无服务器:具有自定义授权者的lambda函数

时间:2018-08-20 17:18:22

标签: aws-lambda authorization serverless

当我尝试使用授权者调用lambda函数时,出现“ AuthorizerConfigurationException”错误。主要功能创建为:

functions:
  sftpDir:
    handler: handler.sftp_dir
    events:
      - http:
          path: sftp/dir
          method: get
          cors:
            origins:
              - '*'
            headers:
              - Content-Type
              - X-Amz-Date
              - Authorization
              - X-Api-Key
              - X-Amz-Security-Token
            allowCredentials: true
          authorizer:
            arn: arn:aws:lambda:us-east-1:xxxxxxxxxxxx:function:authorize-jwt-dev-authorizerJwt
            resultTtlInSeconds: 0
            identitySource: method.request.header.Authorization
            identityValidationExpression: .*

当我在生成的授权者上的apigateway控制台中运行测试时,我得到:

Mon Aug 20 13:02:28 UTC 2018 : Sending request to https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:xxxxxxxxxxxx:function:authorize-jwt-dev-authorizerJwt/invocations Mon Aug 20 13:02:28 UTC 2018 : Authorizer result body before parsing: {"context":{"user_id":3,"permissions":["Manager","MFI Distribution Survey","Money Fund Intelligence","Money Fund Wisdom","MFI Daily Data","Consulting Services","MFI Custom Reports","Money Fund Intelligence XLS","Crane Corporate","Crane Web Access","Crane Index"],"iat":1534769754,"exp":1534773354},"policyDocument":{"Version":"2012-10-17","Statement":[{"Action":"execute-api:Invoke","Effect":"Allow","Resource":"arn:aws:execute-api:us-east-1:xxxxxxxxxxxx:yyyyyyyy/null/GET/"}]}}
Mon Aug 20 13:02:28 UTC 2018 : Execution failed due to configuration error: Invalid JSON in response: {"context":{"user_id":3,"permissions":["Manager","MFI Distribution Survey","Money Fund Intelligence","Money Fund Wisdom","MFI Daily Data","Consulting Services","MFI Custom Reports","Money Fund Intelligence XLS","Crane Corporate","Crane Web Access","Crane Index"],"iat":1534769754,"exp":1534773354},"policyDocument":{"Version":"2012-10-17","Statement":[{"Action":"execute-api:Invoke","Effect":"Allow","Resource":"arn:aws:execute-api:us-east-1:xxxxxxxxxxxx:yyyyyyyyyy/null/GET/"}]}}
Mon Aug 20 13:02:28 UTC 2018 : AuthorizerConfigurationException

但是,实际上响应中的JSON是有效的。用jq进行解析可以得出:

{
  "context": {
    "user_id": 3,
    "permissions": [
      "Manager",
      "MFI Distribution Survey",
      "Money Fund Intelligence",
      "Money Fund Wisdom",
      "MFI Daily Data",
      "Consulting Services",
      "MFI Custom Reports",
      "Money Fund Intelligence XLS",
      "Crane Corporate",
      "Crane Web Access",
      "Crane Index"
    ],
    "iat": 1534769754,
    "exp": 1534773354
  },
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": "arn:aws:execute-api:us-east-1:xxxxxxxxxxxx:yyyyyyyyyy/null/GET/"
      }
    ]
  }
}

policyDocument中的“ null”看起来可疑,但它肯定是好的json。该资源来自eventMethodARN-因此大概只是直接调用它的产物。 (我也尝试返回一个字符串化的结果,无济于事。)

有什么建议吗?

更新我从示例中注意到,我应该将响应包装在字典中,并将其主体化为{"statusCode": 200, "body": <response above, stringified>}

错误是相同的。

0 个答案:

没有答案
相关问题
最新问题