From 1d83b07f4edc9052d7edd6bbc43e217a7939f2d2 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Fri, 20 Nov 2020 15:02:15 -0700 Subject: [PATCH 01/10] Added ClientCert to APIGatewayCustomAuthorizerRequestTypeRequestIdentity and Authentication and ClientCert to APIGatewayV2HTTPRequestContext Struct definitions --- events/apigw.go | 65 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 14 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 83b4cbc8..a4302e4f 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -65,17 +65,18 @@ type APIGatewayV2HTTPRequest struct { // APIGatewayV2HTTPRequestContext contains the information to identify the AWS account and resources invoking the Lambda function. type APIGatewayV2HTTPRequestContext struct { - RouteKey string `json:"routeKey"` - AccountID string `json:"accountId"` - Stage string `json:"stage"` - RequestID string `json:"requestId"` - Authorizer *APIGatewayV2HTTPRequestContextAuthorizerDescription `json:"authorizer,omitempty"` - APIID string `json:"apiId"` // The API Gateway HTTP API Id - DomainName string `json:"domainName"` - DomainPrefix string `json:"domainPrefix"` - Time string `json:"time"` - TimeEpoch int64 `json:"timeEpoch"` - HTTP APIGatewayV2HTTPRequestContextHTTPDescription `json:"http"` + RouteKey string `json:"routeKey"` + AccountID string `json:"accountId"` + Stage string `json:"stage"` + RequestID string `json:"requestId"` + Authorizer *APIGatewayV2HTTPRequestContextAuthorizerDescription `json:"authorizer,omitempty"` + APIID string `json:"apiId"` // The API Gateway HTTP API Id + DomainName string `json:"domainName"` + DomainPrefix string `json:"domainPrefix"` + Time string `json:"time"` + TimeEpoch int64 `json:"timeEpoch"` + HTTP APIGatewayV2HTTPRequestContextHTTPDescription `json:"http"` + Authentication APIGatewayV2HTTPRequestContextAuthentication `json:"authentication"` } // APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context. @@ -189,10 +190,46 @@ type APIGatewayWebsocketProxyRequestContext struct { Status string `json:"status"` } -// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller. +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS.. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { + NotAfter string `json:"notAfter"` + NotBefore string `json:"notBefore"` +} + +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS.. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { + ClientCertPem string `json:"clientCertPem"` + IssuerDN string `json:"issuerDN"` + SerialNumber string `json:"serialNumber"` + SubjectDN string `json:"subjectDN"` + Validity APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"` +} + +// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS.. +type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { + NotAfter string `json:"notAfter"` + NotBefore string `json:"notBefore"` +} + +// APIGatewayV2HTTPRequestContextAuthenticationClientCert contains client certificate information for the request caller if using mTLS.. +type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { + ClientCertPem string `json:"clientCertPem"` + IssuerDN string `json:"issuerDN"` + SerialNumber string `json:"serialNumber"` + SubjectDN string `json:"subjectDN"` + Validity APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity `json:"validity"` +} + +// APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS.. +type APIGatewayV2HTTPRequestContextAuthentication struct { + ClientCert APIGatewayV2HTTPRequestContextAuthenticationClientCert `json:"clientCert"` +} + +// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller including certificate information if using mTLS. type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct { - APIKey string `json:"apiKey"` - SourceIP string `json:"sourceIp"` + APIKey string `json:"apiKey"` + SourceIP string `json:"sourceIp"` + ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"` } // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response. From 411a5fc31a6e868bac6916bf3cf84b79a954eacd Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sat, 5 Dec 2020 12:56:31 -0700 Subject: [PATCH 02/10] Updated testdata to include new mTLS context objexts to go test passes --- .../apigw-custom-auth-request-type-request.json | 12 +++++++++++- events/testdata/apigw-v2-request-iam.json | 12 ++++++++++++ events/testdata/apigw-v2-request-jwt-authorizer.json | 12 ++++++++++++ events/testdata/apigw-v2-request-no-authorizer.json | 12 ++++++++++++ 4 files changed, 47 insertions(+), 1 deletion(-) diff --git a/events/testdata/apigw-custom-auth-request-type-request.json b/events/testdata/apigw-custom-auth-request-type-request.json index f70ede04..ead818d1 100644 --- a/events/testdata/apigw-custom-auth-request-type-request.json +++ b/events/testdata/apigw-custom-auth-request-type-request.json @@ -68,7 +68,17 @@ "requestId": "...", "identity": { "apiKey": "...", - "sourceIp": "..." + "sourceIp": "..." , + "clientCert": { + "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", + "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", + "serialNumber": "1", + "subjectDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Client", + "validity": { + "notAfter": "Aug 5 00:28:21 2120 GMT", + "notBefore": "Aug 29 00:28:21 2020 GMT" + } + } }, "resourcePath": "/request", "httpMethod": "GET", diff --git a/events/testdata/apigw-v2-request-iam.json b/events/testdata/apigw-v2-request-iam.json index 73d50d78..b44d018a 100644 --- a/events/testdata/apigw-v2-request-iam.json +++ b/events/testdata/apigw-v2-request-iam.json @@ -39,6 +39,18 @@ } }, "apiId": "api-id", + "authentication": { + "clientCert": { + "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", + "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", + "serialNumber": "1", + "subjectDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Client", + "validity": { + "notAfter": "Aug 5 00:28:21 2120 GMT", + "notBefore": "Aug 29 00:28:21 2020 GMT" + } + } + }, "domainName": "id.execute-api.us-east-1.amazonaws.com", "domainPrefix": "id", "time": "12/Mar/2020:19:03:58+0000", diff --git a/events/testdata/apigw-v2-request-jwt-authorizer.json b/events/testdata/apigw-v2-request-jwt-authorizer.json index ac40191f..ec045a97 100644 --- a/events/testdata/apigw-v2-request-jwt-authorizer.json +++ b/events/testdata/apigw-v2-request-jwt-authorizer.json @@ -36,6 +36,18 @@ } }, "apiId": "api-id", + "authentication": { + "clientCert": { + "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", + "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", + "serialNumber": "1", + "subjectDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Client", + "validity": { + "notAfter": "Aug 5 00:28:21 2120 GMT", + "notBefore": "Aug 29 00:28:21 2020 GMT" + } + } + }, "domainName": "id.execute-api.us-east-1.amazonaws.com", "domainPrefix": "id", "time": "12/Mar/2020:19:03:58+0000", diff --git a/events/testdata/apigw-v2-request-no-authorizer.json b/events/testdata/apigw-v2-request-no-authorizer.json index d21c1f3f..2c69e90e 100644 --- a/events/testdata/apigw-v2-request-no-authorizer.json +++ b/events/testdata/apigw-v2-request-no-authorizer.json @@ -16,6 +16,18 @@ "requestContext": { "accountId": "123456789012", "apiId": "aaaaaaaaaa", + "authentication": { + "clientCert": { + "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", + "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", + "serialNumber": "1", + "subjectDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Client", + "validity": { + "notAfter": "Aug 5 00:28:21 2120 GMT", + "notBefore": "Aug 29 00:28:21 2020 GMT" + } + } + }, "domainName": "aaaaaaaaaa.execute-api.us-west-2.amazonaws.com", "domainPrefix": "aaaaaaaaaa", "http": { From 734e78c1cecb19824a8bba8a3911b4762c230643 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sat, 5 Dec 2020 13:23:37 -0700 Subject: [PATCH 03/10] Updated lambda authorizer test json to includ clientCert --- .../testdata/apigw-v2-request-lambda-authorizer.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/events/testdata/apigw-v2-request-lambda-authorizer.json b/events/testdata/apigw-v2-request-lambda-authorizer.json index 75d1574f..c056211e 100644 --- a/events/testdata/apigw-v2-request-lambda-authorizer.json +++ b/events/testdata/apigw-v2-request-lambda-authorizer.json @@ -29,6 +29,18 @@ } }, "apiId": "api-id", + "authentication": { + "clientCert": { + "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", + "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", + "serialNumber": "1", + "subjectDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Client", + "validity": { + "notAfter": "Aug 5 00:28:21 2120 GMT", + "notBefore": "Aug 29 00:28:21 2020 GMT" + } + } + }, "domainName": "id.execute-api.us-east-1.amazonaws.com", "domainPrefix": "id", "time": "12/Mar/2020:19:03:58+0000", From e31c9a13fb6a0f8bc280231076c7f3170939a5e2 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 17:16:56 -0700 Subject: [PATCH 04/10] Rearrange struct definition order to match AWS Go project conventions --- events/apigw.go | 98 ++++++++++++++++++++++++------------------------- 1 file changed, 49 insertions(+), 49 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index a4302e4f..1bca2b66 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -28,7 +28,7 @@ type APIGatewayProxyResponse struct { } // APIGatewayProxyRequestContext contains the information to identify the AWS account and resources invoking the -// Lambda function. It also includes Cognito identity information for the caller. +// Lambda function. It also includes Cognito identity information for