jets 2.1.7 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6530b12d6ba264316e90060f23d092ff540d9521d7d107524750f68cb939532
-  data.tar.gz: d64885168c3e73f61a6351b50b8b85f1719d84dd3dbcb7d0972844a2f028264d
+  metadata.gz: 00d2f09e01d8be696832564080069855665cf1cc17111d0c6ade401a640bfe09
+  data.tar.gz: 4ec605c411378a9c49745298eaa4b73d10478fdbdd7adb012ac32ca9b58e7fa8
 SHA512:
-  metadata.gz: 8dedd8a646526a5edc4a678887d069a180eeb7792f414dde66aa5ba02394b27842315a2a43527eebdb7724c2320d39dba63b2ce4a68fbc3f06a64f18ad75ee9a
-  data.tar.gz: ea63325a12758b511f7908c9b27f0a69fa25109908b7a09af8ec758d65f1646a5f067199e1890407ca2e58f7745428d9af2e0bb05d8dbb6c6675c65980420646
+  metadata.gz: 14b548c897b3331ef31b86edede38d1f2b9e4a01c050be39676a839afc5ecfa4b03b911e9da351c98858e8e7b4f063fdacd89425f0dd64540eb6db3ec68e9e34
+  data.tar.gz: 16b66bd00dbadf6afc08526a4610dc2b12688986c94425ed93adda048ccf605bf30caf9b8b6b998dc91c9a5c6cea265ec6410c95d3b3c9055914cf2c6227ab77

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
 
+## [2.2.0]
+- #368 API Gateway Authorizer Concept Support
+
 ## [2.1.7]
 - #366 fix copy ruby version
 - fix codebuild for docs

data/jets.gemspec

@@ -42,6 +42,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "aws-sdk-sns"
   spec.add_dependency "aws-sdk-sqs"
   spec.add_dependency "aws-sdk-ssm"
+  spec.add_dependency "cfn_camelizer"
   spec.add_dependency "cfnresponse"
   spec.add_dependency "dotenv"
   spec.add_dependency "gems" # jets-gems dependency

data/lib/jets.rb

@@ -7,10 +7,11 @@ require "active_support/core_ext"
 require "active_support/dependencies"
 require "active_support/ordered_hash"
 require "active_support/ordered_options"
+require "cfn_camelizer"
 require "fileutils"
+require "jets/gems"
 require "memoist"
 require "rainbow/ext/string"
-require "jets/gems"
 
 require "jets/autoloaders"
 Jets::Autoloaders.log! if ENV["JETS_AUTOLOAD_LOG"]

data/lib/jets/application/defaults.rb

@@ -102,6 +102,9 @@ class Jets::Application
       config.api.endpoint_policy = nil # required when endpoint_type is EDGE
       config.api.api_key_required = false # Turn off API key required
 
+      config.api.authorizers = ActiveSupport::OrderedOptions.new
+      config.api.authorizers.default_token_source = "Auth" # method.request.header.Auth
+
       config.domain = ActiveSupport::OrderedOptions.new
       # config.domain.name = "#{Jets.project_namespace}.coolapp.com" # Default is nil
       # config.domain.cert_arn = "..."

data/lib/jets/authorizer/base.rb

@@ -0,0 +1,36 @@
+# Authorizer public methods get turned into Lambda functions.
+#
+# Jets::Authorizer::Base < Jets::Lambda::Functions
+# Both Jets::Authorizer::Base and Jets::Lambda::Functions have Dsl modules included.
+# So the Jets::Authorizer::Dsl overrides some of the Jets::Lambda::Functions behavior.
+module Jets::Authorizer
+  class Base < Jets::Lambda::Functions
+    include Dsl
+    include Helpers::IamHelper
+
+    class << self
+      def process(event, context, meth)
+        authorizer = new(event, context, meth)
+        authorizer.send(meth)
+      end
+
+      # Parameter: authorizer: Example: "main#protect"
+      #
+      # Determines authorization_type based on whether the authorizer is a Lambda or Cognito authorizer.
+      #
+      # Returns custom or cognito_user_pools
+      def authorization_type(authorizer)
+        class_name, meth = authorizer.split('#')
+        klass = "#{class_name}_authorizer".camelize.constantize
+        meth = meth.to_sym
+
+        # If there's a lambda function associated with the authorizer then it's a custom authorizer
+        # Otherwise it's a cognito authorizer.
+        #
+        # Returns: Valid values: none, aws_iam, custom, cognito_user_pools, aws_cross_account_iam
+        methods = klass.public_instance_methods(false)
+        methods.include?(meth) ? :custom : :cognito_user_pools
+      end
+    end
+  end
+end

data/lib/jets/authorizer/dsl.rb

@@ -0,0 +1,64 @@
+require 'active_support'
+require 'active_support/core_ext/class'
+
+# Jets::Authorizer::Base < Jets::Lambda::Functions
+# Both Jets::Authorizer::Base and Jets::Lambda::Functions have Dsl modules included.
+# So the Jets::Authorizer::Dsl overrides some of the Jets::Lambda::Functions behavior.
+#
+# Implements:
+#
+#   default_associated_resource_definition
+#
+module Jets::Authorizer
+  module Dsl
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def authorizer(props={})
+        if props[:type].to_s.upcase == "COGNITO_USER_POOLS"
+          cognito_authorizer(props)
+        else
+          lambda_authorizer(props)
+        end
+      end
+
+      def lambda_authorizer(props={})
+        with_fresh_properties(multiple_resources: false) do
+          r = Jets::Resource::ApiGateway::Authorizer.new(props)
+          resource(r.definition) # add associated resource immediately
+        end
+      end
+
+      # Creates a task but registers it to cognito_authorizers instead of all_tasks because there is no Lambda
+      # function associated with the cognito authorizer.
+      def cognito_authorizer(props={})
+        resources = [props]
+        meth = props[:name]
+        resource = Jets::Resource::ApiGateway::Authorizer.new(props)
+
+        # Mimic task to grab base_replacements, namely namespace.
+        # Do not actually use the task to create a Lambda function for cognito authorizer.
+        # Only using the task for base_replacements.
+        task = Jets::Lambda::Task.new(self.name, meth,
+                 resources: resources,
+                 replacements: {}) # No need for need additional replacements. Baseline replacements suffice
+        all_cognito_authorizers[name] = { definition: resource.definition, replacements: task.replacements }
+        clear_properties
+      end
+
+      def all_cognito_authorizers
+        @all_cognito_authorizers ||= ActiveSupport::OrderedHash.new
+      end
+
+      def cognito_authorizers
+        all_cognito_authorizers.values
+      end
+    end
+
+    included do
+      class << self
+        include Jets::AwsServices
+      end
+    end
+  end
+end

data/lib/jets/authorizer/helpers/iam_helper.rb

@@ -0,0 +1,50 @@
+module Jets::Authorizer::Helpers
+  module IamHelper
+  private
+    # Structure: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
+    # Example:
+    #
+    #     {
+    #       "principalId" => "yyyyyyyy", // The principal user identification associated with the token sent by the client.
+    #       "policyDocument" => {},
+    #       "context" => {},
+    #       "usageIdentifierKey" => "{api-key}"
+    #     }
+    #
+    def build_policy(*args)
+      if args.first.is_a?(Hash) # generalized form
+        props = args.first
+      else # build_policy(resource, principal, context, usage_identifier_key) form
+        resource, principal_id, context, usage_identifier_key = args
+        props = {
+          principal_id: principal_id || "default_user",
+          policy_document: {
+            version: "2012-10-17",
+            statement: [
+              action: "execute-api:Invoke",
+              effect: "Allow",
+              resource: resource || "*",
+            ],
+          },
+        }
+        props[:context] = context if context
+        props[:usage_identifier_key] = usage_identifier_key if usage_identifier_key
+      end
+
+      props = Jets::Camelizer.transform(props) # keys get converted from Symbols to Strings as part of this
+      # Only top-level keys and keys under context are pascalized
+      props.transform_keys! { |k| pascalize(k) }
+      if props['context']
+        props['context'].transform_keys! { |k| pascalize(k) }
+      end
+      props
+    end
+
+    def pascalize(value)
+      new_value = value.camelize
+      first_char = new_value[0..0].downcase
+      new_value[0] = first_char
+      new_value
+    end
+  end
+end

