Open kahyong-gvrn opened 1 week ago
flostadler
commented
1 week ago Hey @kahyong-gvrn, sorry you're running into this! The API gateway resources in the awsx-classic subdirectory have been moved to https://github.com/pulumi/pulumi-aws-apigateway and developed further over in that repository.
I'm gonna try and reproduce it with the latest version of pulumi-aws-apigateway and move the issue over to that repository if necessary
flostadler
commented
1 week ago getTokenLambdaAuthorizer and several other utility functions/types were removed from pulumi-aws-apigateway while moving from awsx to the separate repo. Instead you need to craft the authorizer lambda yourself.
In full transparency, we're not investing much in the resources in the awsx-classic subdirectory. We'd need to add components to pulumi-aws-apigateway for helping to craft auth lambdas.
However, the good news is that those are just vanilla Pulumi TS, so you can copy these resource into your own project if you'd like.
The AuthorizerEvent, AuthorizerResponse, and AuthResponseContext are types from aws-lambda which are present on all node based lambdas by default. You can those imports to these types:
https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L25-L27
authorizerResponse is defined here if you'd like to copy that to your own project as well: https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L165
kahyong-gvrn
commented
1 week ago Thanks for the clarification. I was hitting a lot of roadblocks. When not using the awsx API gateway, I was using the ones from @pulumi/aws and hit a circular dependency issue. The lambdaauthorizer needs the API id and the API gateway needs the lambda authorizer uri or arn.
On Tue, Jun 18, 2024, 23:04 Florian Stadler @.***> wrote:
getTokenLambdaAuthorizer was removed from pulumi-aws-apigateway while moving from awsx to the separate repo. Instead you need to craft the authorizer lambda yourself.
In full transparency, we're not investing much in the resources in the awsx-classic subdirectory. We'd need to add components to pulumi-aws-apigateway for helping to craft auth lambdas.
However, the good news is that those are just vanilla Pulumi TS, so you can copy these resource into your own project if you'd like.
The AuthorizerEvent, AuthorizerResponse, and AuthResponseContext are types from aws-lambda which are present on all node based lambdas by default. You can those imports to these types:
authorizerResponse is defined here if you'd like to copy that to your own project as well: https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L165
— Reply to this email directly, view it on GitHub https://github.com/pulumi/pulumi-awsx/issues/1319#issuecomment-2176331865, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIHC4V24W47CEMQDHWQQQCTZIBD6TAVCNFSM6AAAAABJPJBYXOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZWGMZTCOBWGU . You are receiving this because you were mentioned.Message ID: @.***>
kahyong-gvrn
commented
1 week ago Do u have an example of API gateway with the authorizers?
I was left confused with everything searched on the web. I literally found 3 different sets of libraries to work with none had the correct examples.
I also suggest to update those outdated docs to show it's outdated and provide a link to the most recent example
On Tue, Jun 18, 2024, 23:18 Kah Yong Sue @.***> wrote:
Thanks for the clarification. I was hitting a lot of roadblocks. When not using the awsx API gateway, I was using the ones from @pulumi/aws and hit a circular dependency issue. The lambdaauthorizer needs the API id and the API gateway needs the lambda authorizer uri or arn.
On Tue, Jun 18, 2024, 23:04 Florian Stadler @.***> wrote:
getTokenLambdaAuthorizer was removed from pulumi-aws-apigateway while moving from awsx to the separate repo. Instead you need to craft the authorizer lambda yourself.
In full transparency, we're not investing much in the resources in the awsx-classic subdirectory. We'd need to add components to pulumi-aws-apigateway for helping to craft auth lambdas.
However, the good news is that those are just vanilla Pulumi TS, so you can copy these resource into your own project if you'd like.
