in samtranslator/open_api/open_api.py [0:0]
def _set_method_authorizer(self, path, method_name, authorizer_name, authorizers, authorization_scopes=None): # type: ignore[no-untyped-def]
"""
Adds the authorizer_name to the security block for each method on this path.
This is used to configure the authorizer for individual functions.
:param string path: Path name
:param string method_name: Method name
:param string authorizer_name: Name of the authorizer to use. Must be a key in the
authorizers param.
:param list authorization_scopes: list of strings that are the auth scopes for this method
"""
if authorization_scopes is None:
authorization_scopes = []
for method_definition in self.iter_on_method_definitions_for_path_at_method(path, method_name):
security_dict = {} # type: ignore[var-annotated]
security_dict[authorizer_name] = []
# Neither the NONE nor the AWS_IAM built-in authorizers support authorization scopes.
if authorizer_name not in ["NONE", "AWS_IAM"]:
authorizer = authorizers.get(authorizer_name, Py27Dict())
if not isinstance(authorizer, dict):
raise InvalidDocumentException(
[InvalidTemplateException(f"Type of authorizer '{authorizer_name}' must be a dictionary")]
)
method_authorization_scopes = authorizer.get("AuthorizationScopes")
if authorization_scopes:
method_authorization_scopes = authorization_scopes
if authorizers[authorizer_name] and method_authorization_scopes:
security_dict[authorizer_name] = method_authorization_scopes
authorizer_security = [security_dict]
existing_security = method_definition.get("security", [])
if not isinstance(existing_security, list):
raise InvalidDocumentException(
[InvalidTemplateException(f"Type of security for path {path} method {method_name} must be a list")]
)
# This assumes there are no authorizers already configured in the existing security block
security = existing_security + authorizer_security
if security:
method_definition["security"] = security