Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(apigatewayv2): addRoutes doesn't allow authorizationType: 'AWS_IAM' #15123

Closed
jasonwadsworth opened this issue Jun 14, 2021 · 2 comments · Fixed by #17519
Closed

(apigatewayv2): addRoutes doesn't allow authorizationType: 'AWS_IAM' #15123

jasonwadsworth opened this issue Jun 14, 2021 · 2 comments · Fixed by #17519
Labels
@aws-cdk/aws-apigatewayv2 Related to Amazon API Gateway v2 effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@jasonwadsworth
Copy link

The L2 construct doesn't yet support IAM auth, so as a work around I had included the following code:

export class HttpIamAuthorizer implements IHttpRouteAuthorizer {
  public bind(_: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
    return {
      // @ts-ignore
      authorizationType: 'AWS_IAM',
    };
  }
}

This allowed me to do an addRoutes that looked something like this:

    httpApi.addRoutes({
      integration: new LambdaProxyIntegration({
        handler: api.alias
      }),
      authorizer: new HttpIamAuthorizer(),
      methods: [HttpMethod.GET],
      path: '/somepath'
    });

...which resulted in CloudFormation like this:

      "Type": "AWS::ApiGatewayV2::Route",
      "Properties": {
        "ApiId": {
          "Ref": "HttpApiF5A9A8A7"
        },
        "RouteKey": "POST /somepath",
        "AuthorizationType": "AWS_IAM",
        "Target": {
          "Fn::Join": [
            "",
            [
              "integrations/",
              {
                "Ref": "Integration"
              }
            ]
          ]
        }
      }

When updating my CDK to the latest this no longer works due to this line of code:

aws-cdk/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts

Line 164 in 7ea9e48

if (authBindResult && !(authBindResult.authorizationType in HttpRouteAuthorizationType)) {

Reproduction Steps

Create this class:

export class HttpIamAuthorizer implements IHttpRouteAuthorizer {
  public bind(_: HttpRouteAuthorizerBindOptions): HttpRouteAuthorizerConfig {
    return {
      // @ts-ignore
      authorizationType: 'AWS_IAM',
    };
  }
}

and addRoutes like this:

    httpApi.addRoutes({
      integration: new LambdaProxyIntegration({
        handler: api.alias
      }),
      authorizer: new HttpIamAuthorizer(),
      methods: [HttpMethod.GET],
      path: '/somepath'
    });

What did you expect to happen?

Given that AWS_IAM is valid for the L1 construct I would expect that the validation would allow it.

What actually happened?

An error is thrown, and the stack will not synth

Environment

  • CDK CLI Version : 1.108.1
  • Framework Version: 1.108.1
  • Node.js Version: 12
  • OS :
  • Language (Version):

This is 🐛 Bug Report
@jasonwadsworth jasonwadsworth added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 14, 2021
@peterwoodworth peterwoodworth changed the title HttpApi: addRoutes doesn't allow authorizationType: 'AWS_IAM' (apigatewayv2): addRoutes doesn't allow authorizationType: 'AWS_IAM' Jun 15, 2021
@github-actions github-actions bot added the @aws-cdk/aws-apigatewayv2 Related to Amazon API Gateway v2 label Jun 15, 2021
@nija-at
Copy link
Contributor

nija-at commented Jun 21, 2021

Marking this as a feature request.

@nija-at nija-at added feature-request A feature should be added or improved. p2 and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 21, 2021
@nija-at nija-at removed their assignment Jun 21, 2021
@nija-at nija-at added the effort/medium Medium work item – several days of effort label Jun 21, 2021
@misterjoshua misterjoshua mentioned this issue Nov 16, 2021
Merged
@mergify mergify bot closed this as completed in #17519 Dec 17, 2021
mergify bot pushed a commit that referenced this issue Dec 17, 2021
@misterjoshua
feat(apigatewayv2): http api - IAM authorizer support (#17519)
fd8e0e3 
Fixes #15123

See also: [@nija-at's comments on `grantInvoke`](#14853 (comment)), #10534

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@misterjoshua @TikiTDO
feat(apigatewayv2): http api - IAM authorizer support (aws#17519)
0e4c58e 
Fixes aws#15123

See also: [@nija-at's comments on `grantInvoke`](aws#14853 (comment)), aws#10534

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apigatewayv2 Related to Amazon API Gateway v2 effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(apigatewayv2): http api - IAM authorizer support misterjoshua/aws-cdk
2 participants
@jasonwadsworth @nija-at