commit
38d0797e15
|
@ -152,6 +152,7 @@ func TestTerraformStateReader_AWS_Resources(t *testing.T) {
|
|||
{name: "Api Gateway Rest Api", dirName: "api_gateway_rest_api", wantErr: false},
|
||||
{name: "Api Gateway Account", dirName: "api_gateway_account", wantErr: false},
|
||||
{name: "Api Gateway Api Key", dirName: "api_gateway_api_key", wantErr: false},
|
||||
{name: "Api Gateway authorizer", dirName: "api_gateway_authorizer", wantErr: false},
|
||||
{name: "AppAutoScaling Targets", dirName: "aws_appautoscaling_target", wantErr: false},
|
||||
{name: "network acl", dirName: "aws_network_acl", wantErr: false},
|
||||
{name: "network acl rule", dirName: "aws_network_acl_rule", wantErr: false},
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
[
|
||||
{
|
||||
"Id": "ypcpde",
|
||||
"Type": "aws_api_gateway_authorizer",
|
||||
"Attrs": {
|
||||
"authorizer_credentials": "arn:aws:iam::047081014315:role/api_gateway_auth_invocation",
|
||||
"authorizer_result_ttl_in_seconds": 300,
|
||||
"authorizer_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:047081014315:function:api_gateway_authorizer/invocations",
|
||||
"id": "ypcpde",
|
||||
"identity_source": "method.request.header.Authorization",
|
||||
"identity_validation_expression": "",
|
||||
"name": "bar",
|
||||
"rest_api_id": "1jitcobwol",
|
||||
"type": "TOKEN"
|
||||
}
|
||||
},
|
||||
{
|
||||
"Id": "bwhebj",
|
||||
"Type": "aws_api_gateway_authorizer",
|
||||
"Attrs": {
|
||||
"authorizer_credentials": "arn:aws:iam::047081014315:role/api_gateway_auth_invocation",
|
||||
"authorizer_result_ttl_in_seconds": 300,
|
||||
"authorizer_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:047081014315:function:api_gateway_authorizer/invocations",
|
||||
"id": "bwhebj",
|
||||
"identity_source": "method.request.header.Authorization",
|
||||
"identity_validation_expression": "",
|
||||
"name": "foo",
|
||||
"rest_api_id": "1jitcobwol",
|
||||
"type": "TOKEN"
|
||||
}
|
||||
}
|
||||
]
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,71 @@
|
|||
{
|
||||
"version": 4,
|
||||
"terraform_version": "1.0.7",
|
||||
"serial": 48,
|
||||
"lineage": "85f5bee6-139e-8db2-ae5d-82aa82f62611",
|
||||
"outputs": {},
|
||||
"resources": [
|
||||
{
|
||||
"mode": "managed",
|
||||
"type": "aws_api_gateway_authorizer",
|
||||
"name": "bar",
|
||||
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"authorizer_credentials": "arn:aws:iam::047081014315:role/api_gateway_auth_invocation",
|
||||
"authorizer_result_ttl_in_seconds": 300,
|
||||
"authorizer_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:047081014315:function:api_gateway_authorizer/invocations",
|
||||
"id": "ypcpde",
|
||||
"identity_source": "method.request.header.Authorization",
|
||||
"identity_validation_expression": "",
|
||||
"name": "bar",
|
||||
"provider_arns": null,
|
||||
"rest_api_id": "1jitcobwol",
|
||||
"type": "TOKEN"
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "bnVsbA==",
|
||||
"dependencies": [
|
||||
"aws_api_gateway_rest_api.foo",
|
||||
"aws_iam_role.invocation_role",
|
||||
"aws_iam_role.lambda",
|
||||
"aws_lambda_function.authorizer"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"mode": "managed",
|
||||
"type": "aws_api_gateway_authorizer",
|
||||
"name": "foo",
|
||||
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"authorizer_credentials": "arn:aws:iam::047081014315:role/api_gateway_auth_invocation",
|
||||
"authorizer_result_ttl_in_seconds": 300,
|
||||
"authorizer_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:047081014315:function:api_gateway_authorizer/invocations",
|
||||
"id": "bwhebj",
|
||||
"identity_source": "method.request.header.Authorization",
|
||||
"identity_validation_expression": "",
|
||||
"name": "foo",
|
||||
"provider_arns": null,
|
||||
"rest_api_id": "1jitcobwol",
|
||||
"type": "TOKEN"
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "bnVsbA==",
|
||||
"dependencies": [
|
||||
"aws_api_gateway_rest_api.foo",
|
||||
"aws_iam_role.invocation_role",
|
||||
"aws_iam_role.lambda",
|
||||
"aws_lambda_function.authorizer"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -263,3 +263,101 @@ func TestApiGatewayApiKey(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestApiGatewayAuthorizer(t *testing.T) {
|
||||
dummyError := errors.New("this is an error")
|
||||
apis := []*apigateway.RestApi{
|
||||
{Id: awssdk.String("3of73v5ob4")},
|
||||
{Id: awssdk.String("1jitcobwol")},
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
mocks func(*repository.MockApiGatewayRepository, *mocks.AlerterInterface)
|
||||
