Skip to content

Apigw/enable vpce routing #12937

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 31, 2025
Merged

Apigw/enable vpce routing #12937

merged 4 commits into from
Jul 31, 2025

Conversation

cloutierMat
Copy link
Contributor

@cloutierMat cloutierMat commented Jul 31, 2025
edited
Loading

Motivation

depends on: #12927

This pr adds a route to apigw to allow invoking an ApiGateway API through it's vpc endpoint using the x-apigw-api-id headers, as describe in AWS docs.

At the moment we are not validating the vpc endpoint exists, so any "valid" VPC endpoint like url targeted at .vpce.execute-api will attempt to execute the api provided with the x-apigw-api-id. Note this is already the case for the other path style of VPC endpoint and as such falls outside the scope of the current PR.

Changes

  • expand testing to include targeting with host headers (already supported by default, but now tested)
  • expand testing to include targeting with host headers
  • register routes

@cloutierMat cloutierMat added this to the 4.8 milestone Jul 31, 2025
@cloutierMat cloutierMat added aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases labels Jul 31, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

Test Results - Preflight, Unit

21 980 tests  ±0   20 246 ✅ ±0   6m 21s ⏱️ +6s
     1 suites ±0    1 734 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 667a359. ± Comparison against base commit b4655c7.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

LocalStack Community integration with Pro

    2 files      2 suites   18m 16s ⏱️
1 159 tests 1 091 ✅ 68 💤 0 ❌
1 161 runs  1 091 ✅ 70 💤 0 ❌

Results for commit 667a359.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 12s ⏱️ -39s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 667a359. ± Comparison against base commit b4655c7.

♻️ This comment has been updated with latest results.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   35m 10s ⏱️
1 183 tests 1 116 ✅ 67 💤 0 ❌
1 189 runs  1 116 ✅ 73 💤 0 ❌

Results for commit 667a359.

♻️ This comment has been updated with latest results.

bentsku
bentsku approved these changes Jul 31, 2025
View reviewed changes
Copy link
Contributor

@bentsku bentsku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is still in draft, but I suppose it is only because it is a stacked PR 😄 so I'll already approve, this is a great PR, thanks for supporting this and having the patience to run the VPC Link tests 😄

tests/aws/services/apigateway/test_apigateway_integrations.validation.json
"last_validated_date": "2025-07-30T17:57:02+00:00",
"durations_in_seconds": {
"setup": 12.89,
"call": 1064.8,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

painful 😭

tests/aws/services/apigateway/test_apigateway_integrations.py Outdated
# AWS
# url: https://{public-dns-hostname}.execute-api.{region}.vpce.amazonaws.com/{stage}
# x-apigw-api-id: {rest-api-id}
# LocalStack Not a clue
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why "Not a clue"? 😄 same in the comment above

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oops! Placeholder not removed 😝

localstack-core/localstack/services/apigateway/next_gen/execute_api/router.py
@@ -144,6 +145,13 @@ def create_not_found_response(api_id: str) -> Response:
)
return not_found

def vpc_endpoint_handler(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good way forward, as the shape of the URL is very different and doesn't have some of the parameters we're always expecting in a route, like api_id. Thanks for implementing it this way 🚀 and minimal changes with upstream dependencies 👍

localstack-core/localstack/services/apigateway/next_gen/execute_api/router.py
@@ -214,6 +225,26 @@ def register_routes(self) -> None:
endpoint=self.handler,
strict_slashes=True,
),
self.router.add(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have so many routes 😅

tests/aws/services/apigateway/test_apigateway_integrations.py
Comment on lines +1030 to +1034
url = event["url"]
headers = event["headers"]

result = requests.post(url, headers=headers)
return {"content": result.content.decode("utf-8"), "code": result.status_code}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for making the test more modular! this is really nice

Base automatically changed from ec2/fix/vpc-endpoint-dns-entries to main July 31, 2025 17:53
@cloutierMat cloutierMat force-pushed the apigw/enable-vpce-routing branch from 46f0568 to 01c6d71 Compare July 31, 2025 17:55
@cloutierMat cloutierMat marked this pull request as ready for review July 31, 2025 17:59
@cloutierMat
Copy link
Contributor Author

cloutierMat commented Jul 31, 2025
edited
Loading

I suppose it is only because it is a stacked PR

💯 Thank you for the early review! 🚀

@cloutierMat cloutierMat merged commit 4648b23 into main Jul 31, 2025
41 checks passed
@cloutierMat cloutierMat deleted the apigw/enable-vpce-routing branch July 31, 2025 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bentsku bentsku bentsku approved these changes

Assignees
No one assigned
Labels
aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
4.8
Development

Successfully merging this pull request may close these issues.
2 participants
@cloutierMat @bentsku