We Keep Coding

RBAC Policy Action Rule definition for excluding the URLS from policy

I have below two policy in my Values.yaml file. By default in policy one(USER_POLICY) I am allowing all the end point so i have just defined my context root(/v2/trans/brokerage/external) and allowed all http method. but out of it i just want exclude the endpoint(/v2/trans/brokerage/external/conditions) which comes under my SUPPORT_POLICY. how to exclude the endpoints specified in one policy with another Policy.
rules:
action: ALLOW
policies:
USER_POLICY:
principals:
- header: { name: "roles", contains_match: "ADMIN_ACCOUNT" }
permissions:
- and_rules:
rules:
- header: { name: ":path", prefix_match: "/v2/trans/brokerage/external" }
- or_rules:
rules:
- header: { name: ":method", exact_match: "GET" }
- header: { name: ":method", exact_match: "POST" }
- header: { name: ":method", exact_match: "PATCH" }
- header: { name: ":method", exact_match: "DELETE" }
Some syntax to exclude : /v2/trans/brk/ext/conditions
SUPPORT_POLICY:
principals:
- header: { name: "roles", contains_match: "SUPPORT" }
permissions:
- and_rules:
rules:
- url_path: { path: { prefix: "/v2/trans/brk/ext/conditions" } }
- or_rules:
rules:
- header: { name: ":method", exact_match: "GET" }
- header: { name: ":method", exact_match: "POST" }

Pagination is not displayed

I'm using News System extension and TYPO3 v9.
After setup the routeEnhancers, the pagination is completely hidden from the categories pages.
i.e. when the URL is : example.com/cat/category-name the pagination is not displayed,
and when the URL is : example.com/page?tx_news_pi1%5BoverwriteDemand%5D%5Bcategories%5D=13 the pagination is displayed.
This my config.yaml :
rootPageId: 1
routes: { }
routeEnhancers:
NewsPlugin:
type: Extbase
extension: News
plugin: Pi1
routes:
- { routePath: '/page/{page}', _controller: 'News::list', _arguments: {'page': '#widget_0/currentPage'} }
- { routePath: '/{news_title}', _controller: 'News::detail', _arguments: {'news_title': 'news'} }
- { routePath: '/{category-name}', _controller: 'News::list', _arguments: {'category-name': 'overwriteDemand/categories'} }
defaultController: 'News::list'
defaults:
page: '0'
requirements:
page: '\d+'
news_title: '^[a-zA-Z0-9].*$'
aspects:
page:
type: StaticRangeMapper
start: '1'
end: '100'
category-name:
type: PersistedAliasMapper
tableName: sys_category
routeFieldName: slug
news_title:
type: PersistedPatternMapper
tableName: tx_news_domain_model_news
routeFieldPattern: '^(?P<path_segment>.+)'
routeFieldResult: '{path_segment}'

I solved it
Make sure that : hidePagination is set to 0 on your TS : lib.news.settings.hidePagination = 0
This is my config.yaml after edit :
routes: { }
routeEnhancers:
News:
type: Extbase
extension: News
plugin: Pi1
routes:
- routePath: '/'
_controller: 'News::list'
- routePath: '/page-{page}'
_controller: 'News::list'
_arguments:
page: '#widget_0/currentPage'
- routePath: '/{news-title}'
_controller: 'News::detail'
_arguments:
news-title: news
- routePath: '/{category-name}/{page}'
_controller: 'News::list'
_arguments:
category-name: 'overwriteDemand/categories'
page: '#widget_0/currentPage'
requirements:
category-name: '\d+'
page: '\d+'
defaultController: 'News::list'
defaults:
page: '0'
aspects:
news-title:
type: PersistedAliasMapper
tableName: tx_news_domain_model_news
routeFieldName: path_segment
page:
type: StaticRangeMapper
start: '1'
end: '100'
category-name:
type: PersistedAliasMapper
tableName: sys_category
routeFieldName: slug
May this helps

