From a00747eb8cebf05691f276e783fbc2f2a3a8b47c Mon Sep 17 00:00:00 2001 From: Michael Brewer Date: Mon, 28 Feb 2022 23:39:47 -0800 Subject: [PATCH 1/3] fix(lambda-authorizer): Propertly parse resource path --- .../api_gateway_authorizer_event.py | 2 +- .../test_api_gateway_authorizer.py | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py b/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py index 64d051e6234..a64a9291731 100644 --- a/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py +++ b/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py @@ -60,7 +60,7 @@ def parse_api_gateway_arn(arn: str) -> APIGatewayRouteArn: api_id=api_gateway_arn_parts[0], stage=api_gateway_arn_parts[1], http_method=api_gateway_arn_parts[2], - resource=api_gateway_arn_parts[3] if len(api_gateway_arn_parts) == 4 else "", + resource="/".join(api_gateway_arn_parts[3:]) if len(api_gateway_arn_parts) >= 4 else "", ) diff --git a/tests/functional/data_classes/test_api_gateway_authorizer.py b/tests/functional/data_classes/test_api_gateway_authorizer.py index 137efaaa419..fd721c69a69 100644 --- a/tests/functional/data_classes/test_api_gateway_authorizer.py +++ b/tests/functional/data_classes/test_api_gateway_authorizer.py @@ -3,6 +3,7 @@ from aws_lambda_powertools.utilities.data_classes.api_gateway_authorizer_event import ( DENY_ALL_RESPONSE, APIGatewayAuthorizerResponse, + APIGatewayAuthorizerTokenEvent, HttpVerb, ) @@ -195,3 +196,26 @@ def test_authorizer_response_allow_route_with_underscore(builder: APIGatewayAuth ], }, } + + +def test_parse_api_gateway_arn_with_resource(): + mock_event = { + "type": "TOKEN", + "authorizationToken": "allow", + "methodArn": "arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/*/GET/foo/bar", + } + event = APIGatewayAuthorizerTokenEvent(mock_event) + event_arn = event.parsed_arn + assert "foo/bar" == event_arn.resource + + authorizer_policy = APIGatewayAuthorizerResponse( + principal_id="fooPrinciple", + region=event_arn.region, + aws_account_id=event_arn.aws_account_id, + api_id=event_arn.api_id, + stage=event_arn.stage, + ) + authorizer_policy.allow_route(http_method=event_arn.http_method, resource=event_arn.resource) + response = authorizer_policy.asdict() + + assert mock_event["methodArn"] == response["policyDocument"]["Statement"][0]["Resource"][0] From e4c5821c2da2d5b68daf07cfb4fbd51ad3753673 Mon Sep 17 00:00:00 2001 From: Michael Brewer Date: Tue, 1 Mar 2022 09:11:49 -0800 Subject: [PATCH 2/3] tests: Add a real world example --- .../functional/data_classes/test_api_gateway_authorizer.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/functional/data_classes/test_api_gateway_authorizer.py b/tests/functional/data_classes/test_api_gateway_authorizer.py index fd721c69a69..f54f8897ab2 100644 --- a/tests/functional/data_classes/test_api_gateway_authorizer.py +++ b/tests/functional/data_classes/test_api_gateway_authorizer.py @@ -201,12 +201,12 @@ def test_authorizer_response_allow_route_with_underscore(builder: APIGatewayAuth def test_parse_api_gateway_arn_with_resource(): mock_event = { "type": "TOKEN", - "authorizationToken": "allow", - "methodArn": "arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/*/GET/foo/bar", + "methodArn": "arn:aws:execute-api:us-east-2:1234567890:abcd1234/latest/GET/path/part/part/1", + "authorizationToken": "Bearer TOKEN", } event = APIGatewayAuthorizerTokenEvent(mock_event) event_arn = event.parsed_arn - assert "foo/bar" == event_arn.resource + assert event_arn.resource == "path/part/part/1" authorizer_policy = APIGatewayAuthorizerResponse( principal_id="fooPrinciple", From 999ec11b7bebd25128eba099d87a6eed3db809c2 Mon Sep 17 00:00:00 2001 From: Heitor Lessa Date: Wed, 2 Mar 2022 09:49:16 +0100 Subject: [PATCH 3/3] chore: add comment to ease maintenance --- .../utilities/data_classes/api_gateway_authorizer_event.py | 1 + 1 file changed, 1 insertion(+) diff --git a/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py b/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py index a64a9291731..51f8f74b56a 100644 --- a/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py +++ b/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py @@ -60,6 +60,7 @@ def parse_api_gateway_arn(arn: str) -> APIGatewayRouteArn: api_id=api_gateway_arn_parts[0], stage=api_gateway_arn_parts[1], http_method=api_gateway_arn_parts[2], + # conditional allow us to handle /path/{proxy+} resources, as their length changes. resource="/".join(api_gateway_arn_parts[3:]) if len(api_gateway_arn_parts) >= 4 else "", )