Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement AWS_IAM Authorizers #802

Closed
brettstack opened this issue Feb 8, 2019 · 9 comments
Closed

Implement AWS_IAM Authorizers #802

brettstack opened this issue Feb 8, 2019 · 9 comments
Labels
contributors/good-first-issue Good first issue for a contributor priority/2-important type/feature

Comments

@brettstack
Copy link
Contributor

Based on the RFC #781, we need to implement the AWS_IAM Authorizers feature.

Requirements:

  1. Implement Transform
  2. Add tests
  3. Add example(s)

Some code areas to get started for any interested contributors:

  1. Add InvokeRole as a valid property of Auth https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/model/api/api_generator.py#L20
  2. Add an exception for AWS_IAM DefaultAuthorizer here https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/model/api/api_generator.py#L321
  3. Ensure this section is working and only a single sigv4 security definition gets added https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L343
  4. Add 'sigv4' to securityDefinitions if it's defined as DefaultAuthorizer or if it is specified on any of the Methods https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L289
  5. Update Integration with credentials https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/swagger/swagger.py#L101
@brettstack brettstack mentioned this issue Feb 8, 2019
Closed
@rhboyd
Copy link

rhboyd commented Feb 16, 2019
edited
Loading

Is the idea that it would look something like:

Auth:
  Authorizers:
    AWS_IAM: some:arn:aws:1

and the serverless macro would transform that into specifying AWS_IAM for the auth type and add the policy to the resource policy on the API?

@rhboyd
Copy link

rhboyd commented Feb 16, 2019
edited
Loading

or possibly

Auth:
  Authorizers:
    AWS_IAM: NOT_AN_ARN

And the macro would create an IAM Role named NOT_AN_ARN and substitute that Role ARN where applicable in the previous comment?

@brettstack
Copy link
Contributor Author

@rhboyd check out the RFC #781

@horike37
Copy link
Contributor

Hey @brettstack, I would like to start working on this since this feature is needed for my job.
No problem?

@brettstack
Copy link
Contributor Author

Absolutely! We look forward to a PR. ❤️

@horike37 horike37 mentioned this issue Feb 28, 2019
Merged
3 tasks
@horike37
Copy link
Contributor

Hey @brettstack, My PR #827 is just ready for review!
Please go ahead 👍 😄 Thanks!

@brettstack
Copy link
Contributor Author

Thanks @horike37! This has been merged to develop and we'll get it out to production asap.

@horike37
Copy link
Contributor

Great! Can't wait to release 😄

@keetonian
Copy link
Contributor

Released with SAM v1.11.0!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contributors/good-first-issue Good first issue for a contributor priority/2-important type/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@horike37 @brettstack @keetonian @rhboyd