Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(data-classes): clean up internal logic for APIGatewayAuthorizerResponse #643

Merged
merged 6 commits into from
Sep 9, 2021
Merged

refactor(data-classes): clean up internal logic for APIGatewayAuthorizerResponse #643

merged 6 commits into from
Sep 9, 2021

Conversation

michaelbrewer
Copy link
Contributor

@michaelbrewer michaelbrewer commented Aug 22, 2021
edited
Loading

Issue #, if available:

Description of changes:

NOTE: We might want to explain "This will also pollute Lambda metrics with errors, also causing cold starts since it's not handled." in the docs to.

Changes:

  • Clean up the internal logic for APIGatewayAuthorizerResponse
  • Update the internal docs to include a new DENY_ALL_RESPONSE
  • Add missing property usageIdentifierKey for Rest API responses only
  • Add from_route_arn to build APIGatewayAuthorizerResponse from an arn
  • Add a relaxed pylintrc configuration for those use have this installed

Update Example

from aws_lambda_powertools.utilities.data_classes import event_source
from aws_lambda_powertools.utilities.data_classes.api_gateway_authorizer_event import (
    DENY_ALL_RESPONSE,
    APIGatewayAuthorizerRequestEvent,
    APIGatewayAuthorizerResponse,
    HttpVerb,
)
from secrets import compare_digest


def get_user_by_token(token):
    if compare_digest(token, "admin-foo"):
        return {"id": 0, "name": "Admin", "isAdmin": True}
    elif compare_digest(token, "regular-foo"):
        return {"id": 1, "name": "Joe"}
    else:
        return None


@event_source(data_class=APIGatewayAuthorizerRequestEvent)
def handler(event: APIGatewayAuthorizerRequestEvent, context):
    user = get_user_by_token(event.get_header_value("Authorization"))

    if user is None:
        # No user was found
        # to return 401 - `{"message":"Unauthorized"}`, but pollutes lambda metrics
        # raise Exception("Unauthorized")
        # to return 403 - `{"message":"Forbidden"}`
        return DENY_ALL_RESPONSE

    # Create the response builder from parts of the `methodArn`
    # and set the logged in user id and context
    policy = APIGatewayAuthorizerResponse.from_route_arn(
        arn=event.method_arn, principal_id=user["id"], context=user
    )

    # Conditional IAM Policy
    if user.get("isAdmin", False):
        policy.allow_all_routes()
    else:
        policy.allow_route(HttpVerb.GET, "/user-profile")

    return policy.asdict()

Checklist

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

View rendered docs/utilities/data_classes.md

@michaelbrewer
refactor(data-classes): clean up internal logic
bfc1041 
Clean up the internal logic for `APIGatewayAuthorizerResponse` and
update the internal docs.
@boring-cyborg boring-cyborg bot added area/utilities documentation Improvements or additions to documentation labels Aug 22, 2021
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Aug 22, 2021
@codecov-commenter
Copy link

codecov-commenter commented Aug 22, 2021
edited
Loading

Codecov Report

Merging #643 (236caff) into develop (c8cf3ba) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #643   +/-   ##
========================================
  Coverage    99.97%   99.97%           
========================================
  Files          116      116           
  Lines         4846     4853    +7     
  Branches       265      266    +1     
========================================
+ Hits          4845     4852    +7     
  Partials         1        1
Impacted Files Coverage Δ
...ities/data_classes/api_gateway_authorizer_event.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c8cf3ba...236caff. Read the comment docs.

@michaelbrewer michaelbrewer changed the title refactor(data-classes): clean up internal logic refactor(data-classes): clean up internal logic for APIGatewayAuthorizerResponse Aug 22, 2021
heitorlessa
heitorlessa suggested changes Aug 22, 2021
View reviewed changes
docs/utilities/data_classes.md Outdated Show resolved Hide resolved
docs/utilities/data_classes.md Outdated Show resolved Hide resolved
@michaelbrewer
feat(data-classes): Add a deny all response
b406365 
Update the docs and add a deny all response
@pull-request-size pull-request-size bot removed the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Aug 22, 2021
@boring-cyborg boring-cyborg bot added the tests label Aug 22, 2021
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 22, 2021
@michaelbrewer
Copy link
Contributor Author

@heitorlessa - i addressed your feedback in this PR.

@heitorlessa heitorlessa merged commit 2506c94 into aws-powertools:develop Sep 9, 2021
@heitorlessa heitorlessa added internal Maintenance changes and removed enhancement labels Sep 9, 2021
heitorlessa added a commit to heitorlessa/aws-lambda-powertools-python that referenced this pull request Sep 28, 2021
@heitorlessa
Merge branch 'develop' of https://github.com/awslabs/aws-lambda-power…
06c3250 
…tools-python into develop

* 'develop' of https://github.com/awslabs/aws-lambda-powertools-python:
  docs(event-handler): document catch-all routes (aws-powertools#705)
  chore: add python 3.9 support
  docs: add team behind it and email
  ISSUE-693: Use ExpressionAttributeNames in _put_record (aws-powertools#697)
  feat(validator): include missing data elements from a validation error (aws-powertools#686)
  chore(deps-dev): bump mkdocs-material from 7.2.8 to 7.3.0 (aws-powertools#695)
  chore(deps-dev): bump mkdocs-material from 7.2.6 to 7.2.8 (aws-powertools#682)
  chore(deps-dev): bump flake8-bugbear from 21.4.3 to 21.9.1 (aws-powertools#676)
  chore(deps): bump boto3 from 1.18.38 to 1.18.41 (aws-powertools#677)
  chore(deps-dev): bump radon from 4.5.2 to 5.1.0 (aws-powertools#673)
  chore(deps): bump boto3 from 1.18.32 to 1.18.38 (aws-powertools#671)
  refactor(data-classes): clean up internal logic for APIGatewayAuthorizerResponse (aws-powertools#643)
  fix(data-classes): use correct asdict funciton (aws-powertools#666)
  chore(deps-dev): bump xenon from 0.7.3 to 0.8.0 (aws-powertools#669)
  chore: bump to 1.20.2
  fix: Fix issue with strip_prefixes (aws-powertools#647)
  chore(deps-dev): bump mkdocs-material from 7.2.4 to 7.2.6 (aws-powertools#665)
  chore(deps): bump boto3 from 1.18.26 to 1.18.32 (aws-powertools#663)
  chore(deps-dev): bump pytest from 6.2.4 to 6.2.5 (aws-powertools#662)
  chore(license): Add THIRD-PARTY-LICENSES (aws-powertools#641)
@michaelbrewer michaelbrewer deleted the refactor/api-authorizer branch October 13, 2021 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heitorlessa heitorlessa heitorlessa approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation internal Maintenance changes size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelbrewer @codecov-commenter @heitorlessa