Skip to content

Run e2e/sundersc/graphql appsync lambda authorizer #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
benbenbenbenbenben wants to merge 15 commits into
base: dev
Choose a base branch
from
Open

Run e2e/sundersc/graphql appsync lambda authorizer #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
5adb0db
lambda authorizer cli and transformer change
sundersc Sep 28, 2021
85dd469
remove unwanted files
sundersc Oct 22, 2021
6bb68f3
fix code review comments
sundersc Oct 22, 2021
a72bc68
added more unit test cases for invalid auth strategies combination
sundersc Oct 22, 2021
b517645
correct template description
sundersc Oct 22, 2021
9f98fdf
code review fixes and e2e tests moved to a separate file
sundersc Oct 25, 2021
90944ea
e2e tests moved to a separate file
sundersc Oct 25, 2021
3460e37
minor conditional fixes on api walkthrough
sundersc Oct 25, 2021
4560de1
code review fix
sundersc Oct 25, 2021
6bd3eeb
fix code review comments
sundersc Oct 25, 2021
6473c8b
blank schema check logic change
sundersc Oct 25, 2021
3af2f43
fix more code review comments
sundersc Oct 26, 2021
f4b47bc
fix more code review comments
sundersc Oct 26, 2021
f60f6bd
removed unused import
sundersc Oct 26, 2021
42f7bcf
change test name for lambda auth
sundersc Oct 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions packages/amplify-appsync-simulator/src/schema/directives/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const AUTH_DIRECTIVES = {
aws_api_key: 'directive @aws_api_key on FIELD_DEFINITION | OBJECT',
aws_iam: 'directive @aws_iam on FIELD_DEFINITION | OBJECT',
aws_oidc: 'directive @aws_oidc on FIELD_DEFINITION | OBJECT',
aws_lambda: 'directive @aws_lambda on FIELD_DEFINITION | OBJECT',
aws_cognito_user_pools: 'directive @aws_cognito_user_pools(cognito_groups: [String!]) on FIELD_DEFINITION | OBJECT',
aws_auth: 'directive @aws_auth(cognito_groups: [String!]!) on FIELD_DEFINITION',
};
Expand All @@ -21,6 +22,7 @@ const AUTH_TYPE_TO_DIRECTIVE_MAP: {
aws_auth: AmplifyAppSyncSimulatorAuthenticationType.AMAZON_COGNITO_USER_POOLS,
aws_cognito_user_pools: AmplifyAppSyncSimulatorAuthenticationType.AMAZON_COGNITO_USER_POOLS,
aws_oidc: AmplifyAppSyncSimulatorAuthenticationType.OPENID_CONNECT,
aws_lambda: AmplifyAppSyncSimulatorAuthenticationType.AWS_LAMBDA,
};

export class AwsAuth extends AppSyncSimulatorDirectiveBase {
Expand Down
12 changes: 11 additions & 1 deletion packages/amplify-appsync-simulator/src/type-definition.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ export enum AmplifyAppSyncSimulatorAuthenticationType {
AWS_IAM = 'AWS_IAM',
AMAZON_COGNITO_USER_POOLS = 'AMAZON_COGNITO_USER_POOLS',
OPENID_CONNECT = 'OPENID_CONNECT',
AWS_LAMBDA = 'AWS_LAMBDA'
}

export type AmplifyAppSyncAuthenticationProviderAPIConfig = {
Expand All @@ -103,11 +104,20 @@ export type AmplifyAppSyncAuthenticationProviderOIDCConfig = {
};
};

export type AmplifyAppSyncAuthenticationProviderLambdaConfig = {
authenticationType: AmplifyAppSyncSimulatorAuthenticationType.AWS_LAMBDA;
lambdaAuthorizerConfig: {
AuthorizerUri: string;
AuthorizerResultTtlInSeconds?: number;
};
};

export type AmplifyAppSyncAuthenticationProviderConfig =
| AmplifyAppSyncAuthenticationProviderAPIConfig
| AmplifyAppSyncAuthenticationProviderIAMConfig
| AmplifyAppSyncAuthenticationProviderCognitoConfig
| AmplifyAppSyncAuthenticationProviderOIDCConfig;
| AmplifyAppSyncAuthenticationProviderOIDCConfig
| AmplifyAppSyncAuthenticationProviderLambdaConfig;

export type AmplifyAppSyncAPIConfig = {
name: string;
Expand Down
25 changes: 25 additions & 0 deletions .../resources/awscloudformation/graphql-lambda-authorizer/graphql-lambda-authorizer-index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// This is sample code. Please update this to suite your schema

exports.handler = async (event) => {
console.log(`event >`, JSON.stringify(event, null, 2));
const {
authorizationToken,
requestContext: { apiId, accountId },
} = event;
const response = {
isAuthorized: authorizationToken === 'custom-authorized',
resolverContext: {
userid: 'user-id',
info: 'contextual information A',
more_info: 'contextual information B',
},
deniedFields: [
`arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
`Mutation.createEvent`,
],
ttlOverride: 300,
};
console.log(`response >`, JSON.stringify(response, null, 2));
return response;
};

