Add APIGatewayv2 Lambda Authorizer support in events (#399)

* add authorizer structs to apigw.go

* Fix lint failures on "Id"

* Change Context to a map[string]interface{} in IAMPolicyResponse

* Edit apigw.go to resolve linting errors

* Add nolint tags to "Arn" lint failures

* add test data

* add missing files

Co-authored-by: Bryan Moffatt <[email protected]>
Co-authored-by: Bryan Moffatt <[email protected]>

Author: tjames-stig

events/apigw.go

@@ -232,6 +232,50 @@ type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct {
 	NotBefore string `json:"notBefore"`
 }
 
+type APIGatewayV2CustomAuthorizerV1RequestTypeRequestContext struct {
+	Path         string                                               `json:"path"`
+	AccountID    string                                               `json:"accountId"`
+	ResourceID   string                                               `json:"resourceId"`
+	Stage        string                                               `json:"stage"`
+	RequestID    string                                               `json:"requestId"`
+	Identity     APIGatewayCustomAuthorizerRequestTypeRequestIdentity `json:"identity"`
+	ResourcePath string                                               `json:"resourcePath"`
+	HTTPMethod   string                                               `json:"httpMethod"`
+	APIID        string                                               `json:"apiId"`
+}
+
+type APIGatewayV2CustomAuthorizerV1Request struct {
+	Version               string                                                  `json:"version"`
+	Type                  string                                                  `json:"type"`
+	MethodArn             string                                                  `json:"methodArn"` //nolint: stylecheck
+	IdentitySource        string                                                  `json:"identitySource"`
+	AuthorizationToken    string                                                  `json:"authorizationToken"`
+	Resource              string                                                  `json:"resource"`
+	Path                  string                                                  `json:"path"`
+	HTTPMethod            string                                                  `json:"httpMethod"`
+	Headers               map[string]string                                       `json:"headers"`
+	QueryStringParameters map[string]string                                       `json:"queryStringParameters"`
+	PathParameters        map[string]string                                       `json:"pathParameters"`
+	StageVariables        map[string]string                                       `json:"stageVariables"`
+	RequestContext        APIGatewayV2CustomAuthorizerV1RequestTypeRequestContext `json:"requestContext"`
+}
+
+type APIGatewayV2CustomAuthorizerV2Request struct {
+	Version               string                         `json:"version"`
+	Type                  string                         `json:"type"`
+	RouteArn              string                         `json:"routeArn"` //nolint: stylecheck
+	IdentitySource        []string                       `json:"identitySource"`
+	RouteKey              string                         `json:"routeKey"`
+	RawPath               string                         `json:"rawPath"`
+	RawQueryString        string                         `json:"rawQueryString"`
+	Cookies               []string                       `json:"cookies"`
+	Headers               map[string]string              `json:"headers"`
+	QueryStringParameters map[string]string              `json:"queryStringParameters"`
+	RequestContext        APIGatewayV2HTTPRequestContext `json:"requestContext"`
+	PathParameters        map[string]string              `json:"pathParameters"`
+	StageVariables        map[string]string              `json:"stageVariables"`
+}
+
 // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response.
 // Deprecated. Code should be updated to use the Authorizer map from APIGatewayRequestIdentity. Ex: Authorizer["principalId"]
 type APIGatewayCustomAuthorizerContext struct {
@@ -291,6 +335,12 @@ type APIGatewayV2CustomAuthorizerSimpleResponse struct {
 	Context      map[string]interface{} `json:"context,omitempty"`
 }
 
+type APIGatewayV2CustomAuthorizerIAMPolicyResponse struct {
+	PrincipalID    string                           `json:"principalId"`
+	PolicyDocument APIGatewayCustomAuthorizerPolicy `json:"policyDocument"`
+	Context        map[string]interface{}           `json:"context,omitempty"`
+}
+
 // APIGatewayCustomAuthorizerPolicy represents an IAM policy
 type APIGatewayCustomAuthorizerPolicy struct {
 	Version   string

