update IT tests

Author: GarrettBeatty

Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/AuthorizerFunction_HttpApiAuthorizeV1_Generated.g.cs

@@ -0,0 +1,58 @@
+// <auto-generated/>
+
+using System;
+using System.Linq;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using System.IO;
+using Amazon.Lambda.Core;
+
+namespace TestCustomAuthorizerApp
+{
+    public class AuthorizerFunction_HttpApiAuthorizeV1_Generated
+    {
+        private readonly AuthorizerFunction authorizerFunction;
+        private readonly Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer serializer;
+
+        /// <summary>
+        /// Default constructor. This constructor is used by Lambda to construct the instance. When invoked in a Lambda environment
+        /// the AWS credentials will come from the IAM role associated with the function and the AWS region will be set to the
+        /// region the Lambda function is executed in.
+        /// </summary>
+        public AuthorizerFunction_HttpApiAuthorizeV1_Generated()
+        {
+            SetExecutionEnvironment();
+            authorizerFunction = new AuthorizerFunction();
+            serializer = new Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer();
+        }
+
+        /// <summary>
+        /// The generated Lambda function handler for <see cref="HttpApiAuthorizeV1(Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerRequest, Amazon.Lambda.Core.ILambdaContext)"/>
+        /// </summary>
+        /// <param name="__request__">The request object that will be processed by the Lambda function handler.</param>
+        /// <param name="__context__">The ILambdaContext that provides methods for logging and describing the Lambda environment.</param>
+        /// <returns>Result of the Lambda function execution</returns>
+        public Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerResponse HttpApiAuthorizeV1(Amazon.Lambda.APIGatewayEvents.APIGatewayCustomAuthorizerRequest __request__, Amazon.Lambda.Core.ILambdaContext __context__)
+        {
+            return authorizerFunction.HttpApiAuthorizeV1(__request__, __context__);
+        }
+
+        private static void SetExecutionEnvironment()
+        {
+            const string envName = "AWS_EXECUTION_ENV";
+
+            var envValue = new StringBuilder();
+
+            // If there is an existing execution environment variable add the annotations package as a suffix.
+            if(!string.IsNullOrEmpty(Environment.GetEnvironmentVariable(envName)))
+            {
+                envValue.Append($"{Environment.GetEnvironmentVariable(envName)}_");
+            }
+
+            envValue.Append("lib/amazon-lambda-annotations#{ANNOTATIONS_ASSEMBLY_VERSION}");
+
+            Environment.SetEnvironmentVariable(envName, envValue.ToString());
+        }
+    }
+}

Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/Snapshots/ServerlessTemplates/customAuthorizerApp.template

