Skip to content

Commit

Permalink
feat(schema): Add AWS::Serverless::Function.Auth (awslabs#373)
Browse files Browse the repository at this point in the history
* function api auth

* resource policy

* add tests

Co-authored-by: stephen.raymond <[email protected]>
  • Loading branch information
scraymondjr and stephen.raymond authored Jun 20, 2021
1 parent 9b8c84c commit fc2877f
Show file tree
Hide file tree
Showing 7 changed files with 493 additions and 3 deletions.
5 changes: 5 additions & 0 deletions cloudformation/serverless/aws-serverless-function_apievent.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ import (
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
type Function_ApiEvent struct {

// Auth AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Auth *Function_Auth `json:"Auth,omitempty"`

// Method AWS CloudFormation Property
// Required: true
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Expand Down
50 changes: 50 additions & 0 deletions cloudformation/serverless/aws-serverless-function_auth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package serverless

import (
"github.com/awslabs/goformation/v4/cloudformation/policies"
)

// Function_Auth AWS CloudFormation Resource (AWS::Serverless::Function.Auth)
// See: https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
type Function_Auth struct {

// ApiKeyRequired AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
ApiKeyRequired bool `json:"ApiKeyRequired,omitempty"`

// AuthorizationScopes AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
AuthorizationScopes []string `json:"AuthorizationScopes,omitempty"`

// Authorizer AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
Authorizer string `json:"Authorizer,omitempty"`

// ResourcePolicy AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
ResourcePolicy *Function_AuthResourcePolicy `json:"ResourcePolicy,omitempty"`

// AWSCloudFormationDeletionPolicy represents a CloudFormation DeletionPolicy
AWSCloudFormationDeletionPolicy policies.DeletionPolicy `json:"-"`

// AWSCloudFormationUpdateReplacePolicy represents a CloudFormation UpdateReplacePolicy
AWSCloudFormationUpdateReplacePolicy policies.UpdateReplacePolicy `json:"-"`

// AWSCloudFormationDependsOn stores the logical ID of the resources to be created before this resource
AWSCloudFormationDependsOn []string `json:"-"`

// AWSCloudFormationMetadata stores structured data associated with this resource
AWSCloudFormationMetadata map[string]interface{} `json:"-"`

// AWSCloudFormationCondition stores the logical ID of the condition that must be satisfied for this resource to be created
AWSCloudFormationCondition string `json:"-"`
}

// AWSCloudFormationType returns the AWS CloudFormation resource type
func (r *Function_Auth) AWSCloudFormationType() string {
return "AWS::Serverless::Function.Auth"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
package serverless

import (
"github.com/awslabs/goformation/v4/cloudformation/policies"
)

// Function_AuthResourcePolicy AWS CloudFormation Resource (AWS::Serverless::Function.AuthResourcePolicy)
// See: https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
type Function_AuthResourcePolicy struct {

// AwsAccountBlacklist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
AwsAccountBlacklist []string `json:"AwsAccountBlacklist,omitempty"`

// AwsAccountWhitelist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
AwsAccountWhitelist []string `json:"AwsAccountWhitelist,omitempty"`

// CustomStatements AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
CustomStatements []interface{} `json:"CustomStatements,omitempty"`

// IntrinsicVpcBlacklist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IntrinsicVpcBlacklist []string `json:"IntrinsicVpcBlacklist,omitempty"`

// IntrinsicVpcWhitelist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IntrinsicVpcWhitelist []string `json:"IntrinsicVpcWhitelist,omitempty"`

// IntrinsicVpceBlacklist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IntrinsicVpceBlacklist []string `json:"IntrinsicVpceBlacklist,omitempty"`

// IntrinsicVpceWhitelist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IntrinsicVpceWhitelist []string `json:"IntrinsicVpceWhitelist,omitempty"`

// IpRangeBlacklist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IpRangeBlacklist []string `json:"IpRangeBlacklist,omitempty"`

// IpRangeWhitelist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
IpRangeWhitelist []string `json:"IpRangeWhitelist,omitempty"`

// SourceVpcBlacklist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
SourceVpcBlacklist []string `json:"SourceVpcBlacklist,omitempty"`

// SourceVpcWhitelist AWS CloudFormation Property
// Required: false
// See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object
SourceVpcWhitelist []string `json:"SourceVpcWhitelist,omitempty"`

// AWSCloudFormationDeletionPolicy represents a CloudFormation DeletionPolicy
AWSCloudFormationDeletionPolicy policies.DeletionPolicy `json:"-"`

// AWSCloudFormationUpdateReplacePolicy represents a CloudFormation UpdateReplacePolicy
AWSCloudFormationUpdateReplacePolicy policies.UpdateReplacePolicy `json:"-"`

// AWSCloudFormationDependsOn stores the logical ID of the resources to be created before this resource
AWSCloudFormationDependsOn []string `json:"-"`

// AWSCloudFormationMetadata stores structured data associated with this resource
AWSCloudFormationMetadata map[string]interface{} `json:"-"`

// AWSCloudFormationCondition stores the logical ID of the condition that must be satisfied for this resource to be created
AWSCloudFormationCondition string `json:"-"`
}

