Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow authType to be specified #160

Merged
merged 2 commits into from
Sep 13, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,7 @@ private OpenApi addComputedAuthorizers(Context context, OpenApi openApi, Authori
if (converter.getAuthSchemeName().equals(scheme)) {
SecurityScheme createdScheme = converter.createSecurityScheme(context);
SecurityScheme.Builder schemeBuilder = createdScheme.toBuilder();
schemeBuilder.putExtension(
CLIENT_EXTENSION_NAME, determineApiGatewayClientName(authorizer.getScheme()));
schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authorizer.getAuthType());

ObjectNode authorizerNode = Node.objectNodeBuilder()
.withOptionalMember("type", authorizer.getType().map(Node::from))
Expand All @@ -124,13 +123,4 @@ private OpenApi addComputedAuthorizers(Context context, OpenApi openApi, Authori
builder.components(components.build());
return builder.build();
}

// TODO: should this also allow overrides via configuration properties?
private static String determineApiGatewayClientName(String value) {
if (value.equals("aws.v4")) {
return "awsSigv4";
} else {
return "custom";
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -75,4 +75,24 @@ public void addsOnlyAuthType() {
assertThat(sigV4.getExtension("x-amazon-apigateway-authtype").get(), equalTo(Node.from("awsSigv4")));
assertFalse(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent());
}

@Test
public void addsCustomAuthType() {
Model model = Model.assembler()
.discoverModels(getClass().getClassLoader())
.addImport(getClass().getResource("custom-auth-type-authorizer.json"))
.assemble()
.unwrap();
OpenApi result = OpenApiConverter.create()
.classLoader(getClass().getClassLoader())
.convert(model, ShapeId.from("ns.foo#SomeService"));
SecurityScheme sigV4 = result.getComponents().getSecuritySchemes().get("sigv4");

assertThat(result.getComponents().getSecuritySchemes().get("aws.v4"), nullValue());
assertThat(sigV4.getType(), equalTo("apiKey"));
assertThat(sigV4.getName().get(), equalTo("Authorization"));
assertThat(sigV4.getIn().get(), equalTo("header"));
assertThat(sigV4.getExtension("x-amazon-apigateway-authtype").get(), equalTo(Node.from("myCustomType")));
assertFalse(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent());
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"smithy": "0.4.0",
"ns.foo": {
"shapes": {
"SomeService": {
"type": "service",
"version": "2018-03-17",
"protocols": [{"name": "aws.rest-json", "auth": ["aws.v4"]}],
"aws.apigateway#authorizer": "sigv4",
"aws.apigateway#authorizers": {
"sigv4": {
"scheme": "aws.v4",
"customAuthType": "myCustomType"
}
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,23 @@
* @see AuthorizersTrait
*/
public final class AuthorizerDefinition implements ToNode, ToSmithyBuilder<AuthorizerDefinition> {
private static final String SIGV4_AUTH_TYPE = "awsSigv4";
private static final String DEFAULT_AUTH_TYPE = "custom";
private static final String SCHEME_KEY = "scheme";
private static final String TYPE_KEY = "type";
private static final String AUTH_TYPE_KEY = "customAuthType";
private static final String URI_KEY = "uri";
private static final String CREDENTIALS_KEY = "credentials";
private static final String IDENTITY_SOURCE_KEY = "identitySource";
private static final String IDENTITY_VALIDATION_EXPRESSION_KEY = "identityValidationExpression";
private static final String RESULT_TTL_IN_SECONDS = "resultTtlInSeconds";
private static final List<String> PROPERTIES = ListUtils.of(
SCHEME_KEY, TYPE_KEY, URI_KEY, CREDENTIALS_KEY, IDENTITY_SOURCE_KEY,
SCHEME_KEY, TYPE_KEY, AUTH_TYPE_KEY, URI_KEY, CREDENTIALS_KEY, IDENTITY_SOURCE_KEY,
IDENTITY_VALIDATION_EXPRESSION_KEY, RESULT_TTL_IN_SECONDS);

private final String scheme;
private final String type;
private final String authType;
private final String uri;
private final String credentials;
private final String identitySource;
Expand All @@ -56,6 +60,7 @@ private AuthorizerDefinition(Builder builder) {
scheme = SmithyBuilder.requiredState(SCHEME_KEY, builder.scheme);
type = builder.type;
uri = builder.uri;
authType = builder.authType;
credentials = builder.credentials;
identitySource = builder.identitySource;
identityValidationExpression = builder.identityValidationExpression;
Expand Down Expand Up @@ -105,6 +110,25 @@ public Optional<String> getUri() {
return Optional.ofNullable(uri);
}

