Closed 0xdevalias closed 4 years ago
Starting from scratch for debug:
sam init --runtime go1.x
cd sam-app
dep init
GOOS=linux GOARCH=amd64 go build -o hello-world/hello-world ./hello-world
sam local start-api
Attempting to access http://127.0.0.1:3000/ I see Missing Authentication Token
(with no endpoint mapped there)
Attempting to access http://127.0.0.1:3000/hello it works as expected.
Changing the HelloWorldFunction
to use /{proxy+}
:
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: hello-world/
Handler: hello-world
Runtime: go1.x
Tracing: Active # https://docs.aws.amazon.com/lambda/latest/dg/lambda-x-ray.html
Events:
CatchAll:
Type: Api
Properties:
Path: "/{proxy+}"
Method: ANY
Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object
Variables:
PARAM1: VALUE
Now when I access http://127.0.0.1:3000/anythinghere it continues to work as expected.. so I don't think that is my issue.
Edit: Digging a little deeper.. it looks like even if I explicitly set the path to Path: "/"
I get the same Missing Authentication Token
when trying to access it. I wonder if that is somehow playing into this issue, even when trying to proxy it?
Edit2: Additional context, using https://github.com/gorilla/mux + https://github.com/awslabs/aws-lambda-go-api-proxy internally. When I set the path to Path: "/example"
in my main project, that 1 endpoint works properly and doesn't produce Missing Authentication Token
. When it is set to proxy though, my code never even gets reached/started. If I set my project to Path: "/a/{proxy+}"
and try to access any of the URLs, my code starts correctly (then gets a 404 because that route doesn't exist)
I'm getting the same error with SAM CLI, version 0.4.0. It doesn't look like it's routing to the static files in my case.
2018-06-20 14:50:36 Mounting static files from /Users/terry/go/src/app/public at /
2018-06-20 14:50:36 Mounting SampleFunction at http://127.0.0.1:3000/api/{proxy+} [GET, DELETE, PUT, POST, HEAD, OPTIONS, PATCH]
2018-06-20 14:50:36 You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template
2018-06-20 14:50:36 * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit)
2018-06-20 14:50:42 127.0.0.1 - - [20/Jun/2018 14:50:42] "GET / HTTP/1.1" 403 -
2018-06-20 14:50:42 127.0.0.1 - - [20/Jun/2018 14:50:42] "GET /favicon.ico HTTP/1.1" 403 -
Shouldn't localhost:3000 -> serves the index.html?
So this is an issue with Flask and how the endpoints are modeled. By default Flask does not resolve the /
as apart of the /{proxy+}
route. This means we need to handle /
(the root path) separately. There maybe a way to configure this behavior by default but haven't investigated that deeply yet.
@terrywarwar
Shouldn't localhost:3000 -> serves the index.html?
Maybe? But SAM CLI can't since we support API to Lambda on the same root path, so there can be path conflicts. Instead, you should just add the /index.html
to the path explicitly.
Marking this as a bug
I am getting this issue only on GET calls. POST works fine.
@amcp I'm seeing the opposite; GET
works fine, while POST
yields this error. None of my paths are /
, i.e. I'm GET
ting and POST
ing to e.g. /foo
and /bar
.
Windows 10, SAM CLI version 0.7.0.
I'm experiencing the same. Using SAM local POST
works fine, but GET
returns the "missing authentication token" on all catch-all routes, unless I add the first part of the route into the template.yaml
config.
eg:
using path: /{proxy+}
, method: ANY
GET
/api/books
, and /api/books/[id]
returns missing authentication token
whereas using path: /api/{proxy+}
, method: ANY
GET
/api/books
, and /api/books/[id]
work as expected
Both configurations appear to work normally once deployed to the cloud.
I think this is going to become more prevalent as an issue now the runtime API has opened new languages and frameworks up to Lambda, and more people are going to get on-board with developing serverless functions locally, expecting their chosen language / framework to handle routing for them.
MacOS, SAM CLI version 0.8.1
@nealio82 While the results are the same, your issue is different than the original issue. I commented above on what this issue relates to.
Please open a separate issues so we can track and investigate separately.
@jfuss Ok, shall do :) Although I'm not sure that it is different? Looking at the original bug report by @0xdevalias it looks like the config is almost exactly the same as the config I have, and their experience is the same... (the only difference I can see is that I also have path: /
configured in my template.yaml
to match the /
route, and @0xdevalias doesn't)
@nealio82 You didn't state anything about a root path (/
) being configured. Your statement makes it sound like /{proxy+}
is causing other paths not to resolve.
