Merge pull request #113 from horike37/apikeys

Apikeys

Author: horike37

README.md

@@ -192,6 +192,60 @@ You can input an value as json in request body, the value is passed as the input
 ```
 $ curl -XPOST https://xxxxxxxxx.execute-api.us-east-1.amazonaws.com/dev/posts/create -d '{"foo":"bar"}'
 ```
+
+#### Setting API keys for your Rest API
+You can specify a list of API keys to be used by your service Rest API by adding an apiKeys array property to the provider object in serverless.yml. You'll also need to explicitly specify which endpoints are private and require one of the api keys to be included in the request by adding a private boolean property to the http event object you want to set as private. API Keys are created globally, so if you want to deploy your service to different stages make sure your API key contains a stage variable as defined below. When using API keys, you can optionally define usage plan quota and throttle, using usagePlan object.
+
+Here's an example configuration for setting API keys for your service Rest API:
+
+```yml
+service: my-service
+provider:
+  name: aws
+  apiKeys:
+    - myFirstKey
+    - ${opt:stage}-myFirstKey
+    - ${env:MY_API_KEY} # you can hide it in a serverless variable
+  usagePlan:
+    quota:
+      limit: 5000
+      offset: 2
+      period: MONTH
+    throttle:
+      burstLimit: 200
+      rateLimit: 100
+functions:
+  hello:
+    handler: handler.hello
+
+    stepFunctions:
+      stateMachines:
+        statemachine1:
+          name: ${self:service}-${opt:stage}-statemachine1
+          events:
+            - http:
+                path: /hello
+                method: post
+                private: true
+          definition:
+            Comment: "A Hello World example of the Amazon States Language using an AWS Lambda Function"
+            StartAt: HelloWorld1
+            States:
+              HelloWorld1:
+                Type: Task
+                Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+                End: true
+
+
+    plugins:
+      - serverless-step-functions
+      - serverless-pseudo-parameters
+```
+
+Please note that those are the API keys names, not the actual values. Once you deploy your service, the value of those API keys will be auto generated by AWS and printed on the screen for you to use. The values can be concealed from the output with the --conceal deploy option.
+
+Clients connecting to this Rest API will then need to set any of these API keys values in the x-api-key header of their request. This is only necessary for functions where the private property is set to true.
+
 ### Schedule
 The following config will attach a schedule event and causes the stateMachine `crawl` to be called every 2 hours. The configuration allows you to attach multiple schedules to the same stateMachine. You can either use the `rate` or `cron` syntax. Take a look at the [AWS schedule syntax documentation](http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html) for more details.
 

lib/deploy/events/apiGateway/apiKeys.js

@@ -0,0 +1,41 @@
+'use strict';
+
+const _ = require('lodash');
+const BbPromise = require('bluebird');
+
+module.exports = {
+  compileApiKeys() {
+    if (this.serverless.service.provider.apiKeys) {
+      if (!Array.isArray(this.serverless.service.provider.apiKeys)) {
+        throw new this.serverless.classes.Error('apiKeys property must be an array');
+      }
+
+      _.forEach(this.serverless.service.provider.apiKeys, (apiKey, i) => {
+        const apiKeyNumber = i + 1;
+
+        if (typeof apiKey !== 'string') {
+          throw new this.serverless.classes.Error('API Keys must be strings');
+        }
+
+        const apiKeyLogicalId = this.provider.naming
+          .getApiKeyLogicalId(apiKeyNumber);
+
+        _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources, {
+          [apiKeyLogicalId]: {
+            Type: 'AWS::ApiGateway::ApiKey',
+            Properties: {
+              Enabled: true,
+              Name: apiKey,
+              StageKeys: [{
+                RestApiId: { Ref: this.apiGatewayRestApiLogicalId },
+                StageName: this.provider.getStage(),
+              }],
+            },
+            DependsOn: this.apiGatewayDeploymentLogicalId,
+          },
+        });
+      });
+    }
+    return BbPromise.resolve();
+  },
+};