data/lib/jets/camelizer.rb

@@ -1,71 +1,4 @@
-# Custom Camelizer with CloudFormation specific handling.
-# Based on: https://stackoverflow.com/questions/8706930/converting-nested-hash-keys-from-camelcase-to-snake-case-in-ruby
+# Wrapper to CfnCamelizer gem
 module Jets
-  class Camelizer
-    class << self
-      def transform(value, parent_keys=[])
-        case value
-        when Array
-          value.map { |v| transform(v, parent_keys) }
-        when Hash
-          initializer = value.map do |k, v|
-            new_key = camelize_key(k, parent_keys)
-            [new_key, transform(v, parent_keys+[new_key])]
-          end
-          Hash[initializer]
-        else
-          value # do not transform values
-        end
-      end
-
-      def camelize_key(k, parent_keys=[])
-        k = k.to_s
-
-        if passthrough?(k, parent_keys)
-          k # pass through untouch
-        elsif parent_keys.last == "EventPattern" # top-level
-          k.dasherize
-        elsif parent_keys.include?("EventPattern")
-          # Any keys at 2nd level under EventPattern will be pascalized
-          pascalize(k)
-        else
-          camelize(k)
-        end
-      end
-
-      def passthrough?(k, parent_keys)
-        # do not transform keys anything under these special keys
-        parent_keys.include?("Variables") ||
-        parent_keys.include?("ResponseParameters") ||
-        parent_keys.include?("Fn::Sub") ||
-        k.include?('-') || k.include?('/')
-      end
-
-      def camelize(value)
-        return value if value.is_a?(Integer)
-
-        value = value.to_s.camelize
-        special_map[value] || value
-      end
-
-      def pascalize(value)
-        new_value = value.camelize
-        first_char = new_value[0..0].downcase
-        new_value[0] = first_char
-        new_value
-      end
-
-      # Some keys have special mappings
-      def special_map
-        {
-          "TemplateUrl" => "TemplateURL",
-          "Ttl" => "TTL",
-          "MaxReceiveCount" => "maxReceiveCount",
-          "DeadLetterTargetArn" => "deadLetterTargetArn",
-          "DbSubnetGroupDescription" => "DBSubnetGroupDescription",
-          "DbSubnetGroupName" => "DBSubnetGroupName",
-        }
-      end
-    end
-  end
-end
+  Camelizer = CfnCamelizer
+end

data/lib/jets/cfn/builders/api_deployment_builder.rb

@@ -10,8 +10,6 @@ module Jets::Cfn::Builders
 
     # compose is an interface method
     def compose
-      return unless @options[:templates] || @options[:stack_type] != :minimal
-
       deployment = Jets::Resource::ApiGateway::Deployment.new
       add_resource(deployment)
       add_parameters(deployment.parameters)

data/lib/jets/cfn/builders/api_gateway_builder.rb

@@ -10,8 +10,6 @@ module Jets::Cfn::Builders
 
     # compose is an interface method
     def compose
-      return unless @options[:templates] || @options[:stack_type] != :minimal
-
       add_gateway_routes # "child template": build before add_gateway_rest_api. RestApi logical id and change detection is dependent on it.
       add_gateway_rest_api # changes parent template
       add_custom_domain    # changes parent template

data/lib/jets/cfn/builders/api_resources_builder.rb

@@ -10,8 +10,6 @@ module Jets::Cfn::Builders
 
     # compose is an interface method
     def compose
-      return unless @options[:templates] || @options[:stack_type] != :minimal
-
       add_rest_api_parameter
       add_gateway_routes
     end

data/lib/jets/cfn/builders/authorizer_builder.rb

@@ -0,0 +1,67 @@
+# Implements:
+#
+#   compose
+#   template_path
+#
+module Jets::Cfn::Builders
+  class AuthorizerBuilder < BaseChildBuilder
+    include Interface
+    include Jets::AwsServices
+
+    def initialize(path)
+      @path = path # IE: app/authorizers/main_authorizer.rb
+      @app_class = Jets::Klass.from_path(path)
+      @template = ActiveSupport::HashWithIndifferentAccess.new(Resources: {})
+    end
+
+    def compose
+      add_common_parameters
+      add_api_gateway_parameters
+      add_functions
+      add_resources
+      add_outputs
+      # These dont have lambda functions associated with them
+      add_cognito_authorizers
+      add_cognito_outputs
+    end
+
+    def add_cognito_authorizers
+      @app_class.cognito_authorizers.each do |authorizer|
+        resource = Jets::Resource.new(authorizer[:definition], authorizer[:replacements])
+        add_resource(resource)
+      end
+    end
+
+    def add_outputs
+      # IE: @app_class = MainAuthorizer
+      # The associated resource is the Jets::Resource::ApiGateway::Authorizer definition built during evaluation
+      # of the user defined Authorizer class. We'll use it to compute the logical id.
+      @app_class.tasks.each do |task|
+        authorizer = task.associated_resources.first
+        next unless authorizer
+
+        resource = Jets::Resource.new(authorizer.definition, task.replacements)
+        logical_id = resource.logical_id
+        add_output(logical_id, value: "!Ref #{logical_id}")
+      end
+    end
+
+    def add_cognito_outputs
+      @app_class.cognito_authorizers.each do |authorizer|
+        resource = Jets::Resource.new(authorizer[:definition], authorizer[:replacements])
+        logical_id = resource.logical_id
+        add_output(logical_id, value: "!Ref #{logical_id}")
+      end
+    end
+
+    def add_api_gateway_parameters
+      return if Jets::Router.routes.empty?
+
+      add_parameter("RestApi", Description: "RestApi")
+    end
+
+    def template_path
+      Jets::Naming.authorizer_template_path(@path)
+    end
+  end
+end

