fix: normalize the open api version (#3551)

Author: xazhao

samtranslator/model/api/api_generator.py

@@ -251,7 +251,6 @@ def __init__(  # noqa: PLR0913
         self.resource_attributes = resource_attributes
         self.passthrough_resource_attributes = passthrough_resource_attributes
         self.open_api_version = open_api_version
-        self.remove_extra_stage = open_api_version
         self.models = models
         self.domain = domain
         self.fail_on_warnings = fail_on_warnings
@@ -400,7 +399,7 @@ def _construct_deployment(self, rest_api: ApiGatewayRestApi) -> ApiGatewayDeploy
             self.logical_id + "Deployment", attributes=self.passthrough_resource_attributes
         )
         deployment.RestApiId = rest_api.get_runtime_attr("rest_api_id")
-        if not self.remove_extra_stage:
+        if not self.open_api_version:
             deployment.StageName = "Stage"
 
         return deployment
@@ -438,7 +437,7 @@ def _construct_stage(
         if swagger is not None:
             deployment.make_auto_deployable(
                 stage,
-                self.remove_extra_stage,
+                self.open_api_version,
                 swagger,
                 self.domain,
                 redeploy_restapi_parameters,
@@ -1125,11 +1124,10 @@ def _openapi_postprocess(self, definition_body: Dict[str, Any]) -> Dict[str, Any
         if definition_body.get("swagger") is not None:
             return definition_body
 
-        if definition_body.get("openapi") is not None and self.open_api_version is None:
-            self.open_api_version = definition_body.get("openapi")
+        normalized_open_api_version = definition_body.get("openapi", self.open_api_version)
 
-        if self.open_api_version and SwaggerEditor.safe_compare_regex_with_string(
-            SwaggerEditor._OPENAPI_VERSION_3_REGEX, self.open_api_version
+        if normalized_open_api_version and SwaggerEditor.safe_compare_regex_with_string(
+            SwaggerEditor._OPENAPI_VERSION_3_REGEX, normalized_open_api_version
         ):
             if definition_body.get("securityDefinitions"):
                 components = definition_body.get("components", Py27Dict())

