cdk-factory 0.7.26__tar.gz → 0.7.27__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cdk-factory might be problematic. Click here for more details.

Files changed (130) hide show
  1. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/PKG-INFO +1 -1
  2. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/pyproject.toml +1 -1
  3. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/apigateway_route_config.py +1 -1
  4. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py +39 -28
  5. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/api_gateway_integration_utility.py +193 -139
  6. cdk_factory-0.7.27/src/cdk_factory/version.py +1 -0
  7. cdk_factory-0.7.26/src/cdk_factory/version.py +0 -1
  8. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/.gitignore +0 -0
  9. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/LICENSE +0 -0
  10. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/README.md +0 -0
  11. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/archive/README.md +0 -0
  12. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/archive/migrate_to_enhanced_ssm.py +0 -0
  13. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/mypy.ini +0 -0
  14. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/publish_to_pypi.py +0 -0
  15. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/publish_to_pypi.sh +0 -0
  16. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/pysetup.py +0 -0
  17. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/pysetup.sh +0 -0
  18. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/requirements.dev.txt +0 -0
  19. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/requirements.tests.txt +0 -0
  20. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/requirements.txt +0 -0
  21. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/run-checks.sh +0 -0
  22. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/run-tests.sh +0 -0
  23. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/__init__.py +0 -0
  24. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/app.py +0 -0
  25. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/builds/README.md +0 -0
  26. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/cdk.json +0 -0
  27. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/commands/command_loader.py +0 -0
  28. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/base_config.py +0 -0
  29. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/cdk_config.py +0 -0
  30. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/deployment.py +0 -0
  31. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/deployment_wave.py +0 -0
  32. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/devops.py +0 -0
  33. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/enhanced_base_config.py +0 -0
  34. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/enhanced_ssm_config.py +0 -0
  35. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/management.py +0 -0
  36. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/pipeline.py +0 -0
  37. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/pipeline_stage.py +0 -0
  38. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/_resources.py +0 -0
  39. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/api_gateway.py +0 -0
  40. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/auto_scaling.py +0 -0
  41. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/cloudfront.py +0 -0
  42. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/cloudwatch_widget.py +0 -0
  43. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/code_artifact.py +0 -0
  44. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/code_artifact_login.py +0 -0
  45. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/code_repository.py +0 -0
  46. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/cognito.py +0 -0
  47. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/docker.py +0 -0
  48. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/dynamodb.py +0 -0
  49. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/ecr.py +0 -0
  50. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/exisiting.py +0 -0
  51. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/lambda_function.py +0 -0
  52. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/lambda_layers.py +0 -0
  53. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/lambda_triggers.py +0 -0
  54. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/load_balancer.py +0 -0
  55. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/rds.py +0 -0
  56. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/resource_mapping.py +0 -0
  57. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/resource_naming.py +0 -0
  58. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/resource_types.py +0 -0
  59. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/route53.py +0 -0
  60. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/route53_hosted_zone.py +0 -0
  61. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/s3.py +0 -0
  62. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/security_group.py +0 -0
  63. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/security_group_full_stack.py +0 -0
  64. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/sqs.py +0 -0
  65. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/vpc.py +0 -0
  66. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/stack.py +0 -0
  67. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/workload.py +0 -0
  68. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/cloudfront/cloudfront_distribution_construct.py +0 -0
  69. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/ecr/ecr_construct.py +0 -0
  70. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/lambdas/lambda_function_construct.py +0 -0
  71. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/lambdas/lambda_function_docker_construct.py +0 -0
  72. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/lambdas/lambda_function_role_construct.py +0 -0
  73. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/lambdas/policies/policy_docs.py +0 -0
  74. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/lambdas/policies/policy_statements.py +0 -0
  75. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/s3_buckets/s3_bucket_construct.py +0 -0
  76. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/s3_buckets/s3_bucket_replication_destination_construct.py +0 -0
  77. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/s3_buckets/s3_bucket_replication_source_construct.py +0 -0
  78. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/constructs/sqs/policies/sqs_policies.py +0 -0
  79. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/interfaces/enhanced_ssm_parameter_mixin.py +0 -0
  80. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/interfaces/istack.py +0 -0
  81. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/interfaces/live_ssm_resolver.py +0 -0
  82. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/interfaces/ssm_parameter_mixin.py +0 -0
  83. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/lambdas/health_handler.py +0 -0
  84. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/pipeline/pipeline_factory.py +0 -0
  85. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/pipeline/security/policies.py +0 -0
