bug: error adding policy to apigateway.RestApi() #7773
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
When attaching a policy that contains a statement to an apigateway.RestApi() resource in CDK, localstack will throw a type error indicating that it expects the policy to be defined as a string rather than an object. This is incorrect as CDK expects a PolicyStatement object to be passed in.
The following example code applies cleanly to AWS:
// Test policy for debugging
const testPolicyStatement = new PolicyStatement({
sid: "AllowInvokeAPI",
actions: [
"*",
],
principals: [
new AnyPrincipal(),
],
resources: [
"*",
],
});
const testPolicyDocument = new PolicyDocument();
testPolicyDocument.addStatements(testPolicyStatement);
const api = new apigateway.RestApi(self, `test-rest-api`, {
restApiName: `test-dev`,
description: "Built by service template",
defaultCorsPreflightOptions: {
allowOrigins: apigateway.Cors.ALL_ORIGINS,
},
policy: testPolicyDocument,
});
However localstack shows the following error while in debug mode:
Invalid type for parameter policy, value: {'statement': [{'action': '*', 'effect': 'Allow', 'principal': {'aWS': '*'}, 'resource': '*', 'sid': 'AllowInvokeAPI'}], 'version': '2012-10-17'}, type: <class 'dict'>, valid types: <class 'str'> Traceback (most recent call last):
File "/opt/code/localstack/localstack/services/cloudformation/engine/template_deployer.py", line 1335, in _run
self.do_apply_changes_in_loop(changes, stack)
File "/opt/code/localstack/localstack/services/cloudformation/engine/template_deployer.py", line 1412, in do_apply_changes_in_loop
self.apply_change(change, stack=stack)
File "/opt/code/localstack/localstack/services/cloudformation/engine/template_deployer.py", line 1494, in apply_change
result = execute_resource_action(resource_id, self, ACTION_CREATE)
File "/opt/code/localstack/localstack/services/cloudformation/engine/template_deployer.py", line 738, in execute_resource_action
result = func["function"](resource_id, resources, resource_type, func, stack_name)
File "/opt/code/localstack/localstack/services/cloudformation/models/apigateway.py", line 164, in _create
result = client.create_rest_api(**kwargs)
File "/opt/code/localstack/.venv/lib/python3.10/site-packages/botocore/client.py", line 530, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/opt/code/localstack/.venv/lib/python3.10/site-packages/botocore/client.py", line 919, in _make_api_call
request_dict = self._convert_to_request_dict(
File "/opt/code/localstack/.venv/lib/python3.10/site-packages/botocore/client.py", line 990, in _convert_to_request_dict
request_dict = self._serializer.serialize_to_request(
File "/opt/code/localstack/.venv/lib/python3.10/site-packages/botocore/validate.py", line 381, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter policy, value: {'statement': [{'action': '*', 'effect': 'Allow', 'principal': {'aWS': '*'}, 'resource': '*', 'sid': 'AllowInvokeAPI'}], 'version': '2012-10-17'}, type: <class 'dict'>, valid types: <class 'str'>
As a side note, localstack will also throw an error if there is no sid defined in the policy statement. However Cloudformation/CDK treats this as an optional property.
Expected Behavior
Localstack should mimic the behavior of AWS and deploy the above rest api object, allowing policy statements to be defined as objects rather than strings.
How are you starting LocalStack?
With the localstack script
Steps To Reproduce
How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)
docker run localstack/localstack
Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
`cdklocal deploy` the above example
Environment
- OS: macOS 12.6.3
- LocalStack: 1.4.0
- cdklocal: 2.64.0 (build fb67c77)
- cdk: 2.64.0 (build fb67c77)Anything else?
No response