-
Notifications
You must be signed in to change notification settings - Fork 421
/
Copy pathtest_openapi_extensions.py
268 lines (217 loc) · 10.1 KB
/
test_openapi_extensions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
from __future__ import annotations
import json
from aws_lambda_powertools.event_handler.api_gateway import APIGatewayRestResolver, Router
from aws_lambda_powertools.event_handler.openapi.models import (
APIKey,
APIKeyIn,
OAuth2,
OAuthFlowImplicit,
OAuthFlows,
Server,
)
def test_openapi_extension_root_level():
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
cors_config = {
"maxAge": 0,
"allowCredentials": False,
}
# WHEN we get the OpenAPI JSON schema with CORS extension in the Root Level
schema = json.loads(
app.get_openapi_json_schema(
openapi_extensions={"x-amazon-apigateway-cors": cors_config},
),
)
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-cors" extension
assert "x-amazon-apigateway-cors" in schema
assert schema["x-amazon-apigateway-cors"] == cors_config
def test_openapi_extension_server_level():
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
endpoint_config = {
"disableExecuteApiEndpoint": True,
"vpcEndpointIds": ["vpce-0df8e77555fca0000"],
}
server_config = {
"url": "https://example.org/",
"description": "Example website",
}
# WHEN we get the OpenAPI JSON schema with a server-level openapi extension
schema = json.loads(
app.get_openapi_json_schema(
title="Hello API",
version="1.0.0",
servers=[
Server(
**server_config,
openapi_extensions={
"x-amazon-apigateway-endpoint-configuration": endpoint_config,
},
),
],
),
)
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-endpoint-configuration" at the server level
assert "x-amazon-apigateway-endpoint-configuration" in schema["servers"][0]
assert schema["servers"][0]["x-amazon-apigateway-endpoint-configuration"] == endpoint_config
assert schema["servers"][0]["url"] == server_config["url"]
assert schema["servers"][0]["description"] == server_config["description"]
def test_openapi_extension_security_scheme_level_with_api_key():
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
authorizer_config = {
"authorizerUri": "arn:aws:apigateway:us-east-1:...:function:authorizer/invocations",
"authorizerResultTtlInSeconds": 300,
"type": "token",
}
api_key_config = {
"name": "X-API-KEY",
"description": "API Key",
"in_": APIKeyIn.header,
}
# WHEN we get the OpenAPI JSON schema with a security scheme-level extension for a custom auth
schema = json.loads(
app.get_openapi_json_schema(
security_schemes={
"apiKey": APIKey(
**api_key_config,
openapi_extensions={
"x-amazon-apigateway-authtype": "custom",
"x-amazon-apigateway-authorizer": authorizer_config,
},
),
},
),
)
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-authtype" extension at the security scheme level
assert "x-amazon-apigateway-authtype" in schema["components"]["securitySchemes"]["apiKey"]
assert schema["components"]["securitySchemes"]["apiKey"]["x-amazon-apigateway-authtype"] == "custom"
assert schema["components"]["securitySchemes"]["apiKey"]["x-amazon-apigateway-authorizer"] == authorizer_config
assert schema["components"]["securitySchemes"]["apiKey"]["name"] == api_key_config["name"]
assert schema["components"]["securitySchemes"]["apiKey"]["description"] == api_key_config["description"]
assert schema["components"]["securitySchemes"]["apiKey"]["in"] == "header"
def test_openapi_extension_security_scheme_level_with_oauth2():
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
authorizer_config = {
"identitySource": "$request.header.Authorization",
"jwtConfiguration": {
"audience": ["test"],
"issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxx/",
},
"type": "jwt",
}
oauth2_config = {
"flows": OAuthFlows(
implicit=OAuthFlowImplicit(
authorizationUrl="https://example.com/oauth2/authorize",
),
),
}
# WHEN we get the OpenAPI JSON schema with a security scheme-level extension for a custom auth
schema = json.loads(
app.get_openapi_json_schema(
security_schemes={
"oauth2": OAuth2(
**oauth2_config,
openapi_extensions={
"x-amazon-apigateway-authorizer": authorizer_config,
},
),
},
),
)
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-authorizer" extension at the security scheme level
assert "x-amazon-apigateway-authorizer" in schema["components"]["securitySchemes"]["oauth2"]
assert schema["components"]["securitySchemes"]["oauth2"]["x-amazon-apigateway-authorizer"] == authorizer_config
assert (
