Adding structures for iot custom authorizer request/response (#67)

* Adding structures for iot custom authorizer request/response * Making the iot policy documents an array of strings to match the documentation * Rebasing and updating iot events since the contract has chagned * Making the api gateway custom authorizer policy more generic * Fixed formatting * Update iot.go to satisfy the linter * Update iot.go * Delete workspace.xml * Delete vcs.xml * Delete misc.xml * Delete encodings.xml * Delete modules.xml * Delete aws-lambda-go.iml * Delete policy.go Co-authored-by: Bryan Moffatt <[email protected]>
aws · Sep 18, 2021 · 0d9038e · 0d9038e
1 parent ac2f18e
commit 0d9038e
Show file tree

Hide file tree

Showing 4 changed files with 124 additions and 0 deletions.
diff --git a/events/iot.go b/events/iot.go
@@ -0,0 +1,34 @@
+package events
+
+// IoTCustomAuthorizerRequest contains data coming in to a custom IoT device gateway authorizer function.
+type IoTCustomAuthorizerRequest struct {
+	HTTPContext        *IoTHTTPContext `json:"httpContext,omitempty"`
+	MQTTContext        *IoTMQTTContext `json:"mqttContext,omitempty"`
+	TLSContext         *IoTTLSContext  `json:"tlsContext,omitempty"`
+	AuthorizationToken string          `json:"token"`
+	TokenSignature     string          `json:"tokenSignature"`
+}
+
+type IoTHTTPContext struct {
+	Headers     map[string]string `json:"headers,omitempty"`
+	QueryString string            `json:"queryString"`
+}
+
+type IoTMQTTContext struct {
+	ClientID string `json:"clientId"`
+	Password []byte `json:"password"`
+	Username string `json:"username"`
+}
+
+type IoTTLSContext struct {
+	ServerName string `json:"serverName"`
+}
+
+// IoTCustomAuthorizerResponse represents the expected format of an IoT device gateway authorization response.
+type IoTCustomAuthorizerResponse struct {
+	IsAuthenticated          bool     `json:"isAuthenticated"`
+	PrincipalID              string   `json:"principalId"`
+	DisconnectAfterInSeconds int32    `json:"disconnectAfterInSeconds"`
+	RefreshAfterInSeconds    int32    `json:"refreshAfterInSeconds"`
+	PolicyDocuments          []string `json:"policyDocuments"`
+}
diff --git a/events/iot_test.go b/events/iot_test.go
@@ -0,0 +1,63 @@
+package events
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"testing"
+
+	"github.com/aws/aws-lambda-go/events/test"
+)
+
+func TestIoTCustomAuthorizerRequestMarshaling(t *testing.T) {
+
+	// read json from file
+	inputJSON, err := ioutil.ReadFile("./testdata/iot-custom-auth-request.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	// de-serialize into Go object
+	var inputEvent IoTCustomAuthorizerRequest
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	// serialize to json
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	test.AssertJsonsEqual(t, inputJSON, outputJSON)
+}
+
+func TestIoTCustomAuthorizerRequestMalformedJson(t *testing.T) {
+	test.TestMalformedJson(t, IoTCustomAuthorizerRequest{})
+}
+
+func TestIoTCustomAuthorizerResponseMarshaling(t *testing.T) {
+
+	// read json from file
+	inputJSON, err := ioutil.ReadFile("./testdata/iot-custom-auth-response.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	// de-serialize into Go object
+	var inputEvent IoTCustomAuthorizerResponse
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	// serialize to json
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	test.AssertJsonsEqual(t, inputJSON, outputJSON)
+}
+
+func TestIoTCustomAuthorizerResponseMalformedJson(t *testing.T) {
+	test.TestMalformedJson(t, IoTCustomAuthorizerResponse{})
+}
diff --git a/events/testdata/iot-custom-auth-request.json b/events/testdata/iot-custom-auth-request.json
@@ -0,0 +1,18 @@
+{
+  "httpContext": {
+    "headers": {
+      "Accept-Language" : "en"
+    },
+    "queryString": "abc"
+  },
+  "mqttContext": {
+    "clientId": "someclient",
+    "password": "aslkfjwoeiuwekrujwlrueowieurowieurowiuerwleuroiwueroiwueroiuweoriuweoriuwoeiruwoeiur",
+    "username": "thebestuser"
+  },
+  "tlsContext": {
+    "serverName": "server.stuff.com"
+  },
+  "token": "someToken",
+  "tokenSignature": "somelongtokensignature"
+}
diff --git a/events/testdata/iot-custom-auth-response.json b/events/testdata/iot-custom-auth-response.json
@@ -0,0 +1,9 @@
+{
+  "isAuthenticated":true,
+  "principalId": "xxxxxxxx",
+  "disconnectAfterInSeconds": 86400,
+  "refreshAfterInSeconds": 300,
+  "policyDocuments": [
+    "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Action\": [\"iot:Subscribe\"], \"Effect\": \"Allow\", \"Resource\": [\"*\"] } ] }"
+  ]
+}