search

awslabs / aws-lambda-rust-runtime

A Rust runtime for AWS Lambda
Apache License 2.0
3.3k stars 335 forks source link

`ApiGatewayCustomAuthorizerResponse` unable to deserialize example #853

Closed aesterline closed 5 months ago

aesterline commented 5 months ago

When deserializing the authorizer response described in APIGateway example lambda authorizer output I get the following error:

called `Result::unwrap()` on an `Err` value: Error("invalid type: string \"execute-api:Invoke\", expected a sequence", line: 0, column: 0)

Example Test

#[cfg(test)]
mod tests {
    use aws_lambda_events::apigw::ApiGatewayCustomAuthorizerResponse;
    use serde_json::json;

    #[test]
    fn can_parse_aws_example() {
        let example = json!({
          "principalId": "myid",
          "policyDocument": {
            "Version": "2012-10-17",
            "Statement": [
              {
                "Action": "execute-api:Invoke",
                "Effect": "Allow",
                "Resource": "arn:aws:execute-api:us-east-2:128298128:kaidfa/prod/GET/foo/bar"
              }
            ]
          },
          "context": {
            "stringKey": "value",
            "numberKey": "1",
            "booleanKey": "true"
          },
          "usageIdentifierKey": "apikey"
        });

        let parsed: ApiGatewayCustomAuthorizerResponse = serde_json::from_value(example).unwrap();
        assert_eq!(
            parsed.policy_document.statement[0].action[0],
            "execute-api:Invoke"
        );
    }
}

The examples in https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html#api-gateway-calling-api-permissions seems to show Action as a Vec<String>. I'm not sure which version is correct or if we should be able to deserialize both variants. I do have a custom authorizer I am trying to integrate with currently that returns the single String variant. Is it possible to change the current serde definition to allow parsing both versions?

calavera commented 5 months ago

It looks like a statement action can be both, a string, or a slice, we need to handle both correctly. Feel free to open a PR to fix it. I would probably use an enum, but I'm open to other suggestions:

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html

calavera commented 5 months ago

We probably need to do the same for Resource.

calavera commented 5 months ago

And it looks like the Condition is completely missing 😞 https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html

github-actions[bot] commented 5 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one.