The AuthorizerEvent, AuthorizerResponse, and AuthResponseContext are types from aws-lambda which are present on all node based lambdas by default. You can those imports to these types:
authorizerResponse is defined here if you'd like to copy that to your own project as well: https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L165
— Reply to this email directly, view it on GitHub https://github.com/pulumi/pulumi-awsx/issues/1319#issuecomment-2176331865, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIHC4V24W47CEMQDHWQQQCTZIBD6TAVCNFSM6AAAAABJPJBYXOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZWGMZTCOBWGU . You are receiving this because you were mentioned.Message ID: @.***>
flostadler
commented
1 week ago Hey @kahyong-gvrn, you're right that this needs some cleaning up! Do you mind linking the examples you've found that didn't end up working so I can hunt those down?
FWIW I ended up creating an issue to enhance the experience of crafting authorizer lambdas in pulumi-aws-apigateway. We're definitely missing a full example and could potentially introduce some utility components for this. https://github.com/pulumi/pulumi-aws-apigateway/issues/152
In the meantime you could have a look at one of my personal projects here where I've created an authorizer lambda:
kahyong-gvrn
commented
1 week ago thanks for the quick responses. here are the links that i still have in my browser tabs (either they are of different lib package or not having authorizer examples that addresses the circular dependency). i will just dump it here for you to check through.
https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/ https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/restapi/ https://www.pulumi.com/registry/packages/aws/how-to-guides/rest-api/ https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/ https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/interfaces/classic.apigateway.APIArgs.html https://www.pulumi.com/blog/protecting-your-apis-with-lambda-authorizers-and-pulumi/
On Tue, Jun 18, 2024 at 11:30 PM Florian Stadler @.***> wrote:
Hey @kahyong-gvrn https://github.com/kahyong-gvrn, you're right that this needs some cleaning up! Do you mind linking the examples you've found that didn't end up working so I can hunt those down?
FWIW I ended up creating an issue to enhance the experience of crafting authorizer lambdas in pulumi-aws-apigateway. We're definitely missing a full example for this. pulumi/pulumi-aws-apigateway#152 https://github.com/pulumi/pulumi-aws-apigateway/issues/152
In the meantime you could have a look at one of my personal projects here where I've created an authorizer lambda:
- This is the auth configuration for the API GW: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/index.ts#L167-L188
- This is the code for the authorizer lambda: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/auth-lambda/index.ts#L14
— Reply to this email directly, view it on GitHub https://github.com/pulumi/pulumi-awsx/issues/1319#issuecomment-2176390639, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIHC4V7U62HMZHIQIUB42P3ZIBHC5AVCNFSM6AAAAABJPJBYXOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZWGM4TANRTHE . You are receiving this because you were mentioned.Message ID: @.***>
kahyong-gvrn
commented
1 week ago after deploying, it doesn't seem to install any imported package like jsonwebtoken. i was using js instead of typescript. does it make a difference?
On Wed, Jun 19, 2024 at 10:14 AM Kah Yong Sue @.***> wrote:
thanks for the quick responses. here are the links that i still have in my browser tabs (either they are of different lib package or not having authorizer examples that addresses the circular dependency). i will just dump it here for you to check through.
https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/ https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/restapi/ https://www.pulumi.com/registry/packages/aws/how-to-guides/rest-api/
https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/
https://www.pulumi.com/blog/protecting-your-apis-with-lambda-authorizers-and-pulumi/
On Tue, Jun 18, 2024 at 11:30 PM Florian Stadler @.***> wrote:
Hey @kahyong-gvrn https://github.com/kahyong-gvrn, you're right that this needs some cleaning up! Do you mind linking the examples you've found that didn't end up working so I can hunt those down?
FWIW I ended up creating an issue to enhance the experience of crafting authorizer lambdas in pulumi-aws-apigateway. We're definitely missing a full example for this. pulumi/pulumi-aws-apigateway#152 https://github.com/pulumi/pulumi-aws-apigateway/issues/152
In the meantime you could have a look at one of my personal projects here where I've created an authorizer lambda:
- This is the auth configuration for the API GW: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/index.ts#L167-L188
- This is the code for the authorizer lambda: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/auth-lambda/index.ts#L14
— Reply to this email directly, view it on GitHub https://github.com/pulumi/pulumi-awsx/issues/1319#issuecomment-2176390639, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIHC4V7U62HMZHIQIUB42P3ZIBHC5AVCNFSM6AAAAABJPJBYXOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZWGM4TANRTHE . You are receiving this because you were mentioned.Message ID: @.***>
kahyong-gvrn
commented
1 week ago it's alright, i resorted to using aws.lambda.Function instead to zip the whole folder.
