From d7de6141ba898fc593e535a568de5936a5ea0353 Mon Sep 17 00:00:00 2001 From: Kaizen Conroy <36202692+kaizen3031593@users.noreply.github.com> Date: Fri, 7 Jan 2022 17:55:35 -0500 Subject: [PATCH] fix(apigatewayv2-authorizers): incorrect `identitySource` default for `WebSocketLambdaAuthorizer` (#18315) We introduced `WebSocketLambdaAuthorizer` in #16886 with an incorrect default `identitySource`, according to these [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-identitysource). The result is that using the default `identitySource` results in a deploy-time failure. This PR fixes the error and adds documentation for the syntax for all `identitySource` possibilities. I can confirm that this default successfully passes `cdk deploy` on my local app. Fixes #18307. BREAKING CHANGE: `WebSocketLambdaAuthorizerProps.identitySource` default changes from `['$request.header.Authorization']` to `['route.request.header.Authorization']`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-apigatewayv2-authorizers/lib/websocket/lambda.ts | 8 ++++++-- .../test/websocket/lambda.test.ts | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts index 2e60cbdd7b547..8b5b5c6d3fc43 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts @@ -28,7 +28,11 @@ export interface WebSocketLambdaAuthorizerProps { /** * The identity source for which authorization is requested. * - * @default ['$request.header.Authorization'] + * Request parameter match `'route.request.querystring|header.[a-zA-z0-9._-]+'`. + * Staged variable match `'stageVariables.[a-zA-Z0-9._-]+'`. + * Context parameter match `'context.[a-zA-Z0-9._-]+'`. + * + * @default ['route.request.header.Authorization'] */ readonly identitySource?: string[]; } @@ -56,7 +60,7 @@ export class WebSocketLambdaAuthorizer implements IWebSocketRouteAuthorizer { this.authorizer = new WebSocketAuthorizer(options.scope, this.id, { webSocketApi: options.route.webSocketApi, identitySource: this.props.identitySource ?? [ - '$request.header.Authorization', + 'route.request.header.Authorization', ], type: WebSocketAuthorizerType.LAMBDA, authorizerName: this.props.authorizerName ?? this.id, diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts index c171247801911..8a62d5731ac58 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts @@ -35,7 +35,7 @@ describe('WebSocketLambdaAuthorizer', () => { Name: 'default-authorizer', AuthorizerType: 'REQUEST', IdentitySource: [ - '$request.header.Authorization', + 'route.request.header.Authorization', ], });