  86. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/pipeline/security/roles.py +0 -0
  87. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/pipeline/stage.py +0 -0
  88. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack/istack.py +0 -0
  89. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack/stack_factory.py +0 -0
  90. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack/stack_module_loader.py +0 -0
  91. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack/stack_module_registry.py +0 -0
  92. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack/stack_modules.py +0 -0
  93. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/__init__.py +0 -0
  94. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/auto_scaling/__init__.py +0 -0
  95. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/auto_scaling/auto_scaling_stack.py +0 -0
  96. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/aws_lambdas/lambda_stack.py +0 -0
  97. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/buckets/README.md +0 -0
  98. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/buckets/bucket_stack.py +0 -0
  99. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/code_artifact/code_artifact_stack.py +0 -0
  100. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/cognito/cognito_stack.py +0 -0
  101. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/dynamodb/dynamodb_stack.py +0 -0
  102. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/ecr/README.md +0 -0
  103. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/ecr/ecr_stack.py +0 -0
  104. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/load_balancer/__init__.py +0 -0
  105. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/load_balancer/load_balancer_stack.py +0 -0
  106. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/rds/__init__.py +0 -0
  107. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/rds/rds_stack.py +0 -0
  108. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/route53/__init__.py +0 -0
  109. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/route53/route53_stack.py +0 -0
  110. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/security_group/__init__.py +0 -0
  111. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/security_group/security_group_full_stack.py +0 -0
  112. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/security_group/security_group_stack.py +0 -0
  113. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/simple_queue_service/sqs_stack.py +0 -0
  114. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/stack_base.py +0 -0
  115. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/vpc/__init__.py +0 -0
  116. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/vpc/vpc_stack.py +0 -0
  117. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/websites/static_website_stack.py +0 -0
  118. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stages/websites/static_website_stage.py +0 -0
  119. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/commandline_args.py +0 -0
  120. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/configuration_loader.py +0 -0
  121. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/docker_utilities.py +0 -0
  122. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/environment_services.py +0 -0
  123. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/file_operations.py +0 -0
  124. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/git_utilities.py +0 -0
  125. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/json_loading_utility.py +0 -0
  126. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/lambda_function_utilities.py +0 -0
  127. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utilities/os_execute.py +0 -0
  128. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/utils/api_gateway_utilities.py +0 -0
  129. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/workload/workload_factory.py +0 -0
  130. {cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/handlers/test/handler.py +0 -0
{cdk_factory-0.7.26 → cdk_factory-0.7.27}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: cdk_factory
3
- Version: 0.7.26
3
+ Version: 0.7.27
4
4
  Summary: CDK Factory. A QuickStarter and best practices setup for CDK projects
5
5
  Author-email: Eric Wilson <eric.wilson@geekcafe.com>
6
6
  License: MIT License
{cdk_factory-0.7.26 → cdk_factory-0.7.27}/pyproject.toml RENAMED
@@ -33,7 +33,7 @@ markers = [
33
33
  [project]
34
34
 
35
35
  name = "cdk_factory"
36
- version = "0.7.26"
36
+ version = "0.7.27"
37
37
  authors = [
38
38
  { name="Eric Wilson", email="eric.wilson@geekcafe.com" }
39
39
  ]
{cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/configurations/resources/apigateway_route_config.py RENAMED
@@ -72,7 +72,7 @@ class ApiGatewayConfigRouteConfig:
72
72
  @property
73
73
  def allow_public_override(self) -> bool:
74
74
  """Whether to allow public access when Cognito is available"""
75
- return self._config.get("allow_public_override", False)
75
+ return str(self._config.get("allow_public_override", False)).lower() == "true"
76
76
 
77
77
  @property
78
78
  def dictionary(self) -> Dict[str, Any]:
{cdk_factory-0.7.26 → cdk_factory-0.7.27}/src/cdk_factory/stack_library/api_gateway/api_gateway_stack.py RENAMED
@@ -350,28 +350,30 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
350
350
  def _validate_authorization_configuration(self, route, has_cognito_authorizer):
351
351
  """
352
352
  Validate authorization configuration for security and clarity.
353
-
353
+
354
354
  This method implements 'secure by default' with explicit overrides:
355
355
  - If Cognito is available and route wants NONE auth, requires explicit override
356
356
  - If Cognito is not available and route wants COGNITO auth, raises error
357
357
  - Provides verbose warnings for monitoring and security awareness
358
-
358
+
359
359
  Args:
360
360
  route (dict): Route configuration
361
361
  has_cognito_authorizer (bool): Whether a Cognito authorizer is configured
362
-
362
+
363
363
  Raises:
364
364
  ValueError: When there are security conflicts without explicit overrides
365
365
  """
366
366
  import logging
367
-
368
- auth_type = route.get("authorization_type", "COGNITO")
369
- explicit_override = route.get("allow_public_override", False)
367
+
368
+ auth_type = str(route.get("authorization_type", "COGNITO")).upper()
369
+ explicit_override = (
370
+ str(route.get("allow_public_override", False)).lower() == "true"
371
+ )
370
372
  route_path = route.get("path", "unknown")
371
373
  method = route.get("method", "unknown")
372
-
374
+
373
375
  logger = logging.getLogger(__name__)
374
-
376
+
375
377
  # Case 1: Cognito available + NONE requested + No explicit override = ERROR
376
378
  if has_cognito_authorizer and auth_type == "NONE" and not explicit_override:
377
379
  error_msg = (
@@ -383,11 +385,12 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
383
385
  f" 1. Remove Cognito configuration if you want public access\n"
384
386
  f" 2. Add 'allow_public_override': true to explicitly allow public access\n"
385
387
  f" 3. Remove 'authorization_type': 'NONE' to use secure Cognito auth\n\n"
386
- f"🔒 This prevents accidental public endpoints when authentication is available."
