serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard

Published 20 hours ago verified publisher icon aws

"Auth" property do not work with "AWS::Include" DefinitionBody

Open mburket opened this issue 6 years ago • 3 comments

Description:

We need to use some cloudformation functions in our swagger. So the "AWS::Include" transform is used in the DefnitionBody. I tried to move the authorizer declaration out of the swagger using the new "Auth" property. But I received an error of "Unable to add Auth configuration because 'DefinitionBody' does not contain a valid Swagger". Also, I notice the authorizer caching TTL is not an attribute in the "Auth" property?

** Template snippet:**

Type: AWS::Serverless::Api
    Properties:
      StageName: !Ref "Environment"
      EndpointConfiguration: REGIONAL
      Auth:
        Authorizers:
          RequestAuth:
            FunctionPayloadType: REQUEST
            FunctionArn: !FindInMap [EnvironmentDependentParams, !Ref "Environment", "AuthorizerArn"]
            FunctionInvokeRole: !FindInMap [EnvironmentDependentParams, !Ref "Environment", "AuthorizerCredentials"]
            Identity:
              Headers:
                - Authorization
              Context:
                - httpMethod
                - path
              ReauthorizeEvery: 0 # OPTIONAL; Service Default: 300
      DefinitionBody:
        'Fn::Transform':
          Name: 'AWS::Include'
          Parameters:
            Location: s3://accolade-api-swaggers-test-577121982548/users.yml

mburket avatar Nov 14 '18 18:11 mburket

This is a limitation in SAM's authorizer support. It only works with inline swagger definitions and AWS::Include is not supported. SAM's authorizer support needs access to the swagger definition, because it modifies it to add auth information. However, since the SAM transform is executed before the AWS::Include transform is executed, it cannot access the swagger document to modify it.

jlhood avatar Nov 21 '18 18:11 jlhood

Can this be re-opened so it can be added to the documentation? @jlhood (Specifically, https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api-auth-object)

I just wasted a couple hours which would have been saved if it were there 😄 no dig, just so others don't hit the same thing 👍

abbottdev avatar Apr 02 '19 21:04 abbottdev

@abbottdev Sure, reopening. Would you be willing to contribute the PR to update the docs? You can follow this guide to get setup or even make the change directly via the GitHub UI since it's just a documentation change.

jlhood avatar Apr 02 '19 22:04 jlhood

Closing in favor of https://github.com/aws/serverless-application-model/issues/2533.

hoffa avatar Nov 03 '22 23:11 hoffa