8000 APIGW: fix importing API with Cognito Authorizer by bentsku · Pull Request #11783 · localstack/localstack · GitHub
[go: up one dir, main page]
Skip to content

APIGW: fix importing API with Cognito Authorizer #11783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 5, 2024
Merged

APIGW: fix importing API with Cognito Authorizer #11783

merged 1 commit into from
Nov 5, 2024

Conversation

bentsku
Copy link
Contributor
@bentsku bentsku commented Nov 5, 2024
edited
Loading

Motivation

We got a report that import an API with the following configuration would fail with a cryptic error:

localstack-test  | 2024-11-04T16:17:31.927  WARN --- [et.reactor-0] l.s.a.n.e.h.gateway_except : Non Gateway Exception raised: 'NoneType' object has no attribute 'startswith'

When the OpenAPI spec had the following:

components:
  securitySchemes:
    EndpointAuthorizer:
      type: apiKey
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: cognito_user_pools
      x-amazon-apigateway-authorizer:
        type: cognito_user_pools
        providerARNs:
          - arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${CognitoUserPool}

This was because we did not populate the identitySource of the Authorizer when the authorizer type was cognito_user_pools.

As a note: we greatly improve the CRUD validation of the provider, but the ImportApi logic is not very well validated, and will probably lead to issue down the invocation road. We should dedicate some time to properly rework the import logic.

Changes

  • fix the logic to properly get the identitySource if the auth type is cognito_user_pools
  • add a test to verify that the CRUD layer works properly

@bentsku bentsku added aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases labels Nov 5, 2024
@bentsku bentsku self-assigned this Nov 5, 2024
@bentsku bentsku requested a review from cloutierMat as a code owner November 5, 2024 11:46
@bentsku bentsku added this to the 4.0 milestone Nov 5, 2024
@github-actions GitHub Actions
Copy link
github-actions bot commented Nov 5, 2024

LocalStack Community integration with Pro

    2 files  ±0      2 suites  ±0   1h 43m 56s ⏱️ + 1m 17s
3 533 tests +1  3 119 ✅ +1  414 💤 ±0  0 ❌ ±0 
3 535 runs  +1  3 119 ✅ +1  416 💤 ±0  0 ❌ ±0 

Results for commit a913597. ± Comparison against base commit 17156d0.

cloutierMat
cloutierMat approved these changes Nov 5, 2024
View reviewed changes
Copy link
Contributor
@cloutierMat cloutierMat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! 🚀 And simple test to boot!

@bentsku bentsku merged commit 2addde6 into master Nov 5, 2024
39 checks passed
@bentsku bentsku deleted the fix-authorizer-import branch November 5, 2024 18:08
zaingz pushed a commit that referenced this pull request Nov 11, 2024
@bentsku @zaingz
APIGW: fix importing API with Cognito Authorizer (#11783)
af9ec27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cloutierMat cloutierMat cloutierMat approved these changes

Assignees

@bentsku bentsku

Labels
aws:apigateway Amazon API Gateway semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@bentsku @cloutierMat
0