英文:
Serverless authorizer request does not provide methodArn, or any information about the calling lambda
问题
我在定义的授权者 Lambda 函数中遇到了从请求对象中获取 methodArn 的问题。我正在使用使用 Golang 的 Serverless。以下是我代码的简化版本。
main.go - 授权者处理函数
func Handler(request events.APIGatewayCustomAuthorizerRequestTypeRequest) (events.APIGatewayCustomAuthorizerResponse, error) {// 我尝试将整个请求记录到 CloudWatch,下面有示例// 这里有代码来验证 JWT 令牌return nil, nil}
serverless.yml - 我的 Serverless 配置,用于注册函数和定义授权者
functions:permission_verify:handler: bin/handlers/permission/verifypackage:patterns:- "!./**"- ./bin/**provider:httpApi:authorizers:custom:functionName: permission_verifytype: request
通过上述设置,我能够在其他微服务中使用授权者来验证 JWT 令牌,但现在我想为授权者添加更多功能,为此我需要请求中的 methodArn 存在。
下面是在调用使用授权者的端点后 CloudWatch 的输出。
CloudWatch - 请求的 JSON
{"type": "REQUEST","methodArn": "","resource": "","path": "","httpMethod": "","headers": {"accept": "*/*","accept-encoding": "gzip, deflate, br","authorization": "redacted","content-length": "redacted","content-type": "application/json","host": "redacted","postman-token": "redacted","user-agent": "PostmanRuntime/7.31.3","x-amzn-trace-id": "redacted","x-forwarded-for": "redacted","x-forwarded-port": "443","x-forwarded-proto": "https"},"queryStringParameters": null,"pathParameters": null,"stageVariables": null,"requestContext": {"path": "","accountId": "redacted","resourceId": "","stage": "$default","requestId": "redacted","identity": {"apiKey": "","sourceIp": ""},"resourcePath": "","httpMethod": "","apiId": "redacted"}}
我已经在互联网上搜索了很多,但没有找到关于请求中没有关于调用 Lambda 的信息的解释和原因。已经过了相当长的时间,任何帮助将不胜感激。
英文:
I am having issues getting the methodArn from a request object in an authorizer lambda I have defined. I am using serverless with golang. Here is a redacted setup of the code that I have.
main.go - the authorizer handler function
func Handler(request events.APIGatewayCustomAuthorizerRequestTypeRequest) (events.APIGatewayCustomAuthorizerResponse, error) {// I have tried logging the entire request to cloud watch, see further down for the sample// i have code here to verify a jwt tokenreturn nil, nil}
serverless.yml - my serverless setup to register the function and define the authorizer
functions:permission_verify:handler: bin/handlers/permission/verifypackage:patterns:- "!./**"- ./bin/**provider:httpApi:authorizers:custom:functionName: permission_verifytype: request
With the above setup I am able to use the authorizer in other microservices to verify jwt tokens but now I would like to add more functionality to the authorizer and with that I need the methodArn on the request to be present.
Here is the output from cloud watch after hitting an endpoint that uses the authorizer
cloud watch - the request json
{"type": "REQUEST","methodArn": "","resource": "","path": "","httpMethod": "","headers": {"accept": "*/*","accept-encoding": "gzip, deflate, br","authorization": "redacted","content-length": "redacted","content-type": "application/json","host": "redacted","postman-token": "redacted","user-agent": "PostmanRuntime/7.31.3","x-amzn-trace-id": "redacted","x-forwarded-for": "redacted","x-forwarded-port": "443","x-forwarded-proto": "https"},"queryStringParameters": null,"pathParameters": null,"stageVariables": null,"requestContext": {"path": "","accountId": "redacted","resourceId": "","stage": "$default","requestId": "redacted","identity": {"apiKey": "","sourceIp": ""},"resourcePath": "","httpMethod": "","apiId": "redacted"}}
I have scoured the internet looking for an explanation and cause for having no information about the calling lambda in the request to no avail. It has been quite a bit of time, any help would be immensely appreciated.