Ah, sorry, I didn't think it was relevant - I was adding context to the fact I'm seeing the same as the OP, and I didn't want to simply add an unhelpful '+1' or 'me too' comment. The root path works OK, as implied by 'GET returns the "missing authentication token" on all catch-all routes'.
I had opened #1037 and closed it because I think this is the root issue. Thanks!
So I think I might have found a way to fix this – commenting out the static files config passed to flask here allows /{proxy+}
paths to resolve.
Happy to put together a PR, but not sure what you want to do... while serving static files is useful it's not something that APIG does and users can achieve something similar with a lambda serving files at a specific route.
If you want to avoid a breaking change, seems like path of least change is to only pass this config to flask if the user specifies the --static-dir
argument?
Erm, scratch that. Was switching between samdev and sam and it seems my issue sorted it self out and now /{proxy+}
resolves fine. Ignore me!
Not for me.
CONFIRMED! Setting static_url_path=None
in local_apigw_service.py
does allow /{proxy+}
to work. I have confirmed with Flask that these two options are incompatible. I think it is important that local development allow root proxy and serving static files from root needs to be re-considered. What do other's think?
it's amusing because this breaks your front page hello world example as generated by your kit
it's actually pretty concerning that nine months after you found out your baseline generated code doesn't serve root correctly, it's still an outstanding bug
that's a one-liner route fix in flask
Well in fairness, they have done ALOT of work and if I had to pick, I'd say I appreciate the effort being able to run Ruby on Lambda and other things vs something I can hack locally that is not an issue when deployed. That said, would be nice to see fixed.
I followed https://github.com/stackery/php-lambda-layer to also get this "Missing Authentication Token". I've read this and I'm non-the-wiser.
Is there an error with https://media.dev.unee-t.com/2019-04-04/template.yaml ?
SAM CLI, version 0.14.2
Must say the SAM cli is a bit rough around the edges. Why can't it print the endpoint in the CLI? zomg. https://s.natalian.org/2019-04-04/1554348366_2560x1440.png
Hi,
are there any updates on this one? I have exactly the same issue.
THIS IS A MACOS VERSION OF #1316 kitselas:~$ sam --version SAM CLI, version 0.18.0 kitselas:bin root# docker --version Docker version 19.03.1, build 74b1e89
begin: template.yaml Transform: 'AWS::Serverless-2016-10-31' Resources: PedigreesFunction:
Type: 'AWS::Serverless::Function'
Properties:
# This function uses the Nodejs v8.10 runtime.
Runtime: python3.7
# This is the Lambda function's handler.
Handler: app.lambdb_handler
# The location of the Lambda function code.
CodeUri: ./lambda-scripts/get-pedigrees.py
# Event sources to attach to this function. In this case, we are attaching
# one API Gateway endpoint to the Lambda function. The function is
# called when a HTTP request is made to the API Gateway endpoint.
Events:
PedigreesApi:
# Define an API Gateway endpoint that responds to HTTP GET at /thumbnail
Type: Api
Properties:
Path: /pedigrees
Method: GET
end template.yaml sam validate 2019-08-08 10:56:23 Found credentials in shared credentials file: ~/.aws/credentials /Users/rjs3/utah/dev/aws/pprapp/PPRConsole/template.yaml is a valid SAM Template
kitselas:PPRConsole$ sam local start-api 2019-08-08 10:57:41 Mounting PedigreesFunction at http://127.0.0.1:3000/pedigrees [GET] 2019-08-08 10:57:41 You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template 2019-08-08 10:57:41 * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit) 2019-08-08 10:58:38 Invoking app.lambdb_handler (python3.7) 2019-08-08 10:58:39 Found credentials in shared credentials file: ~/.aws/credentials
Fetching lambci/lambda:python3.7 Docker container image...... 2019-08-08 10:58:40 Mounting /Users/rjs3/utah/dev/aws/pprapp/PPRConsole/lambda-scripts/get-pedigrees.py as /var/task:ro,delegated inside runtime container 2019-08-08 10:58:41 Exception on /pedigrees [GET] Traceback (most recent call last): File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/api/client.py", line 261, in _raise_for_status response.raise_for_status() File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/requests/models.py", line 940, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http+docker://localhost/v1.35/containers/f0123288c45dd08164d6cf5ca4d3d598984a0d2213263c35dc671c254948013f/start
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/app.py", line 2317, in wsgi_app response = self.full_dispatch_request() File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/app.py", line 1840, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/app.py", line 1743, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/_compat.py", line 36, in reraise raise value File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/app.py", line 1838, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/flask/app.py", line 1824, in dispatch_request return self.view_functionsrule.endpoint File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/samcli/local/apigw/local_apigw_service.py", line 156, in _request_handler self.lambda_runner.invoke(route.function_name, event, stdout=stdout_stream_writer, stderr=self.stderr) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/samcli/commands/local/lib/local_lambda.py", line 93, in invoke self.local_runtime.invoke(config, event, debug_context=self.debug_context, stdout=stdout, stderr=stderr) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/samcli/local/lambdafn/runtime.py", line 86, in invoke self._container_manager.run(container) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/samcli/local/docker/manager.py", line 98, in run container.start(input_data=input_data) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/samcli/local/docker/container.py", line 189, in start real_container.start() File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/models/containers.py", line 392, in start return self.client.api.start(self.id, *kwargs) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/utils/decorators.py", line 19, in wrapped return f(self, resource_id, args, **kwargs) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/api/container.py", line 1091, in start self._raise_for_status(res) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/api/client.py", line 263, in _raise_for_status raise create_api_error_from_http_exception(e) File "/usr/local/Cellar/aws-sam-cli/0.18.0/libexec/lib/python3.7/site-packages/docker/errors.py", line 31, in create_api_error_from_http_exception raise cls(e, response=response, explanation=explanation) docker.errors.APIError: 400 Client Error: Bad Request ("OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"rootfs_linux.go:58: mounting \\"/Users/rjs3/utah/dev/aws/pprapp/PPRConsole/lambda-scripts/get-pedigrees.py\\" to rootfs \\"/var/lib/docker/overlay2/4248cf995aab0b8fb6cdd0db26dde5c5a99ccb31fce1c217a8c07cd8e6268704/merged\\" at \\"/var/lib/docker/overlay2/4248cf995aab0b8fb6cdd0db26dde5c5a99ccb31fce1c217a8c07cd8e6268704/merged/var/task\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type") 2019-08-08 10:58:41 127.0.0.1 - - [08/Aug/2019 10:58:41] "GET /pedigrees HTTP/1.1" 502 - 2019-08-08 10:58:41 127.0.0.1 - - [08/Aug/2019 10:58:41] "GET /favicon.ico HTTP/1.1" 403 -
I cannot locate the mounts under ~/Library/Containers
As @metaskills commented:
CONFIRMED! Setting static_url_path=None in local_apigw_service.py does allow /{proxy+} to work.
This did not work for me. :( My version is:
$ sam --version
$ SAM CLI, version 0.19.0
By adding a root endpoint and another separate proxy endpoint to the SAM template I was able to get it to work:
...
Resources:
MyFunction:
Properties:
CodeUri: MyFunction
Events:
RootEndpoint:
Properties:
Method: any
Path: /
Type: Api
EverythingElse:
Properties:
Method: any
Path: /{proxy+}
Type: Api
Handler: app.lambda_handler
Runtime: python3.7
Type: AWS::Serverless::Function
It seems like this convention of configuring multiple events for the same handler is done this way in other frameworks such as Zappa and Serverless (see the serverless.yml from this link).
Solution provided by @nevtum works for /
path. Thanks @nevtum.
I am closing this issue, if anyone have questions please feel free to re-open.
I am using CDK to create the apigateway and adding ResourceBase.addProxy and setting the anyMethod to true worked for me and I dont get the Missing Authentication...
The solution provided by @nevtum does not work while also using the static assets option by either specifying -s
manually or having a public
folder present in the SAM directory.
Any ideas on a static assets workaround? @c2tarun I think this should be reopened
I have a potential fix at #6376 if the maintainers are interested... happy to implement myself.
Description:
When I run
sam local start-api -s public/
and try to access my endpoint, I receive aMissing Authentication Token
in the browser. This same code runs fine when deployed to lambda, and correctly exposes my endpoint without auth required.Observed result:
Missing Authentication Token
Expected result:
My API is exposed without auth.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
macOS
Output of
sam --version
:SAM CLI, version 0.3.0