388
+ f"🔒 This prevents accidental public endpoints when authentication is available.\n\n"
389
+ f"👉 ApiGatewayStack documentation for more details: https://github.com/your-repo/api-gateway-stack"
387
390
  )
388
391
  raise ValueError(error_msg)
389
-
390
- # Case 2: No Cognito + COGNITO explicitly requested = ERROR
392
+
393
+ # Case 2: No Cognito + COGNITO explicitly requested = ERROR
391
394
  # Only error if COGNITO was explicitly requested, not if it's the default
392
395
  if not has_cognito_authorizer and route.get("authorization_type") == "COGNITO":
393
396
  error_msg = (
@@ -401,7 +404,7 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
401
404
  f" 4. Remove explicit authorization_type to use default behavior"
402
405
  )
403
406
  raise ValueError(error_msg)
404
-
407
+
405
408
  # Case 3: Cognito available + NONE requested + Explicit override = WARN
406
409
  if has_cognito_authorizer and auth_type == "NONE" and explicit_override:
407
410
  warning_msg = (
@@ -411,10 +414,10 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
411
414
  f" 📊 Consider monitoring this endpoint for unexpected usage patterns\n"
412
415
  f" 🔍 Review periodically: Should this endpoint be secured?"
413
416
  )
414
-
417
+
415
418
  # Print to console during deployment for visibility
416
419
  print(warning_msg)
417
-
420
+
418
421
  # Structured logging for monitoring and metrics
419
422
  logger.warning(
420
423
  "Public endpoint configured with Cognito available",
@@ -426,10 +429,10 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
426
429
  "authorization_type": "NONE",
427
430
  "metric_name": "public_endpoint_with_cognito",
428
431
  "security_decision": "intentional_public",
429
- "recommendation": "review_periodically"
430
- }
432
+ "recommendation": "review_periodically",
433
+ },
431
434
  )
432
-
435
+
433
436
  # Case 4: No Cognito + NONE = INFO (expected for public-only APIs)
434
437
  if not has_cognito_authorizer and auth_type == "NONE":
435
438
  logger.info(
@@ -439,8 +442,8 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
439
442
  "method": method,
440
443
  "authorization_type": "NONE",
441
444
  "cognito_available": False,
442
- "security_decision": "public_only_api"
443
- }
445
+ "security_decision": "public_only_api",
446
+ },
444
447
  )
445
448
 
446
449
  def _setup_lambda_integration(
@@ -448,23 +451,27 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
448
451
  ):
449
452
  """Setup Lambda integration for a route"""
450
453
  import logging
451
-
454
+
452
455
  route_path = route["path"]
453
456
  # Secure by default: require Cognito authorization unless explicitly set to NONE
454
457
  authorization_type = route.get("authorization_type", "COGNITO")
455
-
458
+
456
459
  # If no Cognito authorizer available and default COGNITO, fall back to NONE
457
- if not authorizer and authorization_type == "COGNITO" and "authorization_type" not in route:
460
+ if (
461
+ not authorizer
462
+ and authorization_type == "COGNITO"
463
+ and "authorization_type" not in route
464
+ ):
458
465
  authorization_type = "NONE"
459
466
  logger = logging.getLogger(__name__)
460
467
  logger.info(
461
468
  f"No Cognito authorizer available for route {route_path} ({route.get('method', 'unknown')}), "
462
469
  f"defaulting to public access (NONE authorization)"
463
470
  )
464
-
471
+
465
472
  # Validate authorization configuration for security
466
473
  self._validate_authorization_configuration(route, authorizer is not None)
467
-
474
+
468
475
  # If set to NONE (explicitly or by fallback), skip authorization
469
476
  if authorization_type == "NONE":
470
477
  authorizer = None
@@ -502,20 +509,24 @@ class ApiGatewayStack(IStack, EnhancedSsmParameterMixin):
502
509
  ):
503
510
  """Setup fallback Lambda integration for routes without src"""
504
511
  import logging
505
-
512
+
506
513
  route_path = route["path"]
507
514
  # Secure by default: require Cognito authorization unless explicitly set to NONE
508
515
  authorization_type = route.get("authorization_type", "COGNITO")
509
-
516
+
510
517
  # If no Cognito authorizer available and default COGNITO, fall back to NONE
511
- if not authorizer and authorization_type == "COGNITO" and "authorization_type" not in route:
518
+ if (
519
+ not authorizer
520
+ and authorization_type == "COGNITO"
521
+ and "authorization_type" not in route
522
+ ):
512
523
  authorization_type = "NONE"
513
524
  logger = logging.getLogger(__name__)
514
525
  logger.info(
515
526
  f"No Cognito authorizer available for route {route_path} ({route.get('method', 'unknown')}), "
516
527
  f"defaulting to public access (NONE authorization)"
517
528
  )
518
-
529
+
519
530
  # Validate authorization configuration for security
520
531
  self._validate_authorization_configuration(route, authorizer is not None)
521
532