allow multiple authorizers by specifying name and arn

[keith301]

What did you implement:

Ran into issue specifying multiple authorizers (by arn) because the authorizer names were similar (both ended in the same -suffix)

change Allow for multiple authorizers (with similar names) to be specified by arn by allowing to name each authorizer, e.g

authorizer:
   arn: arn:aws:...
   name: authorizer1

authorizer:
   arn: arn:aws:...
   name: authorizer2

How did you implement it:

Check to see if name is specified along with arn. if so, favor specified name over generated name.

How can we verify it:

Create two authorizer functions with similar suffixed names, e.g. auth1-dev and auth2-dev
create two functions authorized by each authorizer, eg.

functions:
  function1:
      handler: handler.function1
      events:
         - http:
             path: /one
             authorizer:
                 arn:  arn:...:auth1-dev
  function2:
      handler: handler.function1
      events:
         - http:
             path: /one
             authorizer:
                 arn:  arn:...:auth2-dev

The resulting template/api gateway will have only a single authorizer named 'dev' used by both functions, which is not the intended behavior.

Now adding 'name' to the authorizer naming each one uniquely will result in two authorizers being created and used by the functions, as intended:

functions:
  function1:
      handler: handler.function1
      events:
         - http:
             path: /one
             authorizer:
                 arn:  arn:...:auth1-dev
                 name: auth1
  function2:
      handler: handler.function1
      events:
         - http:
             path: /one
             authorizer:
                 arn:  arn:...:auth2-dev
                 name: auth2

Todos:

• Write tests
• Write documentation
• Fix linting errors
• Make sure code coverage hasn't dropped
• Provide verification config / commands / resources
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO

[pmuens]

Nice! Thanks for the addition! 👍

Could you please fix the linting error (line is too long) so that the build passes. Thanks!

[pmuens]

Looks good from a code perspective. 👍

Just needs a quick linting fix (seems like the line is too long) and a test.

[HyperBrain]

Just created #3413 which seems to be the problem.
I mentioned some examples that I experienced there.

@kminkler Your fix should also respect the aliased arns and disambiguate them properly. Additionally all other ways to declare authorizers should lead to unambiguous names too.

[HyperBrain]

Either use '===' or _.isString(authorizer.name)

[HyperBrain]

There should also be fixes in extractAuthorizerNameFromArn() as the malicious name generation happens there in the first place.
I think only disambiguating manually is not the complete solution.

[thomasmichaelwallace]

I was just about to put together a PR to fix this issue myself. Is there anything I can do to help get this through faster?

[horike37]

Closing this issue for now since it took for a long time without any activity.
Please ping us if you want to continue working on this!