feat: allow usage of both lambda url & api gateway

fivexl · Jul 5, 2024 · aeb29aa · aeb29aa
1 parent b6e0041
commit aeb29aa
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 3 deletions.
diff --git a/locals.tf b/locals.tf
@@ -18,7 +18,7 @@ locals {
   # HTTP API configuration
   api_resource_path = "/access-requester"
   api_stage_name    = "default"
-  full_api_url      = "${module.http_api.stage_invoke_url}${local.api_resource_path}"
+  full_api_url      = var.use_deprecated_lambda_url ? "" : "${module.http_api.stage_invoke_url}${local.api_resource_path}"
 }
 
 resource "random_string" "random" {

diff --git a/outputs.tf b/outputs.tf
@@ -5,5 +5,10 @@ output "sso_elevator_bucket_id" {
 
 output "requester_api_endpoint_url" {
   description = "The full URL to invoke the API. Pass this URL into the Slack App manifest as the Request URL."
-  value       = local.full_api_url
+  value       = try(local.full_api_url, "")
+}
+
+output "lambda_function_url" {
+  description = "value for the access_requester lambda function URL"
+  value       = try(module.access_requester_slack_handler.lambda_function_url, "")
 }
diff --git a/slack_handler_lambda.tf b/slack_handler_lambda.tf
@@ -65,13 +65,22 @@ module "access_requester_slack_handler" {
     MAX_PERMISSIONS_DURATION_TIME               = var.max_permissions_duration_time
   }
 
-  allowed_triggers = {
+  allowed_triggers = var.use_deprecated_lambda_url ? {} : {
     AllowExecutionFromAPIGateway = {
       service    = "apigateway"
       source_arn = "${module.http_api.api_execution_arn}/*/*${local.api_resource_path}"
     }
   }
 
+  create_lambda_function_url = var.use_deprecated_lambda_url ? true : false
+
+  cors = var.use_deprecated_lambda_url ? {
+    allow_credentials = true
+    allow_origins     = ["https://slack.com"]
+    allow_methods     = ["POST"]
+    max_age           = 86400
+  } : null
+
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.slack_handler.json
 
@@ -182,6 +191,7 @@ data "aws_iam_policy_document" "slack_handler" {
 }
 
 module "http_api" {
+  count         = var.use_deprecated_lambda_url ? 0 : 1
   source        = "terraform-aws-modules/apigateway-v2/aws"
   version       = "5.0.0"
   name          = "sso-elevator-access-requster"

diff --git a/vars.tf b/vars.tf
@@ -1,3 +1,15 @@
+variable "use_deprecated_lambda_url" {
+  description = <<-EOT
+  If true, the Lambda function will continue to use the Lambda URL, which will be deprecated in the future.
+  If false, the Lambda function will switch to using API Gateway for triggering.
+
+  Although the Lambda URL will remain as the default for backward compatibility, it is recommended to switch to using API Gateway.
+  In future versions, this variable will default to false, and the ability to use the Lambda URL will eventually be removed.
+  EOT
+  type        = bool
+  default     = true
+}
+
 variable "use_pre_created_image" {
   description = "If true, the image will be pulled from the ECR repository. If false, the image will be built using Docker from the source code."
   type        = bool