the caller type APIGatewayProxyRequestContext struct { AccountID string `json:"accountId"` ResourceID string `json:"resourceId"` @@ -63,6 +63,37 @@ type APIGatewayV2HTTPRequest struct { IsBase64Encoded bool `json:"isBase64Encoded"` } +// APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity contains Cognito identity information for the request contex +type APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity struct { + AMR []string `json:"amr"` + IdentityID string `json:"identityId"` + IdentityPoolID string `json:"identityPoolId"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerIAMDescription contains IAM information for the request contex +type APIGatewayV2HTTPRequestContextAuthorizerIAMDescription struct { + AccessKey string `json:"accessKey"` + AccountID string `json:"accountId"` + CallerID string `json:"callerId"` + CognitoIdentity APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity `json:"cognitoIdentity,omitempty"` + PrincipalOrgID string `json:"principalOrgId"` + UserARN string `json:"userArn"` + UserID string `json:"userId"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerJWTDescription contains JWT authorizer information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerJWTDescription struct { + Claims map[string]string `json:"claims"` + Scopes []string `json:"scopes,omitempty"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerDescription struct { + JWT *APIGatewayV2HTTPRequestContextAuthorizerJWTDescription `json:"jwt,omitempty"` + Lambda map[string]interface{} `json:"lambda,omitempty"` + IAM *APIGatewayV2HTTPRequestContextAuthorizerIAMDescription `json:"iam,omitempty"` +} + // APIGatewayV2HTTPRequestContext contains the information to identify the AWS account and resources invoking the Lambda function. type APIGatewayV2HTTPRequestContext struct { RouteKey string `json:"routeKey"` @@ -79,37 +110,6 @@ type APIGatewayV2HTTPRequestContext struct { Authentication APIGatewayV2HTTPRequestContextAuthentication `json:"authentication"` } -// APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerDescription struct { - JWT *APIGatewayV2HTTPRequestContextAuthorizerJWTDescription `json:"jwt,omitempty"` - Lambda map[string]interface{} `json:"lambda,omitempty"` - IAM *APIGatewayV2HTTPRequestContextAuthorizerIAMDescription `json:"iam,omitempty"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerJWTDescription contains JWT authorizer information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerJWTDescription struct { - Claims map[string]string `json:"claims"` - Scopes []string `json:"scopes,omitempty"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerIAMDescription contains IAM information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerIAMDescription struct { - AccessKey string `json:"accessKey"` - AccountID string `json:"accountId"` - CallerID string `json:"callerId"` - CognitoIdentity APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity `json:"cognitoIdentity,omitempty"` - PrincipalOrgID string `json:"principalOrgId"` - UserARN string `json:"userArn"` - UserID string `json:"userId"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity contains Cognito identity information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity struct { - AMR []string `json:"amr"` - IdentityID string `json:"identityId"` - IdentityPoolID string `json:"identityPoolId"` -} - // APIGatewayV2HTTPRequestContextHTTPDescription contains HTTP information for the request context. type APIGatewayV2HTTPRequestContextHTTPDescription struct { Method string `json:"method"` @@ -190,28 +190,13 @@ type APIGatewayWebsocketProxyRequestContext struct { Status string `json:"status"` } -// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS.. -type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { - NotAfter string `json:"notAfter"` - NotBefore string `json:"notBefore"` -} - -// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS.. -type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { - ClientCertPem string `json:"clientCertPem"` - IssuerDN string `json:"issuerDN"` - SerialNumber string `json:"serialNumber"` - SubjectDN string `json:"subjectDN"` - Validity APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"` -} - -// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS.. +// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS. type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { NotAfter string `json:"notAfter"` NotBefore string `json:"notBefore"` } -// APIGatewayV2HTTPRequestContextAuthenticationClientCert contains client certificate information for the request caller if using mTLS.. +// APIGatewayV2HTTPRequestContextAuthenticationClientCert contains client certificate information for the request caller if using