getTokenLambdaAuthorizer deploys without @pulumi/awsx package
kahyong-gvrn opened this issue · 9 comments
What happened?
tried creating an authorizer with getTokenLambdaAuthorizer().
however, deployed lambda does not have @pulumi/awsx package in node_modules.
would expect it to be there coz the generated codes in __index.js has this line
const awsx = require("@pulumi/awsx/index.js");
Example
const clerkAuthorizerLambda = async (event: awsx.classic.apigateway.AuthorizerEvent) => {
try {
return awsx.classic.apigateway.authorizerResponse('test', 'Allow', event.methodArn);
}
catch (err) {
console.log(err);
// Tells API Gateway to return a 401 Unauthorized response
throw new Error("Unauthorized");
}
}
const authorizer = awsx.classic.apigateway.getTokenLambdaAuthorizer({
authorizerName: 'clerk-authorizer',
header: 'Authorization',
handler: clerkAuthorizerLambda,
});
Output of pulumi about
CLI
Version 3.119.0
Go Version go1.22.3
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.40.0
resource awsx 2.12.1
resource docker 4.5.4
resource docker 3.6.1
language nodejs unknown
resource std 1.6.2
Host
OS ubuntu
Version 24.04
Arch x86_64
This project is written in nodejs: executable='/home/tirami/.nvm/versions/node/v20.11.1/bin/node' version='v20.11.1'
Dependencies:
NAME VERSION
graphql 16.8.1
@pulumi/aws 6.40.0
@pulumi/awsx 2.12.1
@pulumi/std 1.6.2
@types/node 16.18.98
@aws-appsync/utils 1.8.0
@pulumi/pulumi 3.120.0
graphql-request 6.1.0
moment 2.30.1
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Hey @kahyong-gvrn, sorry you're running into this!
The API gateway resources in the awsx-classic subdirectory have been moved to https://github.com/pulumi/pulumi-aws-apigateway and developed further over in that repository.
I'm gonna try and reproduce it with the latest version of pulumi-aws-apigateway and move the issue over to that repository if necessary
getTokenLambdaAuthorizer and several other utility functions/types were removed from pulumi-aws-apigateway while moving from awsx to the separate repo. Instead you need to craft the authorizer lambda yourself.
In full transparency, we're not investing much in the resources in the awsx-classic subdirectory. We'd need to add components to pulumi-aws-apigateway for helping to craft auth lambdas.
However, the good news is that those are just vanilla Pulumi TS, so you can copy these resource into your own project if you'd like.
The AuthorizerEvent, AuthorizerResponse, and AuthResponseContext are types from aws-lambda which are present on all node based lambdas by default. You can those imports to these types:
https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L25-L27
authorizerResponse is defined here if you'd like to copy that to your own project as well: https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/apigateway/lambdaAuthorizer.ts#L165
Hey @kahyong-gvrn, you're right that this needs some cleaning up! Do you mind linking the examples you've found that didn't end up working so I can hunt those down?
FWIW I ended up creating an issue to enhance the experience of crafting authorizer lambdas in pulumi-aws-apigateway. We're definitely missing a full example and could potentially introduce some utility components for this. pulumi/pulumi-aws-apigateway#152
In the meantime you could have a look at one of my personal projects here where I've created an authorizer lambda:
- This is the auth configuration for the API GW: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/index.ts#L167-L188
- This is the code for the authorizer lambda: https://github.com/flostadler/festus-iac/blob/75775dda943355506a94d5ad14aa8bf7f5bb9f09/api/auth-lambda/index.ts#L14
I'm going to go ahead and close this issue since it doesn't look like there is anything that needs to be done here.