@@ -27,6 +27,23 @@
               },
               "EnableFunctionDefaultPermissions": true,
               "AuthorizerResultTtlInSeconds": 0
+            },
+            "HttpApiLambdaAuthorizerV1": {
+              "FunctionArn": {
+                "Fn::GetAtt": [
+                  "CustomAuthorizerV1",
+                  "Arn"
+                ]
+              },
+              "AuthorizerPayloadFormatVersion": "1.0",
+              "EnableSimpleResponses": false,
+              "Identity": {
+                "Headers": [
+                  "authorization"
+                ]
+              },
+              "EnableFunctionDefaultPermissions": true,
+              "AuthorizerResultTtlInSeconds": 0
             }
           }
         }
@@ -74,6 +91,23 @@
         "Handler": "TestProject::TestCustomAuthorizerApp.AuthorizerFunction_HttpApiAuthorize_Generated::HttpApiAuthorize"
       }
     },
+    "CustomAuthorizerV1": {
+      "Type": "AWS::Serverless::Function",
+      "Metadata": {
+        "Tool": "Amazon.Lambda.Annotations"
+      },
+      "Properties": {
+        "Runtime": "dotnet6",
+        "CodeUri": ".",
+        "MemorySize": 512,
+        "Timeout": 30,
+        "Policies": [
+          "AWSLambdaBasicExecutionRole"
+        ],
+        "PackageType": "Zip",
+        "Handler": "TestProject::TestCustomAuthorizerApp.AuthorizerFunction_HttpApiAuthorizeV1_Generated::HttpApiAuthorizeV1"
+      }
+    },
     "RestApiAuthorizer": {
       "Type": "AWS::Serverless::Function",
       "Metadata": {
@@ -187,7 +221,8 @@
         "SyncedEventProperties": {
           "RootGet": [
             "Path",
-            "Method"
+            "Method",
+            "ApiId.Ref"
           ]
         }
       },
@@ -206,7 +241,10 @@
             "Type": "HttpApi",
             "Properties": {
               "Path": "/api/health",
-              "Method": "GET"
+              "Method": "GET",
+              "ApiId": {
+                "Ref": "AnnotationsHttpApi"
+              }
             }
           }
         }
@@ -290,7 +328,7 @@
               "Method": "GET",
               "PayloadFormatVersion": "1.0",
               "Auth": {
-                "Authorizer": "HttpApiLambdaAuthorizer"
+                "Authorizer": "HttpApiLambdaAuthorizerV1"
               },
               "ApiId": {
                 "Ref": "AnnotationsHttpApi"

Libraries/test/Amazon.Lambda.Annotations.SourceGenerators.Tests/SourceGeneratorTests.cs

@@ -1654,6 +1654,7 @@ public async Task CustomAuthorizerAppAuthorizerDefinitionsTest()
         {
             var expectedTemplateContent = await ReadSnapshotContent(Path.Combine("Snapshots", "ServerlessTemplates", "customAuthorizerApp.template"));
             var expectedHttpApiAuthorizeGenerated = await ReadSnapshotContent(Path.Combine("Snapshots", "AuthorizerFunction_HttpApiAuthorize_Generated.g.cs"));
+            var expectedHttpApiAuthorizeV1Generated = await ReadSnapshotContent(Path.Combine("Snapshots", "AuthorizerFunction_HttpApiAuthorizeV1_Generated.g.cs"));
             var expectedRestApiAuthorizeGenerated = await ReadSnapshotContent(Path.Combine("Snapshots", "AuthorizerFunction_RestApiAuthorize_Generated.g.cs"));
             var expectedGetProtectedDataGenerated = await ReadSnapshotContent(Path.Combine("Snapshots", "ProtectedFunction_GetProtectedData_Generated.g.cs"));
             var expectedGetUserInfoGenerated = await ReadSnapshotContent(Path.Combine("Snapshots", "ProtectedFunction_GetUserInfo_Generated.g.cs"));
@@ -1676,6 +1677,7 @@ public async Task CustomAuthorizerAppAuthorizerDefinitionsTest()
                         (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "HttpApiAttribute.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "HttpApiAttribute.cs"))),
                         (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "RestApiAttribute.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "RestApiAttribute.cs"))),
                         (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "HttpApiAuthorizerAttribute.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "HttpApiAuthorizerAttribute.cs"))),
+                        (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "AuthorizerPayloadFormatVersion.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "AuthorizerPayloadFormatVersion.cs"))),
                         (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "RestApiAuthorizerAttribute.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "RestApiAuthorizerAttribute.cs"))),
                         (Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "FromCustomAuthorizerAttribute.cs"), File.ReadAllText(Path.Combine("Amazon.Lambda.Annotations", "APIGateway", "FromCustomAuthorizerAttribute.cs"))),
                     },
@@ -1686,6 +1688,11 @@ public async Task CustomAuthorizerAppAuthorizerDefinitionsTest()
                             "AuthorizerFunction_HttpApiAuthorize_Generated.g.cs",
                             SourceText.From(expectedHttpApiAuthorizeGenerated, Encoding.UTF8, SourceHashAlgorithm.Sha256)
                         ),
+                        (
+                            typeof(SourceGenerator.Generator),
+                            "AuthorizerFunction_HttpApiAuthorizeV1_Generated.g.cs",
+                            SourceText.From(expectedHttpApiAuthorizeV1Generated, Encoding.UTF8, SourceHashAlgorithm.Sha256)
+                        ),
                         (
                             typeof(SourceGenerator.Generator),
                             "AuthorizerFunction_RestApiAuthorize_Generated.g.cs",
@@ -1729,6 +1736,7 @@ public async Task CustomAuthorizerAppAuthorizerDefinitionsTest()
                     },
                     ExpectedDiagnostics =
                     {
+                        new DiagnosticResult("AWSLambda0103", DiagnosticSeverity.Info).WithArguments("AuthorizerFunction_HttpApiAuthorizeV1_Generated.g.cs", expectedHttpApiAuthorizeV1Generated),
                         new DiagnosticResult("AWSLambda0103", DiagnosticSeverity.Info).WithArguments("AuthorizerFunction_HttpApiAuthorize_Generated.g.cs", expectedHttpApiAuthorizeGenerated),
                         new DiagnosticResult("AWSLambda0103", DiagnosticSeverity.Info).WithArguments("AuthorizerFunction_RestApiAuthorize_Generated.g.cs", expectedRestApiAuthorizeGenerated),
                         new DiagnosticResult("AWSLambda0103", DiagnosticSeverity.Info).WithArguments("ProtectedFunction_GetProtectedData_Generated.g.cs", expectedGetProtectedDataGenerated),

