def generate_openapi()

in samtranslator/model/apigatewayv2.py [0:0]

• 52 lines of code
• 13 McCabe index (conditional complexity)

    def generate_openapi(self) -> Dict[str, Any]:
        """
        Generates OAS for the securitySchemes section
        """
        authorizer_type = self._get_auth_type()
        openapi: Dict[str, Any]

        if authorizer_type == "AWS_IAM":
            openapi = {
                "type": "apiKey",
                "name": "Authorization",
                "in": "header",
                "x-amazon-apigateway-authtype": "awsSigv4",
            }

        elif authorizer_type == "JWT":
            openapi = {
                "type": "oauth2",
                APIGATEWAY_AUTHORIZER_KEY: {
                    "jwtConfiguration": self.jwt_configuration,
                    "identitySource": self.id_source,
                    "type": "jwt",
                },
            }

        elif authorizer_type == "REQUEST":
            openapi = {
                "type": "apiKey",
                "name": "Unused",
                "in": "header",
                APIGATEWAY_AUTHORIZER_KEY: {"type": "request"},
            }

            # Generate the lambda arn
            partition = ArnGenerator.get_partition_name()
            resource = "lambda:path/2015-03-31/functions/${__FunctionArn__}/invocations"
            authorizer_uri = fnSub(
                ArnGenerator.generate_arn(
                    partition=partition, service="apigateway", resource=resource, include_account_id=False
                ),
                {"__FunctionArn__": self.function_arn},
            )
            openapi[APIGATEWAY_AUTHORIZER_KEY]["authorizerUri"] = authorizer_uri

            # Set authorizerCredentials if present
            function_invoke_role = self._get_function_invoke_role()
            if function_invoke_role:
                openapi[APIGATEWAY_AUTHORIZER_KEY]["authorizerCredentials"] = function_invoke_role

            # Set identitySource if present
            if self.identity:
                sam_expect(self.identity, self.api_logical_id, f"Auth.Authorizers.{self.name}.Identity").to_be_a_map()
                # Set authorizerResultTtlInSeconds if present
                reauthorize_every = self.identity.get("ReauthorizeEvery")
                if reauthorize_every is not None:
                    openapi[APIGATEWAY_AUTHORIZER_KEY]["authorizerResultTtlInSeconds"] = reauthorize_every

                # Set identitySource if present
                openapi[APIGATEWAY_AUTHORIZER_KEY]["identitySource"] = self._get_identity_source(self.identity)

            # Set authorizerPayloadFormatVersion. It's a required parameter
            openapi[APIGATEWAY_AUTHORIZER_KEY][
                "authorizerPayloadFormatVersion"
            ] = self.authorizer_payload_format_version

            # Set enableSimpleResponses if present
            if self.enable_simple_responses:
                openapi[APIGATEWAY_AUTHORIZER_KEY]["enableSimpleResponses"] = self.enable_simple_responses

        else:
            raise ValueError(f"Unexpected authorizer_type: {authorizer_type}")
        return openapi