Suppporting authorization_scopes #61
Description
Is your request related to a new offering from AWS?
No
Describe the solution you'd like.
#17 added support for authorization_type and authorizer_id but left a commented out block for authorization_scopes. I started digging into seeing what it might take to enable that an ran into a problem since var.integrations is defined as a map(any) and Terraform is erroring with a type constraint because authorization_scopes wants a set of strings.
Looking over the documentation around map(any) it's not obvious to me how to pass in a set via the integrations map without violating the type constraint but perhaps I'm misunderstanding the problem. I started to work on a fork with a var integrations type = map(object({})) but I wanted to reach out here to see what the projects thoughts were on supporting authorization_scopes first.
Thank you!
Additional context
Error: Invalid value for module argument
│
│ on apigw.tf line 27, in module "api_gateway":
│ 27: integrations = {
│ 28: "POST /status" = {
│ 29: lambda_arn = data.aws_lambda_function.start_status.arn
│ 30: payload_format_version = "2.0"
│ 31: authorization_type = "JWT"
│ 32: authorizer_id = aws_apigatewayv2_authorizer.azuread.id
│ 33: authorization_scopes = toset(["access_as_user"])
│ 34: }
│ 35: "POST /execute" = {
│ 36: integration_type = "AWS_PROXY"
│ 37: integration_subtype = "StepFunctions-StartExecution"
│ 38: credentials_arn = data.aws_iam_role.sfn_start_role.arn
│ 39: # Note: jsonencode is used to pass argument as a string
│ 40: request_parameters = jsonencode({
│ 41: StateMachineArn = data.aws_sfn_state_machine.start.arn
│ 42: Input = "\"{\"environment\": \"${var.stage}\"}\""
│ 43: })
│ 44: payload_format_version = "1.0"
│ 45: timeout_milliseconds = 12000
│ 46: }
│ 47: }
│
│ The given value is not suitable for child module variable "integrations" defined at .terraform/modules/api_gateway/variables.tf:191,1-24: attribute types must all match for conversion to map.