From 5f5bc203c45b56640bcf57357933f965236b4db2 Mon Sep 17 00:00:00 2001 From: Xia Zhao Date: Tue, 27 Feb 2024 17:48:28 -0800 Subject: [PATCH] Override the openapiversion --- samtranslator/model/api/api_generator.py | 7 +- .../input/api_open_api_version_override.yaml | 166 +++++++++++ .../output/api_open_api_version_override.json | 265 +++++++++++++++++ .../aws-cn/api_open_api_version_override.json | 273 ++++++++++++++++++ .../api_open_api_version_override.json | 273 ++++++++++++++++++ 5 files changed, 980 insertions(+), 4 deletions(-) create mode 100644 tests/translator/input/api_open_api_version_override.yaml create mode 100644 tests/translator/output/api_open_api_version_override.json create mode 100644 tests/translator/output/aws-cn/api_open_api_version_override.json create mode 100644 tests/translator/output/aws-us-gov/api_open_api_version_override.json diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py index a04352243..4eb10a036 100644 --- a/samtranslator/model/api/api_generator.py +++ b/samtranslator/model/api/api_generator.py @@ -1125,11 +1125,10 @@ def _openapi_postprocess(self, definition_body: Dict[str, Any]) -> Dict[str, Any if definition_body.get("swagger") is not None: return definition_body - if definition_body.get("openapi") is not None and self.open_api_version is None: - self.open_api_version = definition_body.get("openapi") + normalized_open_api_version = definition_body.get("openapi", self.open_api_version) - if self.open_api_version and SwaggerEditor.safe_compare_regex_with_string( - SwaggerEditor._OPENAPI_VERSION_3_REGEX, self.open_api_version + if normalized_open_api_version and SwaggerEditor.safe_compare_regex_with_string( + SwaggerEditor._OPENAPI_VERSION_3_REGEX, normalized_open_api_version ): if definition_body.get("securityDefinitions"): components = definition_body.get("components", Py27Dict()) diff --git a/tests/translator/input/api_open_api_version_override.yaml b/tests/translator/input/api_open_api_version_override.yaml new file mode 100644 index 000000000..7b325fb43 --- /dev/null +++ b/tests/translator/input/api_open_api_version_override.yaml @@ -0,0 +1,166 @@ +Transform: +- AWS::Serverless-2016-10-31 +Resources: + ApiGatewayCognitoExecutionRole4F7CB5C8: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: sts:AssumeRole + Effect: Allow + Principal: + Service: apigateway.amazonaws.com + Version: '2012-10-17' + Policies: + - PolicyDocument: + Statement: + - Action: lambda:Invoke* + Effect: Allow + Resource: + Fn::GetAtt: + - LambdaFunction7804BD21 + - Arn + Version: '2012-10-17' + PolicyName: apigInvokeLambda + LambdaFunctionServiceRoleD6E423C9: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: sts:AssumeRole + Effect: Allow + Principal: + Service: lambda.amazonaws.com + Version: '2012-10-17' + ManagedPolicyArns: + - Fn::Join: + - '' + - - 'arn:' + - Ref: AWS::Partition + - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + LambdaFunctionServiceRoleDefaultPolicyF01A7EDC: + Type: AWS::IAM::Policy + Properties: + PolicyDocument: + Statement: + - Action: sns:Publish + Effect: Allow + Resource: '*' + Version: '2012-10-17' + PolicyName: LambdaFunctionServiceRoleDefaultPolicyF01A7EDC + Roles: + - Ref: LambdaFunctionServiceRoleD6E423C9 + LambdaFunction7804BD21: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: | + exports.handler = async (event, context, callback) => { + const auth = event.queryStringParameters.authorization + const policyDocument = { + Version: '2012-10-17', + Statement: [{ + Action: 'execute-api:Invoke', + Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny', + Resource: event.methodArn + }] + } + + return { + principalId: 'user', + context: {}, + policyDocument + } + } + Role: + Fn::GetAtt: + - LambdaFunctionServiceRoleD6E423C9 + - Arn + Handler: index.handler + Runtime: nodejs16.x + MyCognitoUserPool: + Type: AWS::Cognito::UserPool + Properties: + UserPoolName: MyCognitoUserPool + ApiGatewayCognitoService15108F0B: + Type: AWS::Serverless::Api + Properties: + StageName: prod + Auth: + AddDefaultAuthorizerToCorsPreflight: false + Authorizers: + CognitoAuthorizer: + UserPoolArn: + Fn::GetAtt: MyCognitoUserPool.Arn + DefaultAuthorizer: CognitoAuthorizer + DefinitionBody: + openapi: 3.0.2 + info: + title: RxtHofApprovalServiceLambdaCognito + version: '2018-05-10' + paths: + /reviews: + post: + operationId: CreateReview + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateReviewRequestContent' + required: true + responses: + '200': + description: CreateReview 200 response + headers: + Access-Control-Allow-Origin: + schema: + type: