fix(lambda-authorizer): allow proxy resources path in arn (#1051)

Michael Brewer · heitorlessa · web-flow · commit 51ff350b25e2 · 2022-03-02T09:50:19.000+01:00
Co-authored-by: Heitor Lessa &lt;lessa@amazon.com&gt;
diff --git a/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py b/aws_lambda_powertools/utilities/data_classes/api_gateway_authorizer_event.py
@@ -60,7 +60,8 @@ def parse_api_gateway_arn(arn: str) -> APIGatewayRouteArn:
         api_id=api_gateway_arn_parts[0],
         stage=api_gateway_arn_parts[1],
         http_method=api_gateway_arn_parts[2],
-        resource=api_gateway_arn_parts[3] if len(api_gateway_arn_parts) == 4 else "",
+        # conditional allow us to handle /path/{proxy+} resources, as their length changes.
+        resource="/".join(api_gateway_arn_parts[3:]) if len(api_gateway_arn_parts) >= 4 else "",
     )
 
 
diff --git a/tests/functional/data_classes/test_api_gateway_authorizer.py b/tests/functional/data_classes/test_api_gateway_authorizer.py
@@ -3,6 +3,7 @@
 from aws_lambda_powertools.utilities.data_classes.api_gateway_authorizer_event import (
     DENY_ALL_RESPONSE,
     APIGatewayAuthorizerResponse,
+    APIGatewayAuthorizerTokenEvent,
     HttpVerb,
 )
 
@@ -195,3 +196,26 @@ def test_authorizer_response_allow_route_with_underscore(builder: APIGatewayAuth
             ],
         },
     }
+
+
+def test_parse_api_gateway_arn_with_resource():
+    mock_event = {
+        "type": "TOKEN",
+        "methodArn": "arn:aws:execute-api:us-east-2:1234567890:abcd1234/latest/GET/path/part/part/1",
+        "authorizationToken": "Bearer TOKEN",
+    }
+    event = APIGatewayAuthorizerTokenEvent(mock_event)
+    event_arn = event.parsed_arn
+    assert event_arn.resource == "path/part/part/1"
+
+    authorizer_policy = APIGatewayAuthorizerResponse(
+        principal_id="fooPrinciple",
+        region=event_arn.region,
+        aws_account_id=event_arn.aws_account_id,
+        api_id=event_arn.api_id,
+        stage=event_arn.stage,
+    )
+    authorizer_policy.allow_route(http_method=event_arn.http_method, resource=event_arn.resource)
+    response = authorizer_policy.asdict()
+
+    assert mock_event["methodArn"] == response["policyDocument"]["Statement"][0]["Resource"][0]

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,8 @@ def parse_api_gateway_arn(arn: str) -> APIGatewayRouteArn:`
`60`	`60`	`api_id=api_gateway_arn_parts[0],`
`61`	`61`	`stage=api_gateway_arn_parts[1],`
`62`	`62`	`http_method=api_gateway_arn_parts[2],`
`63`		`- resource=api_gateway_arn_parts[3] if len(api_gateway_arn_parts) == 4 else "",`
	`63`	`+ # conditional allow us to handle /path/{proxy+} resources, as their length changes.`
	`64`	`+ resource="/".join(api_gateway_arn_parts[3:]) if len(api_gateway_arn_parts) >= 4 else "",`
`64`	`65`	`)`
`65`	`66`
`66`	`67`