Class: AWSCDK::APIGateway::TokenAuthorizer
- Inherits:
-
Authorizer
- Object
- Authorizer
- AWSCDK::APIGateway::TokenAuthorizer
- Includes:
- IAuthorizer
- Defined in:
- api_gateway/token_authorizer.rb
Overview
Token based lambda authorizer that recognizes the caller's identity as a bearer token, such as a JSON Web Token (JWT) or an OAuth token.
Based on the token, authorization is performed by a lambda function.
Class Method Summary collapse
- .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#authorization_type ⇒ AWSCDK::APIGateway::AuthorizationType?
The authorization type of this authorizer.
-
#authorizer_arn ⇒ String
The ARN of the authorizer to be used in permission policies, such as IAM and resource-based grants.
-
#authorizer_id ⇒ String
The id of the authorizer.
- #authorizer_props ⇒ AWSCDK::APIGateway::CfnAuthorizerProps
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#handler ⇒ AWSCDK::Lambda::IFunction
The Lambda function handler that this authorizer uses.
-
#initialize(scope, id, props) ⇒ TokenAuthorizer
constructor
A new instance of TokenAuthorizer.
-
#lazy_rest_api_id ⇒ String
Returns a token that resolves to the Rest Api Id at the time of synthesis.
-
#node ⇒ Constructs::Node
The tree node.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
- #rest_api_id ⇒ String?
- #rest_api_id=(value) ⇒ Object
-
#role ⇒ AWSCDK::IAM::IRole?
The IAM role that the API Gateway service assumes while invoking the Lambda function.
-
#setup_permissions ⇒ void
Sets up the permissions necessary for the API Gateway service to invoke the Lambda function.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props) ⇒ TokenAuthorizer
Returns a new instance of TokenAuthorizer.
14 15 16 17 18 19 20 |
# File 'api_gateway/token_authorizer.rb', line 14 def initialize(scope, id, props) props = props.is_a?(Hash) ? ::AWSCDK::APIGateway::TokenAuthorizerProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfYXBpZ2F0ZXdheS5Ub2tlbkF1dGhvcml6ZXJQcm9wcyJ9")), "props") Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.jsii_overridable_methods ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'api_gateway/token_authorizer.rb', line 22 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :authorizer_id => { kind: :property, name: "authorizerId", is_optional: false }, :authorization_type => { kind: :property, name: "authorizationType", is_optional: true }, :authorizer_arn => { kind: :property, name: "authorizerArn", is_optional: false }, :authorizer_props => { kind: :property, name: "authorizerProps", is_optional: false }, :handler => { kind: :property, name: "handler", is_optional: false }, :role => { kind: :property, name: "role", is_optional: true }, :rest_api_id => { kind: :property, name: "restApiId", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :lazy_rest_api_id => { kind: :method, name: "lazyRestApiId", is_optional: false }, :setup_permissions => { kind: :method, name: "setupPermissions", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
107 108 109 |
# File 'api_gateway/token_authorizer.rb', line 107 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_apigateway.TokenAuthorizer", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
180 181 182 183 |
# File 'api_gateway/token_authorizer.rb', line 180 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
197 198 199 200 |
# File 'api_gateway/token_authorizer.rb', line 197 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#authorization_type ⇒ AWSCDK::APIGateway::AuthorizationType?
The authorization type of this authorizer.
100 101 102 |
# File 'api_gateway/token_authorizer.rb', line 100 def () jsii_get_property("authorizationType") end |
#authorizer_arn ⇒ String
The ARN of the authorizer to be used in permission policies, such as IAM and resource-based grants.
114 115 116 |
# File 'api_gateway/token_authorizer.rb', line 114 def () jsii_get_property("authorizerArn") end |
#authorizer_id ⇒ String
The id of the authorizer.
93 94 95 |
# File 'api_gateway/token_authorizer.rb', line 93 def () jsii_get_property("authorizerId") end |
#authorizer_props ⇒ AWSCDK::APIGateway::CfnAuthorizerProps
119 120 121 |
# File 'api_gateway/token_authorizer.rb', line 119 def () jsii_get_property("authorizerProps") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
65 66 67 |
# File 'api_gateway/token_authorizer.rb', line 65 def env() jsii_get_property("env") end |
#generate_physical_name ⇒ String
203 204 205 |
# File 'api_gateway/token_authorizer.rb', line 203 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
217 218 219 220 221 222 |
# File 'api_gateway/token_authorizer.rb', line 217 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
232 233 234 235 |
# File 'api_gateway/token_authorizer.rb', line 232 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#handler ⇒ AWSCDK::Lambda::IFunction
The Lambda function handler that this authorizer uses.
126 127 128 |
# File 'api_gateway/token_authorizer.rb', line 126 def handler() jsii_get_property("handler") end |
#lazy_rest_api_id ⇒ String
Returns a token that resolves to the Rest Api Id at the time of synthesis.
Throws an error, during token resolution, if no RestApi is attached to this authorizer.
242 243 244 |
# File 'api_gateway/token_authorizer.rb', line 242 def lazy_rest_api_id() jsii_call_method("lazyRestApiId", []) end |
#node ⇒ Constructs::Node
The tree node.
50 51 52 |
# File 'api_gateway/token_authorizer.rb', line 50 def node() jsii_get_property("node") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
79 80 81 |
# File 'api_gateway/token_authorizer.rb', line 79 def physical_name() jsii_get_property("physicalName") end |
#rest_api_id ⇒ String?
138 139 140 |
# File 'api_gateway/token_authorizer.rb', line 138 def rest_api_id() jsii_get_property("restApiId") end |
#rest_api_id=(value) ⇒ Object
142 143 144 145 |
# File 'api_gateway/token_authorizer.rb', line 142 def rest_api_id=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "restApiId") unless value.nil? jsii_set_property("restApiId", value) end |
#role ⇒ AWSCDK::IAM::IRole?
The IAM role that the API Gateway service assumes while invoking the Lambda function.
133 134 135 |
# File 'api_gateway/token_authorizer.rb', line 133 def role() jsii_get_property("role") end |
#setup_permissions ⇒ void
This method returns an undefined value.
Sets up the permissions necessary for the API Gateway service to invoke the Lambda function.
249 250 251 |
# File 'api_gateway/token_authorizer.rb', line 249 def () jsii_call_method("setupPermissions", []) end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
86 87 88 |
# File 'api_gateway/token_authorizer.rb', line 86 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
150 151 152 |
# File 'api_gateway/token_authorizer.rb', line 150 def to_string() jsii_call_method("toString", []) end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
163 164 165 166 167 168 |
# File 'api_gateway/token_authorizer.rb', line 163 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |