search

terraform-aws-modules / terraform-aws-apigateway-v2

Terraform module to create AWS API Gateway v2 (HTTP/WebSocket) πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/apigateway-v2/aws
Apache License 2.0
144 stars 188 forks source link

Support authorization_scopes and request_models on routes #56

Closed okdana closed 2 years ago

okdana commented 2 years ago

Description

Set authorization_scopes and request_models on the created route resource when specified in integrations.

Motivation and Context

I'm experimenting with converting a toy SAM template to Terraform using this module, and found that i couldn't proceed because the module doesn't handle authorization_scopes.

Both this attribute and request_models are commented out in the source because the previous dev didn't know what their structure was. Per the provider source, authorization_scopes is a set(string) and request_models is a map(string).

I'm not sure it really matters, though, since integrations is a map(any) β€” if i understand correctly, that requires you to use jsonencode() or similar on non-scalar values. That's how some of the integration resource's attributes are currently handled, anyway.

I think the try() method being used here would allow integrations to be changed to a fully typed map(object(...)) whilst retaining backwards compatibility, but i haven't tried making that change myself. (I'm not familiar enough with Terraform or this project to know if it's even desirable.)

Breaking Changes

This shouldn't affect backwards compatibility.

How Has This Been Tested?

I tested this by sourcing my branch of the repo as a local module, adding an integration like the following, and deploying to AWS.

integrations = {
  "GET /hello" = {
    lambda_arn             = module.hello_world_function.lambda_function_arn
    payload_format_version = "2.0"
    authorization_type     = "JWT"
    authorizer_id          = aws_apigatewayv2_authorizer.my_authorizer.id
    authorization_scopes   = jsonencode(["my_scope"])
  }
}

This resulted in the route being associated with the authoriser and having the correct authorisation scopes specified.

If there's further testing i should do, please let me know how; i'm still pretty new to both Terraform and AWS.

antonbabenko commented 2 years ago

jsonencode() is a hack that can be used when dealing with errors like all elements should be of the same type but I don't think it is necessary here.

Also, there is #54 which implements the support for authorization_scopes and request_models on routes as well as other features - https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/pull/54/files#diff-dc46acf24afd63ef8c556b77c126ccc6e578bc87e3aa09a931f33d9bf2532fbbR130

I think we can safely close this one and wait for @bryantbiggs to finish #54.

github-actions[bot] commented 1 year ago

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.