Authorizer overrides at function level not working as expected when using swagger and global default authorizer config

[sgates]

I've been working with @keetonian via the slack channel on this issue, I'll defer to him for more details and findings.

In a nutshell:
Swagger is used to define API details. It's included in template with

Location: !Sub 's3://${DeployBucket}/${BranchName}/swagger-${Version}.yaml'

There is a global auth config at the API level with a default authorizer (a lambda authorizer). I wish to make specific get requests defined in the sam template have no authorizer, so I added:

Auth:
  Authorizer: NONE

This doesn't seem to stick (it's ignored when deployed) and the DefaultAuthorizer gets added to the resource anyway. Keeton has reproduced the issue, but hasn't nailed down a cause yet. I'm reporting here for tracking and for others should they hit a similar issue. Thanks!

[unscriptable]

We seem to be experiencing this issue. Is there a known work-around?

[sgates]

We seem to be experiencing this issue. Is there a known work-around?

Kinda- you can have a post-deploy script that uses the CLI to make changes to the gateway/lambda functions. This isn't ideal :/

[praneetap]

@sgates @unscriptable Thanks for reporting this bug! Are you facing this while using IAM auth? We have a fix going out soon that addresses it for IAM - #1015. To track our release you can check out our release board.

[sgates]

@praneetap no, this was for using a custom authorizer (lambda authorizer). I didn't try with IAM, but thanks for mentioning it!

[unscriptable]

We're using Cognito.

[ShreyaGangishetty]

@sgates @unscriptable this issue should be fixed in the next release. You can track the release in our release board.

[unscriptable]

You rock, @ShreyaGangishetty! I don't see 1.16.0 on the release board, yet. Any idea when it's scheduled?

[sgates]

@ShreyaGangishetty, that’s awesome news, thanks!