cloudformation - apigateway stages to multiple lambda alias and version

How can I deploy APIGateway stages for already lambda alias and version to specific stage, means I dont want to update lambda again, but I want to do mapping to the new stage or update the existing stage with specific lambda alias
i.e I have myFunction version 2,3 and alias dev, test and stage.
want to map stage of /dev to $LATEST, /test to alias test with version 2, /stage to alias with version 3.
How to achieve this.
I have tried with ${!stageVariables.lambdaAlias} on Method Integration but I get internal server with log says Invalid permission
apiGateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: "StacksampleapidevNewPOC"
Description: "SAMPLE New Template API"
apiGatewayResource:
Type: "AWS::ApiGateway::Resource"
Properties:
ParentId: !GetAtt
- apiGateway
- RootResourceId
PathPart: "MyFunction"
RestApiId: !Ref "apiGateway"
ApiAuthorizer:
Type: "AWS::ApiGateway::Authorizer"
Properties:
AuthorizerResultTtlInSeconds: 300
IdentitySource: method.request.header.Authorization
Name: CognitoDefaultUserPoolAuthorizer
ProviderARNs:
- arn:aws:cognito-idp:ap-south-1:accountid:userpool/poolid
RestApiId: !Ref apiGateway
Type: "COGNITO_USER_POOLS"
apiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: sampledev
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: dev
apiGatewayStage1:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: sampletest
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: test
apiGatewayStage2:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: samplestage
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_dev
UserMaster: UserMaster_dev
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_dev
lambdaAlias: stage
apiGatewayRootMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: "COGNITO_USER_POOLS"
AuthorizerId: !Ref ApiAuthorizer
HttpMethod: POST
Integration:
Type: "AWS_PROXY"
IntegrationHttpMethod: POST
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}:${!stageVariables.lambdaAlias}/invocations"
- lambdaArn: !GetAtt "MyFunction.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseTemplates:
application/json: ''
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
RequestTemplates:
application/json: $input.json('$')
RequestParameters:
method.request.querystring.name: false
ResourceId: !Ref "apiGatewayResource"
RestApiId: !Ref apiGateway
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayCORSOptionMethod:
Type: "AWS::ApiGateway::Method"
Properties:
ResourceId: !Ref apiGatewayResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: OPTIONS
Integration:
Type: MOCK
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
ResponseTemplates:
application/json: ''
StatusCode: '200'
PassthroughBehavior: WHEN_NO_MATCH
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn: apiGatewayRootMethod
# DependsOn: [
# apiGatewayRootMethod,
# GetRightMenuapiGatewayRootMethod,
# GetAreaapiGatewayRootMethod,
# ResetRedisCacheapiGatewayRootMethod,
# # GetChartsByUseCaseIDapiGatewayRootMethod,
# ShowUserClientMappingsapiGatewayRootMethod,
# GetChartKPIValuesapiGatewayRootMethod,
# GetChartUseCaseMappingsapiGatewayRootMethod]
Properties:
RestApiId: !Ref "apiGateway"
# StageName: !Ref "apiGatewayStageName"
MyFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: PwC.SAMPLE.Lambda::PwC.SAMPLE.Lambda.Functions.Common.MyFunction::Run
FunctionName: MyFunction_LambdaName
Runtime: dotnetcore2.1
Code:
S3Bucket: "s3-sample-api-dev"
S3Key: !Ref "CodeZip"
MemorySize: 512
Timeout: 30
Role:
Ref: Role
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroupIds
SubnetIds:
Ref: SubnetIds
MyFunctionVersion:
DeletionPolicy: Retain
Type: AWS::Lambda::Version
Properties:
FunctionName:
Ref: MyFunction
MyFunctionAliasDev:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: devversion
Name: dev
# MyFunctionAliasDev:
# Type: AWS::Lambda::Alias
# Properties:
# FunctionName:
# Ref: MyFunction
# FunctionVersion:
# Fn::GetAtt:
# - MyFunctionVersion
# - Version
# Name: dev
MyFunctionAliasTest:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: testversion
Name: test
MyFunctionAliasStage:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: stageversion
Name: stage
MyFunctionlambdaApiGatewayInvoke:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt "MyFunction.Arn"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"```

