Skip to content

[aws-apigateway] impossible to remove default method authorization  #8827

New issue
New issue
Closed
Closed
[aws-apigateway] impossible to remove default method authorization #8827
#30415 (+9)
Assignees
moelasmar
Labels
@aws-cdk/aws-apigatewayRelated to Amazon API GatewaybugThis issue is a bug.effort/smallSmall work item – less than a day of effortp1
@erik-sab

Description

@erik-sab
erik-sab
opened on Jul 1, 2020

It seems not possible to remove authorization for API Gateway methods if it is defined in defaultMethodOptions on RestApi level.

Reproduction Steps

First I create RestApi Gateway (https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html) with custom authorizer set by default for all methods:

        var apiGw = RestApi.Builder.create(scope, "Stack-RestApi")
                .defaultMethodOptions(MethodOptions.builder()
                        .apiKeyRequired(Boolean.FALSE)
                        .authorizationType(AuthorizationType.CUSTOM)
                        .authorizer(authorizer)
                        .build())
...

And then in resources stack I try to create documentation Method (https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.Method.html) with security disabled:

        Method.Builder builder = Method.Builder.create(scope, "Stack-ApiInfoMethodGET")
                .options(MethodOptions.builder()
                        .apiKeyRequired(Boolean.FALSE)
                        .authorizationType(AuthorizationType.NONE)
                        .authorizer(null) // tried to reset authorizer also
                        .build())
...

Error Log

[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:java (default-cli) on project cdk-stacks: An exception occured while executing the Java class. Stack-ApiGwResource/Stack-ApiInfoResource/GET - Authorization type is set to NONE which is different from what is required by the authorizer [CUSTOM]
[ERROR] Error: Stack-ApiGwResource/Stack-ApiInfoResource/GET - Authorization type is set to NONE which is different from what is required by the authorizer [CUSTOM]
[ERROR]     at new Method (/tmp/jsii-kernel-TH8eSk/node_modules/@aws-cdk/aws-apigateway/lib/method.js:27:19)
[ERROR]     at /tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7906:49
[ERROR]     at Kernel._wrapSandboxCode (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:8382:19)
[ERROR]     at Kernel._create (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7906:26)
[ERROR]     at Kernel.create (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7650:21)
[ERROR]     at KernelHost.processRequest (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7439:28)
[ERROR]     at KernelHost.run (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7377:14)
[ERROR]     at Immediate._onImmediate (/tmp/jsii-java-runtime16647868641746308035/jsii-runtime.js:7380:37)
[ERROR]     at processImmediate (internal/timers.js:456:21)

Environment

  • CLI Version : 1.47.0
  • Framework Version: 1.47.0
  • Node.js Version: v12.18.1
  • OS : Ubuntu Linux
  • Language (Version): Java 11

Other

It is still possible to override these setting as described in #8615

        var cfnMethod = (CfnMethod) method.getNode().getDefaultChild();
        cfnMethod.addPropertyOverride("ApiKeyRequired", false);
        cfnMethod.addPropertyOverride("AuthorizationType", "NONE");
        cfnMethod.addPropertyDeletionOverride("AuthorizerId");

and then stack is created with correct Method-level security settings.

This is 🐛 Bug Report

Metadata

Metadata

Assignees

Labels

@aws-cdk/aws-apigatewayRelated to Amazon API GatewaybugThis issue is a bug.effort/smallSmall work item – less than a day of effortp1

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions