Allow customAuthType defaulting to be disabled

Allow the setting of an empty customAuthType to indicate that the x-amazon-apigateway-authtype extension should not be set to "custom". This is done to handle the current defaulting behavior instead of adding a flag. This is necessary to enable API Gateway's built-in API key validation.
smithy-lang · Oct 16, 2020 · 9ca75c4 · 9ca75c4
1 parent 161ce3d
commit 9ca75c4
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 2 deletions.
diff --git a/docs/source/1.0/spec/aws/amazon-apigateway.rst b/docs/source/1.0/spec/aws/amazon-apigateway.rst
@@ -123,7 +123,8 @@ An *authorizer* definition is a structure that supports the following members:
       - The ``authType`` of the authorizer. This value is used in APIGateway
         exports as ``x-amazon-apigateway-authtype``. This value is set to
         ``custom`` by default, or ``awsSigv4`` if your scheme is
-        :ref:`aws.auth#sigv4 <aws.auth#sigv4-trait>`.
+        :ref:`aws.auth#sigv4 <aws.auth#sigv4-trait>`. Set the value to an empty
+        string to disable defaulting to ``custom``.
     * - uri
       - ``string``
       - Specifies the authorizer's Uniform Resource Identifier

diff --git a/...y-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java b/...y-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizers.java
@@ -167,7 +167,15 @@ private <T extends Trait> SecurityScheme convertAuthScheme(
         T authTrait = context.getService().expectTrait(converter.getAuthSchemeType());
         SecurityScheme createdScheme = converter.createSecurityScheme(context, authTrait);
         SecurityScheme.Builder schemeBuilder = createdScheme.toBuilder();
-        schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authorizer.getCustomAuthType().orElse(DEFAULT_AUTH_TYPE));
+
+        // Allow the setting of an empty customAuthType to indicate that
+        // the extension should not be set to "custom". This is done to
+        // handle the current defaulting behavior instead of adding a flag.
+        // This is necessary to enable API Gateway's built-in API key validation.
+        String authType = authorizer.getCustomAuthType().orElse(DEFAULT_AUTH_TYPE);
+        if (!authType.isEmpty()) {
+            schemeBuilder.putExtension(CLIENT_EXTENSION_NAME, authType);
+        }
 
         ObjectNode authorizerNode = Node.objectNodeBuilder()
                 .withOptionalMember("type", authorizer.getType().map(Node::from))

diff --git a/...enapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java b/...enapi/src/test/java/software/amazon/smithy/aws/apigateway/openapi/AddAuthorizersTest.java
@@ -112,6 +112,28 @@ public void addsCustomAuthType() {
         assertFalse(sigV4.getExtension("x-amazon-apigateway-authorizer").isPresent());
     }
 
+    @Test
+    public void emptyCustomAuthTypeNotSet() {
+        Model model = Model.assembler()
+                .discoverModels(getClass().getClassLoader())
+                .addImport(getClass().getResource("empty-custom-auth-type-authorizer.json"))
+                .assemble()
+                .unwrap();
+        OpenApiConfig config = new OpenApiConfig();
+        config.setService(ShapeId.from("ns.foo#SomeService"));
+        OpenApi result = OpenApiConverter.create()
+                .config(config)
+                .classLoader(getClass().getClassLoader())
+                .convert(model);
+        SecurityScheme apiKey = result.getComponents().getSecuritySchemes().get("api_key");
+
+        assertThat(apiKey.getType(), equalTo("apiKey"));
+        assertThat(apiKey.getName().get(), equalTo("x-api-key"));
+        assertThat(apiKey.getIn().get(), equalTo("header"));
+        assertFalse(apiKey.getExtension("x-amazon-apigateway-authtype").isPresent());
+        assertFalse(apiKey.getExtension("x-amazon-apigateway-authorizer").isPresent());
+    }
+
     @Test
     public void resolvesEffectiveAuthorizersForEachOperation() {
         Model model = Model.assembler()

diff --git a/...rces/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json b/...rces/software/amazon/smithy/aws/apigateway/openapi/empty-custom-auth-type-authorizer.json
@@ -0,0 +1,23 @@
+{
+  "smithy": "1.0",
+  "shapes": {
+    "ns.foo#SomeService": {
+      "type": "service",
+      "version": "2018-03-17",
+      "traits": {
+        "aws.protocols#restJson1": {},
+        "smithy.api#httpApiKeyAuth": {
+          "name": "x-api-key",
+          "in": "header"
+        },
+        "aws.apigateway#authorizer": "api_key",
+        "aws.apigateway#authorizers": {
+          "api_key": {
+            "scheme": "smithy.api#httpApiKeyAuth",
+            "customAuthType": ""
+          }
+        }
+      }
+    }
+  }
+}