Merge pull request #60 from AhmedNourJamalElDin/master

Allow Private Field

Author: horike37

README.md

@@ -22,6 +22,7 @@ This Serverless Framework plugin supports the AWS service proxy integration feat
 - [Common API Gateway features](#common-api-gateway-features)
   - [Enabling CORS](#enabling-cors)
   - [Adding Authorization](#adding-authorization)
+  - [Enabling API Token Authentication](#enabling-api-token-authentication)
   - [Using a Custom IAM Role](#using-a-custom-iam-role)
   - [Customizing API Gateway parameters](#customizing-api-gateway-parameters)
   - [Customizing request body mapping templates](#customizing-request-body-mapping-templates)
@@ -480,6 +481,35 @@ resources:
 
 Source: [AWS::ApiGateway::Method docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationtype)
 
+
+
+### Enabling API Token Authentication
+
+You can indicate whether the method requires clients to submit a valid API key using `private` flag:
+
+```yml
+custom:
+  apiGatewayServiceProxies:
+    - sqs:
+        path: /sqs
+        method: post
+        queueName: { 'Fn::GetAtt': ['SQSQueue', 'QueueName'] }
+        cors: true
+        private: true
+
+resources:
+  Resources:
+    SQSQueue:
+      Type: 'AWS::SQS::Queue'
+```
+
+which is the same syntax used in Serverless framework.
+
+Source: [Serverless: Setting API keys for your Rest API](https://serverless.com/framework/docs/providers/aws/events/apigateway/#setting-api-keys-for-your-rest-api)
+
+Source: [AWS::ApiGateway::Method docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-apikeyrequired)
+
+
 ### Using a Custom IAM Role
 
 By default, the plugin will generate a role with the required permissions for each service type that is configured.

lib/apiGateway/schema.js

@@ -23,6 +23,8 @@ const method = Joi.string()
   .valid(['get', 'post', 'put', 'patch', 'options', 'head', 'delete', 'any'])
   .insensitive()
 
+const privateField = Joi.boolean().default(false)
+
 const cors = Joi.alternatives().try(
   Joi.boolean(),
   Joi.object({
@@ -98,6 +100,7 @@ const proxy = Joi.object({
   pathOverride,
   method,
   cors,
+  private: privateField,
   authorizationType,
   authorizerId,
   authorizationScopes,

lib/apiGateway/validate.test.js

@@ -137,6 +137,75 @@ describe('#validateServiceProxies()', () => {
       expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.not.throw()
     })
 
+    it('should work if "private" property is missing', () => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            kinesis: {
+              path: '/kinesis',
+              streamName: 'streamName',
+              method: 'POST'
+            }
+          }
+        ]
+      }
+
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.not.throw()
+    })
+
+    it('should work if "private" property is true', () => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            kinesis: {
+              path: '/kinesis',
+              streamName: 'streamName',
+              method: 'POST',
+              private: true
+            }
+          }
+        ]
+      }
+
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.not.throw()
+    })
+
+    it('should work if "private" property is false', () => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            kinesis: {
+              path: '/kinesis',
+              streamName: 'streamName',
+              method: 'POST',
+              private: false
+            }
+          }
+        ]
+      }
+
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.not.throw()
+    })
+
+    it('should throw if "private" property is set to unsupported type', () => {
+      serverlessApigatewayServiceProxy.serverless.service.custom = {
+        apiGatewayServiceProxies: [
+          {
+            kinesis: {
+              path: '/kinesis',
+              streamName: 'streamName',
+              method: 'POST',
+              private: 'xxxxx'
+            }
+          }
+        ]
+      }
+      expect(() => serverlessApigatewayServiceProxy.validateServiceProxies()).to.throw(
+        serverless.classes.Error,
+        'child "kinesis" fails because [child "private" fails because ["private" must be a boolean]]'
+      )
+    })
+
     it('should process cors defaults', () => {
       serverlessApigatewayServiceProxy.serverless.service.custom = {
         apiGatewayServiceProxies: [

lib/package/dynamodb/compileMethodsToDynamodb.test.js

@@ -825,6 +825,117 @@ describe('#compileMethodsToDynamodb()', () => {
       })
     })
   })
+
+  describe('#private', () => {
+    it('should create corresponding resources when a dynamodb proxy is given with private', () => {
+      serverlessApigatewayServiceProxy.validated = {
+        events: [
+          {
+            serviceName: 'dynamodb',
+            http: {
+              path: 'dynamodb',
+              method: 'post',
+              action: 'PutItem',
+              tableName: {
+                Ref: 'MyTable'
+              },
+              key: 'key',
+              private: true,
+              auth: { authorizationType: 'NONE' }
+            }
+          }
+        ]
+      }
+      serverlessApigatewayServiceProxy.apiGatewayRestApiLogicalId = 'ApiGatewayRestApi'
+      serverlessApigatewayServiceProxy.apiGatewayResources = {
+        dynamodb: {
+          name: 'dynamodb',
+          resourceLogicalId: 'ApiGatewayResourceDynamodb'
+        }
+      }
+
+      serverlessApigatewayServiceProxy.compileMethodsToDynamodb()
+      expect(serverless.service.provider.compiledCloudFormationTemplate.Resources).to.deep.equal({
+        ApiGatewayMethoddynamodbPost: {
+          Type: 'AWS::ApiGateway::Method',
+          Properties: {
+            HttpMethod: 'POST',
+            RequestParameters: {},
+            AuthorizationScopes: undefined,
+            AuthorizerId: undefined,
+            AuthorizationType: 'NONE',
+            ApiKeyRequired: true,
+            ResourceId: { Ref: 'ApiGatewayResourceDynamodb' },
+            RestApiId: { Ref: 'ApiGatewayRestApi' },
+            Integration: {
+              IntegrationHttpMethod: 'POST',
+              Type: 'AWS',
+              Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },
+              Uri: {
+                'Fn::Sub': [
+                  'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+                  { action: 'PutItem' }
+                ]
+              },
+              PassthroughBehavior: 'NEVER',
+              RequestTemplates: {
+                'application/json': {
+                  'Fn::Sub': [
+                    '{"TableName": "${TableName}","Item": {\n      #set ($body = $util.parseJson($input.body))\n      #foreach( $key in $body.keySet())\n        #set ($item = $body.get($key))\n        #foreach( $type in $item.keySet())\n          "$key":{"$type" : "$item.get($type)"}\n        #if($foreach.hasNext()),#end\n        #end\n      #if($foreach.hasNext()),#end\n      #end\n    }\n    }',
+                    { TableName: { Ref: 'MyTable' } }
+                  ]
+                },
+                'application/x-www-form-urlencoded': {
+                  'Fn::Sub': [
+                    '{"TableName": "${TableName}","Item": {\n      #set ($body = $util.parseJson($input.body))\n      #foreach( $key in $body.keySet())\n        #set ($item = $body.get($key))\n        #foreach( $type in $item.keySet())\n          "$key":{"$type" : "$item.get($type)"}\n        #if($foreach.hasNext()),#end\n        #end\n      #if($foreach.hasNext()),#end\n      #end\n    }\n    }',
+                    { TableName: { Ref: 'MyTable' } }
+                  ]
+                }
+              },
+              IntegrationResponses: [
+                {
+                  StatusCode: 200,
+                  SelectionPattern: '2\\d{2}',
+                  ResponseParameters: {},
+                  ResponseTemplates: {}
+                },
+                {
+                  StatusCode: 400,
+                  SelectionPattern: '4\\d{2}',
+                  ResponseParameters: {},
+                  ResponseTemplates: {}
+                },
+                {
+                  StatusCode: 500,
+                  SelectionPattern: '5\\d{2}',
+                  ResponseParameters: {},
+                  ResponseTemplates: {}
+                }
+              ]
+            },
+            MethodResponses: [
+              {
+                ResponseParameters: {},
+                ResponseModels: {},
+                StatusCode: 200
+              },
+              {
+                ResponseParameters: {},
+                ResponseModels: {},
+                StatusCode: 400
+              },
+              {
+                ResponseParameters: {},
+                ResponseModels: {},
+                StatusCode: 500
+              }
+            ]
+          }
+        }
+      })
+    })
+  })
+
   describe('#authorization', () => {
     const testAuthorization = (auth) => {
       const param = {

lib/package/kinesis/compileMethodsToKinesis.test.js

@@ -249,6 +249,118 @@ describe('#compileMethodsToKinesis()', () => {
     })
   })
 