Libraries/test/TestCustomAuthorizerApp.IntegrationTests/HealthCheckTests.cs

@@ -20,7 +20,7 @@ public HealthCheckTests(IntegrationTestContextFixture fixture)
     public async Task HealthCheck_ReturnsOk_WithoutAuthorization()
     {
         // Arrange & Act
-        var response = await _fixture.HttpClient.GetAsync($"{_fixture.ImplicitHttpApiUrl}/api/health");
+        var response = await _fixture.HttpClient.GetAsync($"{_fixture.HttpApiUrl}/api/health");
 
         // Assert
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);

Libraries/test/TestCustomAuthorizerApp.IntegrationTests/IntegrationTestContextFixture.cs

@@ -23,16 +23,10 @@ public class IntegrationTestContextFixture : IAsyncLifetime
     public readonly HttpClient HttpClient;
 
     /// <summary>
-    /// HTTP API base URL for endpoints explicitly attached to AnnotationsHttpApi (no trailing slash)
+    /// HTTP API base URL for endpoints attached to AnnotationsHttpApi (no trailing slash)
     /// </summary>
     public string HttpApiUrl = string.Empty;
 
-    /// <summary>
-    /// HTTP API base URL for endpoints using the implicit SAM-generated ServerlessHttpApi (no trailing slash).
-    /// Functions without an explicit ApiId (e.g. HealthCheck) are placed on this API.
-    /// </summary>
-    public string ImplicitHttpApiUrl = string.Empty;
-
     /// <summary>
     /// REST API base URL (no trailing slash)
     /// </summary>
@@ -76,24 +70,21 @@ public async Task InitializeAsync()
         var region = "us-west-2";
         Console.WriteLine($"[IntegrationTest] Querying stack resources for '{_stackName}'...");
         var httpApiId = await _cloudFormationHelper.GetResourcePhysicalIdAsync(_stackName, "AnnotationsHttpApi");
-        var implicitHttpApiId = await _cloudFormationHelper.GetResourcePhysicalIdAsync(_stackName, "ServerlessHttpApi");
         var restApiId = await _cloudFormationHelper.GetResourcePhysicalIdAsync(_stackName, "AnnotationsRestApi");
-        Console.WriteLine($"[IntegrationTest] AnnotationsHttpApi: {httpApiId}, ServerlessHttpApi: {implicitHttpApiId}, AnnotationsRestApi: {restApiId}");
+        Console.WriteLine($"[IntegrationTest] AnnotationsHttpApi: {httpApiId}, AnnotationsRestApi: {restApiId}");
         Assert.False(string.IsNullOrEmpty(httpApiId), $"CloudFormation resource 'AnnotationsHttpApi' was not found in stack '{_stackName}'.");
-        Assert.False(string.IsNullOrEmpty(implicitHttpApiId), $"CloudFormation resource 'ServerlessHttpApi' was not found in stack '{_stackName}'.");
         Assert.False(string.IsNullOrEmpty(restApiId), $"CloudFormation resource 'AnnotationsRestApi' was not found in stack '{_stackName}'.");
         HttpApiUrl = $"https://{httpApiId}.execute-api.{region}.amazonaws.com";
-        ImplicitHttpApiUrl = $"https://{implicitHttpApiId}.execute-api.{region}.amazonaws.com";
         RestApiUrl = $"https://{restApiId}.execute-api.{region}.amazonaws.com/Prod";
 
