@aws/nx-plugin 0.82.1 → 0.82.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws/nx-plugin",
-  "version": "0.82.1",
+  "version": "0.82.2",
   "repository": {
     "type": "git",
     "url": "https://github.com/awslabs/nx-plugin-for-aws.git",

package/src/infra/app/__snapshots__/generator.spec.ts.snap

@@ -21,7 +21,7 @@ exports[`infra generator > should add required dependencies to package.json > de
   "@swc/core": "~1.15.5",
   "@swc/helpers": "~0.5.18",
   "@types/node": "22.19.13",
-  "@vitest/coverage-v8": "^4.0.0",
+  "@vitest/coverage-v8": "4.0.18",
   "eslint": "^9.8.0",
   "eslint-config-prettier": "^10.0.0",
   "eslint-plugin-prettier": "5.5.5",
@@ -32,7 +32,7 @@ exports[`infra generator > should add required dependencies to package.json > de
   "typescript": "~5.9.2",
   "typescript-eslint": "^8.40.0",
   "vite": "^7.0.0",
-  "vitest": "^4.0.8",
+  "vitest": "4.0.18",
 }
 `;
 
@@ -55,7 +55,7 @@ exports[`infra generator > should add required dependencies to package.json > pa
     "@swc/core": "~1.15.5",
     "@swc/helpers": "~0.5.18",
     "@types/node": "22.19.13",
-    "@vitest/coverage-v8": "^4.0.0",
+    "@vitest/coverage-v8": "4.0.18",
     "eslint": "^9.8.0",
     "eslint-config-prettier": "^10.0.0",
     "eslint-plugin-prettier": "5.5.5",
@@ -66,7 +66,7 @@ exports[`infra generator > should add required dependencies to package.json > pa
     "typescript": "~5.9.2",
     "typescript-eslint": "^8.40.0",
     "vite": "^7.0.0",
-    "vitest": "^4.0.8",
+    "vitest": "4.0.18",
   },
   "name": "@proj/source",
   "type": "module",

package/src/py/fast-api/__snapshots__/generator.spec.ts.snap

@@ -529,21 +529,28 @@ export class TestApi<
   }
 
   /**
-   * Restricts CORS to the website CloudFront distribution domains
+   * Restricts CORS to the provided origins
    *
-   * Configures the CloudFront distribution domains as the only permitted CORS origins
-   * (other than local host with default ports) in the API gateway
-   * The CORS origins are not configured within the AWS Lambda integrations since
-   * the associated header is controlled by API Gateway v2
+   * Configures the provided CloudFront distribution domains or origin strings
+   * as the only permitted CORS origins
+   * in the API gateway. The CORS origins are not configured within the AWS Lambda
+   * integrations since the associated header is controlled by API Gateway v2.
    *
-   * @param cloudFrontDistribution - The CloudFront distribution to grant CORS from
+   * @param origins - The origin strings, CloudFront distributions, or objects containing a CloudFront distribution to grant CORS from
    */
   public restrictCorsTo(
-    ...websites: { cloudFrontDistribution: Distribution }[]
+    ...origins: (
+      | string
+      | Distribution
+      | { cloudFrontDistribution: Distribution }
+    )[]
   ) {
-    const allowedOrigins = websites.map(
-      ({ cloudFrontDistribution }) =>
-        \`https://\${cloudFrontDistribution.distributionDomainName}\`,
+    const allowedOrigins = origins.map((origin) =>
+      typeof origin === 'string'
+        ? origin
+        : 'cloudFrontDistribution' in origin
+          ? \`https://\${origin.cloudFrontDistribution.distributionDomainName}\`
+          : \`https://\${origin.distributionDomainName}\`,
     );
 
     const cfnApi = this.api.node.defaultChild;
@@ -554,11 +561,7 @@ export class TestApi<
     }
 
     cfnApi.corsConfiguration = {
-      allowOrigins: [
-        'http://localhost:4200',
-        'http://localhost:4300',
-        ...allowedOrigins,
-      ],
+      allowOrigins: allowedOrigins,
       allowMethods: [CorsHttpMethod.ANY],
       allowHeaders: [
         'authorization',
@@ -936,13 +939,16 @@ export class IntegrationBuilder<
 `;
 
 exports[`fastapi project generator > should set up shared constructs for rest > rest-api.ts 1`] = `
-"import { Construct } from 'constructs';
+"import { Construct, IConstruct } from 'constructs';
 import {
+  Cors,
+  Resource,
   RestApi as _RestApi,
   RestApiProps as _RestApiProps,
   IResource,
   Stage,
 } from 'aws-cdk-lib/aws-apigateway';
+import { IAspect } from 'aws-cdk-lib';
 import { RuntimeConfig } from '../runtime-config.js';
 import {
   ApiIntegrations,
@@ -1041,7 +1047,7 @@ export class RestApi<
     };
 