tests/translator/input/api_open_api_version_override.yaml

@@ -0,0 +1,166 @@
+Transform:
+- AWS::Serverless-2016-10-31
+Resources:
+  ApiGatewayCognitoExecutionRole4F7CB5C8:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action: sts:AssumeRole
+          Effect: Allow
+          Principal:
+            Service: apigateway.amazonaws.com
+        Version: '2012-10-17'
+      Policies:
+      - PolicyDocument:
+          Statement:
+          - Action: lambda:Invoke*
+            Effect: Allow
+            Resource:
+              Fn::GetAtt:
+              - LambdaFunction7804BD21
+              - Arn
+          Version: '2012-10-17'
+        PolicyName: apigInvokeLambda
+  LambdaFunctionServiceRoleD6E423C9:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action: sts:AssumeRole
+          Effect: Allow
+          Principal:
+            Service: lambda.amazonaws.com
+        Version: '2012-10-17'
+      ManagedPolicyArns:
+      - Fn::Join:
+        - ''
+        - - 'arn:'
+          - Ref: AWS::Partition
+          - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+  LambdaFunctionServiceRoleDefaultPolicyF01A7EDC:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyDocument:
+        Statement:
+        - Action: sns:Publish
+          Effect: Allow
+          Resource: '*'
+        Version: '2012-10-17'
+      PolicyName: LambdaFunctionServiceRoleDefaultPolicyF01A7EDC
+      Roles:
+      - Ref: LambdaFunctionServiceRoleD6E423C9
+  LambdaFunction7804BD21:
+    Type: AWS::Lambda::Function
+    Properties:
+      Code:
+        ZipFile: |
+          exports.handler = async (event, context, callback) => {
+            const auth = event.queryStringParameters.authorization
+            const policyDocument = {
+              Version: '2012-10-17',
+              Statement: [{
+                Action: 'execute-api:Invoke',
+                Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',
+                Resource: event.methodArn
+              }]
+            }
+            
+            return {
+              principalId: 'user',
+              context: {},
+              policyDocument
+            }
+          }
+      Role:
+        Fn::GetAtt:
+        - LambdaFunctionServiceRoleD6E423C9
+        - Arn
+      Handler: index.handler
+      Runtime: nodejs16.x
+  MyCognitoUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      UserPoolName: MyCognitoUserPool
+  ApiGatewayCognitoService15108F0B:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: prod
+      Auth:
+        AddDefaultAuthorizerToCorsPreflight: false
+        Authorizers:
+          CognitoAuthorizer:
+            UserPoolArn:
+              Fn::GetAtt: MyCognitoUserPool.Arn
+        DefaultAuthorizer: CognitoAuthorizer
+      DefinitionBody:
+        openapi: 3.0.2
+        info:
+          title: RxtHofApprovalServiceLambdaCognito
+          version: '2018-05-10'
+        paths:
+          /reviews:
+            post:
+              operationId: CreateReview
+              requestBody:
+                content:
+                  application/json:
+                    schema:
+                      $ref: '#/components/schemas/CreateReviewRequestContent'
+                required: true
+              responses:
+                '200':
+                  description: CreateReview 200 response
+                  headers:
+                    Access-Control-Allow-Origin:
+                      schema:
+                        type: string
+                    Access-Control-Expose-Headers:
+                      schema:
+                        type: string
+                  content:
+                    application/json:
+                      schema:
+                        $ref: '#/components/schemas/CreateReviewResponseContent'
+              x-amazon-apigateway-integration:
+                type: aws_proxy
+                httpMethod: POST
+                uri:
+                  Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations
+                credentials:
+                  Fn::Sub: ${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}
+                responses:
+                  default:
+                    statusCode: '200'
+                    responseParameters:
+                      method.response.header.Access-Control-Allow-Origin: "'*'"
+                      method.response.header.Access-Control-Expose-Headers: "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'"
+        components:
+          schemas:
+            CreateReviewRequestContent:
+              type: object
+              properties:
+                reviewId:
+                  type: string
+            CreateReviewResponseContent:
+              type: object
+              properties:
+                reviewId:
+                  type: string
+          securitySchemes:
+            aws.auth.sigv4:
+              type: apiKey
+              description: AWS Signature Version 4 authentication
+              name: Authorization
+              in: header
+              x-amazon-apigateway-authtype: awsSigv4
+        security:
+        - aws.auth.sigv4: []
+        x-amazon-apigateway-gateway-responses:
+          DEFAULT_5XX:
+            responseTemplates:
+              application/json: '{"message":$context.error.messageString}'
+            responseParameters:
+              gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
+      OpenApiVersion: '2.0'
+      TracingEnabled: true

