Skip to content

Feature request: provide Parser models for Lambda Authorizer #4536

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
dreamorosi opened this issue Jun 17, 2024 · 3 comments · Fixed by #4718
Closed
1 of 2 tasks

Feature request: provide Parser models for Lambda Authorizer #4536

dreamorosi opened this issue Jun 17, 2024 · 3 comments · Fixed by #4718
Assignees
@leandrodamascena
Labels
feature-request feature request parser Parser (Pydantic) utility

Comments

@dreamorosi
Copy link
Contributor

Use case

As a customer, when writing Lambda Authorizer functions for API Gateway, I would like to use the Parser utility to parse and validate the payload received by my function.

Solution/User Experience

Based on my tests, there are 3 models that could be added:

  • APIGatewayRequestAuthorizerEventSchema
  • APIGatewayTokenAuthorizerEventSchema
  • APIGatewayRequestAuthorizerEventV2Schema

The first two are used by API Gateway REST API (v1) when configuring a Lambda authorizer. With this version of API Gateway customers can choose whether the authorizer is looking only at the token or at the entire request and based on this the payload that the function receives changes.

For request authorizers the payload looks like this:

{
    "type": "REQUEST",
    "methodArn": "arn:aws:execute-api:eu-west-1:123456789012:puhdx84jy9/prod/POST/lambda-request",
    "resource": "/lambda-request",
    "path": "/lambda-request",
    "httpMethod": "POST",
    "headers": {
        "Accept": "*/*",
        "Accept-Encoding": "gzip, deflate",
        "Authorization": "Bearer foo",
        "CloudFront-Forwarded-Proto": "https",
        "CloudFront-Is-Desktop-Viewer": "true",
        "CloudFront-Is-Mobile-Viewer": "false",
        "CloudFront-Is-SmartTV-Viewer": "false",
        "CloudFront-Is-Tablet-Viewer": "false",
        "CloudFront-Viewer-ASN": "7224",
        "CloudFront-Viewer-Country": "GB",
        "Content-Length": "0",
        "Host": "puhdx84jy9.execute-api.eu-west-1.amazonaws.com",
        "User-Agent": "HTTPie/3.2.2",
        "Via": "1.1 e20527248be1eebaced63108ab7e73d6.cloudfront.net (CloudFront)",
        "X-Amz-Cf-Id": "sIEfafSQxwenKloeWOp-4eyo_-grMyVNzwnkBmx5q7OcvBJV7knerQ==",
        "X-Amzn-Trace-Id": "Root=1-66704feb-118151122b2ad2d3488844e7",
        "X-Forwarded-For": "15.248.3.126, 130.176.209.37",
        "X-Forwarded-Port": "443",
        "X-Forwarded-Proto": "https"
    },
    "multiValueHeaders": {
        "Accept": [
            "*/*"
        ],
        "Accept-Encoding": [
            "gzip, deflate"
        ],
        "Authorization": [
            "Bearer foo"
        ],
        "CloudFront-Forwarded-Proto": [
            "https"
        ],
        "CloudFront-Is-Desktop-Viewer": [
            "true"
        ],
        "CloudFront-Is-Mobile-Viewer": [
            "false"
        ],
        "CloudFront-Is-SmartTV-Viewer": [
            "false"
        ],
        "CloudFront-Is-Tablet-Viewer": [
            "false"
        ],
        "CloudFront-Viewer-ASN": [
            "7224"
        ],
        "CloudFront-Viewer-Country": [
            "GB"
        ],
        "Content-Length": [
            "0"
        ],
        "Host": [
            "puhdx84jy9.execute-api.eu-west-1.amazonaws.com"
        ],
        "User-Agent": [
            "HTTPie/3.2.2"
        ],
        "Via": [
            "1.1 e20527248be1eebaced63108ab7e73d6.cloudfront.net (CloudFront)"
        ],
        "X-Amz-Cf-Id": [
            "sIEfafSQxwenKloeWOp-4eyo_-grMyVNzwnkBmx5q7OcvBJV7knerQ=="
        ],
        "X-Amzn-Trace-Id": [
            "Root=1-66704feb-118151122b2ad2d3488844e7"
        ],
        "X-Forwarded-For": [
            "15.248.3.126, 130.176.209.37"
        ],
        "X-Forwarded-Port": [
            "443"
        ],
        "X-Forwarded-Proto": [
            "https"
        ]
    },
    "queryStringParameters": {},
    "multiValueQueryStringParameters": {},
    "pathParameters": {},
    "stageVariables": {},
    "requestContext": {
        "resourceId": "w567jh",
        "resourcePath": "/lambda-request",
        "httpMethod": "POST",
        "extendedRequestId": "ZhFsxGQDDoEEMig=",
        "requestTime": "17/Jun/2024:15:02:03 +0000",
        "path": "/prod/lambda-request",
        "accountId": "123456789012",
        "protocol": "HTTP/1.1",
        "stage": "prod",
        "domainPrefix": "puhdx84jy9",
        "requestTimeEpoch": 1718636523035,
        "requestId": "141d6671-99b4-40ca-9997-7a22f01eac74",
        "identity": {
            "cognitoIdentityPoolId": null,
            "accountId": null,
            "cognitoIdentityId": null,
            "caller": null,
            "sourceIp": "15.248.3.126",
            "principalOrgId": null,
            "accessKey": null,
            "cognitoAuthenticationType": null,
            "cognitoAuthenticationProvider": null,
            "userArn": null,
            "userAgent": "HTTPie/3.2.2",
            "user": null
        },
        "domainName": "puhdx84jy9.execute-api.eu-west-1.amazonaws.com",
        "deploymentId": "v99qix",
        "apiId": "puhdx84jy9"
    }
}

