Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default authorizer not attached to AWS::Serverless::Function when another function with the same path has authorizer set #2158

Closed
augustl opened this issue Sep 21, 2021 · 2 comments
Closed

Default authorizer not attached to AWS::Serverless::Function when another function with the same path has authorizer set #2158

augustl opened this issue Sep 21, 2021 · 2 comments
Labels
area/api-gateway type/bug

Comments

@augustl
Copy link

augustl commented Sep 21, 2021

Description:

When you have a AWS::Serverless::HttpApi with a default authorizers, with two authorizers available, and two AWS::Serverless::Function with the same path but different methods, and one of them has overridden the authorizer, the one that does not specify an authorizer does not get any authorizer attached to it.

In other words, if you have a function around with a default authorizer, it works fine. And when you add another function on the same path without changing the original, that does not use the default authorizer, the unchanged initial function gets its authorizer unexpectedly detached.

Steps to reproduce:

  • Create a AWS::Serverless::HttpApi with two authorizers
  • Set a DefaultAuthorizer
  • Create a AWS::Serverless::Function that responds to the HttpApi event type, method Get, path /foo, do not set the Authorizer
  • Creaate another AWS::Serverless::Function that responds to the HttpApi event type,, with method Put, path /foo, set the Authorizer to the non-default one
  MainHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        DefaultAuthorizer: OAuth2Authorizer
        Authorizers:
          OAuth2Authorizer:
            ....
          LambdaApiAuthorizer:
            ....

  MyFunctionA:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ...
      Events:
        MyFunctionAApi:
          Type: HttpApi
          Properties:
            ApiId: !Ref MainHttpApi
            Path: /foo
            Method: Get

  MyFunctionB:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ...
      Events:
        MyFunctionBApi:
          Type: HttpApi
          Properties:
            ApiId: !Ref MainHttpApi
            Auth:
              Authorizer: LambdaApiAuthorizer
            Path: /foo
            Method: Put

Observed result:

In the example, MyFunctionA will have no authorizer attached, and MyFuncitonB will have the LambdaApiAuthorizer attached.

If I explicitly set the authorizer on MyFunctionA, it is attached just fine.

Expected result:

MyFunctionA should have the default authorizer OAuth2Authorizer attached, MyFUnctionB should have the LambdaApiAuthorizer attached

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: Windows
  2. sam --version: SAM CLI, version 1.31.0
  3. AWS region: eu-west-1

Add --debug flag to command you are running
@CoshUS
Copy link
Contributor

CoshUS commented Sep 21, 2021

I was able to reproduce this issue. Transferring to SAM repo as this is caused by SAM transform.

@CoshUS CoshUS transferred this issue from aws/aws-sam-cli Sep 21, 2021
@aaythapa
Copy link
Contributor

aaythapa commented Nov 3, 2022

This bug was fixed with #2262

@aaythapa aaythapa closed this as completed Nov 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/api-gateway type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@augustl @CoshUS @aaythapa