data/lib/jets/cfn/builders/base_child_builder.rb

@@ -22,9 +22,9 @@ module Jets::Cfn::Builders
     end
 
     def add_common_parameters
-      common_parameters = Jets::Resource::ChildStack::AppClass.common_parameters
+      common_parameters = Jets::Resource::ChildStack::CommonParameters.common_parameters
       common_parameters.each do |k,_|
-        add_parameter(k, Description: k)
+        add_parameter(k, Description: k.to_s)
       end
 
       depends_on_params.each do |output_key, output_value|

data/lib/jets/cfn/builders/controller_builder.rb

@@ -19,7 +19,10 @@ module Jets::Cfn::Builders
       add_parameter("RestApi", Description: "RestApi")
       scoped_routes.each do |route|
         resource = Jets::Resource::ApiGateway::Resource.new(route.path)
-        add_parameter(resource.logical_id, Description: resource.desc)
+        add_parameter(resource.logical_id, description: resource.desc)
+        if route.authorizer
+          add_parameter(route.authorizer_id, description: route.authorizer_metadata)
+        end
       end
     end
 

data/lib/jets/cfn/builders/interface.rb

@@ -6,11 +6,13 @@ module Jets::Cfn::Builders
   module Interface
     extend Memoist
 
-    def build
+    def build(parent=false)
       # Do not bother building or writing the template unless there are functions defined
       return if @app_class && !@app_class.build?
 
-      compose # must be implemented by subclass
+      if @options.nil? || @options[:templates] || @options[:stack_type] != :minimal || parent
+        compose # must be implemented by subclass
+      end
       write
     end
 
@@ -58,7 +60,7 @@ module Jets::Cfn::Builders
       defaults = { Type: "String" }
       options = defaults.merge(options)
       @template[:Parameters] ||= {}
-      @template[:Parameters][name.to_s.camelize] = options
+      @template[:Parameters][name.to_s.camelize] = Jets::Camelizer.transform(options)
     end
 
     def add_outputs(attributes)
@@ -69,7 +71,7 @@ module Jets::Cfn::Builders
 
     def add_output(name, options={})
       @template[:Outputs] ||= {}
-      @template[:Outputs][name.camelize] = options
+      @template[:Outputs][name.camelize] = Jets::Camelizer.transform(options)
     end
 
     def add_resources

data/lib/jets/cfn/builders/parent_builder.rb

@@ -41,28 +41,35 @@ module Jets::Cfn::Builders
     end
 
     def build_child_resources
-      expression = "#{Jets::Naming.template_path_prefix}-app-*"
-      # IE: path: #{Jets.build_root}/templates/demo-dev-2-comments_controller.yml
-      Dir.glob(expression).each do |path|
-        next unless File.file?(path)
+      for_each_path(:app) do |path|
         add_app_class_stack(path)
       end
-
-      expression = "#{Jets::Naming.template_path_prefix}-shared-*"
-      # IE: path: #{Jets.build_root}/templates/demo-dev-2-shared-resources.yml
-      Dir.glob(expression).each do |path|
-        next unless File.file?(path)
-
+      for_each_path(:shared) do |path|
         add_shared_resources(path)
       end
 
       if full? and !Jets::Router.routes.empty?
+        for_each_path(:authorizers) do |path|
+          add_authorizer_resources(path)
+        end
         add_api_gateway
         add_api_resources
         add_api_deployment
       end
     end
 
+    # Example paths:
+    #    #{Jets.build_root}/templates/demo-dev-2-shared-resources.yml
+    #    #{Jets.build_root}/templates/demo-dev-2-app-comments_controller.yml
+    #    #{Jets.build_root}/templates/demo-dev-2-authorizers-main_authorizer.yml
+    def for_each_path(type)
+      expression = "#{Jets::Naming.template_path_prefix}-#{type}-*"
+      Dir.glob(expression).each do |path|
+        next unless File.file?(path)
+        yield(path)
+      end
+    end
+
     def full?
       @options[:templates] || @options[:stack_type] == :full
     end
@@ -73,6 +80,11 @@ module Jets::Cfn::Builders
       add_child_resources(resource)
     end
 
+    def add_authorizer_resources(path)
+      resource = Jets::Resource::ChildStack::Authorizer.new(@options[:s3_bucket], path: path)
+      add_child_resources(resource)
+    end
+
     def add_shared_resources(path)
       resource = Jets::Resource::ChildStack::Shared.new(@options[:s3_bucket], path: path)
       add_child_resources(resource) if resource.resources?