while for token authorizers it looks like this:

{
    "type": "TOKEN",
    "methodArn": "arn:aws:execute-api:eu-west-1:123456789012:puhdx84jy9/prod/POST/lambda-token",
    "authorizationToken": "Bearer foo"
}

The last one is instead related to API Gateway HTTP API (v2) which as far as I can tell only supports one request type with the following payload:

{
    "version": "2.0",
    "type": "REQUEST",
    "routeArn": "arn:aws:execute-api:eu-west-1:123456789012:lsw1ro4ipb/$default/POST/lambda",
    "identitySource": [
        "Bearer foo"
    ],
    "routeKey": "POST /lambda",
    "rawPath": "/lambda",
    "rawQueryString": "",
    "headers": {
        "accept": "*/*",
        "accept-encoding": "gzip, deflate",
        "authorization": "Bearer foo",
        "content-length": "0",
        "host": "lsw1ro4ipb.execute-api.eu-west-1.amazonaws.com",
        "user-agent": "HTTPie/3.2.2",
        "x-amzn-trace-id": "Root=1-66705bc7-2b4257df30cbee696ef2cf28",
        "x-forwarded-for": "15.248.3.126",
        "x-forwarded-port": "443",
        "x-forwarded-proto": "https"
    },
    "requestContext": {
        "accountId": "123456789012",
        "apiId": "lsw1ro4ipb",
        "domainName": "lsw1ro4ipb.execute-api.eu-west-1.amazonaws.com",
        "domainPrefix": "lsw1ro4ipb",
        "http": {
            "method": "POST",
            "path": "/lambda",
            "protocol": "HTTP/1.1",
            "sourceIp": "15.248.3.126",
            "userAgent": "HTTPie/3.2.2"
        },
        "requestId": "ZhNHJhhLjoEEPiw=",
        "routeKey": "POST /lambda",
        "stage": "$default",
        "time": "17/Jun/2024:15:52:39 +0000",
        "timeEpoch": 1718639559080
    }
}

In terms of DX, the model should work the same as the existing ones:

from aws_lambda_powertools.utilities.parser import event_parser
from aws_lambda_powertools.utilities.parser.models import APIGatewayRequestAuthorizerEventSchema

@event_parser(model=)
def lambda_handler(event, context):
  ...

Note

I have tested all payload types I could think of, including the ones above, with Node.js functions - if you want to double check the payloads you can look at this comment here.

Alternative solutions

No response

Acknowledgment
@dreamorosi dreamorosi added triage Pending triage from maintainers feature-request feature request labels Jun 17, 2024
@leandrodamascena
Copy link
Contributor

Thank you so much for opening this issue with so many details @dreamorosi!

I'll work on it until the end of this week.

@leandrodamascena leandrodamascena added parser Parser (Pydantic) utility and removed triage Pending triage from maintainers labels Jun 17, 2024
@leandrodamascena leandrodamascena self-assigned this Jun 17, 2024
@leandrodamascena leandrodamascena mentioned this issue Jul 9, 2024
Merged
7 tasks
@leandrodamascena leandrodamascena linked a pull request Jul 9, 2024 that will close this issue
feat(parser): add support for API Gateway Lambda authorizer events #4718
Merged
7 tasks
@github-project-automation github-project-automation bot moved this from Backlog to Coming soon in Powertools for AWS Lambda (Python) Jul 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 9, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label Jul 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

This is now released under 2.41.0 version!

@github-actions github-actions bot removed the pending-release Fix or implementation already in dev waiting to be released label Jul 11, 2024
@leandrodamascena leandrodamascena moved this from Coming soon to Shipped in Powertools for AWS Lambda (Python) Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leandrodamascena leandrodamascena

Labels
feature-request feature request parser Parser (Pydantic) utility
Projects
Powertools for AWS Lambda (Python)
Status: Shipped
Milestone
No milestone
2 participants
@leandrodamascena @dreamorosi