It's working fine now.
On Wed, Jun 19, 2024 at 11:29 AM Kah Yong Sue @.***> wrote:
after deploying, it doesn't seem to install any imported package like jsonwebtoken. i was using js instead of typescript. does it make a difference?
On Wed, Jun 19, 2024 at 10:14 AM Kah Yong Sue @.***> wrote:
thanks for the quick responses. here are the links that i still have in my browser tabs (either they are of different lib package or not having authorizer examples that addresses the circular dependency). i will just dump it here for you to check through.
https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/ https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/restapi/ https://www.pulumi.com/registry/packages/aws/how-to-guides/rest-api/
https://www.pulumi.com/registry/packages/aws/api-docs/apigateway/authorizer/
https://www.pulumi.com/blog/protecting-your-apis-with-lambda-authorizers-and-pulumi/
On Tue, Jun 18, 2024 at 11:30 PM Florian Stadler < @.***> wrote:
Hey @kahyong-gvrn https://github.com/kahyong-gvrn, you're right that this needs some cleaning up! Do you mind linking the examples you've found that didn't end up working so I can hunt those down?
FWIW I ended up creating an issue to enhance the experience of crafting authorizer lambdas in pulumi-aws-apigateway. We're definitely missing a full example for this. pulumi/pulumi-aws-apigateway#152 https://github.com/pulumi/pulumi-aws-apigateway/issues/152
In the meantime you could have a look at one of my personal projects here where I've created an authorizer lambda:
- This is the auth configuration for the API GW: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/index.ts#L167-L188
- This is the code for the authorizer lambda: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/auth-lambda/index.ts#L14
— Reply to this email directly, view it on GitHub https://github.com/pulumi/pulumi-awsx/issues/1319#issuecomment-2176390639, or unsubscribe https://github.com/notifications/unsubscribe-auth/BIHC4V7U62HMZHIQIUB42P3ZIBHC5AVCNFSM6AAAAABJPJBYXOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZWGM4TANRTHE . You are receiving this because you were mentioned.Message ID: @.***>
What happened?
tried creating an authorizer with getTokenLambdaAuthorizer(). however, deployed lambda does not have @pulumi/awsx package in node_modules.
would expect it to be there coz the generated codes in __index.js has this line
const awsx = require("@pulumi/awsx/index.js");Example
const clerkAuthorizerLambda = async (event: awsx.classic.apigateway.AuthorizerEvent) => { try { return awsx.classic.apigateway.authorizerResponse('test', 'Allow', event.methodArn); } catch (err) { console.log(err); // Tells API Gateway to return a 401 Unauthorized response throw new Error("Unauthorized"); } }
const authorizer = awsx.classic.apigateway.getTokenLambdaAuthorizer({ authorizerName: 'clerk-authorizer', header: 'Authorization', handler: clerkAuthorizerLambda, });
Output of
pulumi aboutCLI
Version 3.119.0 Go Version go1.22.3 Go Compiler gc
Plugins KIND NAME VERSION resource aws 6.40.0 resource awsx 2.12.1 resource docker 4.5.4 resource docker 3.6.1 language nodejs unknown resource std 1.6.2
Host
OS ubuntu Version 24.04 Arch x86_64
This project is written in nodejs: executable='/home/tirami/.nvm/versions/node/v20.11.1/bin/node' version='v20.11.1'
Dependencies: NAME VERSION graphql 16.8.1 @pulumi/aws 6.40.0 @pulumi/awsx 2.12.1 @pulumi/std 1.6.2 @types/node 16.18.98 @aws-appsync/utils 1.8.0 @pulumi/pulumi 3.120.0 graphql-request 6.1.0 moment 2.30.1
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).