mTLS. type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { ClientCertPem string `json:"clientCertPem"` IssuerDN string `json:"issuerDN"` @@ -225,6 +210,21 @@ type APIGatewayV2HTTPRequestContextAuthentication struct { ClientCert APIGatewayV2HTTPRequestContextAuthenticationClientCert `json:"clientCert"` } +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { + NotAfter string `json:"notAfter"` + NotBefore string `json:"notBefore"` +} + +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { + ClientCertPem string `json:"clientCertPem"` + IssuerDN string `json:"issuerDN"` + SerialNumber string `json:"serialNumber"` + SubjectDN string `json:"subjectDN"` + Validity APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"` +} + // APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller including certificate information if using mTLS. type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct { APIKey string `json:"apiKey"` From 19fe79db22dd6b3506c26760155bdaf1f9a38f24 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 17:40:52 -0700 Subject: [PATCH 05/10] Rearrange struct definition order to match AWS Go project conventions --- events/apigw.go | 116 ++++++++++++++++++++++++------------------------ 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 3c08a392..57125ec0 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -28,7 +28,7 @@ type APIGatewayProxyResponse struct { } // APIGatewayProxyRequestContext contains the information to identify the AWS account and resources invoking the -// Lambda function. It also includes Cognito identity information for the caller +// Lambda function. It also includes Cognito identity information for the caller. type APIGatewayProxyRequestContext struct { AccountID string `json:"accountId"` ResourceID string `json:"resourceId"` @@ -63,37 +63,6 @@ type APIGatewayV2HTTPRequest struct { IsBase64Encoded bool `json:"isBase64Encoded"` } -// APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity contains Cognito identity information for the request contex -type APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity struct { - AMR []string `json:"amr"` - IdentityID string `json:"identityId"` - IdentityPoolID string `json:"identityPoolId"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerIAMDescription contains IAM information for the request contex -type APIGatewayV2HTTPRequestContextAuthorizerIAMDescription struct { - AccessKey string `json:"accessKey"` - AccountID string `json:"accountId"` - CallerID string `json:"callerId"` - CognitoIdentity APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity `json:"cognitoIdentity,omitempty"` - PrincipalOrgID string `json:"principalOrgId"` - UserARN string `json:"userArn"` - UserID string `json:"userId"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerJWTDescription contains JWT authorizer information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerJWTDescription struct { - Claims map[string]string `json:"claims"` - Scopes []string `json:"scopes,omitempty"` -} - -// APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context. -type APIGatewayV2HTTPRequestContextAuthorizerDescription struct { - JWT *APIGatewayV2HTTPRequestContextAuthorizerJWTDescription `json:"jwt,omitempty"` - Lambda map[string]interface{} `json:"lambda,omitempty"` - IAM *APIGatewayV2HTTPRequestContextAuthorizerIAMDescription `json:"iam,omitempty"` -} - // APIGatewayV2HTTPRequestContext contains the information to identify the AWS account and resources invoking the Lambda function. type APIGatewayV2HTTPRequestContext struct { RouteKey string `json:"routeKey"` @@ -110,6 +79,37 @@ type APIGatewayV2HTTPRequestContext struct { Authentication APIGatewayV2HTTPRequestContextAuthentication `json:"authentication"` } +// APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerDescription struct { + JWT *APIGatewayV2HTTPRequestContextAuthorizerJWTDescription `json:"jwt,omitempty"` + Lambda map[string]interface{} `json:"lambda,omitempty"` + IAM *APIGatewayV2HTTPRequestContextAuthorizerIAMDescription `json:"iam,omitempty"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerJWTDescription contains JWT authorizer information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerJWTDescription struct { + Claims map[string]string `json:"claims"` + Scopes []string `json:"scopes,omitempty"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerIAMDescription contains IAM information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerIAMDescription struct { + AccessKey string `json:"accessKey"` + AccountID string `json:"accountId"` + CallerID string `json:"callerId"` + CognitoIdentity APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity `json:"cognitoIdentity,omitempty"` + PrincipalOrgID string `json:"principalOrgId"` + UserARN string `json:"userArn"` + UserID