Openapi 4 AWS command line interface
- Github: https://github.com/coderazzi/openapi4aws
- Maven central: https://mvnrepository.com/artifact/net.coderazzi/openapi4aws
- License: MIT license
This is utility to enrich an openapi specification with information specific for the AWS API Gateway. It allows defining route integrations and authorizers to do automatic (re-)imports in API Gateway.
There is a maven plugin covering this functionality, as well as a standalone python version
Security / Authorizers
To specify an authorizer, use the following mandatory parameters:
- authorizer.name: name of the authorizer
- authorizer.identity-source: header containing the authorization, like: $request.header.Authorization
- authorizer.audience: comma separated list of audiences for this authorizer.
- authorizer.issuer
The following two parameters are currently optional:
- authorizer.authorization-type=oauth2: currently, it can be only defined as "oauth2".
- authorizer.type=jwt: currently, it can be only defined as "jwt".
Multiple authorizers can be defined using a comma separated list in authorizer.name, i.e.:
authorizer.name=authorizer1, authorizer2
It is possible then to specify a different parameter for each authorizer using the syntax:
- authorizer.audience.AUTHORIZER_NAME=audience
- authorizer.issuer.AUTHORIZER_NAME=issuer
Paths / Integrations
To define routes, the syntax is:
- path.PATH=full_uri[,authorizer_name,scopes]*
For example:
path.user.post=http://3.64.241.104:12121/user/post
This will define an endpoint for the route /user/post, using no authorizers. Alternatively, authorizer plus scopes can be specified:
path.user.post=http://3.64.241.104:12121user/post,authorizer1,user.email,user.id
In this case, it uses the authorizer with name "authorizer1", with scopes "user.email" and "user.id"
Paths / Integrations Using tags
A better option to define integrations is defining openapi tags associated for that path, and using then the following parameters:
- tag.TAG=uri[,authorizer_name,scopes]*
For example, if a route /user/post has an associated tag Frontend, and we define:
tag.Frontend=http://3.64.241.105:12121
This path will be extended to use the endpoint: http://3.64.241.105:12121/user/post
Defining input / output
Three parameters manage the input / output tasks:
- filename: allows to specify the input files to process, and it is possible to repeat this parameter multiple times. It is an error if the designed filename does not exist.
- glob: which supports specifying the input using filename patterns. It is not an error if this pattern matches no names in the file system.
- output-folder: optional, defines the output folder. If not specified, the input files will be overwritten.
Defining the configuration in a separate file
It is possible to specify any configuration parameters in a separate file, using the argument:
configuration=filename
This file should define the parameters in separate lines, using the same syntax. Empty lines and starting with the character **#** are discarded.
It is possible to specify multiple external configuration files.
An example of such a file would be just:
# a simple comment authorizer.name=DubaixCognito,Other authorizer.identity-source=$request.header.Authorization authorizer.audience=2f0m9fcoiejij4316u574aq259,7ac34sujrb8gmvj2b6blpi7ruu authorizer.issuer=https://cognito-idp.eu-west-2.amazonaws.com/eu-west-2_1T9bfKHNp tag.Frontend=http://3.64.241.104:12121/tmp/,DubaixCognito,user.email,user.id path.user.scope2=http://OTHER_PATH:12122/path,Other,user.email
Usage
To use the utility from the command line, build it or download from maven central. The version with built-in dependencies is available as (link depends on version used): https://repo1.maven.org/maven2/net/coderazzi/openapi4aws/1.1.1/openapi4aws-1.1.1-jar-with-dependencies.jar
java -jar openapi4aws-1.0.2-jar-with-dependencies.jar --configuration=conf.prop