fix(apigatewayv2): does not work in non-aws partition (#25284)

We hard `aws` partitions hardcoded in certain strings.

Adds an eslint rule to prevent the same from happening again in the future.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: rix0rrr

packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/bootstrapping.integtest.ts

@@ -1,3 +1,4 @@
+/* eslint-disable @aws-cdk/no-literal-partition */
 import * as fs from 'fs';
 import * as path from 'path';
 import * as yaml from 'yaml';

packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/integration.ts

@@ -1,5 +1,5 @@
 import { IRole } from 'aws-cdk-lib/aws-iam';
-import { Resource } from 'aws-cdk-lib';
+import { Aws, Resource } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { IHttpApi } from './api';
 import { HttpMethod, IHttpRoute } from './route';
@@ -103,7 +103,7 @@ export abstract class IntegrationCredentials {
 
   /** Use the calling user's identity to call the integration */
   public static useCallerIdentity(): IntegrationCredentials {
-    return { credentialsArn: 'arn:aws:iam::*:user/*' };
+    return { credentialsArn: `arn:${Aws.PARTITION}:iam::*:user/*` };
   }
 
   /**

packages/@aws-cdk/aws-apigatewayv2-alpha/lib/http/route.ts

@@ -1,5 +1,5 @@
 import * as iam from 'aws-cdk-lib/aws-iam';
-import { Resource } from 'aws-cdk-lib';
+import { Aws, Resource } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { IHttpApi } from './api';
 import { HttpRouteAuthorizerConfig, IHttpRouteAuthorizer } from './authorizer';
@@ -236,7 +236,7 @@ export class HttpRoute extends Resource implements IHttpRoute {
     // path variable and all that follows with a wildcard.
     const iamPath = path.replace(/\{.*?\}.*/, '*');
 
-    return `arn:aws:execute-api:${this.env.region}:${this.env.account}:${this.httpApi.apiId}/${stage}/${iamHttpMethod}${iamPath}`;
+    return `arn:${Aws.PARTITION}:execute-api:${this.env.region}:${this.env.account}:${this.httpApi.apiId}/${stage}/${iamHttpMethod}${iamPath}`;
   }
 
   public grantInvoke(grantee: iam.IGrantable, options: GrantInvokeOptions = {}): iam.Grant {

packages/@aws-cdk/aws-apigatewayv2-alpha/test/http/route.test.ts

@@ -393,7 +393,9 @@ describe('HttpRoute', () => {
               'Fn::Join': [
                 '',
                 [
-                  'arn:aws:execute-api:',
+                  'arn:',
+                  { Ref: 'AWS::Partition' },
+                  ':execute-api:',
                   { Ref: 'AWS::Region' },
                   ':',
                   { Ref: 'AWS::AccountId' },
@@ -444,7 +446,9 @@ describe('HttpRoute', () => {
                 'Fn::Join': [
                   '',
                   [
-                    'arn:aws:execute-api:',
+                    'arn:',
+                    { Ref: 'AWS::Partition' },
+                    ':execute-api:',
                     { Ref: 'AWS::Region' },
                     ':',
                     { Ref: 'AWS::AccountId' },
@@ -458,7 +462,9 @@ describe('HttpRoute', () => {
                 'Fn::Join': [
                   '',
                   [
-                    'arn:aws:execute-api:',
+                    'arn:',
+                    { Ref: 'AWS::Partition' },
+                    ':execute-api:',
                     { Ref: 'AWS::Region' },
                     ':',
                     { Ref: 'AWS::AccountId' },
@@ -507,7 +513,9 @@ describe('HttpRoute', () => {
               'Fn::Join': [
                 '',
                 [
-                  'arn:aws:execute-api:',
+                  'arn:',
+                  { Ref: 'AWS::Partition' },
+                  ':execute-api:',
                   { Ref: 'AWS::Region' },
                   ':',
                   { Ref: 'AWS::AccountId' },
@@ -580,7 +588,9 @@ describe('HttpRoute', () => {
     // THEN
     expect(stack.resolve(route.routeArn)).toEqual({
       'Fn::Join': ['', [
-        'arn:aws:execute-api:',
+        'arn:',
+        { Ref: 'AWS::Partition' },
+        ':execute-api:',
         { Ref: 'AWS::Region' },
         ':',
         { Ref: 'AWS::AccountId' },
@@ -605,7 +615,9 @@ describe('HttpRoute', () => {
     // THEN
     expect(stack.resolve(route.routeArn)).toEqual({
       'Fn::Join': ['', [
-        'arn:aws:execute-api:',
+        'arn:',
+        { Ref: 'AWS::Partition' },
+        ':execute-api:',
         { Ref: 'AWS::Region' },
         ':',
         { Ref: 'AWS::AccountId' },

packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.iam.js.snapshot/IntegApiGatewayV2Iam.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "20.0.0",
+  "version": "31.0.0",
   "files": {
-    "7332d1f16eb3c30dc1e90813757b35ed0f36282e60246f0d439a027d7963089a": {
+    "b46d250c47897b59c971b488d6f6bb6f29b101efdb994a0f5e4e547b8dafb886": {
       "source": {
         "path": "IntegApiGatewayV2Iam.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "7332d1f16eb3c30dc1e90813757b35ed0f36282e60246f0d439a027d7963089a.json",
+          "objectKey": "b46d250c47897b59c971b488d6f6bb6f29b101efdb994a0f5e4e547b8dafb886.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.iam.js.snapshot/IntegApiGatewayV2Iam.template.json

@@ -16,7 +16,11 @@
          "Fn::Join": [
           "",
           [
-           "arn:aws:execute-api:",
+           "arn:",
+           {
+            "Ref": "AWS::Partition"
+           },
+           ":execute-api:",
            {
             "Ref": "AWS::Region"
            },
@@ -36,7 +40,11 @@
          "Fn::Join": [
           "",
           [
-           "arn:aws:execute-api:",
+           "arn:",
+           {
+            "Ref": "AWS::Partition"
+           },
+           ":execute-api:",
            {
             "Ref": "AWS::Region"
            },

packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.iam.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"20.0.0"}
+{"version":"31.0.0"}

packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.iam.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "31.0.0",
   "testCases": {
     "integ.iam": {
       "stacks": [

packages/@aws-cdk/aws-apigatewayv2-authorizers-alpha/test/http/integ.iam.js.snapshot/manifest.json

@@ -1,12 +1,6 @@
 {
-  "version": "20.0.0",
+  "version": "31.0.0",
   "artifacts": {
-    "Tree": {
-      "type": "cdk:tree",
-      "properties": {
-        "file": "tree.json"
-      }
-    },
     "IntegApiGatewayV2Iam.assets": {
       "type": "cdk:asset-manifest",
       "properties": {
@@ -23,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7332d1f16eb3c30dc1e90813757b35ed0f36282e60246f0d439a027d7963089a.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b46d250c47897b59c971b488d6f6bb6f29b101efdb994a0f5e4e547b8dafb886.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -131,6 +125,12 @@
         ]
       },
       "displayName": "IntegApiGatewayV2Iam"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
     }
   }
 }