Description
Expected Behaviour
the allow_route() and allow_all_routes() methods in APIGatewayAuthorizerResponse do not create a valid policy statement for a Websocket connection. These methods should work with websocket connections or some other Response class should be created for websocket responses.
Current Behaviour
Using this class to authorize a websocket connection with allow methods will always result in 403 Unauthorized
Code snippet
@event_source(data_class=APIGatewayAuthorizerRequestEvent)
def handler(event: APIGatewayAuthorizerRequestEvent, context: LambdaContext) -> dict:
response = APIGatewayAuthorizerResponse(
aws_account_id=event.parsed_arn.aws_account_id,
api_id=event.parsed_arn.api_id,
stage=event.parsed_arn.stage,
region=event.parsed_arn.region,
principal_id='ws-tut-user',
context={"principalId": "ws-tut-user"},
partition=event.parsed_arn.partition,
)
response.allow_all_routes()
return response.asdict()Results in resource ['arn:aws:execute-api:us-east-1:1234567891:111aaa222b/prod/*/*'] which doesn't match arn:aws:execute-api:us-east-1:1234567891:111aaa222b/prod/$connect and results in a 403 error.
Possible Solution
WORKAROUND
response._allow_routes.append({"resourceArn": event.method_arn})Steps to Reproduce
_
Powertools for AWS Lambda (Python) version
3.4.0
AWS Lambda function runtime
3.12
Packaging format used
PyPi
Debugging logs
Metadata
Metadata
Assignees
Type
Projects
Status
Shipped