Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom authorizer naming leads to clashes #3413

Closed
HyperBrain opened this issue Mar 28, 2017 · 3 comments
Closed

Custom authorizer naming leads to clashes #3413

HyperBrain opened this issue Mar 28, 2017 · 3 comments
Labels
bug help wanted

Comments

@HyperBrain
Copy link
Member

HyperBrain commented Mar 28, 2017
edited

Problem

When specifying a custom authorizer for an http endpoint in this way:

functions:
  testfct1:
    description: 'Echo function echoes alias'
    handler: handlers/testfct1/handler.handle
    events:
      - http:
          method: GET
          path: /func1
          authorizer:
            name: myAuth
            identitySource: method.request.header.Authorization
            resultTtlInSeconds: 0
            arn: arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth

the generated authorizer is named auth.
After some experimentation I analyzed that the name will be unconditionally the last part of the arn.

ARN Authorizer name
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth auth
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token token
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth:dev dev
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth:prod prod

This is not acceptable as all authorizer arns with the same ending (especially when using aliased functions) get the same name. This most likely breaks in any environment.

Expectation

ARN Authorizer name
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth access-token-auth
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token access-token
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth:dev access-token-auth (alt. access-token-auth-dev)
arn:aws:lambda:us-east-1:XXXXXXX:function:access-token-auth:prod access-token-auth (alt. access-token-auth-prod)

Hint

The error happens in validate.js: getAuthorizer(http, functionName) which rewrites the given authorizer definition from the service.
This was referenced Mar 28, 2017
Closed
Closed
@pmuens pmuens added the bug label Mar 29, 2017
@HyperBrain
Copy link
Member Author

Additionally any explicitly specified name (authorizer: name: xxx) is just ignored. The expectation here would be, that, regardless of the arn or function the authorizer would be named accordingly in API Gateway.

This was referenced Jan 12, 2018
Closed
Merged
@magul
Copy link

magul commented Sep 7, 2018

It occurs that was introduced in 1a02e15. Would love to help. but don't fully understand why this change was introduced?

@eahefnawy can You provide some context here?

@pmuens
Copy link
Contributor

pmuens commented Feb 8, 2019

Closing since this is a rather old issue. In the meantime we've published many different releases which should address this issue.

Feel free to re-open if this is still a problem.

@pmuens pmuens closed this as completed Feb 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@magul @pmuens @HyperBrain