Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
redefine IoT Core custom authorizer request and response structs (#401)
* redefine IoT Core custom authorizer request and response structs as per spec * make IAM policy structs reusable * gofmt * restore deleted structs, add deprecation notices Co-authored-by: Bryan Moffatt <bmoffatt@users.noreply.github.com> Co-authored-by: Bryan Moffatt <bmoff2292@gmail.com>
- Loading branch information
1 parent
908421f
commit ec8f96b
Showing
7 changed files
with
120 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package events | ||
|
||
// IAMPolicyDocument represents an IAM policy document. | ||
type IAMPolicyDocument struct { | ||
Version string | ||
Statement []IAMPolicyStatement | ||
} | ||
|
||
// IAMPolicyStatement represents one statement from IAM policy with action, effect and resource. | ||
type IAMPolicyStatement struct { | ||
Action []string | ||
Effect string | ||
Resource []string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,46 @@ | ||
package events | ||
|
||
// IoTCustomAuthorizerRequest contains data coming in to a custom IoT device gateway authorizer function. | ||
type IoTCustomAuthorizerRequest struct { | ||
HTTPContext *IoTHTTPContext `json:"httpContext,omitempty"` | ||
MQTTContext *IoTMQTTContext `json:"mqttContext,omitempty"` | ||
TLSContext *IoTTLSContext `json:"tlsContext,omitempty"` | ||
AuthorizationToken string `json:"token"` | ||
TokenSignature string `json:"tokenSignature"` | ||
// IoTCoreCustomAuthorizerRequest represents the request to an IoT Core custom authorizer. | ||
// See https://docs.aws.amazon.com/iot/latest/developerguide/config-custom-auth.html | ||
type IoTCoreCustomAuthorizerRequest struct { | ||
Token string `json:"token"` | ||
SignatureVerified bool `json:"signatureVerified"` | ||
Protocols []string `json:"protocols"` | ||
ProtocolData *IoTCoreProtocolData `json:"protocolData,omitempty"` | ||
ConnectionMetadata *IoTCoreConnectionMetadata `json:"connectionMetadata,omitempty"` | ||
} | ||
|
||
type IoTHTTPContext struct { | ||
type IoTCoreProtocolData struct { | ||
TLS *IoTCoreTLSContext `json:"tls,omitempty"` | ||
HTTP *IoTCoreHTTPContext `json:"http,omitempty"` | ||
MQTT *IoTCoreMQTTContext `json:"mqtt,omitempty"` | ||
} | ||
|
||
type IoTCoreTLSContext struct { | ||
ServerName string `json:"serverName"` | ||
} | ||
|
||
type IoTCoreHTTPContext struct { | ||
Headers map[string]string `json:"headers,omitempty"` | ||
QueryString string `json:"queryString"` | ||
} | ||
|
||
type IoTMQTTContext struct { | ||
type IoTCoreMQTTContext struct { | ||
ClientID string `json:"clientId"` | ||
Password []byte `json:"password"` | ||
Username string `json:"username"` | ||
} | ||
|
||
type IoTTLSContext struct { | ||
ServerName string `json:"serverName"` | ||
type IoTCoreConnectionMetadata struct { | ||
ID string `json:"id"` | ||
} | ||
|
||
// IoTCustomAuthorizerResponse represents the expected format of an IoT device gateway authorization response. | ||
type IoTCustomAuthorizerResponse struct { | ||
IsAuthenticated bool `json:"isAuthenticated"` | ||
PrincipalID string `json:"principalId"` | ||
DisconnectAfterInSeconds int32 `json:"disconnectAfterInSeconds"` | ||
RefreshAfterInSeconds int32 `json:"refreshAfterInSeconds"` | ||
PolicyDocuments []string `json:"policyDocuments"` | ||
// IoTCoreCustomAuthorizerResponse represents the response from an IoT Core custom authorizer. | ||
// See https://docs.aws.amazon.com/iot/latest/developerguide/config-custom-auth.html | ||
type IoTCoreCustomAuthorizerResponse struct { | ||
IsAuthenticated bool `json:"isAuthenticated"` | ||
PrincipalID string `json:"principalId"` | ||
DisconnectAfterInSeconds uint32 `json:"disconnectAfterInSeconds"` | ||
RefreshAfterInSeconds uint32 `json:"refreshAfterInSeconds"` | ||
PolicyDocuments []*IAMPolicyDocument `json:"policyDocuments"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package events | ||
|
||
// IoTCustomAuthorizerRequest contains data coming in to a custom IoT device gateway authorizer function. | ||
// Deprecated: Use IoTCoreCustomAuthorizerRequest instead. IoTCustomAuthorizerRequest does not correctly model the request schema | ||
type IoTCustomAuthorizerRequest struct { | ||
HTTPContext *IoTHTTPContext `json:"httpContext,omitempty"` | ||
MQTTContext *IoTMQTTContext `json:"mqttContext,omitempty"` | ||
TLSContext *IoTTLSContext `json:"tlsContext,omitempty"` | ||
AuthorizationToken string `json:"token"` | ||
TokenSignature string `json:"tokenSignature"` | ||
} | ||
|
||
// Deprecated: Use IoTCoreHTTPContext | ||
type IoTHTTPContext IoTCoreHTTPContext | ||
|
||
// Deprecated: Use IoTCoreMQTTContext | ||
type IoTMQTTContext IoTCoreMQTTContext | ||
|
||
// Deprecated: Use IotCoreTLSContext | ||
type IoTTLSContext IoTCoreTLSContext | ||
|
||
// IoTCustomAuthorizerResponse represents the expected format of an IoT device gateway authorization response. | ||
// Deprecated: Use IoTCoreCustomAuthorizerResponse. IoTCustomAuthorizerResponse does not correctly model the response schema. | ||
type IoTCustomAuthorizerResponse struct { | ||
IsAuthenticated bool `json:"isAuthenticated"` | ||
PrincipalID string `json:"principalId"` | ||
DisconnectAfterInSeconds int32 `json:"disconnectAfterInSeconds"` | ||
RefreshAfterInSeconds int32 `json:"refreshAfterInSeconds"` | ||
PolicyDocuments []string `json:"policyDocuments"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,24 @@ | ||
{ | ||
"httpContext": { | ||
"headers": { | ||
"Accept-Language" : "en" | ||
"token" :"aToken", | ||
"signatureVerified": true, | ||
"protocols": ["tls", "http", "mqtt"], | ||
"protocolData": { | ||
"tls" : { | ||
"serverName": "serverName" | ||
}, | ||
"queryString": "abc" | ||
}, | ||
"mqttContext": { | ||
"clientId": "someclient", | ||
"password": "aslkfjwoeiuwekrujwlrueowieurowieurowiuerwleuroiwueroiwueroiuweoriuweoriuwoeiruwoeiur", | ||
"username": "thebestuser" | ||
}, | ||
"tlsContext": { | ||
"serverName": "server.stuff.com" | ||
"http": { | ||
"headers": { | ||
"X-Request-ID": "abc123" | ||
}, | ||
"queryString": "?foo=bar" | ||
}, | ||
"mqtt": { | ||
"username": "myUserName", | ||
"password": "bXlQYXNzd29yZA==", | ||
"clientId": "myClientId" | ||
} | ||
}, | ||
"token": "someToken", | ||
"tokenSignature": "somelongtokensignature" | ||
} | ||
"connectionMetadata": { | ||
"id": "e56f08c3-c559-490f-aa9f-7e8427d0f57b" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters