diff --git a/CHANGELOG.rst b/CHANGELOG.rst index aa939ae2f..d0cfac918 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,8 @@ Next Release (TBD) (`#500 `__) * Add support for Builtin Authorizers in local mode (`#404 `__) +* Allow view to require API keys as well as authorization + (`#473 `__) 1.0.1 diff --git a/chalice/deploy/swagger.py b/chalice/deploy/swagger.py index ca1b26c11..321f587ee 100644 --- a/chalice/deploy/swagger.py +++ b/chalice/deploy/swagger.py @@ -124,9 +124,10 @@ def _generate_route_method(self, view): # to the security definitions. We have to someone indicate # this because this neeeds to be added to the global config # file. - current['security'] = [{'api_key': []}] + current.setdefault('security', []).append({'api_key': []}) if view.authorizer: - current['security'] = [{view.authorizer.name: []}] + current.setdefault('security', []).append( + {view.authorizer.name: []}) if view.view_args: self._add_view_args(current, view.view_args) return current diff --git a/tests/unit/deploy/test_swagger.py b/tests/unit/deploy/test_swagger.py index 13f9ffae8..c675a9f5b 100644 --- a/tests/unit/deploy/test_swagger.py +++ b/tests/unit/deploy/test_swagger.py @@ -312,6 +312,22 @@ def auth(): } +def test_can_use_api_key_and_authorizers(sample_app, swagger_gen): + authorizer = CustomAuthorizer( + 'MyAuth', authorizer_uri='auth-uri', header='Authorization') + + @sample_app.route('/auth', authorizer=authorizer, api_key_required=True) + def auth(): + return {'foo': 'bar'} + + doc = swagger_gen.generate_swagger(sample_app) + single_method = doc['paths']['/auth']['get'] + assert single_method.get('security') == [ + {'api_key': []}, + {'MyAuth': []}, + ] + + def test_can_use_iam_authorizer_object(sample_app, swagger_gen): authorizer = IAMAuthorizer()