From 786a76d1dd7435a373aa9a104f446fb7a062a91a Mon Sep 17 00:00:00 2001 From: Piotr Grzesik Date: Wed, 27 Oct 2021 13:52:01 +0200 Subject: [PATCH] feat(AWS API Gateway): Change default identity source for authorizers BREAKING CHANGE: For authorizers with `request` type and caching disabled (`resultTtlInSeconds: 0`), the `identitySource` will no longer be set to `method.request.header.Authorization` by default. --- .../compile/events/apiGateway/index.js | 22 ------------------- .../compile/events/apiGateway/lib/validate.js | 5 ++++- .../events/apiGateway/lib/validate.test.js | 21 ++++++++++++++++++ 3 files changed, 25 insertions(+), 23 deletions(-) diff --git a/lib/plugins/aws/package/compile/events/apiGateway/index.js b/lib/plugins/aws/package/compile/events/apiGateway/index.js index 27c96b51c..22aa7e910 100644 --- a/lib/plugins/aws/package/compile/events/apiGateway/index.js +++ b/lib/plugins/aws/package/compile/events/apiGateway/index.js @@ -3,7 +3,6 @@ /* eslint-disable global-require */ const BbPromise = require('bluebird'); -const _ = require('lodash'); const memoize = require('memoizee'); const validate = require('./lib/validate'); @@ -238,27 +237,6 @@ class AwsCompileApigEvents { this.hooks = { 'initialize': () => { - if ( - this.serverless.service.provider.name === 'aws' && - Object.values(this.serverless.service.functions).some(({ events }) => - events.some(({ http }) => { - return ( - http && - _.isObject(http.authorizer) && - http.authorizer.type && - http.authorizer.type.toUpperCase() === 'REQUEST' && - http.authorizer.identitySource === undefined && - http.authorizer.resultTtlInSeconds === 0 - ); - }) - ) - ) { - this.serverless._logDeprecation( - 'AWS_API_GATEWAY_DEFAULT_IDENTITY_SOURCE', - 'Starting with v3.0.0, "functions[].events[].http.authorizer.identitySource" will no longer be set to "method.request.header.Authorization" by default for authorizers of "request" type with caching disabled ("resultTtlInSeconds" set to "0").\nIf you want to keep this setting, please set it explicitly in your configuration. If you do not want this to be set, please set it explicitly to "null".' - ); - } - if ( this.serverless.service.provider.name === 'aws' && this.serverless.service.provider.apiGateway && diff --git a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js index 926230825..0e5c04e37 100644 --- a/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js +++ b/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.js @@ -297,7 +297,10 @@ module.exports = { managedExternally = false; } - if (typeof identitySource === 'undefined') { + if ( + !identitySource && + !(type && type.toUpperCase() === 'REQUEST' && resultTtlInSeconds === 0) + ) { identitySource = 'method.request.header.Authorization'; } diff --git a/test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js b/test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js index fadc690a9..20e06760c 100644 --- a/test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js +++ b/test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/validate.test.js @@ -1425,6 +1425,22 @@ describe('test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/valida command: 'package', configExt: { functions: { + authorized: { + handler: 'index.handler', + events: [ + { + http: { + method: 'get', + path: '/authorized', + authorizer: { + type: 'REQUEST', + name: 'basic', + resultTtlInSeconds: 0, + }, + }, + }, + ], + }, corsDefault: { handler: 'index.handler', events: [ @@ -1475,6 +1491,11 @@ describe('test/unit/lib/plugins/aws/package/compile/events/apiGateway/lib/valida .IntegrationResponses[0].ResponseParameters ).to.deep.eq(expected); }); + + it('Should not set default `identitySource` for `request` authorizers with caching disabled', async () => { + expect(cfResources[naming.getAuthorizerLogicalId('basic')].Properties.IdentitySource).to.be + .undefined; + }); }); it('should throw an error when restApiRootResourceId is not provided with restApiId', async () => {