lib/deploy/events/apiGateway/apiKeys.test.js

@@ -0,0 +1,88 @@
+'use strict';
+
+const expect = require('chai').expect;
+const Serverless = require('serverless/lib/Serverless');
+const AwsProvider = require('serverless/lib/plugins/aws/provider/awsProvider');
+const ServerlessStepFunctions = require('./../../../index');
+
+describe('#methods()', () => {
+  let serverless;
+  let serverlessStepFunctions;
+
+  beforeEach(() => {
+    serverless = new Serverless();
+    const options = {
+      stage: 'dev',
+      region: 'us-east-1',
+    };
+    serverless.setProvider('aws', new AwsProvider(serverless));
+    serverless.service.provider.apiKeys = ['1234567890'];
+    serverless.service.provider.compiledCloudFormationTemplate = {
+      Resources: {},
+    };
+    serverlessStepFunctions = new ServerlessStepFunctions(serverless, options);
+    serverlessStepFunctions.serverless.service.stepFunctions = {
+      stateMachines: {
+        first: {},
+      },
+    };
+    serverlessStepFunctions.apiGatewayRestApiLogicalId = 'ApiGatewayRestApi';
+    serverlessStepFunctions.apiGatewayDeploymentLogicalId = 'ApiGatewayDeploymentTest';
+  });
+
+  it('should compile api key resource', () =>
+    serverlessStepFunctions.compileApiKeys().then(() => {
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].Type
+      ).to.equal('AWS::ApiGateway::ApiKey');
+
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].Properties.Enabled
+      ).to.equal(true);
+
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].Properties.Name
+      ).to.equal('1234567890');
+
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].Properties.StageKeys[0].RestApiId.Ref
+      ).to.equal('ApiGatewayRestApi');
+
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].Properties.StageKeys[0].StageName
+      ).to.equal('dev');
+
+      expect(
+        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+          .Resources[
+            serverlessStepFunctions.provider.naming.getApiKeyLogicalId(1)
+          ].DependsOn
+      ).to.equal('ApiGatewayDeploymentTest');
+    })
+  );
+
+  it('throw error if apiKey property is not an array', () => {
+    serverlessStepFunctions.serverless.service.provider.apiKeys = 2;
+    expect(() => serverlessStepFunctions.compileApiKeys()).to.throw(Error);
+  });
+
+  it('throw error if an apiKey is not a string', () => {
+    serverlessStepFunctions.serverless.service.provider.apiKeys = [2];
+    expect(() => serverlessStepFunctions.compileApiKeys()).to.throw(Error);
+  });
+});

lib/deploy/events/apiGateway/usagePlan.js

@@ -0,0 +1,58 @@
+'use strict';
+
+const _ = require('lodash');
+const BbPromise = require('bluebird');
+
+module.exports = {
+  compileUsagePlan() {
+    if (this.serverless.service.provider.usagePlan || this.serverless.service.provider.apiKeys) {
+      this.apiGatewayUsagePlanLogicalId = this.provider.naming.getUsagePlanLogicalId();
+      _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources, {
+        [this.apiGatewayUsagePlanLogicalId]: {
+          Type: 'AWS::ApiGateway::UsagePlan',
+          DependsOn: this.apiGatewayDeploymentLogicalId,
+          Properties: {
+            ApiStages: [
+              {
+                ApiId: {
+                  Ref: this.apiGatewayRestApiLogicalId,
+                },
+                Stage: this.provider.getStage(),
+              },
+            ],
+            Description: `Usage plan for ${this.serverless.service.service} ${
+              this.provider.getStage()} stage`,
+            UsagePlanName: `${this.serverless.service.service}-${
+              this.provider.getStage()}`,
+          },
+        },
+      });
+      if (_.has(this.serverless.service.provider, 'usagePlan.quota')
+        && this.serverless.service.provider.usagePlan.quota !== null) {
+        _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources, {
+          [this.apiGatewayUsagePlanLogicalId]: {
+            Properties: {
+              Quota: _.merge(
+                { Limit: this.serverless.service.provider.usagePlan.quota.limit },
+                { Offset: this.serverless.service.provider.usagePlan.quota.offset },
+                { Period: this.serverless.service.provider.usagePlan.quota.period }),
+            },
+          },
+        });
+      }
+      if (_.has(this.serverless.service.provider, 'usagePlan.throttle')
+        && this.serverless.service.provider.usagePlan.throttle !== null) {
+        _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources, {
+          [this.apiGatewayUsagePlanLogicalId]: {
+            Properties: {
+              Throttle: _.merge(
+                { BurstLimit: this.serverless.service.provider.usagePlan.throttle.burstLimit },
+                { RateLimit: this.serverless.service.provider.usagePlan.throttle.rateLimit }),
+            },
+          },
+        });
+      }
+    }
+    return BbPromise.resolve();
+  },
+};