/**
* Gets the authType of the authorizer.
*
* <p>This value is not used directly by APIGateway but will be used for
* OpenAPI exports. This will default to "awsSigV4" if your scheme is
* "aws.v4", or "custom" otherwise.</p>
*
* @return Returns the authType.
*/
public String getAuthType() {
if (authType != null) {
return authType;
} else if (scheme.equals("aws.v4")) {
return SIGV4_AUTH_TYPE;
} else {
return DEFAULT_AUTH_TYPE;
}
}

/**
* Gets the Credentials required for invoking the authorizer, if any, in
* the form of an ARN of an IAM execution role.
Expand Down Expand Up @@ -156,6 +180,7 @@ public Builder toBuilder() {
.scheme(scheme)
.type(type)
.uri(uri)
.authType(authType)
.credentials(credentials)
.identitySource(identitySource)
.identityValidationExpression(identityValidationExpression)
Expand All @@ -167,6 +192,7 @@ public Node toNode() {
return Node.objectNodeBuilder()
.withMember(SCHEME_KEY, Node.from(getScheme()))
.withOptionalMember(TYPE_KEY, getType().map(Node::from))
.withOptionalMember(AUTH_TYPE_KEY, Optional.ofNullable(authType).map(Node::from))
.withOptionalMember(URI_KEY, getUri().map(Node::from))
.withOptionalMember(CREDENTIALS_KEY, getCredentials().map(Node::from))
.withOptionalMember(IDENTITY_SOURCE_KEY, getIdentitySource().map(Node::from))
Expand All @@ -188,6 +214,7 @@ public boolean equals(Object o) {
return scheme.equals(that.scheme)
&& Objects.equals(type, that.type)
&& Objects.equals(uri, that.uri)
&& Objects.equals(authType, that.authType)
&& Objects.equals(credentials, that.credentials)
&& Objects.equals(identitySource, that.identitySource)
&& Objects.equals(identityValidationExpression, that.identityValidationExpression)
Expand All @@ -206,6 +233,9 @@ static AuthorizerDefinition fromNode(ObjectNode node) {
node.getStringMember(TYPE_KEY)
.map(StringNode::getValue)
.ifPresent(builder::type);
node.getStringMember(AUTH_TYPE_KEY)
.map(StringNode::getValue)
.ifPresent(builder::authType);
node.getStringMember(URI_KEY)
.map(StringNode::getValue)
.ifPresent(builder::uri);
Expand All @@ -231,6 +261,7 @@ static AuthorizerDefinition fromNode(ObjectNode node) {
public static final class Builder implements SmithyBuilder<AuthorizerDefinition> {
private String scheme;
private String type;
private String authType;
private String uri;
private String credentials;
private String identitySource;
Expand Down Expand Up @@ -270,6 +301,21 @@ public Builder type(String type) {
return this;
}

/**
* Sets the authType of the authorizer.
*
* <p>This value is not used directly by APIGateway but will be used
* for OpenAPI exports. This will default to "awsSigV4" if your scheme
* is "aws.v4", or "custom" otherwise.</p>
*
* @param authType the auth type (e.g. awsSigV4)
* @return Returns the builder.
*/
public Builder authType(String authType) {
this.authType = authType;
return this;
}

/**
* Sets the Uniform Resource Identifier (URI) of the authorizer
* Lambda function.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@
"target": "smithy.api#String",
"documentation": "The type of the authorizer. If specifying information beyond the scheme, this value is required. The value must be \"token\", for an authorizer with the caller identity embedded in an authorization token, or \"request\", for an authorizer with the caller identity contained in request parameters."
},
"customAuthType": {
"target": "smithy.api#String",
"documentation": "This value is not used directly by APIGateway but will be used for OpenAPI exports. This will default to \"awsSigV4\" if your scheme is \"aws.v4\", or \"custom\" otherwise."
},
"uri": {
"target": "smithy.api#String",
"documentation": "The Uniform Resource Identifier (URI) of the authorizer Lambda function"
Expand Down
5 changes: 5 additions & 0 deletions docs/source/spec/amazon-apigateway.rst
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,11 @@ An *authorizer* definition is an object that supports the following properties:
authorizer with the caller identity embedded in an authorization token,
or "request", for an authorizer with the caller identity contained in
request parameters.
* - customAuthType
- ``string``
- The ``authType`` of the authorizer. This value is used in APIGateway
exports as ``x-amazon-apigateway-authtype``. This value is set to
``custom`` by default, or ``awsSigv4`` if your scheme is ``aws.v4``.
* - uri
- ``string``
- Specifies the authorizer's Uniform Resource Identifier
Expand Down