Merge branch 'develop' into ci-bump-11699447604

anafalcao · web-flow · commit 5b0fb716d3a2 · 2024-11-06T15:53:42.000-03:00
diff --git a/aws_lambda_powertools/event_handler/openapi/models.py b/aws_lambda_powertools/event_handler/openapi/models.py
@@ -363,6 +363,7 @@ class SecuritySchemeType(Enum):
     http = "http"
     oauth2 = "oauth2"
     openIdConnect = "openIdConnect"
+    mutualTLS = "mutualTLS"
 
 
 class SecurityBase(OpenAPIExtensions):
@@ -440,7 +441,11 @@ class OpenIdConnect(SecurityBase):
     openIdConnectUrl: str
 
 
-SecurityScheme = Union[APIKey, HTTPBase, OAuth2, OpenIdConnect, HTTPBearer]
+class MutualTLS(SecurityBase):
+    type_: SecuritySchemeType = Field(default=SecuritySchemeType.mutualTLS, alias="type")
+
+
+SecurityScheme = Union[APIKey, HTTPBase, OAuth2, OpenIdConnect, HTTPBearer, MutualTLS]
 
 
 # https://swagger.io/specification/#components-object
diff --git a/docs/Dockerfile b/docs/Dockerfile
@@ -1,5 +1,5 @@
 # v9.1.18
-FROM squidfunk/mkdocs-material@sha256:2c2802b4d26154eb2c30238ba8ed3aab3a6276009334fd99613e4c01e97cd420
+FROM squidfunk/mkdocs-material@sha256:ce587cbffd5283056df4a84bd3f2eb0c54f0031b1789844dcaf6ac53da0fd52c
 # pip-compile --generate-hashes --output-file=requirements.txt requirements.in
 COPY requirements.txt /tmp/
 RUN pip install --require-hashes -r /tmp/requirements.txt
diff --git a/docs/core/event_handler/api_gateway.md b/docs/core/event_handler/api_gateway.md
@@ -1111,6 +1111,7 @@ OpenAPI 3 lets you describe APIs protected using the following security schemes:
 | [API keys](https://swagger.io/docs/specification/authentication/api-keys/https://swagger.io/docs/specification/authentication/api-keys/){target="_blank"} (e.g: query strings, cookies) | `APIKey`        | API keys in headers, query strings or [cookies](https://swagger.io/docs/specification/authentication/cookie-authentication/){target="_blank"}.                                                                                                                                      |
 | [OAuth 2](https://swagger.io/docs/specification/authentication/oauth2/){target="_blank"}                                                                                                | `OAuth2`        | Authorization protocol that gives an API client limited access to user data on a web server.                                                                                                                                                                                        |
 | [OpenID Connect Discovery](https://swagger.io/docs/specification/authentication/openid-connect-discovery/){target="_blank"}                                                             | `OpenIdConnect` | Identity layer built [on top of the OAuth 2.0 protocol](https://openid.net/developers/how-connect-works/){target="_blank"} and supported by some OAuth 2.0.                                                                                                                         |
+| [Mutual TLS](https://swagger.io/specification/#security-scheme-object){target="_blank"}.                                                                                                | `MutualTLS`     | Client/server certificate mutual authentication scheme. |
 
 ???-note "Using OAuth2 with the Swagger UI?"
     You can use the `OAuth2Config` option to configure a default OAuth2 app on the generated Swagger UI.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -79,7 +79,7 @@ aws-cdk-lib = "^2.165.0"
 pytest-benchmark = "^4.0.0"
 types-requests = "^2.31.0"
 typing-extensions = "^4.12.2"
-mkdocs-material = "^9.5.43"
+mkdocs-material = "^9.5.44"
 filelock = "^3.16.0"
 dirhash = "^0.5.0"
 mypy-boto3-appconfigdata = "^1.35.0"
diff --git a/tests/functional/event_handler/_pydantic/test_openapi_security_schemes.py b/tests/functional/event_handler/_pydantic/test_openapi_security_schemes.py
@@ -3,6 +3,7 @@
     APIKey,
     APIKeyIn,
     HTTPBearer,
+    MutualTLS,
     OAuth2,
     OAuthFlowImplicit,
     OAuthFlows,
@@ -110,3 +111,24 @@ def handler():
     open_id_connect_scheme = security_schemes["openIdConnect"]
     assert open_id_connect_scheme.type_.value == "openIdConnect"
     assert open_id_connect_scheme.openIdConnectUrl == "https://example.com/oauth2/authorize"
+
+
+def test_openapi_security_scheme_mtls():
+    app = APIGatewayRestResolver()
+
+    @app.get("/")
+    def handler():
+        raise NotImplementedError()
+
+    schema = app.get_openapi_schema(
+        security_schemes={
+            "mutualTLS": MutualTLS(description="mTLS Authentication"),
+        },
+    )
+
+    security_schemes = schema.components.securitySchemes
+    assert security_schemes is not None
+
+    assert "mutualTLS" in security_schemes
+    mtls_scheme = security_schemes["mutualTLS"]
+    assert mtls_scheme.description == "mTLS Authentication"
