Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(apigatewayv2-authorizers): WebSocketLambdaAuthorizer's default is invalid #18307

Closed
Tietew opened this issue Jan 7, 2022 · 2 comments · Fixed by #18315
Closed

(apigatewayv2-authorizers): WebSocketLambdaAuthorizer's default is invalid #18307

Tietew opened this issue Jan 7, 2022 · 2 comments · Fixed by #18315
Assignees
@otaviomacedo @kaizencc
Labels
@aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package bug This issue is a bug. effort/small Small work item – less than a day of effort p1

Comments

@Tietew
Copy link
Contributor

Tietew commented Jan 7, 2022
edited
Loading

What is the problem?

WebSocketLambdaAuthorizer's default identitySource is currently ['$request.header.Authorization'].
But this value is rejected by CloudFormation with following error message:

Invalid request identity source expression: $request.header.Authorization. The sources must be separated by comma, and each source must be either a request parameter, matching 'route.request.querystring|header.[a-zA-Z0-9._-]+', or a stage variable, matching 'stageVariables.[a-zA-Z0-9._-]+', or a context parameter, matching 'context.[a-zA-Z0-9._-]+'

identitySource shoud not have default value (mandatory prop) because constant does not match required criteria.

Reproduction Steps

const authorizerHandler = new lambda.Function(this, 'AuthorizerHandler', /* snip */);
const connectHandler = new lambda.Function(this, 'ConnectHandler', /* snip */);
const api = new WebSocketApi(this, 'WebSocketApi', {
  connectRouteOptions: {
    authorizer: new WebSocketLambdaAuthorizer('Authorizer', authorizerHandler),
    integration: new WebSocketLambdaIntegration('Connect', connectHandler)
  }
});

What did you expect to happen?

WebSocketApi is successfully created.

What actually happened?

Failed to deploy stack with an error described above.

CDK CLI Version

2.4.0

Framework Version

No response

Node.js Version

14.18.0

OS

Linux 5.10.60.1-microsoft-standard-WSL2

Language

Typescript

Language Version

No response

Other information

No response
@Tietew Tietew added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 7, 2022
@github-actions github-actions bot added the @aws-cdk/aws-lambda Related to AWS Lambda label Jan 7, 2022
@kaizencc kaizencc changed the title (apigatewayv2-alpha): WebSocketLambdaAuthorizer's default is invalid (apigatewayv2-authorizers): WebSocketLambdaAuthorizer's default is invalid Jan 7, 2022
@kaizencc kaizencc added @aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package and removed @aws-cdk/aws-lambda Related to AWS Lambda labels Jan 7, 2022
@kaizencc kaizencc added effort/small Small work item – less than a day of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Jan 7, 2022
@kaizencc
Copy link
Contributor

kaizencc commented Jan 7, 2022

Thanks for bringing this to our attention @Tietew! I have reproduced this bug and it looks like we need to update the default identitySource to route.request.header.Authorization.

@kaizencc kaizencc mentioned this issue Jan 7, 2022
Merged
@mergify mergify bot closed this as completed in #18315 Jan 7, 2022
mergify bot pushed a commit that referenced this issue Jan 7, 2022
@kaizencc
fix(apigatewayv2-authorizers): incorrect identitySource default for…
74eee1e 
… `WebSocketLambdaAuthorizer` (#18315)

We introduced `WebSocketLambdaAuthorizer` in #16886 with an incorrect default `identitySource`, according to these [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-identitysource). The result is that using the default `identitySource` results in a deploy-time failure.

This PR fixes the error and adds documentation for the syntax for all `identitySource` possibilities.

I can confirm that this default successfully passes `cdk deploy` on my local app.

Fixes #18307. 

BREAKING CHANGE: `WebSocketLambdaAuthorizerProps.identitySource` default changes from `['$request.header.Authorization']` to `['route.request.header.Authorization']`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Jan 7, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Feb 21, 2022
@kaizencc @TikiTDO
fix(apigatewayv2-authorizers): incorrect identitySource default for…
d7de614 
… `WebSocketLambdaAuthorizer` (aws#18315)

We introduced `WebSocketLambdaAuthorizer` in aws#16886 with an incorrect default `identitySource`, according to these [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-identitysource). The result is that using the default `identitySource` results in a deploy-time failure.

This PR fixes the error and adds documentation for the syntax for all `identitySource` possibilities.

I can confirm that this default successfully passes `cdk deploy` on my local app.

Fixes aws#18307. 

BREAKING CHANGE: `WebSocketLambdaAuthorizerProps.identitySource` default changes from `['$request.header.Authorization']` to `['route.request.header.Authorization']`.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@otaviomacedo otaviomacedo

@kaizencc kaizencc

Labels
@aws-cdk/aws-apigatewayv2-authorizers Related to aws-apigatewayv2-authorizers package bug This issue is a bug. effort/small Small work item – less than a day of effort p1
Projects
None yet
Milestone
No milestone
3 participants
@Tietew @otaviomacedo @kaizencc