New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow multiple authorizers by specifying name and arn #3357
Conversation
Nice! Thanks for the addition! 👍 Could you please fix the linting error (line is too long) so that the build passes. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good from a code perspective. 👍
Just needs a quick linting fix (seems like the line is too long) and a test.
Just created #3413 which seems to be the problem. @kminkler Your fix should also respect the aliased arns and disambiguate them properly. Additionally all other ways to declare authorizers should lead to unambiguous names too. |
@@ -202,7 +202,7 @@ module.exports = { | |||
} else if (typeof authorizer === 'object') { | |||
if (authorizer.arn) { | |||
arn = authorizer.arn; | |||
name = this.provider.naming.extractAuthorizerNameFromArn(arn); | |||
name = typeof authorizer.name == 'string' ? authorizer.name : this.provider.naming.extractAuthorizerNameFromArn(arn); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either use '===' or _.isString(authorizer.name)
@@ -202,7 +202,7 @@ module.exports = { | |||
} else if (typeof authorizer === 'object') { | |||
if (authorizer.arn) { | |||
arn = authorizer.arn; | |||
name = this.provider.naming.extractAuthorizerNameFromArn(arn); | |||
name = typeof authorizer.name == 'string' ? authorizer.name : this.provider.naming.extractAuthorizerNameFromArn(arn); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should also be fixes in extractAuthorizerNameFromArn()
as the malicious name generation happens there in the first place.
I think only disambiguating manually is not the complete solution.
I was just about to put together a PR to fix this issue myself. Is there anything I can do to help get this through faster? |
Closing this issue for now since it took for a long time without any activity. |
What did you implement:
Ran into issue specifying multiple authorizers (by arn) because the authorizer names were similar (both ended in the same -suffix)
change Allow for multiple authorizers (with similar names) to be specified by arn by allowing to name each authorizer, e.g
How did you implement it:
Check to see if name is specified along with arn. if so, favor specified name over generated name.
How can we verify it:
Create two authorizer functions with similar suffixed names, e.g. auth1-dev and auth2-dev
create two functions authorized by each authorizer, eg.
The resulting template/api gateway will have only a single authorizer named 'dev' used by both functions, which is not the intended behavior.
Now adding 'name' to the authorizer naming each one uniquely will result in two authorizers being created and used by the functions, as intended:
Todos:
Is this ready for review?: YES
Is it a breaking change?: NO