     // Create API resources and methods for each operation
-    (Object.entries(operations) as [TOperation, OperationDetails][]).map(
+    (Object.entries(operations) as [TOperation, OperationDetails][]).forEach(
       ([op, details]) => {
         const integration = resolveIntegration(op);
         const resource = this.getOrCreateResource(
@@ -1085,6 +1091,21 @@ export class RestApi<
     return this.getOrCreateResource(childResource, pathParts);
   }
 }
+
+export class AddCorsPreflightAspect implements IAspect {
+  private getAllowedOrigins: () => readonly string[];
+  constructor(getAllowedOrigins: () => readonly string[]) {
+    this.getAllowedOrigins = getAllowedOrigins;
+  }
+  public visit(node: IConstruct): void {
+    if (node instanceof Resource) {
+      node.addCorsPreflight({
+        allowOrigins: [...this.getAllowedOrigins()],
+        allowMethods: Cors.ALL_METHODS,
+      });
+    }
+  }
+}
 "
 `;
 
@@ -1103,11 +1124,10 @@ import {
 } from 'aws-cdk-lib/aws-lambda';
 import {
   AuthorizationType,
-  Cors,
   LambdaIntegration,
   ResponseTransferMode,
 } from 'aws-cdk-lib/aws-apigateway';
-import { Duration, Stack } from 'aws-cdk-lib';
+import { Aspects, Duration, Stack } from 'aws-cdk-lib';
 import {
   PolicyDocument,
   PolicyStatement,
@@ -1121,7 +1141,7 @@ import {
   IntegrationBuilder,
   RestApiIntegration,
 } from '../../core/api/utils.js';
-import { RestApi } from '../../core/api/rest-api.js';
+import { AddCorsPreflightAspect, RestApi } from '../../core/api/rest-api.js';
 import {
   OPERATION_DETAILS,
   Operations,
@@ -1149,6 +1169,8 @@ export interface TestApiProps<
 export class TestApi<
   TIntegrations extends ApiIntegrations<Operations, RestApiIntegration>,
 > extends RestApi<Operations, TIntegrations> {
+  private allowedOrigins: readonly string[] = ['*'];
+
   /**
    * Creates default integrations for all operations, which implement each operation as
    * its own individual lambda function.
@@ -1211,10 +1233,6 @@ export class TestApi<
       defaultMethodOptions: {
         authorizationType: AuthorizationType.IAM,
       },
-      defaultCorsPreflightOptions: {
-        allowOrigins: Cors.ALL_ORIGINS,
-        allowMethods: Cors.ALL_METHODS,
-      },
       deployOptions: {
         tracingEnabled: true,
       },
@@ -1232,32 +1250,42 @@ export class TestApi<
       operations: OPERATION_DETAILS,
       ...props,
     });
+    Aspects.of(this).add(new AddCorsPreflightAspect(() => this.allowedOrigins));
   }
 
   /**
-   * Restricts CORS to the website CloudFront distribution domains
+   * Restricts CORS to the provided origins
    *
-   * Configures the CloudFront distribution domains as the only permitted CORS origins
-   * (other than local host) in the AWS Lambda integrations
+   * Configures the provided CloudFront distribution domains or origin strings
+   * as the only permitted CORS origins in API Gateway preflight responses and the
+   * AWS Lambda integrations.
    *
-   * Note that this restriction is not applied to preflight OPTIONS
-   *
-   * @param websites - The CloudFront distribution to grant CORS from
+   * @param origins - The origin strings, CloudFront distributions, or objects containing a CloudFront distribution to grant CORS from
    */
   public restrictCorsTo(
-    ...websites: { cloudFrontDistribution: Distribution }[]
+    ...origins: (
+      | string
+      | Distribution
+      | { cloudFrontDistribution: Distribution }
+    )[]
   ) {
-    const allowedOrigins = websites
-      .map(
-        ({ cloudFrontDistribution }) =>
-          \`https://\${cloudFrontDistribution.distributionDomainName}\`,
-      )
-      .join(',');
+    const allowedOrigins = origins.map((origin) =>
+      typeof origin === 'string'
+        ? origin
+        : 'cloudFrontDistribution' in origin
+          ? \`https://\${origin.cloudFrontDistribution.distributionDomainName}\`
+          : \`https://\${origin.distributionDomainName}\`,
+    );
+
+    this.allowedOrigins = allowedOrigins;
 
     // Set ALLOWED_ORIGINS environment variable for all Lambda integrations
     Object.values(this.integrations).forEach((integration) => {
       if ('handler' in integration && integration.handler instanceof Function) {
-        integration.handler.addEnvironment('ALLOWED_ORIGINS', allowedOrigins);
+        integration.handler.addEnvironment(
+          'ALLOWED_ORIGINS',
+          allowedOrigins.join(','),
+        );
       }
     });
   }

package/src/smithy/ts/api/__snapshots__/generator.spec.ts.snap

@@ -44,11 +44,10 @@ import {
 } from 'aws-cdk-lib/aws-lambda';
 import {
   AuthorizationType,
-  Cors,
   LambdaIntegration,
   CognitoUserPoolsAuthorizer,
 } from 'aws-cdk-lib/aws-apigateway';
-import { Duration } from 'aws-cdk-lib';
+import { Aspects, Duration } from 'aws-cdk-lib';
 import {
   PolicyDocument,
   PolicyStatement,
@@ -61,7 +60,7 @@ import {
   IntegrationBuilder,
   RestApiIntegration,
 } from '../../core/api/utils.js';
-import { RestApi } from '../../core/api/rest-api.js';
+import { AddCorsPreflightAspect, RestApi } from '../../core/api/rest-api.js';
 import {
   OPERATION_DETAILS,
   Operations,
@@ -95,6 +94,8 @@ export interface TestApiProps<
 export class TestApi<
   TIntegrations extends ApiIntegrations<Operations, RestApiIntegration>,
 > extends RestApi<Operations, TIntegrations> {
+  private allowedOrigins: readonly string[] = ['*'];
+
   /**
    * Creates default integrations for all operations, which implement each operation as
    * its own individual lambda function.
@@ -146,10 +147,6 @@ export class TestApi<
           cognitoUserPools: [props.identity.userPool],
         }),
       },
-      defaultCorsPreflightOptions: {
-        allowOrigins: Cors.ALL_ORIGINS,
-        allowMethods: Cors.ALL_METHODS,
-      },
       deployOptions: {
         tracingEnabled: true,
       },
@@ -167,32 +164,42 @@ export class TestApi<
       operations: OPERATION_DETAILS,
       ...props,
     });
+    Aspects.of(this).add(new AddCorsPreflightAspect(() => this.allowedOrigins));
   }
 
   /**
-   * Restricts CORS to the website CloudFront distribution domains
-   *
-   * Configures the CloudFront distribution domains as the only permitted CORS origins
-   * (other than local host) in the AWS Lambda integrations
+   * Restricts CORS to the provided origins
    *
-   * Note that this restriction is not applied to preflight OPTIONS
+   * Configures the provided CloudFront distribution domains or origin strings
+   * as the only permitted CORS origins in API Gateway preflight responses and the
+   * AWS Lambda integrations.
    *
-   * @param websites - The CloudFront distribution to grant CORS from
+   * @param origins - The origin strings, CloudFront distributions, or objects containing a CloudFront distribution to grant CORS from
    */
   public restrictCorsTo(
-    ...websites: { cloudFrontDistribution: Distribution }[]
+    ...origins: (
+      | string
+      | Distribution
+      | { cloudFrontDistribution: Distribution }
+    )[]
   ) {
-    const allowedOrigins = websites
-      .map(
-        ({ cloudFrontDistribution }) =>
-          \`https://\${cloudFrontDistribution.distributionDomainName}\`,
-      )
-      .join(',');
+    const allowedOrigins = origins.map((origin) =>
+      typeof origin === 'string'
+        ? origin
+        : 'cloudFrontDistribution' in origin
+          ? \`https://\${origin.cloudFrontDistribution.distributionDomainName}\`
+          : \`https://\${origin.distributionDomainName}\`,
+    );
+
+    this.allowedOrigins = allowedOrigins;
 