string `json:"userId"` +} + +// APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity contains Cognito identity information for the request context. +type APIGatewayV2HTTPRequestContextAuthorizerCognitoIdentity struct { + AMR []string `json:"amr"` + IdentityID string `json:"identityId"` + IdentityPoolID string `json:"identityPoolId"` +} + // APIGatewayV2HTTPRequestContextHTTPDescription contains HTTP information for the request context. type APIGatewayV2HTTPRequestContextHTTPDescription struct { Method string `json:"method"` @@ -150,7 +150,7 @@ type APIGatewayRequestIdentity struct { type APIGatewayWebsocketProxyRequest struct { Resource string `json:"resource"` // The resource path defined in API Gateway Path string `json:"path"` // The url path for the caller - HTTPMethod string `json:"httpMethod,omitempty"` + HTTPMethod string `json:"httpMethod"` Headers map[string]string `json:"headers"` MultiValueHeaders map[string][]string `json:"multiValueHeaders"` QueryStringParameters map[string]string `json:"queryStringParameters"` @@ -190,12 +190,33 @@ type APIGatewayWebsocketProxyRequestContext struct { Status string `json:"status"` } -// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS. -type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { +// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller including certificate information if using mTLS. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct { + APIKey string `json:"apiKey"` + SourceIP string `json:"sourceIp"` + ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"` +} + +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS.. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { + ClientCertPem string `json:"clientCertPem"` + IssuerDN string `json:"issuerDN"` + SerialNumber string `json:"serialNumber"` + SubjectDN string `json:"subjectDN"` + Validity APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"` +} + +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS. +type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { NotAfter string `json:"notAfter"` NotBefore string `json:"notBefore"` } +// APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS. +type APIGatewayV2HTTPRequestContextAuthentication struct { + ClientCert APIGatewayV2HTTPRequestContextAuthenticationClientCert `json:"clientCert"` +} + // APIGatewayV2HTTPRequestContextAuthenticationClientCert contains client certificate information for the request caller if using mTLS. type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { ClientCertPem string `json:"clientCertPem"` @@ -205,33 +226,12 @@ type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { Validity APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity `json:"validity"` } -// APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS.. -type APIGatewayV2HTTPRequestContextAuthentication struct { - ClientCert APIGatewayV2HTTPRequestContextAuthenticationClientCert `json:"clientCert"` -} - -// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS. -type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { +// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS. +type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { NotAfter string `json:"notAfter"` NotBefore string `json:"notBefore"` } -// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS. -type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { - ClientCertPem string `json:"clientCertPem"` - IssuerDN string `json:"issuerDN"` - SerialNumber string `json:"serialNumber"` - SubjectDN string `json:"subjectDN"` - Validity APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"` -} - -// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller including certificate information if using mTLS. -type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct { - APIKey string `json:"apiKey"` - SourceIP string `json:"sourceIp"` - ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"` -} - // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response. // Deprecated. Code should be updated to use the Authorizer map from APIGatewayRequestIdentity. Ex: Authorizer["principalId"] type APIGatewayCustomAuthorizerContext struct { From ec6fee3d853b4aae60578f31a1f87b57616cb7c6 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 17:44:58 -0700 Subject: [PATCH 06/10] Rearrange struct definition order to match AWS Go project conventions update --- events/apigw.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 57125ec0..11f75e4d 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -150,7 +150,7 @@ type APIGatewayRequestIdentity struct { type APIGatewayWebsocketProxyRequest struct { Resource string `json:"resource"` // The resource path defined in API Gateway Path string `json:"path"` // The url path for the caller - HTTPMethod string `json:"httpMethod"` + HTTPMethod string `json:"httpMethod,omitempty"` Headers map[string]string `json:"headers"` MultiValueHeaders map[string][]string `json:"multiValueHeaders"` QueryStringParameters map[string]string `json:"queryStringParameters"` @@ -197,7 +197,7 @@ type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct { ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"` } -// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS.. +// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS. type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { ClientCertPem string `json:"clientCertPem"` IssuerDN string `json:"issuerDN"` From 87559daef6b3df1af6b1123e5bc39e10bfca3866 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 17:49:18 -0700 Subject: [PATCH 07/10] Fixed space in test data file --- events/testdata/apigw-custom-auth-request-type-request.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/events/testdata/apigw-custom-auth-request-type-request.json b/events/testdata/apigw-custom-auth-request-type-request.json index ead818d1..55c8090e 100644 --- a/events/testdata/apigw-custom-auth-request-type-request.json +++ b/events/testdata/apigw-custom-auth-request-type-request.json @@ -68,7 +68,7 @@ "requestId": "...", "identity": { "apiKey": "...", - "sourceIp": "..." , + "sourceIp": "...", "clientCert": { "clientCertPem": "-----BEGIN CERTIFICATE-----\nMIIEZTCCAk0CAQEwDQ...", "issuerDN": "C=US,ST=Washington,L=Seattle,O=Amazon Web Services,OU=Security,CN=My Private CA", From 45be04bd0358499c78c67224dc68ff4241decd81 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 18:01:19 -0700 Subject: [PATCH 08/10] Converted Validity start and end from string to time.Time --- events/apigw.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 11f75e4d..79c6b56c 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -2,6 +2,10 @@ package events +import ( + "time" +) + // APIGatewayProxyRequest contains data coming from the API Gateway proxy type APIGatewayProxyRequest struct { Resource string `json:"resource"` // The resource path defined in API Gateway @@ -208,8 +212,8 @@ type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { // APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS. type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { - NotAfter string `json:"notAfter"` - NotBefore string `json:"notBefore"` + NotAfter time.Time `json:"notAfter"` + NotBefore time.Time `json:"notBefore"` } // APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS. From e2f0235ed1bb1e879232ec04b979c968e521b0c5 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 11 Apr 2021 18:02:54 -0700 Subject: [PATCH 09/10] Converted Validity start and end from string to time.Time for HTTPRequest --- events/apigw.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 79c6b56c..3f1ddc2c 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -232,8 +232,8 @@ type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { // APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS. type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { - NotAfter string `json:"notAfter"` - NotBefore string `json:"notBefore"` + NotAfter time.Time `json:"notAfter"` + NotBefore time.Time `json:"notBefore"` } // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response. From 1c35d1561532140f0a30adbc49248033c81e9aa6 Mon Sep 17 00:00:00 2001 From: "Smith, Peter" Date: Sun, 20 Jun 2021 11:18:30 -0700 Subject: [PATCH 10/10] Changing Validity notAfter and notBefore back to strings --- events/apigw.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/events/apigw.go b/events/apigw.go index 3f1ddc2c..11f75e4d 100644 --- a/events/apigw.go +++ b/events/apigw.go @@ -2,10 +2,6 @@ package events -import ( - "time" -) - // APIGatewayProxyRequest contains data coming from the API Gateway proxy type APIGatewayProxyRequest struct { Resource string `json:"resource"` // The resource path defined in API Gateway @@ -212,8 +208,8 @@ type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct { // APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS. type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct { - NotAfter time.Time `json:"notAfter"` - NotBefore time.Time `json:"notBefore"` + NotAfter string `json:"notAfter"` + NotBefore string `json:"notBefore"` } // APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS. @@ -232,8 +228,8 @@ type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct { // APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS. type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct { - NotAfter time.Time `json:"notAfter"` - NotBefore time.Time `json:"notBefore"` + NotAfter string `json:"notAfter"` + NotBefore string `json:"notBefore"` } // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response.