schema["components"]["securitySchemes"]["oauth2"]["x-amazon-apigateway-authorizer"]["identitySource"]
== "$request.header.Authorization"
)
assert schema["components"]["securitySchemes"]["oauth2"]["x-amazon-apigateway-authorizer"]["jwtConfiguration"][
"audience"
] == ["test"]
assert (
schema["components"]["securitySchemes"]["oauth2"]["x-amazon-apigateway-authorizer"]["jwtConfiguration"][
"issuer"
]
== "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxx/"
)
def test_openapi_extension_operation_level(openapi_extension_integration_detail):
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
# WHEN we define an integration extension at operation level
# AND get the schema
@app.get("/test", openapi_extensions={"x-amazon-apigateway-integration": openapi_extension_integration_detail})
def lambda_handler():
pass
schema = json.loads(app.get_openapi_json_schema())
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-integration" extension at the operation level
assert "x-amazon-apigateway-integration" in schema["paths"]["/test"]["get"]
assert schema["paths"]["/test"]["get"]["x-amazon-apigateway-integration"] == openapi_extension_integration_detail
assert schema["paths"]["/test"]["get"]["operationId"] == "lambda_handler_test_get"
def test_openapi_extension_operation_level_multiple_paths(
openapi_extension_integration_detail,
openapi_extension_validator_detail,
):
# GIVEN an APIGatewayRestResolver instance
app = APIGatewayRestResolver()
# WHEN we define multiple routes with integration extension at operation level
# AND get the schema
@app.get("/test", openapi_extensions={"x-amazon-apigateway-integration": openapi_extension_integration_detail})
def lambda_handler_get():
pass
@app.post("/test", openapi_extensions={"x-amazon-apigateway-request-validator": openapi_extension_validator_detail})
def lambda_handler_post():
pass
schema = json.loads(app.get_openapi_json_schema())
# THEN each route must contain only your extension
assert "x-amazon-apigateway-integration" in schema["paths"]["/test"]["get"]
assert schema["paths"]["/test"]["get"]["x-amazon-apigateway-integration"] == openapi_extension_integration_detail
assert "x-amazon-apigateway-integration" not in schema["paths"]["/test"]["post"]
assert "x-amazon-apigateway-request-validator" in schema["paths"]["/test"]["post"]
assert (
schema["paths"]["/test"]["post"]["x-amazon-apigateway-request-validator"] == openapi_extension_validator_detail
)
def test_openapi_extension_operation_level_with_router(openapi_extension_integration_detail):
# GIVEN an APIGatewayRestResolver and Router instance
app = APIGatewayRestResolver()
router = Router()
# WHEN we define an integration extension at operation level using Router
# AND get the schema
@router.get("/test", openapi_extensions={"x-amazon-apigateway-integration": openapi_extension_integration_detail})
def lambda_handler():
pass
app.include_router(router)
schema = json.loads(app.get_openapi_json_schema())
# THEN the OpenAPI schema must contain the "x-amazon-apigateway-integration" extension at the operation level
assert "x-amazon-apigateway-integration" in schema["paths"]["/test"]["get"]
assert schema["paths"]["/test"]["get"]["x-amazon-apigateway-integration"] == openapi_extension_integration_detail
def test_openapi_extension_operation_level_multiple_paths_with_router(
openapi_extension_integration_detail,
openapi_extension_validator_detail,
):
# GIVEN an APIGatewayRestResolver and Router instance
app = APIGatewayRestResolver()
router = Router()
# WHEN we define multiple routes using extensions at operation level using Router
# AND get the schema
@router.get("/test", openapi_extensions={"x-amazon-apigateway-integration": openapi_extension_integration_detail})
def lambda_handler_get():
pass
@router.post(
"/test",
openapi_extensions={"x-amazon-apigateway-request-validator": openapi_extension_validator_detail},
)
def lambda_handler_post():
pass
app.include_router(router)
schema = json.loads(app.get_openapi_json_schema())
# THEN each route must contain only your extension
assert "x-amazon-apigateway-integration" in schema["paths"]["/test"]["get"]
assert schema["paths"]["/test"]["get"]["x-amazon-apigateway-integration"] == openapi_extension_integration_detail
assert "x-amazon-apigateway-integration" not in schema["paths"]["/test"]["post"]
assert "x-amazon-apigateway-request-validator" in schema["paths"]["/test"]["post"]
assert (
schema["paths"]["/test"]["post"]["x-amazon-apigateway-request-validator"] == openapi_extension_validator_detail
)