Open mohit-bureau opened 2 years ago
Voting for Prioritization
Volunteering to Work on This Issue
We are facing this issue as well. We tried to work around this by following an iterative approach - creating apigw first, and then open api spec with authorizer as the next step However that does not work either since the cycle detection happens at the plan stage.
For now, we have to fall back to creating methods and integration by creating separate terraform resources for all endpoints, which is extremely messy to manage.
Yes this is a problem for us too, What I ended up doing was to add something like this
resource "null_resource" "update-method-authorizer" { provisioner "local-exec" { command = "aws apigateway update-method --rest-api-id ${api.id} --resource-id ${resource.id} --http-method GET --patch-operations op=replace,path=/authorizationType,value=CUSTOM op=replace,path=/authorizerId,value=${authorizer.id}" } }
I thought I had the same problem, but then I found this example https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authtype.html and using it I managed to get a similar configuration to work (the problem might've been fixed in the meantime, though). Good luck.
I'm also facing the same issue. No updates about it?
@mohit-bureau, were you able to fix it?
just got this working in my environment
data "template_file" "swagger_doc" {
template = file("${path.module}/swagger.yml")
vars = {
authorizer_uri = aws_lambda_function.authorizer.invoke_arn
authorizer_credentials = aws_iam_role.apigw_execution_role.arn
}
}
resource "aws_api_gateway_rest_api" "api" {
name = "ScimAPI"
body = data.template_file.swagger_doc.rendered
}
resource "aws_api_gateway_deployment" "this" {
rest_api_id = aws_api_gateway_rest_api.api.id
stage_name = "default"
triggers = {
redeployment = sha1(jsonencode(aws_api_gateway_rest_api.api.body))
}
lifecycle {
create_before_destroy = true
}
}
...
it looks like this in my swagger (3.0.1) doc
paths:
/Groups:
get:
security:
- lambda-authorizer: []
...
components:
securitySchemes:
lambda-authorizer:
type: apiKey
name: Authorization
in: header
x-amazon-apigateway-authorizer:
type: request
identitySource: method.request.header.Authorization
authorizerUri: ${authorizer_uri}
authorizerCredentials: ${authorizer_credentials}
authorizerPayloadFormatVersion: '2.0'
authorizerResultTtlInSeconds: 300
x-amazon-apigateway-authtype: Custom scheme with corporate claims
This was with AWS Provider version: ~> 4.4
Terraform Core Version
1.1.9
AWS Provider Version
4.30.0
Affected Resource(s)
aws_api_gateway_rest_api
Expected Behavior
The body parameter accepts open api spec json to merge or overwrite routes in the API gateway. The routes are getting added but the method request authorizer is not enabled to use a custom lambda authorizer. It is being set to NONE even after setting the security key with lambda name in the route.
Actual Behavior
The custom lambda authorizer should be attached with the route method request if the security key is present in the openapi spec json.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
Import the attached openapi spec json to API gateway.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No response