From ea6ee86f4631eab6afafd7015894759cfd20de35 Mon Sep 17 00:00:00 2001 From: Kyle Roach Date: Thu, 3 Jun 2021 12:20:12 +0000 Subject: [PATCH] fix(apigatewayv2): http api - default route does not use the default authorizer (#14904) The default authorizer worked by passing the authorizer config to routes in the api by the addRoutes method. We completely forgot about the use case of the default integration, so currently using default integration + default authorizer does not create an authorizer. This PR fixes the bug and allows using default authorizer + default integration as expected. Reported by https://github.com/aws/aws-cdk/issues/10534#issuecomment-837895317 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../@aws-cdk/aws-apigatewayv2/lib/http/api.ts | 2 ++ .../aws-apigatewayv2/test/http/api.test.ts | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts index 73abc83c16111..f650d62bd289b 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts @@ -422,6 +422,8 @@ export class HttpApi extends HttpApiBase { httpApi: this, routeKey: HttpRouteKey.DEFAULT, integration: props.defaultIntegration, + authorizer: props.defaultAuthorizer, + authorizationScopes: props.defaultAuthorizationScopes, }); } diff --git a/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts b/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts index 3b07593676c11..c2324412d3396 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/test/http/api.test.ts @@ -400,6 +400,24 @@ describe('HttpApi', () => { }); }); + test('can add default authorizer when using default integration', () => { + const stack = new Stack(); + + const authorizer = new DummyAuthorizer(); + + new HttpApi(stack, 'api', { + defaultIntegration: new DummyRouteIntegration(), + defaultAuthorizer: authorizer, + defaultAuthorizationScopes: ['read:pets'], + }); + + expect(stack).toHaveResource('AWS::ApiGatewayV2::Route', { + AuthorizerId: 'auth-1234', + AuthorizationType: 'JWT', + AuthorizationScopes: ['read:pets'], + }); + }); + test('can add default authorizer, but remove it for a route', () => { const stack = new Stack(); const authorizer = new DummyAuthorizer();