feat(cdk): Exposes authorizer id and authorization type

aws · Oct 4, 2024 · 1613fe0 · 1613fe0
1 parent 0755561
commit 1613fe0
Show file tree

Hide file tree

Showing 6 changed files with 89 additions and 7 deletions.
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/iam.ts b/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/iam.ts
@@ -9,9 +9,10 @@ import {
  * Authorize HTTP API Routes with IAM
  */
 export class HttpIamAuthorizer implements IHttpRouteAuthorizer {
+  public readonly authorizationType = HttpAuthorizerType.IAM;
   public bind(_options: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
     return {
-      authorizationType: HttpAuthorizerType.IAM,
+      authorizationType: this.authorizationType,
     };
   }
 }
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/jwt.ts b/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/jwt.ts
@@ -37,6 +37,7 @@ export interface HttpJwtAuthorizerProps {
  */
 export class HttpJwtAuthorizer implements IHttpRouteAuthorizer {
   private authorizer?: HttpAuthorizer;
+  public readonly authorizationType = 'JWT';
 
   /**
    * Initialize a JWT authorizer to be bound with HTTP route.
@@ -50,6 +51,18 @@ export class HttpJwtAuthorizer implements IHttpRouteAuthorizer {
     private readonly props: HttpJwtAuthorizerProps) {
   }
 
+  /**
+   * Return the id of the authorizer if it's been constructed
+   */
+  public get authorizerId(): string {
+    if (!this.authorizer) {
+      throw new Error(
+        'Cannot access authorizerId until authorizer is attached to a HttpRoute',
+      );
+    }
+    return this.authorizer.authorizerId;
+  }
+
   public bind(options: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
     if (!this.authorizer) {
       this.authorizer = new HttpAuthorizer(options.scope, this.id, {
@@ -64,7 +77,7 @@ export class HttpJwtAuthorizer implements IHttpRouteAuthorizer {
 
     return {
       authorizerId: this.authorizer.authorizerId,
-      authorizationType: 'JWT',
+      authorizationType: this.authorizationType,
     };
   }
 }
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/lambda.ts b/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/lambda.ts
@@ -67,7 +67,7 @@ export interface HttpLambdaAuthorizerProps {
 export class HttpLambdaAuthorizer implements IHttpRouteAuthorizer {
   private authorizer?: HttpAuthorizer;
   private httpApi?: IHttpApi;
-
+  public readonly authorizationType = 'CUSTOM';
   /**
    * Initialize a lambda authorizer to be bound with HTTP route.
    * @param id The id of the underlying construct
@@ -80,6 +80,18 @@ export class HttpLambdaAuthorizer implements IHttpRouteAuthorizer {
     private readonly props: HttpLambdaAuthorizerProps = {}) {
   }
 
+  /**
+   * Return the id of the authorizer if it's been constructed
+   */
+  public get authorizerId(): string {
+    if (!this.authorizer) {
+      throw new Error(
+        'Cannot access authorizerId until authorizer is attached to a HttpRoute',
+      );
+    }
+    return this.authorizer.authorizerId;
+  }
+
   public bind(options: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
     if (this.httpApi && (this.httpApi.apiId !== options.route.httpApi.apiId)) {
       throw new Error('Cannot attach the same authorizer to multiple Apis');
@@ -116,7 +128,7 @@ export class HttpLambdaAuthorizer implements IHttpRouteAuthorizer {
 
     return {
       authorizerId: this.authorizer.authorizerId,
-      authorizationType: 'CUSTOM',
+      authorizationType: this.authorizationType,
     };
   }
 }

diff --git a/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/user-pool.ts b/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/lib/http/user-pool.ts
@@ -38,7 +38,7 @@ export interface HttpUserPoolAuthorizerProps {
  */
 export class HttpUserPoolAuthorizer implements IHttpRouteAuthorizer {
   private authorizer?: HttpAuthorizer;
-
+  public readonly authorizationType = 'JWT';
   /**
    * Initialize a Cognito user pool authorizer to be bound with HTTP route.
    * @param id The id of the underlying construct
@@ -51,6 +51,18 @@ export class HttpUserPoolAuthorizer implements IHttpRouteAuthorizer {
     private readonly props: HttpUserPoolAuthorizerProps = {}) {
   }
 
+  /**
+   * Return the id of the authorizer if it's been constructed
+   */
+  public get authorizerId(): string {
+    if (!this.authorizer) {
+      throw new Error(
+        'Cannot access authorizerId until authorizer is attached to a HttpRoute',
+      );
+    }
+    return this.authorizer.authorizerId;
+  }
+
   public bind(options: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
     if (!this.authorizer) {
       const region = this.props.userPoolRegion ?? Stack.of(options.scope).region;
@@ -68,7 +80,7 @@ export class HttpUserPoolAuthorizer implements IHttpRouteAuthorizer {
 
     return {
       authorizerId: this.authorizer.authorizerId,
-      authorizationType: 'JWT',
+      authorizationType: this.authorizationType,
     };
   }
 }
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/test/http/lambda.test.ts b/packages/aws-cdk-lib/aws-apigatewayv2-authorizers/test/http/lambda.test.ts
@@ -158,4 +158,46 @@ describe('HttpLambdaAuthorizer', () => {
       AuthorizerResultTtlInSeconds: 600,
     });
   });
+
+  test('should expose authorizer id after authorizer has been bound to route', () => {
+    // GIVEN
+    const stack = new Stack();
+    const api = new HttpApi(stack, 'HttpApi');
+
+    const handler = new Function(stack, 'auth-function', {
+      runtime: lambda.Runtime.NODEJS_LATEST,
+      code: Code.fromInline('exports.handler = () => {return true}'),
+      handler: 'index.handler',
+    });
+
+    const authorizer = new HttpLambdaAuthorizer('BooksAuthorizer', handler);
+
+    // WHEN
+    api.addRoutes({
+      integration: new DummyRouteIntegration(),
+      path: '/books',
+      authorizer,
+    });
+
+    // THEN
+    expect(authorizer.authorizerId).toBeDefined();
+  });
+
+  test('should throw error when acessing authorizer before it been bound to route', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    const handler = new Function(stack, 'auth-function', {
+      runtime: lambda.Runtime.NODEJS_LATEST,
+      code: Code.fromInline('exports.handler = () => {return true}'),
+      handler: 'index.handler',
+    });
+
+    const t = () => {
+      new HttpLambdaAuthorizer('BooksAuthorizer', handler);
+    };
+
+    // THEN
+    expect(t).toThrow(TypeError);
+  });
 });
diff --git a/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/authorizer.ts b/packages/aws-cdk-lib/aws-apigatewayv2/lib/http/authorizer.ts
@@ -257,9 +257,11 @@ function undefinedIfNoKeys<A extends { [key: string]: unknown }>(obj: A): A | un
  * Explicitly configure no authorizers on specific HTTP API routes.
  */
 export class HttpNoneAuthorizer implements IHttpRouteAuthorizer {
+  public readonly authorizationType = 'NONE';
   public bind(_options: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
     return {
-      authorizationType: 'NONE',
+      authorizationType: this.authorizationType,
     };
   }
 }
+