fix: skip checks on non serverless api resources (#6471)

* skip checks on non serverless api resources * fix comment * handle ApiGatewayV2 * add test * update comment
aws · Jan 3, 2024 · 48d8b2b · 48d8b2b
1 parent b5503ae
commit 48d8b2b
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/samcli/commands/deploy/auth_utils.py b/samcli/commands/deploy/auth_utils.py
@@ -7,6 +7,7 @@
 from samcli.commands.local.lib.swagger.reader import SwaggerReader
 from samcli.lib.providers.provider import Stack
 from samcli.lib.providers.sam_function_provider import SamFunctionProvider
+from samcli.lib.utils.resources import AWS_APIGATEWAY_RESTAPI, AWS_APIGATEWAY_V2_API
 
 LOG = logging.getLogger(__name__)
 
@@ -101,6 +102,11 @@ def _auth_id(resources_dict, event_properties, identifier):
     """
     resource_name = event_properties.get(identifier, "")
     api_resource = resources_dict.get(resource_name, {})
+
+    # Auth does not apply to ApiGateway::RestApi or ApiGatwayV2::Api resources so return true and continue
+    if api_resource and (api_resource.get("Type") in [AWS_APIGATEWAY_RESTAPI, AWS_APIGATEWAY_V2_API]):
+        return True
+
     return any(
         [
             api_resource.get("Properties", {}).get("Auth", False),

diff --git a/tests/unit/commands/deploy/test_auth_utils.py b/tests/unit/commands/deploy/test_auth_utils.py
@@ -88,6 +88,35 @@ def test_auth_per_resource_defined_on_api_resource(self):
         _auth_per_resource = auth_per_resource([Stack("", "", "", {}, self.template_dict)])
         self.assertEqual(_auth_per_resource, [("HelloWorldFunction", True)])
 
+    def test_auth_per_resource_on_non_serverless_restapi(self):
+        self.template_dict["Resources"]["HelloWorldApi"] = OrderedDict(
+            [
+                ("Type", "AWS::ApiGateway::RestApi"),
+                ("Properties", OrderedDict([("StageName", "Prod")])),
+            ]
+        )
+        # setup the lambda function with a restapiId which has Auth defined.
+        self.template_dict["Resources"]["HelloWorldFunction"]["Properties"]["Events"]["HelloWorld"]["Properties"][
+            "RestApiId"
+        ] = {"Ref": "HelloWorldApi"}
+        self.template_dict["Resources"]["HelloWorldFunction"]["Properties"]["Events"]["HelloWorld"]["Type"] = "Api"
+        _auth_per_resource = auth_per_resource([Stack("", "", "", {}, self.template_dict)])
+        self.assertEqual(_auth_per_resource, [("HelloWorldFunction", True)])
+
+    def test_auth_per_resource_on_non_serverless_httpapi(self):
+        self.template_dict["Resources"]["HelloWorldApi"] = OrderedDict(
+            [
+                ("Type", "AWS::ApiGatewayV2::Api"),
+            ]
+        )
+        # setup the lambda function with a restapiId which has Auth defined.
+        self.template_dict["Resources"]["HelloWorldFunction"]["Properties"]["Events"]["HelloWorld"]["Properties"][
+            "ApiId"
+        ] = {"Ref": "HelloWorldApi"}
+        self.template_dict["Resources"]["HelloWorldFunction"]["Properties"]["Events"]["HelloWorld"]["Type"] = "HttpApi"
+        _auth_per_resource = auth_per_resource([Stack("", "", "", {}, self.template_dict)])
+        self.assertEqual(_auth_per_resource, [("HelloWorldFunction", True)])
+
     def test_auth_supplied_via_definition_body_uri(self):
         self.template_dict["Resources"]["HelloWorldApi"] = OrderedDict(
             [