+  it('should create corresponding resources when kinesis proxies are given with private', () => {
+    serverlessApigatewayServiceProxy.validated = {
+      events: [
+        {
+          serviceName: 'kinesis',
+          http: {
+            streamName: 'myStream',
+            path: 'kinesis',
+            method: 'post',
+            auth: {
+              authorizationType: 'NONE'
+            },
+            private: true
+          }
+        }
+      ]
+    }
+    serverlessApigatewayServiceProxy.apiGatewayRestApiLogicalId = 'ApiGatewayRestApi'
+    serverlessApigatewayServiceProxy.apiGatewayResources = {
+      kinesis: {
+        name: 'kinesis',
+        resourceLogicalId: 'ApiGatewayResourceKinesis'
+      }
+    }
+
+    serverlessApigatewayServiceProxy.compileMethodsToKinesis()
+
+    expect(serverless.service.provider.compiledCloudFormationTemplate.Resources).to.deep.equal({
+      ApiGatewayMethodkinesisPost: {
+        Type: 'AWS::ApiGateway::Method',
+        Properties: {
+          HttpMethod: 'POST',
+          RequestParameters: {},
+          AuthorizationType: 'NONE',
+          AuthorizerId: undefined,
+          AuthorizationScopes: undefined,
+          ApiKeyRequired: true,
+          ResourceId: { Ref: 'ApiGatewayResourceKinesis' },
+          RestApiId: { Ref: 'ApiGatewayRestApi' },
+          Integration: {
+            IntegrationHttpMethod: 'POST',
+            Type: 'AWS',
+            Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
+            Uri: {
+              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+            },
+            PassthroughBehavior: 'NEVER',
+            RequestTemplates: {
+              'application/json': {
+                'Fn::Sub': [
+                  '{"StreamName":"${StreamName}","Data":"${Data}","PartitionKey":"${PartitionKey}"}',
+                  {
+                    StreamName: 'myStream',
+                    Data: '$util.base64Encode($input.body)',
+                    PartitionKey: '$context.requestId'
+                  }
+                ]
+              },
+              'application/x-www-form-urlencoded': {
+                'Fn::Sub': [
+                  '{"StreamName":"${StreamName}","Data":"${Data}","PartitionKey":"${PartitionKey}"}',
+                  {
+                    StreamName: 'myStream',
+                    Data: '$util.base64Encode($input.body)',
+                    PartitionKey: '$context.requestId'
+                  }
+                ]
+              }
+            },
+            IntegrationResponses: [
+              {
+                StatusCode: 200,
+                SelectionPattern: 200,
+                ResponseParameters: {},
+                ResponseTemplates: {}
+              },
+              {
+                StatusCode: 400,
+                SelectionPattern: 400,
+                ResponseParameters: {},
+                ResponseTemplates: {}
+              },
+              {
+                StatusCode: 500,
+                SelectionPattern: 500,
+                ResponseParameters: {},
+                ResponseTemplates: {}
+              }
+            ]
+          },
+          MethodResponses: [
+            {
+              ResponseParameters: {},
+              ResponseModels: {},
+              StatusCode: 200
+            },
+            {
+              ResponseParameters: {},
+              ResponseModels: {},
+              StatusCode: 400
+            },
+            {
+              ResponseParameters: {},
+              ResponseModels: {},
+              StatusCode: 500
+            }
+          ]
+        }
+      }
+    })
+  })
+
   it('should return the default template for application/json when one is not given', () => {
     const httpWithoutRequestTemplate = {
       path: 'foo/bar1',