string + Access-Control-Expose-Headers: + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/CreateReviewResponseContent' + x-amazon-apigateway-integration: + type: aws_proxy + httpMethod: POST + uri: + Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations + credentials: + Fn::Sub: ${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn} + responses: + default: + statusCode: '200' + responseParameters: + method.response.header.Access-Control-Allow-Origin: "'*'" + method.response.header.Access-Control-Expose-Headers: "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'" + components: + schemas: + CreateReviewRequestContent: + type: object + properties: + reviewId: + type: string + CreateReviewResponseContent: + type: object + properties: + reviewId: + type: string + securitySchemes: + aws.auth.sigv4: + type: apiKey + description: AWS Signature Version 4 authentication + name: Authorization + in: header + x-amazon-apigateway-authtype: awsSigv4 + security: + - aws.auth.sigv4: [] + x-amazon-apigateway-gateway-responses: + DEFAULT_5XX: + responseTemplates: + application/json: '{"message":$context.error.messageString}' + responseParameters: + gatewayresponse.header.Access-Control-Allow-Origin: "'*'" + OpenApiVersion: '2.0' + TracingEnabled: true diff --git a/tests/translator/output/api_open_api_version_override.json b/tests/translator/output/api_open_api_version_override.json new file mode 100644 index 000000000..90498cf57 --- /dev/null +++ b/tests/translator/output/api_open_api_version_override.json @@ -0,0 +1,265 @@ +{ + "Resources": { + "ApiGatewayCognitoExecutionRole4F7CB5C8": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:Invoke*", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "LambdaFunction7804BD21", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "apigInvokeLambda" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ApiGatewayCognitoService15108F0B": { + "Properties": { + "Body": { + "components": { + "schemas": { + "CreateReviewRequestContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + }, + "CreateReviewResponseContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + } + }, + "securitySchemes": { + "CognitoAuthorizer": { + "in": "header", + "name": "Authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "providerARNs": [ + { + "Fn::GetAtt": "MyCognitoUserPool.Arn" + } + ], + "type": "cognito_user_pools" + }, + "x-amazon-apigateway-authtype": "cognito_user_pools" + } + } + }, + "info": { + "title": "RxtHofApprovalServiceLambdaCognito", + "version": "2018-05-10" + }, + "openapi": "3.0.2", + "paths": { + "/reviews": { + "post": { + "operationId": "CreateReview", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewRequestContent" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewResponseContent" + } + } + }, + "description": "CreateReview 200 response", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Expose-Headers": { + "schema": { + "type": "string" + } + } + } + } + }, + "security": [ + { + "CognitoAuthorizer": [] + } + ], + "x-amazon-apigateway-integration": { + "credentials": { + "Fn::Sub": "${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}" + }, + "httpMethod": "POST", + "responses": { + "default": { + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Expose-Headers": "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'" + }, + "statusCode": "200" + } + }, + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations" + } + } + } + } + }, + "security": [ + { + "aws.auth.sigv4": [] + } + ], + "x-amazon-apigateway-gateway-responses": { + "DEFAULT_5XX": { + "responseParameters": { + "gatewayresponse.header.Access-Control-Allow-Origin": "'*'" + }, + "responseTemplates": { + "application/json": "{\"message\":$context.error.messageString}" + } + } + } + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiGatewayCognitoService15108F0BDeployment2a9725c838": { + "Properties": { + "Description": "RestApi deployment id: 2a9725c838d10c88c6c75fec8e5fe7557ff62cea", + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + } + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayCognitoService15108F0BprodStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiGatewayCognitoService15108F0BDeployment2a9725c838" + }, + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + }, + "StageName": "prod", + "TracingEnabled": true + }, + "Type": "AWS::ApiGateway::Stage" + }, + "LambdaFunction7804BD21": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event, context, callback) => {\n const auth = event.queryStringParameters.authorization\n const