fix(aws-apigatewayv2): incorrect arn function causing unwanted behavi…

…or in websocket iam auth

packages/@aws-cdk-testing/framework-integ/test/aws-apigatewayv2/test/websocket/integ.api-grant-invoke.ts

@@ -23,7 +23,7 @@ new iam.Role(stack, 'test-iam-role', {
           actions: ['execute-api:Invoke'],
           resources: [
             websocketApi.arnForExecuteApi(),
-            websocketApi.arnForExecuteApi('$connect', 'prod'),
+            websocketApi.arnForExecuteApi('connect', 'prod'),
           ],
         }),
       ],

packages/aws-cdk-lib/aws-apigatewayv2/lib/websocket/api.ts

@@ -197,6 +197,10 @@ export class WebSocketApi extends ApiBase implements IWebSocketApi {
    * If 'stage' is not specified, it also defaults to '*', representing all stages.
    */
   public arnForExecuteApi(route?: string, stage?: string): string {
+    if (route&&!route.startsWith('$')) {
+      route = `$${route}`;
+    };
+
     return Stack.of(this).formatArn({
       service: 'execute-api',
       resource: this.apiId,

packages/aws-cdk-lib/aws-apigatewayv2/test/websocket/api.test.ts

@@ -162,7 +162,7 @@ describe('WebSocketApi', () => {
         { Ref: 'AWS::AccountId' },
         ':',
         stack.resolve(api.apiId),
-        '/stage/route',
+        '/stage/$route',
       ]],
     });
   });