// AWSCloudFormationType returns the AWS CloudFormation resource type
func (r *Function_AuthResourcePolicy) AWSCloudFormationType() string {
return "AWS::Serverless::Function.AuthResourcePolicy"
}
118 changes: 118 additions & 0 deletions generate/sam-2016-10-31.json
Original file line number Diff line number Diff line change
Expand Up @@ -1029,6 +1029,124 @@
"Required": false,
"PrimitiveType": "String",
"UpdateType": "Immutable"
},
"Auth": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api",
"Required": false,
"Type": "Auth",
"UpdateType": "Immutable"
}
}
},
"AWS::Serverless::Function.Auth": {
"Documentation": "https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Properties": {
"Authorizer": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"PrimitiveType": "String",
"UpdateType": "Immutable"
},
"AuthorizationScopes": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"ApiKeyRequired": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"PrimitiveType": "Boolean",
"UpdateType": "Immutable"
},
"ResourcePolicy": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "AuthResourcePolicy",
"UpdateType": "Immutable"
}
}
},
"AWS::Serverless::Function.AuthResourcePolicy": {
"Documentation": "https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Properties": {
"CustomStatements": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "Map",
"UpdateType": "Immutable"
},
"AwsAccountBlacklist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"AwsAccountWhitelist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IntrinsicVpcBlacklist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IntrinsicVpcWhitelist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IntrinsicVpceBlacklist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IntrinsicVpceWhitelist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IpRangeBlacklist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"IpRangeWhitelist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"SourceVpcBlacklist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
},
"SourceVpcWhitelist": {
"Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object",
"Required": false,
"Type": "List",
"PrimitiveItemType": "String",
"UpdateType": "Immutable"
}
}
},
Expand Down
46 changes: 43 additions & 3 deletions goformation_test.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package goformation_test

import (
"fmt"

"encoding/json"
"fmt"

"github.com/sanathkr/yaml"

Expand Down Expand Up @@ -814,7 +813,7 @@ var _ = Describe("Goformation", func() {

})

Context("with a YAML template with paramter overrides", func() {
Context("with a YAML template with parameter overrides", func() {

template, err := goformation.OpenWithOptions("test/yaml/aws-serverless-function-env-vars.yaml", &intrinsics.ProcessorOptions{
ParameterOverrides: map[string]interface{}{"ExampleParameter": "SomeNewValue"},
Expand Down Expand Up @@ -863,6 +862,47 @@ var _ = Describe("Goformation", func() {
})
})

Context("with an API event source", func() {
event := serverless.Function_Properties{
ApiEvent: &serverless.Function_ApiEvent{
Auth: &serverless.Function_Auth{
ApiKeyRequired: true,
AuthorizationScopes: []string{"scope1", "scope2"},
Authorizer: "aws_iam",
ResourcePolicy: &serverless.Function_AuthResourcePolicy{
CustomStatements: []interface{}{
map[string]interface{}{
"Effect": "Allow",
"Action": "execute-api:*",
"Resource": "*",
},
},
AwsAccountBlacklist: []string{"AwsAccountBlacklistValue"},
AwsAccountWhitelist: []string{"AwsAccountWhitelistValue"},
IntrinsicVpcBlacklist: []string{"IntrinsicVpcBlacklistValue"},
IntrinsicVpcWhitelist: []string{"IntrinsicVpcWhitelistValue"},
IntrinsicVpceBlacklist: []string{"IntrinsicVpceBlacklistValue"},
IntrinsicVpceWhitelist: []string{"IntrinsicVpceWhitelistValue"},
IpRangeBlacklist: []string{"IpRangeBlacklistValue"},
IpRangeWhitelist: []string{"IpRangeWhitelistValue"},
SourceVpcBlacklist: []string{"SourceVpcBlacklistValue"},
SourceVpcWhitelist: []string{"SourceVpcWhitelistValue"},
},
},
Method: "MethodValue",
Path: "PathValue",
RestApiId: "RestApiIdValue",
},
}

It("should marshal properties correctly", func() {
expectedString := `{"Auth":{"ApiKeyRequired":true,"AuthorizationScopes":["scope1","scope2"],"Authorizer":"aws_iam","ResourcePolicy":{"AwsAccountBlacklist":["AwsAccountBlacklistValue"],"AwsAccountWhitelist":["AwsAccountWhitelistValue"],"CustomStatements":[{"Action":"execute-api:*","Effect":"Allow","Resource":"*"}],"IntrinsicVpcBlacklist":["IntrinsicVpcBlacklistValue"],"IntrinsicVpcWhitelist":["IntrinsicVpcWhitelistValue"],"IntrinsicVpceBlacklist":["IntrinsicVpceBlacklistValue"],"IntrinsicVpceWhitelist":["IntrinsicVpceWhitelistValue"],"IpRangeBlacklist":["IpRangeBlacklistValue"],"IpRangeWhitelist":["IpRangeWhitelistValue"],"SourceVpcBlacklist":["SourceVpcBlacklistValue"],"SourceVpcWhitelist":["SourceVpcWhitelistValue"]}},"Method":"MethodValue","Path":"PathValue","RestApiId":"RestApiIdValue"}`
bytes, err := event.MarshalJSON()
Expect(err).To(BeNil())
Expect(string(bytes)).To(Equal(expectedString))
})
})

Context("with a template that contains a reference to another resource within the template", func() {

template := &cloudformation.Template{
Expand Down
Loading

0 comments on commit fc2877f

Please sign in to comment.