policyDocument = {\n Version: '2012-10-17',\n Statement: [{\n Action: 'execute-api:Invoke',\n Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',\n Resource: event.methodArn\n }]\n }\n \n return {\n principalId: 'user',\n context: {},\n policyDocument\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "LambdaFunctionServiceRoleD6E423C9", + "Arn" + ] + }, + "Runtime": "nodejs16.x" + }, + "Type": "AWS::Lambda::Function" + }, + "LambdaFunctionServiceRoleD6E423C9": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRoleD6E423C9" + } + ] + }, + "Type": "AWS::IAM::Policy" + }, + "MyCognitoUserPool": { + "Properties": { + "UserPoolName": "MyCognitoUserPool" + }, + "Type": "AWS::Cognito::UserPool" + } + } +} diff --git a/tests/translator/output/aws-cn/api_open_api_version_override.json b/tests/translator/output/aws-cn/api_open_api_version_override.json new file mode 100644 index 000000000..2b1ece951 --- /dev/null +++ b/tests/translator/output/aws-cn/api_open_api_version_override.json @@ -0,0 +1,273 @@ +{ + "Resources": { + "ApiGatewayCognitoExecutionRole4F7CB5C8": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:Invoke*", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "LambdaFunction7804BD21", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "apigInvokeLambda" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ApiGatewayCognitoService15108F0B": { + "Properties": { + "Body": { + "components": { + "schemas": { + "CreateReviewRequestContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + }, + "CreateReviewResponseContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + } + }, + "securitySchemes": { + "CognitoAuthorizer": { + "in": "header", + "name": "Authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "providerARNs": [ + { + "Fn::GetAtt": "MyCognitoUserPool.Arn" + } + ], + "type": "cognito_user_pools" + }, + "x-amazon-apigateway-authtype": "cognito_user_pools" + } + } + }, + "info": { + "title": "RxtHofApprovalServiceLambdaCognito", + "version": "2018-05-10" + }, + "openapi": "3.0.2", + "paths": { + "/reviews": { + "post": { + "operationId": "CreateReview", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewRequestContent" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewResponseContent" + } + } + }, + "description": "CreateReview 200 response", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Expose-Headers": { + "schema": { + "type": "string" + } + } + } + } + }, + "security": [ + { + "CognitoAuthorizer": [] + } + ], + "x-amazon-apigateway-integration": { + "credentials": { + "Fn::Sub": "${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}" + }, + "httpMethod": "POST", + "responses": { + "default": { + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Expose-Headers": "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'" + }, + "statusCode": "200" + } + }, + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations" + } + } + } + } + }, + "security": [ + { + "aws.auth.sigv4": [] + } + ], + "x-amazon-apigateway-gateway-responses": { + "DEFAULT_5XX": { + "responseParameters": { + "gatewayresponse.header.Access-Control-Allow-Origin": "'*'" + }, + "responseTemplates": { + "application/json": "{\"message\":$context.error.messageString}" + } + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiGatewayCognitoService15108F0BDeployment2a9725c838": { + "Properties": { + "Description": "RestApi deployment id: 2a9725c838d10c88c6c75fec8e5fe7557ff62cea", + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + } + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayCognitoService15108F0BprodStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiGatewayCognitoService15108F0BDeployment2a9725c838" + }, + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + }, + "StageName": "prod", + "TracingEnabled": true + }, + "Type": "AWS::ApiGateway::Stage" + }, + "LambdaFunction7804BD21": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event, context, callback) => {\n const auth = event.queryStringParameters.authorization\n const policyDocument = {\n Version: '2012-10-17',\n Statement: [{\n Action: 'execute-api:Invoke',\n Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',\n Resource: event.methodArn\n }]\n }\n \n return {\n principalId: 'user',\n context: {},\n policyDocument\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "LambdaFunctionServiceRoleD6E423C9", + "Arn" + ] + }, + "Runtime": "nodejs16.x" + }, + "Type": "AWS::Lambda::Function" + }, + "LambdaFunctionServiceRoleD6E423C9": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRoleD6E423C9" + } + ] + }, + "Type": "AWS::IAM::Policy" + }, + "MyCognitoUserPool": { + "Properties": { + "UserPoolName": "MyCognitoUserPool" + }, + "Type": "AWS::Cognito::UserPool" + } + } +} diff --git a/tests/translator/output/aws-us-gov/api_open_api_version_override.json b/tests/translator/output/aws-us-gov/api_open_api_version_override.json new file mode 100644 index 000000000..2b1ece951 --- /dev/null +++ b/tests/translator/output/aws-us-gov/api_open_api_version_override.json @@ -0,0 +1,273 @@ +{ + "Resources": { + "ApiGatewayCognitoExecutionRole4F7CB5C8": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:Invoke*", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "LambdaFunction7804BD21", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "apigInvokeLambda" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ApiGatewayCognitoService15108F0B": { + "Properties": { + "Body": { + "components": { + "schemas": { + "CreateReviewRequestContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + }, + "CreateReviewResponseContent": { + "properties": { + "reviewId": { + "type": "string" + } + }, + "type": "object" + } + }, + "securitySchemes": { + "CognitoAuthorizer": { + "in": "header", + "name": "Authorization", + "type": "apiKey", + "x-amazon-apigateway-authorizer": { + "providerARNs": [ + { + "Fn::GetAtt": "MyCognitoUserPool.Arn" + } + ], + "type": "cognito_user_pools" + }, + "x-amazon-apigateway-authtype": "cognito_user_pools" + } + } + }, + "info": { + "title": "RxtHofApprovalServiceLambdaCognito", + "version": "2018-05-10" + }, + "openapi": "3.0.2", + "paths": { + "/reviews": { + "post": { + "operationId": "CreateReview", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewRequestContent" + } + } + }, + "required": true + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateReviewResponseContent" + } + } + }, + "description": "CreateReview 200 response", + "headers": { + "Access-Control-Allow-Origin": { + "schema": { + "type": "string" + } + }, + "Access-Control-Expose-Headers": { + "schema": { + "type": "string" + } + } + } + } + }, + "security": [ + { + "CognitoAuthorizer": [] + } + ], + "x-amazon-apigateway-integration": { + "credentials": { + "Fn::Sub": "${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}" + }, + "httpMethod": "POST", + "responses": { + "default": { + "responseParameters": { + "method.response.header.Access-Control-Allow-Origin": "'*'", + "method.response.header.Access-Control-Expose-Headers": "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'" + }, + "statusCode": "200" + } + }, + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations" + } + } + } + } + }, + "security": [ + { + "aws.auth.sigv4": [] + } + ], + "x-amazon-apigateway-gateway-responses": { + "DEFAULT_5XX": { + "responseParameters": { + "gatewayresponse.header.Access-Control-Allow-Origin": "'*'" + }, + "responseTemplates": { + "application/json": "{\"message\":$context.error.messageString}" + } + } + } + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ApiGatewayCognitoService15108F0BDeployment2a9725c838": { + "Properties": { + "Description": "RestApi deployment id: 2a9725c838d10c88c6c75fec8e5fe7557ff62cea", + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + } + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ApiGatewayCognitoService15108F0BprodStage": { + "Properties": { + "DeploymentId": { + "Ref": "ApiGatewayCognitoService15108F0BDeployment2a9725c838" + }, + "RestApiId": { + "Ref": "ApiGatewayCognitoService15108F0B" + }, + "StageName": "prod", + "TracingEnabled": true + }, + "Type": "AWS::ApiGateway::Stage" + }, + "LambdaFunction7804BD21": { + "Properties": { + "Code": { + "ZipFile": "exports.handler = async (event, context, callback) => {\n const auth = event.queryStringParameters.authorization\n const policyDocument = {\n Version: '2012-10-17',\n Statement: [{\n Action: 'execute-api:Invoke',\n Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',\n Resource: event.methodArn\n }]\n }\n \n return {\n principalId: 'user',\n context: {},\n policyDocument\n }\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "LambdaFunctionServiceRoleD6E423C9", + "Arn" + ] + }, + "Runtime": "nodejs16.x" + }, + "Type": "AWS::Lambda::Function" + }, + "LambdaFunctionServiceRoleD6E423C9": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LambdaFunctionServiceRoleDefaultPolicyF01A7EDC", + "Roles": [ + { + "Ref": "LambdaFunctionServiceRoleD6E423C9" + } + ] + }, + "Type": "AWS::IAM::Policy" + }, + "MyCognitoUserPool": { + "Properties": { + "UserPoolName": "MyCognitoUserPool" + }, + "Type": "AWS::Cognito::UserPool" + } + } +}