Added struct definition to include ClientCert information to API Gateway when using mTLS #342
Conversation
…ity and Authentication and ClientCert to APIGatewayV2HTTPRequestContext Struct definitions
Catching up to Current aws commits
Codecov Report
@@ Coverage Diff @@
## master #342 +/- ##
=======================================
Coverage 72.22% 72.22%
=======================================
Files 19 19
Lines 738 738
=======================================
Hits 533 533
Misses 138 138
Partials 67 67 Continue to review full report at Codecov.
|
events/apigw.go
Outdated
| Validity APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity `json:"validity"` | ||
| } | ||
|
|
||
| // APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS.. |
There was a problem hiding this comment.
nit pick: here and elsewhere there is an unnecessary extra . at end of doc comment
events/apigw.go
Outdated
| @@ -189,10 +190,46 @@ type APIGatewayWebsocketProxyRequestContext struct { | |||
| Status string `json:"status"` | |||
| } | |||
|
|
|||
| // APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller. | |||
| // APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS.. | |||
There was a problem hiding this comment.
I usually prefer for definitions to read top to bottom in the order they are used. In this case that would mean that each of your new types would only come after they were first used. Could we make that update here?
There was a problem hiding this comment.
Changed the order of definitions to match project conventions.
events/apigw.go
Outdated
| NotAfter string `json:"notAfter"` | ||
| NotBefore string `json:"notBefore"` |
There was a problem hiding this comment.
Looks like these are timestamps. I'm not entirely sure what we do elsewhere in this package but maybe these could be time.Times?
There was a problem hiding this comment.
I was unable to find a way to convert the time format of the validity dates in the JSON unmarshalling not of the Tag hints I could find seam to work. I don't think writing a custom unmarshalling routine would be appropriate but am open to suggestion.
| Time string `json:"time"` | ||
| TimeEpoch int64 `json:"timeEpoch"` | ||
| HTTP APIGatewayV2HTTPRequestContextHTTPDescription `json:"http"` | ||
| Authentication APIGatewayV2HTTPRequestContextAuthentication `json:"authentication"` |
There was a problem hiding this comment.
This field is optional right? Or is it always supplied now by API GW?
There was a problem hiding this comment.
Supplied by API GW when mTLS is configured, otherwise it will be ignored since we are just unmarshalling.
events/apigw.go
Outdated
| SourceIP string `json:"sourceIp"` | ||
| APIKey string `json:"apiKey"` | ||
| SourceIP string `json:"sourceIp"` | ||
| ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"` |
There was a problem hiding this comment.
This field is optional right? Or is it always supplied now by API GW?
There was a problem hiding this comment.
Supplied by API GW when mTLS is configured, otherwise it will be ignored since we are just unmarshalling.
Bring local fork up to date
|
Are you planning to merge and release this PR soon? |
Codecov Report
@@ Coverage Diff @@
## master #342 +/- ##
=======================================
Coverage 72.22% 72.22%
=======================================
Files 19 19
Lines 738 738
=======================================
Hits 533 533
Misses 138 138
Partials 67 67 Continue to review full report at Codecov.
|
|
@harrisonhjones @dum0nt73 Any chance this could be merged soon? |
|
@kpes , I have requested the review to have it merged just waiting now. Hopefully they will approve it soon. |
Issue #337
Added struct definition to include ClientCert information in APIGatewayCustomAuthorizerRequestTypeRequestIdentity and APIGatewayV2HTTPRequestContext for REST and HTTP API Gateway when mTLS is configured.
https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-mutual-tls.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mutual-tls.html
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.