rspec/rules/S6333/python/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_apigateway/Resource.html[aws_cdk.aws_apigateway.Resource]:
[source,python]
----
from aws_cdk import (
    aws_apigateway as apigateway
)

resource = api.root.add_resource("example")
resource.add_method(
    "GET",
    authorization_type=apigateway.AuthorizationType.NONE  # Sensitive
)
----

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2.CfnRoute.html[aws_cdk.aws_apigatewayv2.CfnRoute]:

[source,python]
----
from aws_cdk import (
    aws_apigatewayv2 as apigateway
)

apigateway.CfnRoute(
    self,
    "no-auth",
    api_id=api.ref,
    route_key="GET /test",
    authorization_type="NONE"  # Sensitive
)
----

== Compliant Solution
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_apigateway/Resource.html[aws_cdk.aws_apigateway.Resource]:
[source,python]
----
from aws_cdk import (
    aws_apigateway as apigateway
)

opts = apigateway.MethodOptions(
    authorization_type=apigateway.AuthorizationType.IAM
)
resource = api.root.add_resource(
    "example",
    default_method_options=opts
)
resource.add_method(
    "POST",
    authorization_type=apigateway.AuthorizationType.IAM
)
resource.add_method(  # authorization_type is inherited from the Resource's configured default_method_options
    "POST"
)
----

For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigatewayv2.CfnRoute.html[aws_cdk.aws_apigatewayv2.CfnRoute]:

[source,python]
----
from aws_cdk import (
    aws_apigatewayv2 as apigateway
)

apigateway.CfnRoute(
    self,
    "auth",
    api_id=api.ref,
    route_key="GET /test",
    authorization_type="AWS_IAM"
)
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''

== Implementation Specification
(visible only on this page)

include::message.adoc[]

endif::env-github,rspecator-view[]