Enable API Gateway authorizers #133
Conversation
|
This PR is based on #131 |
|
@horike37 Hello Takahiro, is there a reason why not to use a serverless internal libraries instead of copying files from serverless source? |
|
Hey @vlewin !
Good point 👍 That being said, I have decided to get copying way for keeping it safe. |
|
@horike37 Thank you for quick response. Maybe we can pin tested and supported version of serverless in package.json and update it once a new version is released. So we can test your plugin and if all green release it. As you can see from my PR serverless is under active development and this results in a lot of changes per minor version. I already tested your plugin with the libraries from lastest serverless version and did't detected any issues. |
There was a problem hiding this comment.
Hi @vlewin, thank you for the effort and implementing awesome features 👍 💯
Looks great and can't wait the next release!!
I just reviewed this PR, it seems that this PR include the following features not just authorizer.
- maxAge for cors
- endpointType configuration
- share API
- resourcePolicy configuration
You might want to separate PR for each feature, otherwise, I can't review and test properly with narrow ing it down. The main point of this PR should authorizer feature.
Also, Please add the explanation of those to README so that Let users knows those awesome features!
Thanks in advance!
CHANGELOG.md
Outdated
| @@ -1,6 +1,10 @@ | |||
| # 1.5.1(10.07.2018) | |||
There was a problem hiding this comment.
Could you delete it once?
This should be added while releasing a new version.
lib/deploy/events/apiGateway/cors.js
Outdated
| @@ -24,6 +25,16 @@ module.exports = { | |||
| 'Access-Control-Allow-Credentials': `'${config.allowCredentials}'`, | |||
| }; | |||
|
|
|||
| // Enable CORS Max Age usage if set | |||
| if (_.has(config, 'maxAge')) { | |||
There was a problem hiding this comment.
maxAge feature is great!
However, does this need for authorizer?
If not, would be great if you can separate maxAge PR from this one.
| @@ -6,65 +6,247 @@ const _ = require('lodash'); | |||
| module.exports = { | |||
There was a problem hiding this comment.
Are those changes of this file for share API feature?
If so, could you remove those from this PR?
| @@ -70,15 +70,15 @@ describe('#compileResources()', () => { | |||
| }, | |||
There was a problem hiding this comment.
Same here. maybe those are for share API.
| let endpointType = 'EDGE'; | ||
|
|
||
| if (this.serverless.service.provider.endpointType) { | ||
| const validEndpointTypes = ['REGIONAL', 'EDGE', 'PRIVATE']; |
There was a problem hiding this comment.
Selecting endpointType is great!
However, those are not for authorizer feature.
Could you separate PR for each feature?
| }, | ||
| }, | ||
| }); | ||
|
|
||
| if (!_.isEmpty(this.serverless.service.provider.resourcePolicy)) { |
There was a problem hiding this comment.
Same here. this is resourcePolicy feature.
package.json
Outdated
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "serverless-step-functions", | |||
| "version": "1.5.0", | |||
| "version": "1.6.0", | |||
There was a problem hiding this comment.
Could you turn back to 1.5.0?
This should be updated while releasing a new version.
|
Hi @horike37 thank you for review! You are right this PR includes changes from #131. Please review #131 Shared API Gateway pull request first. Once this #131 is merged to master we will see only the changes for authorizers. If you want to add authorizers support first I can open a separate pull request but our team need both changes in the next version. Otherwise we have to use my fork what I want to avoid. I'm sorry for the confusion. |
vlewin
force-pushed
the
add_authorizer_support
branch
from
7235233 to
358e205
Compare
|
@horike37 JFYI: branch is rebased, now we should see authorizer related changes only |
|
Should we start using serverless internal libraries? If yes we have to rename/reassign a property: |
package.json
Outdated
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "serverless-step-functions", | |||
| "version": "1.5.1", | |||
| "version": "1.5.0", | |||
|
Hi @vlewin, thank you for fixing! Here is my serverless.yml file. service: step-func
provider:
name: aws
runtime: nodejs6.10
functions:
hello:
handler: handler.hello
authorizerFunc:
handler: authorizer.js
stepFunctions:
stateMachines:
step-func:
events:
- http:
path: gofunction
method: GET
authorizer: authorizerFunc
name: my-${opt:stage}-statemachine
definition:
StartAt: Ingest
States:
Ingest:
Type: Task
Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
End: true
plugins:
- serverless-pseudo-parameters
- serverless-step-functions
Any ideas why? |
|
@horike37 Thank you very much for testing. I extended authorizer support, previously it was only possible with Shared authorizers now it should work with any authorizer type e.g. AWS_AIM, Congnito or custom. Here is my serverless.yml: service: sfn-api-gateway-playground
provider:
name: aws
runtime: nodejs8.10
region: eu-central-1
apiGateway: # Optional API Gateway global config
restApiId: n42gvt3whk # REST API resource ID. Default is generated by the framework
restApiRootResourceId: 9f8qmgn5d6 # Root resource ID, represent as / path
restApiResources: # List of existing resources that were created in the REST API. This is required or the stack will be conflicted
'/playground': skvi34
functions:
customAuthorizer:
handler: authorizer.handler
stepFunctions:
stateMachines:
SfnApiGateway:
events:
- http:
path: /playground/step
method: GET
authorizer: customAuthorizer
# authorizer:
# type: CUSTOM
# authorizerId: 43mrom
cors:
origin: '*'
maxAge: 86400
definition:
Comment: "A sample application"
StartAt: Start
States:
Start:
Type: Pass
End: true
plugins:
- serverless-step-functions
- serverless-pseudo-parameters |
|
@vlewin |
|
@horike37 Awesome! Thank you very much for review! |
…er_support Enable API Gateway authorizers
https://serverless.com/framework/docs/providers/aws/events/apigateway/#http-endpoints-with-aws-iam-authorizers