feat(appsync): add authenticationConfig to HttpDataSource, fixes #9934 #9971
Conversation
There was a problem hiding this comment.
Thanks for the contribution 🥳 This is a great first pass!
It would be great if you could write up a section in the README talking about HTTP data source. Similar to this section!
See this PR in review right now on RDS! Just to talk about the IamConfig :)
| export interface HttpDataSourceAuthorizationConfig { | ||
| /** | ||
| * The authorization type required by the HTTP endpoint | ||
| */ | ||
| readonly authorizationType: 'AWS_IAM'; | ||
| /** | ||
| * The IAM configuration required by the HTTP endpoint | ||
| */ | ||
| readonly awsIamConfig: HttpDataSourceIamConfig; | ||
| } | ||
|
|
||
| /** | ||
| * The IAM configuration required by the HTTP endpoint | ||
| */ | ||
| export interface HttpDataSourceIamConfig { | ||
| /** | ||
| * The signing region for AWS IAM authorization | ||
| */ | ||
| readonly signingRegion: string; | ||
|
|
||
| /** | ||
| * The signing service name for AWS IAM authorization | ||
| */ | ||
| readonly signingServiceName: string; | ||
| } |
There was a problem hiding this comment.
If the authorization type is always going to AWS_IAM as seen by these docs, I think it might be best to just expose awsIamConfig and remove that additional level of abstraction!
There was a problem hiding this comment.
@BryanPan342 I have a question.
JSII does not allow nested objects directly. I got a linting error when I tried to implement like below.
Only string-indexed map types are supported
export interface AwsIamConfig {
/**
* The authorization type required by the HTTP endpoint
*/
readonly authorizationType: 'AWS_IAM';
/**
* The IAM configuration required by the HTTP endpoint
*/
readonly awsIamConfig: {
/**
* The signing region for AWS IAM authorization
*/
readonly signingRegion: string;
/**
* The signing service name for AWS IAM authorization
*/
readonly signingServiceName: string;
}
}Do you know the better way to integrate it?
I still code separately. But I tried to along with Cfn definition.
4500ce8
Co-authored-by: Bryan Pan <[email protected]>
Co-authored-by: Bryan Pan <[email protected]>
There was a problem hiding this comment.
Im still not convinced that we need the nested interface of
export interface AwsIamConfig {
authorizationType: 'AWS_IAM',
awsIamConfig: {
signingRegion: 'us-east-1',
signingServiceName: 'states,
}
}why can't we just expose the signing configuration?
export interface AwsIamConfig {
signingRegion: string,
signingServiceName: string,and have CDK add the authorization type upon construction?
| }); | ||
| ``` | ||
|
|
||
| ## Imports |
There was a problem hiding this comment.
i think this might have been moved on merge by accident
Co-authored-by: Bryan Pan <[email protected]>
mergify
bot
dismissed
BryanPan342’s stale review
Pull request has been modified.
| }); | ||
| ``` | ||
|
|
||
| ## Imports |
Co-authored-by: Bryan Pan <[email protected]>
Co-authored-by: Bryan Pan <[email protected]>
|
i believe the build is failing for this reason this needs to be changed to |
…/github.com/hugtechio/aws-cdk into feature/authorization_within_httpdatasource
|
@BryanPan342 I've just pushed the code that removing nested construction. Thank you for reviewing. |
|
@BryanPan342 I want to solve the CodeBuild error. Can you show me how to look for the Error in the CodeBuild log? |
@haruharuharuby this is the error + fix if you hit the then Ctrl-F for the |
There was a problem hiding this comment.
@haruharuharuby
I had an idea on how we could clean up the if/else statement.. thoughts?
| name: 'custom', | ||
| description: 'custom description', | ||
| authorizationConfig: { | ||
| authorizationType: 'AWS_IAM', |
There was a problem hiding this comment.
why is this line necessary? the authorizationType is fixed to AWS_IAM no?
There was a problem hiding this comment.
Yes, It true. AWS_IAM takes only a single value. I remove it.
| /** | ||
| * The authorization type required by the HTTP endpoint | ||
| */ | ||
| readonly authorizationType: 'AWS_IAM'; |
There was a problem hiding this comment.
is this field necessary if it's fixed?
could we just make the interface
export interface AwsIamConfig {
readonly signingRegion: string;
readonly signingServiceName: string;
}There was a problem hiding this comment.
So the authorizationType removes from the caller. Building it Constructor in DataSource.
thx! Co-authored-by: Bryan Pan <[email protected]>
… addHttpDataSource
|
@BryanPan342 I've just passed CI process. (fixed some linting and Unit test) |
There was a problem hiding this comment.
Woooo LGTM 🎉
Thanks for the contribution this looks great!
I'll let @MrArnoldPalmer give his blessing before its shipped 😊
|
@BryanPan342 Thank you for a lot of reviews. :) |
MrArnoldPalmer
removed
the
pr/do-not-merge
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@haruharuharuby I think you need to allow maintainers to edit your PR in order for Mergify to work |
|
@BryanPan342 Sorry I made this PR from my org account. So suppose from this doc, I can't edit permission. https://github.community/t/how-can-we-enable-allow-edits-from-maintainers-by-default/2847 is it necessary to remake PR on my regular account (haruharuharuby) |
mergify
bot
dismissed stale reviews from BryanPan342 and MrArnoldPalmer
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
@haruharuharuby im guessing that's the right move? if you upload it with the same edits i can approve of it right away |
|
@BryanPan342 Thank you for following up. I made another PR by @haruharuharuby the same as this PR. |
Yes, I think the only way to mearging is to make another PR. looking over in this PR(coming from Org account), I could not find any way that displaying the "allow changes by maintainers". |
|
Closing in favor of #10171 |
Description
Adding authorization config to HttpDatasource in aws-appsync module.
Users will be able to specify the awsIamConfig in httpConfig as parameter of HttpDataSource.
Pull Request Checklist
Testing
[x] Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
[-] CLI change?: coordinate update of integration tests with team
[-] cdk-init template change?: coordinated update of integration tests with team
Docs
[-] jsdocs: All public APIs documented
[-] README: README and/or documentation topic updated
[-] Design: For significant features, design document added to
designfolderTitle and Description
[x-] Change type: title prefixed with fix, feat and module name in parens, which will appear in changelog
[x] Title: use lower-case and doesn't end with a period
[-] Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
[x] Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
Sensitive Modules (requires 2 PR approvers)
[-] IAM Policy Document (in @aws-cdk/aws-iam)
[-] EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
[-] Grant APIs (only if not based on official documentation with a reference)
Fixes: #9934
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license