I have achieved this with following changes on cloudformation template by calling Lambda permission by each alias created.
Now I can see each lambda alias and version has permission to APIGateway call Lambda function
Here is the sample yaml code I used to fix this issue.
AWSTemplateFormatVersion: "2010-09-09"
Description: "My API Gateway and Lambda function"
Parameters:
apiGatewayStageName:
Type: "String"
AllowedPattern: "^[a-z0-9]+$"
Default: "samplesample"
Role:
Type: String
Default: arn:aws:iam::accountid:role/Fincockpit_AuroraServerless
Description: ''
SecurityGroupIds:
Default: "sgid"
Description: ""
Type: CommaDelimitedList
SubnetIds:
Default: "subnet"
Description: ""
Type: CommaDelimitedList
Policies:
Type: CommaDelimitedList
Default: AWSLambdaFullAccess,AmazonRDSFullAccess,AmazonEC2FullAccess,AmazonDynamoDBFullAccess,AmazonVPCFullAccess
Description: ''
CodeZip:
Type: String
Description: SAMPLE API Build Package
RedisCacheEndpoint:
Type: String
Default: 'redisendpoint'
Environment:
Type: String
Default: sample
S3Bucket:
Type: String
Default: s3-changeme-api-sample
# AliasName:
# Type: String
# Default: stagename
FunctionVersion:
Type: String
Default: commitid
Resources:
apiGateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: "StackchangemeapisampleNewPOC"
Description: "SAMPLE New Template API"
apiGatewayResource:
Type: "AWS::ApiGateway::Resource"
Properties:
ParentId: !GetAtt
- apiGateway
- RootResourceId
PathPart: "MyFunction"
RestApiId: !Ref "apiGateway"
ApiAuthorizer:
Type: "AWS::ApiGateway::Authorizer"
Properties:
AuthorizerResultTtlInSeconds: 300
IdentitySource: method.request.header.Authorization
Name: CognitoDefaultUserPoolAuthorizer
ProviderARNs:
- arn:aws:cognito-idp:ap-south-1:accountid:userpool/poolid
RestApiId: !Ref apiGateway
Type: "COGNITO_USER_POOLS"
apiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: changemesample
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_sample
UserMaster: UserMaster_sample
RedisCacheEndpoint: !Ref RedisCacheEndpoint
UserClientMapping: UserClientMapping_sample
lambdaAlias: sample
apiGatewayStage1:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: changemetest
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_test
UserMaster: UserMaster_ctest
RedisCacheEndpoint: "sample-redis-test.hreh1d.ng.0001.aps1.cache.amazonaws.com:6379"
UserClientMapping: UserClientMapping_test
lambdaAlias: test
apiGatewayStage2:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref "apiGateway"
StageName: samplestage
TracingEnabled: Yes
DeploymentId: !Ref "apiGatewayDeployment"
Variables:
ClientMaster: ClientMaster_stage
UserMaster: UserMaster_stage
RedisCacheEndpoint: "sample-redis-stage.hreh1d.ng.0001.aps1.cache.amazonaws.com:6379"
UserClientMapping: UserClientMapping_stage
lambdaAlias: stage
apiGatewayRootMethod:
DependsOn: [
MyFunctionlambdaApiGatewayInvokeDev,
MyFunctionlambdaApiGatewayInvokeTest,
MyFunctionlambdaApiGatewayInvokeStage]
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: "COGNITO_USER_POOLS"
AuthorizerId: !Ref ApiAuthorizer
HttpMethod: POST
Integration:
Type: "AWS_PROXY"
IntegrationHttpMethod: POST
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}:${!stageVariables.lambdaAlias}/invocations"
- lambdaArn: !GetAtt "MyFunction.Arn"
IntegrationResponses:
- StatusCode: 200
ResponseTemplates:
application/json: ''
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
RequestTemplates:
application/json: $input.json('$')
RequestParameters:
method.request.querystring.name: false
ResourceId: !Ref "apiGatewayResource"
RestApiId: !Ref apiGateway
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayCORSOptionMethod:
Type: "AWS::ApiGateway::Method"
Properties:
ResourceId: !Ref apiGatewayResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: OPTIONS
Integration:
Type: MOCK
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
ResponseTemplates:
application/json: ''
StatusCode: '200'
PassthroughBehavior: WHEN_NO_MATCH
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn: apiGatewayRootMethod
# DependsOn: [
# apiGatewayRootMethod,
# GetRightMenuapiGatewayRootMethod,
# GetAreaapiGatewayRootMethod,
# ResetRedisCacheapiGatewayRootMethod,
# # GetChartsByUseCaseIDapiGatewayRootMethod,
# ShowUserClientMappingsapiGatewayRootMethod,
# GetChartKPIValuesapiGatewayRootMethod,
# GetChartUseCaseMappingsapiGatewayRootMethod]
Properties:
RestApiId: !Ref "apiGateway"
# StageName: !Ref "apiGatewayStageName"
MyFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: PwC.SAMPLE.Lambda::PwC.SAMPLE.Lambda.Functions.Common.MyFunction::Run
FunctionName: MyFunction_LambdaName
Runtime: dotnetcore2.1
Code:
S3Bucket: "s3-sample-api-sample"
S3Key: !Ref "CodeZip"
MemorySize: 512
Timeout: 30
Role:
Ref: Role
VpcConfig:
SecurityGroupIds:
Ref: SecurityGroupIds
SubnetIds:
Ref: SubnetIds
MyFunctionVersion:
DeletionPolicy: Retain
Type: AWS::Lambda::Version
Properties:
FunctionName:
Ref: MyFunction
MyFunctionAliasDev:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion:
Fn::GetAtt:
- MyFunctionVersion
- Version
Name: dev
MyFunctionAliasTest:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: testversion
Name: test
MyFunctionAliasStage:
Type: AWS::Lambda::Alias
Properties:
FunctionName:
Ref: MyFunction
FunctionVersion: stageversion
Name: stage
MyFunctionlambdaApiGatewayInvokeDev:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasDev"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"
MyFunctionlambdaApiGatewayInvokeTest:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasTest"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"
MyFunctionlambdaApiGatewayInvokeStage:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !Ref "MyFunctionAliasStage"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/MyFunction"

Specify an array as a parameter with Swagger

How do I specify an array as a parameter? For instance, post to /persons can be given strings username, firstname, and lastname, and array myArray.
paths:
/persons:
post:
parameters:
- name: person_what_is_the_purpose_of_this
in: body
description: The person to create.
schema:
required:
- username
properties:
firstName:
type: string
lastName:
type: string
username:
type: string
myArray:
type: array
items:
properties:
myArrayElement:
type: string
responses:
200:
description: A list of Person
schema:
type: array
items:
required:
- username
properties:
firstName:
type: string
lastName:
type: string
username:
type: string

swagger: "2.0"
info:
version: "1.0.0"
title: Swagger Petstore
host: petstore.swagger.io
basePath: /v2
schemes:
- http
paths:
/pets/findByStatus:
get:
parameters:
- in: query
name: status
type: array
items:
type: string
responses:
"200":
description: successful operation
schema:
type: array
items:
type: object
required:
- name
- photoUrls
properties:
id:
type: integer
format: int64
category:
type: object
properties:
id:
type: integer
format: int64
name:
type: string
name:
type: string
example: doggie
photoUrls:
type: array
items:
type: string
tags:
type: array
items:
type: object
properties:
id:
type: integer
format: int64
name:
type: string
"400":
description: Invalid status value

You need to specify collectionFormat: multi
For your array it would look like this, be sure to put it on the same level as the type:
myArray:
type: array
collectionFormat: multi
Documentation about arrays

FOSUserBundle Login do nothing

I got Symfony2 2.7.3 running on my localhost and FOSUserBundle ~2.0#dev
When I submit the login form, the view resets, without lastUsername, errors or something like this. Just the form.
I saw the logs of symfony and php and it don't show some info about that.
This is my security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SWITCH_ROLES: ROLE_SWITCH_ROLES
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: security.csrf.token_manager
use_referer: true
logout:
path: /logout
success_handler: authentication_handler
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000
path: /
domain: "%domain%"
name: "REMEMEMBERME"
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
My config.yml configuration to fos_user:
# FOSUserBundle Configuration
fos_user:
db_driver: orm
firewall_name: main
user_class: AcmeBundle\UserBundle\Entity\User
service:
mailer: fos_user.mailer.twig_swift
registration:
confirmation:
enabled: true
template: UserBundle:Email:registration.email.html.twig
form:
type: fos_user_registration
name: fos_user_registration_form
validation_groups: [Registration, Default]
resetting:
email:
template: UserBundle:Email:resetting.email.html.twig
from_email:
address: %mailer_user%
sender_name: Lucas
profile:
form:
type: lucas_user_profile