答案1
得分: 1
我找到了一个解决方案,使用REST而不是HTTP。我不得不重新编写所有的函数,并像下面这样定义无服务器;
serverless.yaml
custom:authorizer:type: tokenidentitySource: method.request.header.AuthorizationidentityValidationExpression: Bearer (.*)name: permission_verify# if this is in a different service, you can replace the name property with 'arn' having the arn of the functionfunctions:permission_verify:handler: bin/handlers/permission/verifypermission_read:events:-http: # i had httpApi beforemethod: getpath: /authorizer: ${self:custom.authorizer}
这使我能够将函数签名更改为以下内容,并在检查云监控日志后,我能够获取方法 ARN。
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error)
这是我在云监控中得到的一个例子;
{"type": "TOKEN","authorizationToken": "Bearer <redacted>","methodArn": "arn:aws:execute-api:us-east-1:redacted/PUT/"}
总之,造成这个问题的原因只是不一致的无服务器配置,不符合我所需的目的。我认为,无服务器是一种定义基础架构的简单方法,但它并不是完美无缺的,了解你要做什么以及提供了什么是很重要的。
英文:
I found a solution that worked using REST instead of HTTP. I had to redo all my functions and define the serverless like the following;
serverless.yaml
custom:authorizer:type: tokenidentitySource: method.request.header.AuthorizationidentityValidationExpression: Bearer (.*)name: permission_verify# if this is in a different service, you can replace the name property with 'arn' having the arn of the functionfunctions:permission_verify:handler: bin/handlers/permission/verifypermission_read:events:-http: # i had httpApi beforemethod: getpath: /authorizer: ${self:custom.authorizer}
This allowed me to change the function signature to something like below, and after checking the cloud watch logs, I was able to get the method ARN.
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error)
Here is an example of what I got in cloud watch;
{"type": "TOKEN","authorizationToken": "Bearer <redacted>","methodArn": "arn:aws:execute-api:us-east-1:redacted/PUT/"}
In summary, the cause of this was just inconsistent serverless config that did not fit the purpose of what I required. I'd say IMO, it is easy to think that serverless is a fool proof way of defining infrastructure but it's not and it's good to understand what you're going for against what is offered.
答案2
得分: 0
我很确定应该是这样的:
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error) {
而不是
func Handler(request events.APIGatewayCustomAuthorizerRequestTypeRequest) (events.APIGatewayCustomAuthorizerResponse, error) {
请参考 https://github.com/serverless/examples/blob/master/aws-golang-auth-examples/functions/auth/main.go 中的一个可行示例。
英文:
I'm pretty sure it should be
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error) {
and not
func Handler(request events.APIGatewayCustomAuthorizerRequestTypeRequest) (events.APIGatewayCustomAuthorizerResponse, error) {
See https://github.com/serverless/examples/blob/master/aws-golang-auth-examples/functions/auth/main.go for a working example
答案3
得分: 0
不确定你的 serverless.yml 文件是什么样子的,但这可能是一个很好的例子。
service: your-serviceprovider:name: awsruntime: go1.xhttpApi:payload: '2.0'functions:permission_verify:handler: bin/handlers/permission/verifyyour_protected_function:handler: bin/handlers/your_protected_functionevents:- httpApi:method: any # 或者你想允许的具体 HTTP 方法path: /your_pathauthorizer:name: customcustom:authorizers:custom:functionName: permission_verifytype: requestpackage:patterns:- "!./**"- ./bin/**
确保在 Go 代码中,使用 events.APIGatewayCustomAuthorizerRequest 类型而不是 events.APIGatewayCustomAuthorizerRequestTypeRequest 作为请求参数:
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error) {}
英文:
not sure how your serverless.yml file looks like, but this could be a good example in case.
service: your-serviceprovider:name: awsruntime: go1.xhttpApi:payload: '2.0'functions:permission_verify:handler: bin/handlers/permission/verifyyour_protected_function:handler: bin/handlers/your_protected_functionevents:- httpApi:method: any # or the specific HTTP method you want to allowpath: /your_pathauthorizer:name: customcustom:authorizers:custom:functionName: permission_verifytype: requestpackage:patterns:- "!./**"- ./bin/**
make sure that you are using the
events.APIGatewayCustomAuthorizerRequest
type instead of
events.APIGatewayCustomAuthorizerRequestTypeRequest
for the request parameter in the Go code:
func Handler(request events.APIGatewayCustomAuthorizerRequest) (events.APIGatewayCustomAuthorizerResponse, error) {}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论