execute-api:ManageConnections'],
-      resourceArns: [`${arn}/*/POST/@connections/*`],
+      resourceArns: [`${arn}/*/*/@connections/*`],
     });
   }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/websocket/stage.ts
@@ -131,7 +131,7 @@ export class WebSocketStage extends StageBase implements IWebSocketStage {
     return Grant.addToPrincipal({
       grantee: identity,
       actions: ['execute-api:ManageConnections'],
-      resourceArns: [`${arn}/${this.stageName}/POST/@connections/*`],
+      resourceArns: [`${arn}/${this.stageName}/*/@connections/*`],
     });
   }
 }
diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/api.test.ts
@@ -141,7 +141,7 @@ describe('WebSocketApi', () => {
                 {
                   Ref: 'apiC8550315',
                 },
-                '/*/POST/@connections/*',
+                '/*/*/@connections/*',
               ]],
             },
           }]),

diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/websocket/stage.test.ts
@@ -99,7 +99,7 @@ describe('WebSocketStage', () => {
                 {
                   Ref: 'ApiF70053CD',
                 },
-                `/${defaultStage.stageName}/POST/@connections/*`,
+                `/${defaultStage.stageName}/*/@connections/*`,
               ]],
             },
           }]),
-Original file line number
+Diff line change
@@ Expand Up / @@ -141,7 +141,7 @@ describe('WebSocketApi', () => { @@
                     {
                       Ref: 'apiC8550315',
                     },
-                    '/*/POST/@connections/*',
+                    '/*/*/@connections/*',
                   ]],
                 },
               }]),
@@ Expand Down @@