tests/translator/input/error_api_openapi_not_set.yaml

@@ -0,0 +1,165 @@
+Transform:
+- AWS::Serverless-2016-10-31
+Resources:
+  ApiGatewayCognitoExecutionRole4F7CB5C8:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action: sts:AssumeRole
+          Effect: Allow
+          Principal:
+            Service: apigateway.amazonaws.com
+        Version: '2012-10-17'
+      Policies:
+      - PolicyDocument:
+          Statement:
+          - Action: lambda:Invoke*
+            Effect: Allow
+            Resource:
+              Fn::GetAtt:
+              - LambdaFunction7804BD21
+              - Arn
+          Version: '2012-10-17'
+        PolicyName: apigInvokeLambda
+  LambdaFunctionServiceRoleD6E423C9:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action: sts:AssumeRole
+          Effect: Allow
+          Principal:
+            Service: lambda.amazonaws.com
+        Version: '2012-10-17'
+      ManagedPolicyArns:
+      - Fn::Join:
+        - ''
+        - - 'arn:'
+          - Ref: AWS::Partition
+          - :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+  LambdaFunctionServiceRoleDefaultPolicyF01A7EDC:
+    Type: AWS::IAM::Policy
+    Properties:
+      PolicyDocument:
+        Statement:
+        - Action: sns:Publish
+          Effect: Allow
+          Resource: '*'
+        Version: '2012-10-17'
+      PolicyName: LambdaFunctionServiceRoleDefaultPolicyF01A7EDC
+      Roles:
+      - Ref: LambdaFunctionServiceRoleD6E423C9
+  LambdaFunction7804BD21:
+    Type: AWS::Lambda::Function
+    Properties:
+      Code:
+        ZipFile: |
+          exports.handler = async (event, context, callback) => {
+            const auth = event.queryStringParameters.authorization
+            const policyDocument = {
+              Version: '2012-10-17',
+              Statement: [{
+                Action: 'execute-api:Invoke',
+                Effect: auth && auth.toLowerCase() === 'allow' ? 'Allow' : 'Deny',
+                Resource: event.methodArn
+              }]
+            }
+            
+            return {
+              principalId: 'user',
+              context: {},
+              policyDocument
+            }
+          }
+      Role:
+        Fn::GetAtt:
+        - LambdaFunctionServiceRoleD6E423C9
+        - Arn
+      Handler: index.handler
+      Runtime: nodejs16.x
+  MyCognitoUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      UserPoolName: MyCognitoUserPool
+  ApiGatewayCognitoService15108F0B:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: prod
+      Auth:
+        AddDefaultAuthorizerToCorsPreflight: false
+        Authorizers:
+          CognitoAuthorizer:
+            UserPoolArn:
+              Fn::GetAtt: MyCognitoUserPool.Arn
+        DefaultAuthorizer: CognitoAuthorizer
+      DefinitionBody:
+        info:
+          title: RxtHofApprovalServiceLambdaCognito
+          version: '2018-05-10'
+        paths:
+          /reviews:
+            post:
+              operationId: CreateReview
+              requestBody:
+                content:
+                  application/json:
+                    schema:
+                      $ref: '#/components/schemas/CreateReviewRequestContent'
+                required: true
+              responses:
+                '200':
+                  description: CreateReview 200 response
+                  headers:
+                    Access-Control-Allow-Origin:
+                      schema:
+                        type: string
+                    Access-Control-Expose-Headers:
+                      schema:
+                        type: string
+                  content:
+                    application/json:
+                      schema:
+                        $ref: '#/components/schemas/CreateReviewResponseContent'
+              x-amazon-apigateway-integration:
+                type: aws_proxy
+                httpMethod: POST
+                uri:
+                  Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction7804BD21.Arn}/invocations
+                credentials:
+                  Fn::Sub: ${ApiGatewayCognitoExecutionRole4F7CB5C8.Arn}
+                responses:
+                  default:
+                    statusCode: '200'
+                    responseParameters:
+                      method.response.header.Access-Control-Allow-Origin: "'*'"
+                      method.response.header.Access-Control-Expose-Headers: "'Content-Length,Content-Type,X-Amzn-Errortype,X-Amzn-Requestid'"
+        components:
+          schemas:
+            CreateReviewRequestContent:
+              type: object
+              properties:
+                reviewId:
+                  type: string
+            CreateReviewResponseContent:
+              type: object
+              properties:
+                reviewId:
+                  type: string
+          securitySchemes:
+            aws.auth.sigv4:
+              type: apiKey
+              description: AWS Signature Version 4 authentication
+              name: Authorization
+              in: header
+              x-amazon-apigateway-authtype: awsSigv4
+        security:
+        - aws.auth.sigv4: []
+        x-amazon-apigateway-gateway-responses:
+          DEFAULT_5XX:
+            responseTemplates:
+              application/json: '{"message":$context.error.messageString}'
+            responseParameters:
+              gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
+      OpenApiVersion: '3.0'
+      TracingEnabled: true