6 changes: 6 additions & 0 deletions ...es/awscloudformation/graphql-lambda-authorizer/graphql-lambda-authorizer-package.json.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"name": "<%= props.functionName %>",
"version": "1.0.0",
"description": "Lambda function generated by Amplify for AppSync Lambda authorizer",
"main": "index.js"
}
208 changes: 208 additions & 0 deletions ...s/awscloudformation/graphql-lambda-authorizer/graphql-lambda-authorizer-template.json.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,208 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda resource stack creation using Amplify CLI",
"Parameters": {
"env": {
"Type": "String"
}<%if (props.dependsOn && props.dependsOn.length > 0) { %>,<% } %>
<% if (props.dependsOn) { %>
<% for(var i=0; i < props.dependsOn.length; i++) { %>
<% for(var j=0; j < props.dependsOn[i].attributes.length; j++) { %>
"<%= props.dependsOn[i].category %><%= props.dependsOn[i].resourceName %><%= props.dependsOn[i].attributes[j] %>": {
"Type": "String",
"Default": "<%= props.dependsOn[i].category %><%= props.dependsOn[i].resourceName %><%= props.dependsOn[i].attributes[j] %>"
}<%if (i !== props.dependsOn.length - 1 || j !== props.dependsOn[i].attributes.length - 1) { %>,<% } %>
<% } %>
<% } %>
<% } %>
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
}
},
"Resources": {
"LambdaFunction": {
"Type": "AWS::Lambda::Function",
"Metadata": {
"aws:asset:path": "./src",
"aws:asset:property": "Code"
},
"Properties": {
"Handler": "index.handler",
"FunctionName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"<%= props.functionName %>",
{

"Fn::Join": [
"",
[
"<%= props.functionName %>",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"Environment": {
"Variables" : {
"ENV": {
"Ref": "env"
},
"REGION": {
"Ref": "AWS::Region"
}
<% if (props.resourceProperties && props.resourceProperties.length > 0) { %>,<%- props.resourceProperties%> <% } %>
}
},
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"Runtime": "nodejs14.x",
"Timeout": 25
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"<%=props.roleName %>",
{

"Fn::Join": [
"",
[
"<%=props.roleName %>",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
}
,"lambdaexecutionpolicy": {
"DependsOn": ["LambdaExecutionRole"],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambda-execution-policy",
"Roles": [{ "Ref": "LambdaExecutionRole" }],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action":["logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"],
"Resource": { "Fn::Sub" : [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": {"Ref": "AWS::Region"}, "account": {"Ref": "AWS::AccountId"}, "lambda": {"Ref": "LambdaFunction"}} ]}
}<% if (props.database && props.database.resourceName) { %>,
{
"Effect": "Allow",
"Action": ["dynamodb:GetItem","dynamodb:Query","dynamodb:Scan","dynamodb:PutItem","dynamodb:UpdateItem","dynamodb:DeleteItem"],
"Resource": [
<% if (props.database && props.database.Arn) { %>
"<%= props.database.Arn %>",
{
"Fn::Join": [
"/",
[
"<%= props.database.Arn %>",
"index/*"
]
]
}
<% } else { %>
{ "Ref": "storage<%= props.database.resourceName %>Arn" },
{
"Fn::Join": [
"/",
[
{ "Ref": "storage<%= props.database.resourceName %>Arn" },
"index/*"
]
]
}
<% } %>
]
}
<% } %>
]
}
}
}
,"PermissionForAppSyncToInvokeLambda": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": {
"Ref": "LambdaFunction"
},
"Action": "lambda:InvokeFunction",
"Principal": "appsync.amazonaws.com"
}
}
<% if (props.categoryPolicies && props.categoryPolicies.length > 0 ) { %>
,"AmplifyResourcesPolicy": {
"DependsOn": ["LambdaExecutionRole"],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "amplify-lambda-execution-policy",
"Roles": [{ "Ref": "LambdaExecutionRole" }],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": <%- JSON.stringify(props.categoryPolicies) %>
}
}
}
<% } %>
},
"Outputs": {
"Name": {
"Value": {
"Ref": "LambdaFunction"
}
},
"Arn": {
"Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]}
},
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"LambdaExecutionRole": {
"Value": {
"Ref": "LambdaExecutionRole"
}
}
}
}
Loading