From bec6aaa4daedc86b332c90615309e8474bec1add Mon Sep 17 00:00:00 2001 From: kstich Date: Thu, 15 Oct 2020 12:05:35 -0700 Subject: [PATCH] Allow customAuthType defaulting to be disabled Allow the setting of an empty customAuthType to indicate that the x-amazon-apigateway-authtype extension should not be set to "custom". This is done to handle the current defaulting behavior instead of adding a flag. This is necessary to enable API Gateway's built-in API key validation. --- .../source/1.0/spec/aws/amazon-apigateway.rst | 3 ++- .../apigateway/openapi/AddAuthorizers.java | 10 +++++++- .../openapi/AddAuthorizersTest.java | 22 ++++++++++++++++++ .../empty-custom-auth-type-authorizer.json | 23 +++++++++++++++++++ 4 files changed, 56 insertions(+), 2 deletions(-) create mode 100644 smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json diff --git a/docs/source/1.0/spec/aws/amazon-apigateway.rst b/docs/source/1.0/spec/aws/amazon-apigateway.rst index 3564ac50056..c0933478741 100644 --- a/docs/source/1.0/spec/aws/amazon-apigateway.rst +++ b/docs/source/1.0/spec/aws/amazon-apigateway.rst @@ -123,7 +123,8 @@ An *authorizer* definition is a structure that supports the following members: - The ``authType`` of the authorizer. This value is used in APIGateway exports as ``x-amazon-apigateway-authtype``. This value is set to ``custom`` by default, or ``awsSigv4`` if your scheme is - :ref:`aws.auth#sigv4 `. + :ref:`aws.auth#sigv4 `. Set the value to an empty + string to disable defaulting to ``custom``. * - uri - ``string`` - Specifies the authorizer's Uniform Resource Identifier diff --git a/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java b/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java index 8d568ff2c80..2464a2901f8 100644 --- a/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java +++ b/smithy-aws-apigateway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java @@ -167,7 +167,15 @@ private SecurityScheme convertAuthScheme( T authTrait = context.getService().expectTrait(converter.getAuthSchemeType()); SecurityScheme createdScheme = converter.createSecurityScheme(context, authTrait); SecurityScheme.Builder schemeBuilder = createdScheme.toBuilder(); - schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authorizer.getCustomAuthType().orElse(DEFAULT_AUTH_TYPE)); + + // Allow the setting of an empty customAuthType to indicate that + // the extension should not be set to "custom". This is done to + // handle the current defaulting behavior instead of adding a flag. + // This is necessary to enable API Gateway's built-in API key validation. + String authType = authorizer.getCustomAuthType().orElse(DEFAULT_AUTH_TYPE); + if (!authType.isEmpty()) { + schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authType); + } ObjectNode authorizerNode = Node.objectNodeBuilder() .withOptionalMember("type", authorizer.getType().map(Node::from)) diff --git a/smithy-aws-apigateway-openapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java b/smithy-aws-apigateway-openapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java index 137718da7c5..79d0f1fcfba 100644 --- a/smithy-aws-apigateway-openapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java +++ b/smithy-aws-apigateway-openapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java @@ -112,6 +112,28 @@ public void addsCustomAuthType() { assertFalse(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent()); } + @Test + public void emptyCustomAuthTypeNotSet() { + Model model = Model.assembler() + .discoverModels(getClass().getClassLoader()) + .addImport(getClass().getResource("empty-custom-auth-type-authorizer.json")) + .assemble() + .unwrap(); + OpenApiConfig config = new OpenApiConfig(); + config.setService(ShapeId.from("ns.foo#SomeService")); + OpenApi result = OpenApiConverter.create() + .config(config) + .classLoader(getClass().getClassLoader()) + .convert(model); + SecurityScheme apiKey = result.getComponents().getSecuritySchemes().get("api_key"); + + assertThat(apiKey.getType(), equalTo("apiKey")); + assertThat(apiKey.getName().get(), equalTo("x-api-key")); + assertThat(apiKey.getIn().get(), equalTo("header")); + assertFalse(apiKey.getExtension("x-amazon-apigateway-authtype").isPresent()); + assertFalse(apiKey.getExtension("x-amazon-apigateway-authorizer").isPresent()); + } + @Test public void resolvesEffectiveAuthorizersForEachOperation() { Model model = Model.assembler() diff --git a/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json new file mode 100644 index 00000000000..50a1a4fd075 --- /dev/null +++ b/smithy-aws-apigateway-openapi/src/test/resources/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json @@ -0,0 +1,23 @@ +{ + "smithy": "1.0", + "shapes": { + "ns.foo#SomeService": { + "type": "service", + "version": "2018-03-17", + "traits": { + "aws.protocols#restJson1": {}, + "smithy.api#httpApiKeyAuth": { + "name": "x-api-key", + "in": "header" + }, + "aws.apigateway#authorizer": "api_key", + "aws.apigateway#authorizers": { + "api_key": { + "scheme": "smithy.api#httpApiKeyAuth", + "customAuthType": "" + } + } + } + } + } +}