-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Breaking change introduced for Custom Authorizer Lambdas #7189
Breaking change introduced for Custom Authorizer Lambdas #7189
Comments
I'm guessing that some plugin relied on specific format of |
The The
That's where I thought the issue was coming from. Here is the error output from a deploy:
|
P.S Thanks for the quick reply 👍 |
@DrColza can you check what is the template as generated by framework without plugins involved. I believe framework produces a valid template and it's one of the plugins which you rely on that introduces breaking changes to it |
Given I comment out the plugins section in
When I run the same scenario in v1.59.3
|
@DrColza I'm not able to reproduce that. I've created very similar service as yours: And it deploys successfully with v1.60.5, also we can see that The only difference is that it's for If you're positive you get that without any plugins involved, can you update this test case, so i can reproduce issue on my side (?) |
Hi @medikoo I can replicate it with this (in Nodejs) 1.60.5
|
Thanks @DrColza, I see it now, it should be fixed with #7197. Can you confirm that this patch fixes the issue on your side (not only deployment, but that authorizer also works without issues)? You can install patched version by referencing it via |
Hi @medikoo I can confirm the deploy works as expected however the custom Authorizer is not working correctly anymore.
I'm troubleshooting to see what the source of the issue is, whether it's caused by serverless itself or a plugin. The issue is that a read-only policy (Only permits invoking GET endpoints) is being returned from the customAuthorizer function but access to Write endpoints (POST methods) is still being permitted. The code for the customAuthorizer function hasn't changed and is working in Production but when I deployed to Dev using |
Authorizes are supported by the framework on its own, it'll be good to confirm if it works just in its capacity.
What permissions error exactly? |
There are a couple of scenarios:
When I look in x-ray I can see that the customAuthorizer executes and correctly determines that the user is a read-only user.
It's almost like both the function and customAuthorizer are being hit in parallel. |
@DrColza sorry, but it's not clear for me from above description, whether you're still facing any issues (?) If you feel given fix is not sufficient can you explain why, and post an exact error you're receiving? |
The patch works for fixing the issue of being able to deploy. Approved. With regards to the customAuthorizer error I'm getting, I will raise another issue if i need to. I need to spend more time troubleshooting it. Thanks @medikoo |
Bug Report
Merged PR 38f6ac1 introduced breaking changes for lambda based custom authorizer.
Description
Given I am running serverless v1.60.5
When I run
sls deploy
Then the deploy fails because the "cloudformation-template-update-stack.json" file has an incorrect datatype in place for the FunctionName of the Authorizerr Function
Error:
An error occurred: CustomAuthorizerLambdaPermissionApiGateway - Value of property FunctionName must be of type String.
Source code that changed https://github.com/serverless/serverless/blob/38f6ac125e54d927871b4e5f5b387e0d4c28a6a7/lib/plugins/aws/package/compile/events/apiGateway/lib/permissions.js commit #38f6ac1
Resultant Cloudformation code showing that FunctionName isn't a String variable:
Updated serverless from v1.59.3 to v1.60.5
Deploys started to fail because the CustomAuthorizer function could not be deployed
It should have delpoyed, like it previously had done for the past 18 months.
serverless.yml
file?Pasting in the relevant data:
SLS_DEBUG=*
environment variable (e.g.SLS_DEBUG=* serverless deploy
)Serverless Error ---------------------------------------
An error occurred: CustomAuthorizerLambdaPermissionApiGateway - Value of property FunctionName must be of type String.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 11.13.0
Framework Version: 1.60.5
Plugin Version: 3.2.7
SDK Version: 2.2.1
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
Similar or dependent issues:
The change to the relevant code was introduced as a result of the PR raised from issue:
serverless/lib/plugins/aws/package/compile/events/apiGateway/lib/permissions.js
Lines 19 to 29 in 38f6ac1
The text was updated successfully, but these errors were encountered: