Merge branch 'main' into cw-events-doc-fix

Author: bmoffatt

.github/workflows/reviewdog.yml

@@ -29,7 +29,9 @@ jobs:
         run: go test -race -coverprofile=coverage.txt -covermode=atomic ./...
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v1
-        if: matrix.go == '1.16'
+        uses: codecov/codecov-action@v2
         with:
           file: ./coverage.txt
+          env_vars: GO
+        env:
+          GO: ${{ matrix.go }}

.github/workflows/tests.yml

@@ -12,8 +12,15 @@ linters:
     - typecheck
     - unused
     - varcheck
+    - stylecheck
 
 run:
   skip-files:
     # These were code-generated, and cannot be changed without breaking RPC compatibility.
     - lambda/messages/*.go
+
+linters-settings:
+  stylecheck:
+    go: "1.17"
+    checks: ["all"]
+    initialisms: ["AWS", "ARN", "IAM", "MQTT", "ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA", "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", "UDP", "UI", "GID", "UID", "UUID", "URI", "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", "XSS", "SIP", "RTP", "AMQP", "DB", "TS"]

.golangci.yml

@@ -11,11 +11,11 @@ import (
 
 func TestActiveMQEventMarshaling(t *testing.T) {
 	// 1. read JSON from file
-	inputJson := test.ReadJSONFromFile(t, "./testdata/activemq-event.json")
+	inputJSON := test.ReadJSONFromFile(t, "./testdata/activemq-event.json")
 
 	// 2. de-serialize into Go object
 	var inputEvent ActiveMQEvent
-	if err := json.Unmarshal(inputJson, &inputEvent); err != nil {
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
 		t.Errorf("could not unmarshal event. details: %v", err)
 	}
 
@@ -32,13 +32,13 @@ func TestActiveMQEventMarshaling(t *testing.T) {
 	assert.Equal(t, false, message.Redelivered)
 
 	// 4. serialize to JSON
-	outputJson, err := json.Marshal(inputEvent)
+	outputJSON, err := json.Marshal(inputEvent)
 	if err != nil {
 		t.Errorf("could not marshal event. details: %v", err)
 	}
 
 	// 5. check result
-	assert.JSONEq(t, string(inputJson), string(outputJson))
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
 
 func TestActiveMQMarshalingMalformedJson(t *testing.T) {

events/activemq_test.go

@@ -20,7 +20,7 @@ type ALBTargetGroupRequestContext struct {
 
 // ELBContext contains the information to identify the ARN invoking the lambda
 type ELBContext struct {
-	TargetGroupArn string `json:"targetGroupArn"`
+	TargetGroupArn string `json:"targetGroupArn"` //nolint: stylecheck
 }
 
 // ALBTargetGroupResponse configures the response to be returned by the ALB Lambda target group for the request

events/alb.go

@@ -65,17 +65,18 @@ type APIGatewayV2HTTPRequest struct {
 
 // APIGatewayV2HTTPRequestContext contains the information to identify the AWS account and resources invoking the Lambda function.
 type APIGatewayV2HTTPRequestContext struct {
-	RouteKey     string                                               `json:"routeKey"`
-	AccountID    string                                               `json:"accountId"`
-	Stage        string                                               `json:"stage"`
-	RequestID    string                                               `json:"requestId"`
-	Authorizer   *APIGatewayV2HTTPRequestContextAuthorizerDescription `json:"authorizer,omitempty"`
-	APIID        string                                               `json:"apiId"` // The API Gateway HTTP API Id
-	DomainName   string                                               `json:"domainName"`
-	DomainPrefix string                                               `json:"domainPrefix"`
-	Time         string                                               `json:"time"`
-	TimeEpoch    int64                                                `json:"timeEpoch"`
-	HTTP         APIGatewayV2HTTPRequestContextHTTPDescription        `json:"http"`
+	RouteKey       string                                               `json:"routeKey"`
+	AccountID      string                                               `json:"accountId"`
+	Stage          string                                               `json:"stage"`
+	RequestID      string                                               `json:"requestId"`
+	Authorizer     *APIGatewayV2HTTPRequestContextAuthorizerDescription `json:"authorizer,omitempty"`
+	APIID          string                                               `json:"apiId"` // The API Gateway HTTP API Id
+	DomainName     string                                               `json:"domainName"`
+	DomainPrefix   string                                               `json:"domainPrefix"`
+	Time           string                                               `json:"time"`
+	TimeEpoch      int64                                                `json:"timeEpoch"`
+	HTTP           APIGatewayV2HTTPRequestContextHTTPDescription        `json:"http"`
+	Authentication APIGatewayV2HTTPRequestContextAuthentication         `json:"authentication"`
 }
 
 // APIGatewayV2HTTPRequestContextAuthorizerDescription contains authorizer information for the request context.
@@ -140,7 +141,7 @@ type APIGatewayRequestIdentity struct {
 	SourceIP                      string `json:"sourceIp"`
 	CognitoAuthenticationType     string `json:"cognitoAuthenticationType"`
 	CognitoAuthenticationProvider string `json:"cognitoAuthenticationProvider"`
-	UserArn                       string `json:"userArn"`
+	UserArn                       string `json:"userArn"` //nolint: stylecheck
 	UserAgent                     string `json:"userAgent"`
 	User                          string `json:"user"`
 }
@@ -189,10 +190,46 @@ type APIGatewayWebsocketProxyRequestContext struct {
 	Status             string                    `json:"status"`
 }
 
-// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller.
+// APIGatewayCustomAuthorizerRequestTypeRequestIdentity contains identity information for the request caller including certificate information if using mTLS.
 type APIGatewayCustomAuthorizerRequestTypeRequestIdentity struct {
-	APIKey   string `json:"apiKey"`
-	SourceIP string `json:"sourceIp"`
+	APIKey     string                                                         `json:"apiKey"`
+	SourceIP   string                                                         `json:"sourceIp"`
+	ClientCert APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert `json:"clientCert"`
+}
+
+// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert contains certificate information for the request caller if using mTLS.
+type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCert struct {
+	ClientCertPem string                                                                 `json:"clientCertPem"`
+	IssuerDN      string                                                                 `json:"issuerDN"`
+	SerialNumber  string                                                                 `json:"serialNumber"`
+	SubjectDN     string                                                                 `json:"subjectDN"`
+	Validity      APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity `json:"validity"`
+}
+
+// APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity contains certificate validity information for the request caller if using mTLS.
+type APIGatewayCustomAuthorizerRequestTypeRequestIdentityClientCertValidity struct {
+	NotAfter  string `json:"notAfter"`
+	NotBefore string `json:"notBefore"`
+}
+
+// APIGatewayV2HTTPRequestContextAuthentication contains authentication context information for the request caller including client certificate information if using mTLS.
+type APIGatewayV2HTTPRequestContextAuthentication struct {
+	ClientCert APIGatewayV2HTTPRequestContextAuthenticationClientCert `json:"clientCert"`
+}
+
+// APIGatewayV2HTTPRequestContextAuthenticationClientCert contains client certificate information for the request caller if using mTLS.
+type APIGatewayV2HTTPRequestContextAuthenticationClientCert struct {
+	ClientCertPem string                                                         `json:"clientCertPem"`
+	IssuerDN      string                                                         `json:"issuerDN"`
+	SerialNumber  string                                                         `json:"serialNumber"`
+	SubjectDN     string                                                         `json:"subjectDN"`
+	Validity      APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity `json:"validity"`
+}
+
+// APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity contains client certificate validity information for the request caller if using mTLS.
+type APIGatewayV2HTTPRequestContextAuthenticationClientCertValidity struct {
+	NotAfter  string `json:"notAfter"`
+	NotBefore string `json:"notBefore"`
 }
 
 // APIGatewayCustomAuthorizerContext represents the expected format of an API Gateway custom authorizer response.
@@ -221,13 +258,13 @@ type APIGatewayCustomAuthorizerRequestTypeRequestContext struct {
 type APIGatewayCustomAuthorizerRequest struct {
 	Type               string `json:"type"`
 	AuthorizationToken string `json:"authorizationToken"`
-	MethodArn          string `json:"methodArn"`
+	MethodArn          string `json:"methodArn"` //nolint: stylecheck
 }
 
 // APIGatewayCustomAuthorizerRequestTypeRequest contains data coming in to a custom API Gateway authorizer function.
 type APIGatewayCustomAuthorizerRequestTypeRequest struct {
 	Type                            string                                              `json:"type"`
-	MethodArn                       string                                              `json:"methodArn"`
+	MethodArn                       string                                              `json:"methodArn"` //nolint: stylecheck
 	Resource                        string                                              `json:"resource"`
 	Path                            string                                              `json:"path"`
 	HTTPMethod                      string                                              `json:"httpMethod"`
@@ -248,6 +285,12 @@ type APIGatewayCustomAuthorizerResponse struct {
 	UsageIdentifierKey string                           `json:"usageIdentifierKey,omitempty"`
 }
 
+// APIGatewayV2CustomAuthorizerSimpleResponse represents the simple format of an API Gateway V2 authorization response.
+type APIGatewayV2CustomAuthorizerSimpleResponse struct {
+	IsAuthorized bool                   `json:"isAuthorized"`
+	Context      map[string]interface{} `json:"context,omitempty"`
+}
+
 // APIGatewayCustomAuthorizerPolicy represents an IAM policy
 type APIGatewayCustomAuthorizerPolicy struct {
 	Version   string

events/apigw.go

@@ -177,6 +177,67 @@ func TestApiGatewayCustomAuthorizerResponseMarshaling(t *testing.T) {
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
 
