Cannot pass the list value to apigateway update-method, getting Invalid type for parameter patchOperations[2].value

[arbabnazar]

I am trying to update the method authorizationScopes with the list value using the following command:

aws apigateway update-method --rest-api-id xxxxxxxxxx --resource-id yyyyy --http-method ANY \
--patch-operations "op=replace,path=/authorizationType,value=COGNITO_USER_POOLS" "op=replace,path=/authorizerId,value=zzzzz" \
"op=replace,path=/authorizationScopes,value=app-identifier/token,app-identifier/personProfile"

but got this error:

Parameter validation failed:
Invalid type for parameter patchOperations[2].value, 
value: [u'app-identifier/token', u'app-identifier/personProfile'],
 type: <type 'list'>, valid types: <type 'basestring'>

Also try this command with []:

aws apigateway update-method --rest-api-id xxxxxxxxxx --resource-id yyyyy --http-method ANY \
--patch-operations "op=replace,path=/authorizationType,value=COGNITO_USER_POOLS" "op=replace,path=/authorizerId,value=zzzzz" \
"op=replace,path=/authorizationScopes,value=[app-identifier/token,app-identifier/personProfile]"

but also getting the same error as above.

If I set it manually from the console and get it from this command:
aws apigateway get-method --rest-api-id xxxxxxx --resource-id yyyy --http-method ANY

give me this output, which is correct:

{
    "apiKeyRequired": false,
    "httpMethod": "ANY",
    "methodIntegration": {
        "passthroughBehavior": "WHEN_NO_MATCH",
        "timeoutInMillis": 29000,
        "requestParameters": {},
        "uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:111111:function:app:${stageVariables.ENV}/invocations",
        "httpMethod": "POST",
        "requestTemplates": {},
        "cacheNamespace": "xxxx",
        "type": "AWS_PROXY",
        "cacheKeyParameters": []
    },
    "authorizationScopes": [
        "app-identifier/token",
        "app-identifier/personProfile"
    ],
    "authorizationType": "COGNITO_USER_POOLS",
    "authorizerId": "yyyyy"
}

Is this a bug, awscli limitation or I am passing it in wrong way.

Reference: https://docs.aws.amazon.com/cli/latest/reference/apigateway/update-method.html

[arbabnazar]

With regards to /authorizationScope, can’t perform replace operations on them, as it is not supported. See the docs I attached in the bottom of my answer. The docs point to REST API but it is certain that the same conditions and limitations would apply in case of aws cli.
https://docs.aws.amazon.com/apigateway/api-reference/link-relation/method-update/

Please let me know if I am missing something

[debora-ito]

Hi @arbabnazar, could you try again your first command but escaping the comma in the last operation, like this:

aws apigateway update-method --rest-api-id xxxxxxxxxx --resource-id yyyyy 
--http-method ANY --patch-operations 
"op=replace,path=/authorizationType,value=COGNITO_USER_POOLS" 
"op=replace,path=/authorizerId,value=zzzzz" 
"op=replace,path=/authorizationScopes,value=app-identifier/token\,app-identifier/personProfile"

I found this in an comment of another issue.

[arbabnazar]

@debora-ito please check my above comment that authorizationScope is not supported op. Please let me know if I am referring the wrong place

[debora-ito]

@arbabnazar What's your concern regarding the authorizationScope supported operations ? Did you expect the service to return an error message? Or do you want to see the same rules in the CLI documentation?

[arbabnazar]

@debora-ito I want to see the documentation to mentioned that it is not supported using the cli