         LambdaFunctions = await LambdaHelper.FilterByCloudFormationStackAsync(_stackName);
         Console.WriteLine($"[IntegrationTest] Found {LambdaFunctions.Count} Lambda functions: {string.Join(", ", LambdaFunctions.Select(f => f.Name ?? "(null)"))}");
 
         Assert.True(await _s3Helper.BucketExistsAsync(_bucketName), $"S3 bucket {_bucketName} should exist");
 
-        // There are 9 Lambda functions in TestCustomAuthorizerApp:
-        // CustomAuthorizer, RestApiAuthorizer, ProtectedEndpoint, GetUserInfo, HealthCheck, RestUserInfo, HttpApiV1UserInfo, IHttpResultUserInfo, NonStringUserInfo
-        Assert.Equal(9, LambdaFunctions.Count);
+        // There are 10 Lambda functions in TestCustomAuthorizerApp:
+        // CustomAuthorizer, CustomAuthorizerV1, RestApiAuthorizer, ProtectedEndpoint, GetUserInfo, HealthCheck, RestUserInfo, HttpApiV1UserInfo, IHttpResultUserInfo, NonStringUserInfo
+        Assert.Equal(10, LambdaFunctions.Count);
 
         await LambdaHelper.WaitTillNotPending(LambdaFunctions.Where(x => x.Name != null).Select(x => x.Name!).ToList());
 

Libraries/test/TestCustomAuthorizerApp/AuthorizerFunction.cs

@@ -116,6 +116,89 @@ public APIGatewayCustomAuthorizerV2SimpleResponse HttpApiAuthorize(
         };
     }
 