+func TestAPIGatewayV2CustomAuthorizerSimpleResponseMarshalling(t *testing.T) {
+	var tests = []struct {
+		desc string
+		in   APIGatewayV2CustomAuthorizerSimpleResponse
+		out  string
+	}{
+		{
+			"defaults",
+			APIGatewayV2CustomAuthorizerSimpleResponse{},
+			`{"isAuthorized":false}`,
+		},
+		{
+			"without context",
+			APIGatewayV2CustomAuthorizerSimpleResponse{IsAuthorized: true},
+			`{"isAuthorized":true}`,
+		},
+		{
+			"context is nil",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: nil},
+			`{"isAuthorized":false}`,
+		},
+		{
+			"context is empty",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: map[string]interface{}{}},
+			`{"isAuthorized":false}`,
+		},
+		{
+			"context with basic types",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: map[string]interface{}{"string": "value", "bool": true, "number": 1234}},
+			`{"isAuthorized":false,"context":{"string":"value","bool":true,"number":1234}}`,
+		},
+		{
+			"context with array",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: map[string]interface{}{"array": []string{"value1", "value2"}}},
+			`{"isAuthorized":false,"context":{"array":["value1","value2"]}}`,
+		},
+		{
+			"context with map",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: map[string]interface{}{"map": map[string]string{"key": "value"}}},
+			`{"isAuthorized":false,"context":{"map":{"key":"value"}}}`,
+		},
+		{
+			"context with nil value",
+			APIGatewayV2CustomAuthorizerSimpleResponse{Context: map[string]interface{}{"nil": nil}},
+			`{"isAuthorized":false,"context":{"nil":null}}`,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.desc, func(t *testing.T) {
+			outputJSON, err := json.Marshal(tt.in)
+			if err != nil {
+				t.Errorf("could not marshal event. details: %v", err)
+			}
+
+			assert.JSONEq(t, tt.out, string(outputJSON))
+		})
+	}
+}
+
 func TestApiGatewayCustomAuthorizerResponseMalformedJson(t *testing.T) {
 	test.TestMalformedJson(t, APIGatewayCustomAuthorizerResponse{})
 }

events/apigw_test.go

@@ -38,3 +38,28 @@ const (
 	// OperationBatchInvoke instructs AWS AppSync to batch requests for the current GraphQL field
 	OperationBatchInvoke AppSyncOperation = "BatchInvoke"
 )
+
+// AppSyncLambdaAuthorizerRequest contains an authorization request from AppSync.
+type AppSyncLambdaAuthorizerRequest struct {
+	AuthorizationToken string                                `json:"authorizationToken"`
+	RequestContext     AppSyncLambdaAuthorizerRequestContext `json:"requestContext"`
+}
+
+// AppSyncLambdaAuthorizerRequestContext contains the parameters of the AppSync invocation which triggered
+// this authorization request.
+type AppSyncLambdaAuthorizerRequestContext struct {
+	APIID         string                 `json:"apiId"`
+	AccountID     string                 `json:"accountId"`
+	RequestID     string                 `json:"requestId"`
+	QueryString   string                 `json:"queryString"`
+	OperationName string                 `json:"operationName"`
+	Variables     map[string]interface{} `json:"variables"`
+}
+
+// AppSyncLambdaAuthorizerResponse represents the expected format of an authorization response to AppSync.
+type AppSyncLambdaAuthorizerResponse struct {
+	IsAuthorized    bool                   `json:"isAuthorized"`
+	ResolverContext map[string]interface{} `json:"resolverContext,omitempty"`
+	DeniedFields    []string               `json:"deniedFields,omitempty"`
+	TTLOverride     *int                   `json:"ttlOverride,omitempty"`
+}

events/appsync.go

@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"testing"
 
+	"github.com/aws/aws-lambda-go/events/test"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -85,3 +86,49 @@ func TestAppSyncIdentity_Cognito(t *testing.T) {
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
+
+func TestAppSyncLambdaAuthorizerRequestMarshalling(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-lambda-auth-request.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputEvent AppSyncLambdaAuthorizerRequest
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
+
+func TestAppSyncLambdaAuthorizerRequestMalformedJson(t *testing.T) {
+	test.TestMalformedJson(t, AppSyncLambdaAuthorizerRequest{})
+}
+
+func TestAppSyncLambdaAuthorizerResponseMarshalling(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-lambda-auth-response.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputEvent AppSyncLambdaAuthorizerResponse
+	if err := json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
+
+func TestAppSyncLambdaAuthorizerResponseMalformedJson(t *testing.T) {
+	test.TestMalformedJson(t, AppSyncLambdaAuthorizerResponse{})
+}

events/appsync_test.go

@@ -20,7 +20,7 @@ type DynamoDBAttributeValue struct {
 
 // This struct represents DynamoDBAttributeValue which doesn't
 // implement fmt.Stringer interface and safely `fmt.Sprintf`able
-type dynamoDbAttributeValue DynamoDBAttributeValue
+type dynamoDbAttributeValue DynamoDBAttributeValue //nolint: stylecheck
 
 // Binary provides access to an attribute of type Binary.
 // Method panics if the attribute is not of type Binary.