events/apigw_test.go

@@ -434,3 +434,45 @@ func TestApiGatewayV2HTTPRequestNoAuthorizerMarshaling(t *testing.T) {
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
+
+func TestApiGatewayV2CustomAuthorizerV1RequestMarshaling(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/apigw-v2-custom-authorizer-v1-request.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	// de-serialize into Go object
+	var inputEvent APIGatewayV2CustomAuthorizerV1Request
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	// serialize to json
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
+
+func TestApiGatewayV2CustomAuthorizerV2RequestMarshaling(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/apigw-v2-custom-authorizer-v2-request.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	// de-serialize into Go object
+	var inputEvent APIGatewayV2CustomAuthorizerV2Request
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	// serialize to json
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}

events/testdata/apigw-v2-custom-authorizer-v1-request.json

@@ -0,0 +1,51 @@
+{
+  "version": "1.0",
+  "type": "REQUEST",
+  "methodArn": "arn:aws:execute-api:us-east-1:123456789012:abcdef123/test/GET/request",
+  "identitySource": "user1,123",
+  "authorizationToken": "user1,123",
+  "resource": "/request",
+  "path": "/request",
+  "httpMethod": "GET",
+  "headers": {
+    "X-AMZ-Date": "20170718T062915Z",
+    "Accept": "*/*",
+    "HeaderAuth1": "headerValue1",
+    "CloudFront-Viewer-Country": "US",
+    "CloudFront-Forwarded-Proto": "https",
+    "CloudFront-Is-Tablet-Viewer": "false",
+    "CloudFront-Is-Mobile-Viewer": "false",
+    "User-Agent": "..."
+  },
+  "queryStringParameters": {
+    "QueryString1": "queryValue1"
+  },
+  "pathParameters": {},
+  "stageVariables": {
+    "StageVar1": "stageValue1"
+  },
+  "requestContext": {
+    "path": "/request",
+    "accountId": "123456789012",
+    "resourceId": "05c7jb",
+    "stage": "test",
+    "requestId": "...",
+    "identity": {
+      "apiKey": "...",
+      "sourceIp": "...",
+      "clientCert": {
+        "clientCertPem": "CERT_CONTENT",
+        "subjectDN": "www.example.com",
+        "issuerDN": "Example issuer",
+        "serialNumber": "a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1",
+        "validity": {
+          "notBefore": "May 28 12:30:02 2019 GMT",
+          "notAfter": "Aug  5 09:36:04 2021 GMT"
+        }
+      }
+    },
+    "resourcePath": "/request",
+    "httpMethod": "GET",
+    "apiId": "abcdef123"
+  }
+}

events/testdata/apigw-v2-custom-authorizer-v2-request.json

@@ -0,0 +1,51 @@
+{
+  "version": "2.0",
+  "type": "REQUEST",
+  "routeArn": "arn:aws:execute-api:us-east-1:123456789012:abcdef123/test/GET/request",
+  "identitySource": ["user1", "123"],
+  "routeKey": "$default",
+  "rawPath": "/my/path",
+  "rawQueryString": "parameter1=value1&parameter1=value2&parameter2=value",
+  "cookies": ["cookie1", "cookie2"],
+  "headers": {
+    "Header1": "value1",
+    "Header2": "value2"
+  },
+  "queryStringParameters": {
+    "parameter1": "value1,value2",
+    "parameter2": "value"
+  },
+  "requestContext": {
+    "accountId": "123456789012",
+    "apiId": "api-id",
+    "authentication": {
+      "clientCert": {
+        "clientCertPem": "CERT_CONTENT",
+        "subjectDN": "www.example.com",
+        "issuerDN": "Example issuer",
+        "serialNumber": "a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1",
+        "validity": {
+          "notBefore": "May 28 12:30:02 2019 GMT",
+          "notAfter": "Aug  5 09:36:04 2021 GMT"
+        }
+      }
+    },
+    "domainName": "id.execute-api.us-east-1.amazonaws.com",
+    "domainPrefix": "id",
+    "http": {
+      "method": "POST",
+      "path": "/my/path",
+      "protocol": "HTTP/1.1",
+      "sourceIp": "IP",
+      "userAgent": "agent"
+    },
+    "requestId": "id",
+    "routeKey": "$default",
+    "stage": "$default",
+    "time": "12/Mar/2020:19:03:58 +0000",
+    "timeEpoch": 1583348638390
+  },
+  "pathParameters": { "parameter1": "value1" },
+  "stageVariables": { "stageVariable1": "value1", "stageVariable2": "value2" }
+}
+