+    /// <summary>
+    /// HTTP API Lambda Authorizer (Payload format 1.0)
+    /// Used by HTTP API V1 endpoints that need payload format 1.0
+    /// </summary>
+    [LambdaFunction(ResourceName = "CustomAuthorizerV1")]
+    [HttpApiAuthorizer(
+        Name = "HttpApiLambdaAuthorizerV1",
+        IdentityHeader = "authorization",
+        EnableSimpleResponses = false,
+        AuthorizerPayloadFormatVersion = AuthorizerPayloadFormatVersion.V1)]
+    public APIGatewayCustomAuthorizerResponse HttpApiAuthorizeV1(
+        APIGatewayCustomAuthorizerRequest request,
+        ILambdaContext context)
+    {
+        context.Logger.LogLine($"V1 Authorizer invoked");
+        context.Logger.LogLine($"Authorization token: {request.AuthorizationToken}");
+
+        var authToken = request.AuthorizationToken ?? "";
+
+        // Deny if not a valid or partial-context token
+        if (!ValidTokens.Contains(authToken) && !PartialContextTokens.Contains(authToken))
+        {
+            context.Logger.LogLine("V1 Authorizer: Denying request");
+            return GenerateDenyPolicy("anonymous", request.MethodArn);
+        }
+
+        // Check for partial-context tokens - authorize but return incomplete context
+        if (PartialContextTokens.Contains(authToken))
+        {
+            context.Logger.LogLine("V1 Authorizer: Authorizing with partial context (missing expected keys)");
+
+            return new APIGatewayCustomAuthorizerResponse
+            {
+                PrincipalID = "partial-user",
+                PolicyDocument = new APIGatewayCustomAuthorizerPolicy
+                {
+                    Version = "2012-10-17",
+                    Statement = new List<APIGatewayCustomAuthorizerPolicy.IAMPolicyStatement>
+                    {
+                        new APIGatewayCustomAuthorizerPolicy.IAMPolicyStatement
+                        {
+                            Action = new HashSet<string> { "execute-api:Invoke" },
+                            Effect = "Allow",
+                            Resource = new HashSet<string> { request.MethodArn }
+                        }
+                    }
+                },
+                Context = new APIGatewayCustomAuthorizerContextOutput
+                {
+                    // Intentionally return only unexpected keys, omitting userId, tenantId, email
+                    ["unexpectedKey"] = "some-value"
+                }
+            };
+        }
+
+        context.Logger.LogLine("V1 Authorizer: Authorizing request with valid token");
+
+        return new APIGatewayCustomAuthorizerResponse
+        {
+            PrincipalID = "user-12345",
+            PolicyDocument = new APIGatewayCustomAuthorizerPolicy
+            {
+                Version = "2012-10-17",
+                Statement = new List<APIGatewayCustomAuthorizerPolicy.IAMPolicyStatement>
+                {
+                    new APIGatewayCustomAuthorizerPolicy.IAMPolicyStatement
+                    {
+                        Action = new HashSet<string> { "execute-api:Invoke" },
+                        Effect = "Allow",
+                        Resource = new HashSet<string> { request.MethodArn }
+                    }
+                }
+            },
+            Context = new APIGatewayCustomAuthorizerContextOutput
+            {
+                ["userId"] = "user-12345",
+                ["tenantId"] = "42",
+                ["userRole"] = "admin",
+                ["email"] = "test@example.com"
+            }
+        };
+    }
+
     /// <summary>
     /// REST API Lambda Authorizer (Token-based authorizer)
     /// Returns an IAM policy document along with custom context values

Libraries/test/TestCustomAuthorizerApp/ProtectedFunction.cs

@@ -149,7 +149,7 @@ public object GetRestUserInfo(
     /// where RequestContext.Authorizer is a dictionary, not RequestContext.Authorizer.Lambda.
     /// </summary>
     [LambdaFunction(ResourceName = "HttpApiV1UserInfo")]
-    [HttpApi(LambdaHttpMethod.Get, "/api/http-v1-user-info", Version = HttpApiVersion.V1, Authorizer = "HttpApiLambdaAuthorizer")]
+    [HttpApi(LambdaHttpMethod.Get, "/api/http-v1-user-info", Version = HttpApiVersion.V1, Authorizer = "HttpApiLambdaAuthorizerV1")]
     public object GetHttpApiV1UserInfo(
         [FromCustomAuthorizer(Name = "userId")] string userId,
         [FromCustomAuthorizer(Name = "email")] string email,

Libraries/test/TestCustomAuthorizerApp/aws-lambda-tools-defaults.json

@@ -8,8 +8,8 @@
   "configuration": "Release",
   "template": "serverless.template",
   "template-parameters": "",
-  "s3-bucket": "test-custom-authorizer-app",
+"s3-bucket" : "test-custom-authorizer-112e1ec1",
   "s3-prefix": "TestCustomAuthorizerApp/",
-  "stack-name": "test-custom-authorizer",
-  "function-architecture": "x86_64"
-}
+"stack-name" : "test-custom-authorizer-112e1ec1",
+"function-architecture" : "x86_64"
+}