     // Set ALLOWED_ORIGINS environment variable for all Lambda integrations
     Object.values(this.integrations).forEach((integration) => {
       if ('handler' in integration && integration.handler instanceof Function) {
-        integration.handler.addEnvironment('ALLOWED_ORIGINS', allowedOrigins);
+        integration.handler.addEnvironment(
+          'ALLOWED_ORIGINS',
+          allowedOrigins.join(','),
+        );
       }
     });
   }
@@ -213,10 +220,9 @@ import {
 } from 'aws-cdk-lib/aws-lambda';
 import {
   AuthorizationType,
-  Cors,
   LambdaIntegration,
 } from 'aws-cdk-lib/aws-apigateway';
-import { Duration } from 'aws-cdk-lib';
+import { Aspects, Duration } from 'aws-cdk-lib';
 import {
   PolicyDocument,
   PolicyStatement,
@@ -230,7 +236,7 @@ import {
   IntegrationBuilder,
   RestApiIntegration,
 } from '../../core/api/utils.js';
-import { RestApi } from '../../core/api/rest-api.js';
+import { AddCorsPreflightAspect, RestApi } from '../../core/api/rest-api.js';
 import {
   OPERATION_DETAILS,
   Operations,
@@ -258,6 +264,8 @@ export interface TestApiProps<
 export class TestApi<
   TIntegrations extends ApiIntegrations<Operations, RestApiIntegration>,
 > extends RestApi<Operations, TIntegrations> {
+  private allowedOrigins: readonly string[] = ['*'];
+
   /**
    * Creates default integrations for all operations, which implement each operation as
    * its own individual lambda function.
@@ -306,10 +314,6 @@ export class TestApi<
       defaultMethodOptions: {
         authorizationType: AuthorizationType.IAM,
       },
-      defaultCorsPreflightOptions: {
-        allowOrigins: Cors.ALL_ORIGINS,
-        allowMethods: Cors.ALL_METHODS,
-      },
       deployOptions: {
         tracingEnabled: true,
       },
@@ -327,32 +331,42 @@ export class TestApi<
       operations: OPERATION_DETAILS,
       ...props,
     });
+    Aspects.of(this).add(new AddCorsPreflightAspect(() => this.allowedOrigins));
   }
 
   /**
-   * Restricts CORS to the website CloudFront distribution domains
-   *
-   * Configures the CloudFront distribution domains as the only permitted CORS origins
-   * (other than local host) in the AWS Lambda integrations
+   * Restricts CORS to the provided origins
    *
-   * Note that this restriction is not applied to preflight OPTIONS
+   * Configures the provided CloudFront distribution domains or origin strings
+   * as the only permitted CORS origins in API Gateway preflight responses and the
+   * AWS Lambda integrations.
    *
-   * @param websites - The CloudFront distribution to grant CORS from
+   * @param origins - The origin strings, CloudFront distributions, or objects containing a CloudFront distribution to grant CORS from
    */
   public restrictCorsTo(
-    ...websites: { cloudFrontDistribution: Distribution }[]
+    ...origins: (
+      | string
+      | Distribution
+      | { cloudFrontDistribution: Distribution }
+    )[]
   ) {
-    const allowedOrigins = websites
-      .map(
-        ({ cloudFrontDistribution }) =>
-          \`https://\${cloudFrontDistribution.distributionDomainName}\`,
-      )
-      .join(',');
+    const allowedOrigins = origins.map((origin) =>
+      typeof origin === 'string'
+        ? origin
+        : 'cloudFrontDistribution' in origin
+          ? \`https://\${origin.cloudFrontDistribution.distributionDomainName}\`
+          : \`https://\${origin.distributionDomainName}\`,
+    );
+
+    this.allowedOrigins = allowedOrigins;
 
     // Set ALLOWED_ORIGINS environment variable for all Lambda integrations
     Object.values(this.integrations).forEach((integration) => {
       if ('handler' in integration && integration.handler instanceof Function) {
-        integration.handler.addEnvironment('ALLOWED_ORIGINS', allowedOrigins);
+        integration.handler.addEnvironment(
+          'ALLOWED_ORIGINS',
+          allowedOrigins.join(','),
+        );
       }
     });
   }