feat: add default authorizer configuration

pevisscher · pevisscher · commit 09239c1c923f · 2024-06-25T20:24:20.000+02:00
diff --git a/modules/config-lambda/events.tf b/modules/config-lambda/events.tf
@@ -25,10 +25,10 @@ locals {
   ])
   api_definition = {
     for http_path in flatten([for event in local.http_events : event.http.path]) : http_path => {
-      for event in local.http_events : upper(event.http.method) => {
+      for event in local.http_events : upper(event.http.method) => merge({
         function_name = event.function_name
-        authorizer    = try(event.http.authorizer, null)
-      } if event.http.path == http_path
+      }, try(event.http.authorizer, null) != null ? { authorizer = event.http.authorizer } : {})
+      if event.http.path == http_path
     }
   }
   scheduled_events = merge({
diff --git a/terraform/bootstrap/variables.tf b/terraform/bootstrap/variables.tf
@@ -1,6 +1,7 @@
 variable "starchart" {
   type = object({
     aws_account_id = string
+    aws_region     = string
     config         = any
   })
 }
diff --git a/terraform/persistent/main.tf b/terraform/persistent/main.tf
@@ -3,6 +3,7 @@ variable "starchart" {
 
     default_tags   = map(string)
     aws_account_id = string
+    aws_region     = string
     bootstrap = object({
       eventing_kms_key_arn      = string
       appconfig_application_id  = string
diff --git a/terraform/runtime/api-http.tf b/terraform/runtime/api-http.tf
@@ -18,6 +18,7 @@ variable "http_api" {
       enable_simple_responses = optional(bool)
     })), {})
 
+    default_authorizer = optional(string)
   })
   description = "The custom configuration for the API Gateway. Most of it will be inferred from Lambda events."
   default     = null
@@ -27,8 +28,17 @@ locals {
   http_api_name = try(coalesce(var.http_api.name, local.config.project_name), null)
 
   _http_api_definition_parsed = try(jsondecode(var.http_api.definition), {})
+
+  _http_api_lambda_api_definition = {
+    for http_path, path_items in module.config_lambda.api_definition : http_path => {
+      for http_method, path_item in path_items : http_method => merge(path_item, {
+        authorizer = try(path_item.authorizer, var.http_api.default_authorizer, null)
+      })
+    }
+  }
+
   http_api_definition = merge(local._http_api_definition_parsed, {
-    for http_path, path_items in module.config_lambda.api_definition : http_path => merge(try(local._http_api_definition_parsed[http_path], {}), {
+    for http_path, path_items in local._http_api_lambda_api_definition : http_path => merge(try(local._http_api_definition_parsed[http_path], {}), {
       for http_method, path_item in path_items : http_method => {
 
         lambda = {
@@ -38,14 +48,15 @@ locals {
         authorizer = try(path_item.authorizer, null) == null ? null : {
           name = try(var.http_api.authorizers[path_item.authorizer].name, path_item.authorizer)
           lambda = {
-            function_name = module.config_lambda.functions[var.http_api.authorizers[path_item.authorizer].function_id].function_name
+            function_name = module.config_lambda.lambda_definitions[var.http_api.authorizers[path_item.authorizer].function_id].function_name
           }
           header             = try(var.http_api.authorizers[path_item.authorizer].header, null)
           authorizerType     = try(var.http_api.authorizers[path_item.authorizer].type, null)
           identitySource     = try(join(",", var.http_api.authorizers[path_item.authorizer].identity_source), null)
           resultTtlInSeconds = try(var.http_api.authorizers[path_item.authorizer].ttl_in_seconds, null)
         }
 
+
       }
     })
   })
@@ -57,8 +68,8 @@ module "http_api" {
 
   name = local.http_api_name
 
-  region     = data.aws_region.current.name
-  account_id = data.aws_caller_identity.current.account_id
+  region     = var.starchart.aws_region
+  account_id = var.starchart.aws_account_id
   definition = local.http_api_definition
 
   disable_execute_api_endpoint = var.http_api.disable_execute_api_endpoint
diff --git a/terraform/runtime/api-rest.tf b/terraform/runtime/api-rest.tf
@@ -27,8 +27,16 @@ locals {
   rest_api_name = try(coalesce(var.rest_api.name, local.config.project_name), null)
 
   _rest_api_definition_parsed = try(jsondecode(var.rest_api.definition), {})
+
+  _rest_api_lambda_api_definition = {
+    for http_path, path_items in module.config_lambda.api_definition : http_path => {
+      for http_method, path_item in path_items : http_method => merge(path_item, {
+        authorizer = try(path_item.authorizer, var.rest_api.default_authorizer, null)
+      })
+    }
+  }
   rest_api_definition = merge(local._rest_api_definition_parsed, {
-    for http_path, path_items in module.config_lambda.api_definition : http_path => merge(try(local._rest_api_definition_parsed[http_path], {}), {
+    for http_path, path_items in local._rest_api_lambda_api_definition : http_path => merge(try(local._rest_api_definition_parsed[http_path], {}), {
       for http_method, path_item in path_items : http_method => {
 
         lambda = {
@@ -38,7 +46,7 @@ locals {
         authorizer = try(path_item.authorizer, null) == null ? null : {
           name = try(var.rest_api.authorizers[path_item.authorizer].name, path_item.authorizer)
           lambda = {
-            function_name = module.config_lambda.functions[var.rest_api.authorizers[path_item.authorizer].function_id].function_name
+            function_name = module.config_lambda.lambda_definitions[var.rest_api.authorizers[path_item.authorizer].function_id].function_name
           }
           header             = try(var.rest_api.authorizers[path_item.authorizer].header, null)
           authorizerType     = try(var.rest_api.authorizers[path_item.authorizer].type, null)
@@ -51,19 +59,14 @@ locals {
   })
 }
 
-
-
-data "aws_caller_identity" "current" {}
-data "aws_region" "current" {}
-
 module "rest_api" {
   count  = length(keys(local.rest_api_definition)) > 0 && var.rest_api != null ? 1 : 0
   source = "git@github.com:skyleague/aws-rest-api.git?ref=v3.1.0"
 
   name = local.rest_api_name
 
-  region     = data.aws_region.current.name
-  account_id = data.aws_caller_identity.current.account_id
+  region     = var.starchart.aws_region
+  account_id = var.starchart.aws_account_id
   definition = local.rest_api_definition
 
   disable_execute_api_endpoint = var.rest_api.disable_execute_api_endpoint
diff --git a/terraform/runtime/main.tf b/terraform/runtime/main.tf
@@ -3,6 +3,7 @@ variable "starchart" {
 
     default_tags   = map(string)
     aws_account_id = string
+    aws_region     = string
     bootstrap = object({
       eventing_kms_key_arn      = string
       artifacts_bucket_id       = string

Original file line number	Diff line number	Diff line change
`@@ -25,10 +25,10 @@ locals {`
`25`	`25`	`])`
`26`	`26`	`api_definition = {`
`27`	`27`	`for http_path in flatten([for event in local.http_events : event.http.path]) : http_path => {`
`28`		`- for event in local.http_events : upper(event.http.method) => {`
	`28`	`+ for event in local.http_events : upper(event.http.method) => merge({`
`29`	`29`	`function_name = event.function_name`
`30`		`- authorizer = try(event.http.authorizer, null)`
`31`		`- } if event.http.path == http_path`
	`30`	`+ }, try(event.http.authorizer, null) != null ? { authorizer = event.http.authorizer } : {})`
	`31`	`+ if event.http.path == http_path`
`32`	`32`	`}`
`33`	`33`	`}`
`34`	`34`	`scheduled_events = merge({`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`variable "starchart" {`
`2`	`2`	`type = object({`
`3`	`3`	`aws_account_id = string`
	`4`	`+ aws_region = string`
`4`	`5`	`config = any`
`5`	`6`	`})`
`6`	`7`	`}`