diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..86114d92 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Go Dep +vendor diff --git a/Gopkg.lock b/Gopkg.lock index a4928310..f0d4dba5 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,32 +2,43 @@ [[projects]] + digest = "1:56c130d885a4aacae1dd9c7b71cfe39912c7ebc1ff7d2b46083c8812996dc43b" name = "github.com/davecgh/go-spew" packages = ["spew"] + pruneopts = "" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" [[projects]] + digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411" name = "github.com/pmezard/go-difflib" packages = ["difflib"] + pruneopts = "" revision = "792786c7400a136282c1664665ae0a8db921c6c2" version = "v1.0.0" [[projects]] + digest = "1:a30066593578732a356dc7e5d7f78d69184ca65aeeff5939241a3ab10559bb06" name = "github.com/stretchr/testify" packages = ["assert"] + pruneopts = "" revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71" version = "v1.2.1" [[projects]] + digest = "1:e85837cb04b78f61688c6eba93ea9d14f60d611e2aaf8319999b1a60d2dafbfa" name = "gopkg.in/urfave/cli.v1" packages = ["."] + pruneopts = "" revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1" version = "v1.20.0" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "21bf02839d69eb4ab638d20ad48614cf2e71753b2005ef5fa2b05cb9704ab5d2" + input-imports = [ + "github.com/stretchr/testify/assert", + "gopkg.in/urfave/cli.v1", + ] solver-name = "gps-cdcl" solver-version = 1 diff --git a/events/appsync.go b/events/appsync.go index d6ba49ec..3ada83f3 100644 --- a/events/appsync.go +++ b/events/appsync.go @@ -9,6 +9,26 @@ type AppSyncResolverTemplate struct { Payload json.RawMessage `json:"payload"` } +// AppSyncIAMIdentity contains information about the caller authed via IAM. +type AppSyncIAMIdentity struct { + AccountID string `json:"accountId"` + CognitoIdentityPoolID string `json:"cognitoIdentityPoolId"` + CognitoIdentityID string `json:"cognitoIdentityId"` + SourceIP []string `json:"sourceIp"` + Username string `json:"username"` + UserARN string `json:"userArn"` +} + +// AppSyncCognitoIdentity contains information about the caller authed via Cognito. +type AppSyncCognitoIdentity struct { + Sub string `json:"sub"` + Issuer string `json:"issuer"` + Username string `json:"username"` + Claims map[string]interface{} `json:"claims"` + SourceIP []string `json:"sourceIp"` + DefaultAuthStrategy string `json:"defaultAuthStrategy"` +} + // AppSyncOperation specifies the operation type supported by Lambda operations type AppSyncOperation string diff --git a/events/appsync_test.go b/events/appsync_test.go index 583b5fda..caba4275 100644 --- a/events/appsync_test.go +++ b/events/appsync_test.go @@ -47,3 +47,41 @@ func TestAppSyncResolverTemplate_batchinvoke(t *testing.T) { assert.JSONEq(t, string(inputJSON), string(outputJSON)) } + +func TestAppSyncIdentity_IAM(t *testing.T) { + inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-iam.json") + if err != nil { + t.Errorf("could not open test file. details: %v", err) + } + + var inputIdentity AppSyncIAMIdentity + if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil { + t.Errorf("could not unmarshal identity. details: %v", err) + } + + outputJSON, err := json.Marshal(inputIdentity) + if err != nil { + t.Errorf("could not marshal identity. details: %v", err) + } + + assert.JSONEq(t, string(inputJSON), string(outputJSON)) +} + +func TestAppSyncIdentity_Cognito(t *testing.T) { + inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-cognito.json") + if err != nil { + t.Errorf("could not open test file. details: %v", err) + } + + var inputIdentity AppSyncCognitoIdentity + if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil { + t.Errorf("could not unmarshal identity. details: %v", err) + } + + outputJSON, err := json.Marshal(inputIdentity) + if err != nil { + t.Errorf("could not marshal identity. details: %v", err) + } + + assert.JSONEq(t, string(inputJSON), string(outputJSON)) +} diff --git a/events/testdata/appsync-identity-cognito.json b/events/testdata/appsync-identity-cognito.json new file mode 100644 index 00000000..0b0ee5ff --- /dev/null +++ b/events/testdata/appsync-identity-cognito.json @@ -0,0 +1,18 @@ +{ + "sub": "123-456", + "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc", + "username": "user1", + "claims": { + "sub": "123-456", + "aud": "abcdefg", + "event_id": "123-123-123", + "token_use": "id", + "auth_time": 1551226125, + "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc", + "cognito:username": "user1", + "exp": 1551228178628, + "iat": 1551228178629 + }, + "sourceIp": ["192.168.196.186", "193.168.196.186"], + "defaultAuthStrategy": "ALLOW" +} diff --git a/events/testdata/appsync-identity-iam.json b/events/testdata/appsync-identity-iam.json new file mode 100644 index 00000000..a3802625 --- /dev/null +++ b/events/testdata/appsync-identity-iam.json @@ -0,0 +1,8 @@ +{ + "accountId": "accountid123", + "cognitoIdentityPoolId": "identitypoolid123", + "cognitoIdentityId": "identityid123", + "sourceIp": ["192.168.196.186", "193.168.196.186"], + "username": "user1", + "userArn": "arn:aws:iam::123456789012:user/appsync" +}