assertExpected func(t *testing.T, got []*resource.Resource)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "no api gateway authorizers",
|
||||
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
|
||||
repo.On("ListAllRestApis").Return(apis, nil)
|
||||
repo.On("ListAllRestApiAuthorizers", apis).Return([]*apigateway.Authorizer{}, nil)
|
||||
},
|
||||
assertExpected: func(t *testing.T, got []*resource.Resource) {
|
||||
assert.Len(t, got, 0)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "multiple api gateway authorizers",
|
||||
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
|
||||
repo.On("ListAllRestApis").Return(apis, nil)
|
||||
repo.On("ListAllRestApiAuthorizers", apis).Return([]*apigateway.Authorizer{
|
||||
{Id: awssdk.String("ypcpde")},
|
||||
{Id: awssdk.String("bwhebj")},
|
||||
}, nil)
|
||||
},
|
||||
assertExpected: func(t *testing.T, got []*resource.Resource) {
|
||||
assert.Len(t, got, 2)
|
||||
|
||||
assert.Equal(t, got[0].ResourceId(), "ypcpde")
|
||||
assert.Equal(t, got[0].ResourceType(), resourceaws.AwsApiGatewayAuthorizerResourceType)
|
||||
|
||||
assert.Equal(t, got[1].ResourceId(), "bwhebj")
|
||||
assert.Equal(t, got[1].ResourceType(), resourceaws.AwsApiGatewayAuthorizerResourceType)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "cannot list rest apis",
|
||||
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
|
||||
repo.On("ListAllRestApis").Return(nil, dummyError)
|
||||
alerter.On("SendAlert", resourceaws.AwsApiGatewayAuthorizerResourceType, alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayAuthorizerResourceType, resourceaws.AwsApiGatewayRestApiResourceType), alerts.EnumerationPhase)).Return()
|
||||
},
|
||||
wantErr: remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayAuthorizerResourceType, resourceaws.AwsApiGatewayRestApiResourceType),
|
||||
},
|
||||
{
|
||||
test: "cannot list api gateway resources",
|
||||
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
|
||||
repo.On("ListAllRestApis").Return(apis, nil)
|
||||
repo.On("ListAllRestApiAuthorizers", apis).Return(nil, dummyError)
|
||||
alerter.On("SendAlert", resourceaws.AwsApiGatewayAuthorizerResourceType, alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayAuthorizerResourceType, resourceaws.AwsApiGatewayAuthorizerResourceType), alerts.EnumerationPhase)).Return()
|
||||
},
|
||||
wantErr: remoteerr.NewResourceListingError(dummyError, resourceaws.AwsApiGatewayAuthorizerResourceType),
|
||||
},
|
||||
}
|
||||
|
||||
providerVersion := "3.19.0"
|
||||
schemaRepository := testresource.InitFakeSchemaRepository("aws", providerVersion)
|
||||
resourceaws.InitResourcesMetadata(schemaRepository)
|
||||
factory := terraform.NewTerraformResourceFactory(schemaRepository)
|
||||
|
||||
for _, c := range tests {
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
scanOptions := ScannerOptions{}
|
||||
remoteLibrary := common.NewRemoteLibrary()
|
||||
|
||||
// Initialize mocks
|
||||
alerter := &mocks.AlerterInterface{}
|
||||
fakeRepo := &repository.MockApiGatewayRepository{}
|
||||
c.mocks(fakeRepo, alerter)
|
||||
|
||||
var repo repository.ApiGatewayRepository = fakeRepo
|
||||
|
||||
remoteLibrary.AddEnumerator(aws.NewApiGatewayAuthorizerEnumerator(repo, factory))
|
||||
|
||||
testFilter := &filter.MockFilter{}
|
||||
testFilter.On("IsTypeIgnored", mock.Anything).Return(false)
|
||||
|
||||
s := NewScanner(remoteLibrary, alerter, scanOptions, testFilter)
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, err, c.wantErr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
c.assertExpected(tt, got)
|
||||
alerter.AssertExpectations(tt)
|
||||
fakeRepo.AssertExpectations(tt)
|
||||
testFilter.AssertExpectations(tt)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
)
|
||||
|
||||
type ApiGatewayAuthorizerEnumerator struct {
|
||||
repository repository.ApiGatewayRepository
|
||||
factory resource.ResourceFactory
|
||||
}
|
||||
|
||||
func NewApiGatewayAuthorizerEnumerator(repo repository.ApiGatewayRepository, factory resource.ResourceFactory) *ApiGatewayAuthorizerEnumerator {
|
||||
return &ApiGatewayAuthorizerEnumerator{
|
||||
repository: repo,
|
||||
factory: factory,
|
||||
}
|
||||
}
|
||||
|
||||
func (e *ApiGatewayAuthorizerEnumerator) SupportedType() resource.ResourceType {
|
||||
return aws.AwsApiGatewayAuthorizerResourceType
|
||||
}
|
||||
|
||||
func (e *ApiGatewayAuthorizerEnumerator) Enumerate() ([]*resource.Resource, error) {
|
||||
apis, err := e.repository.ListAllRestApis()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceListingErrorWithType(err, string(e.SupportedType()), aws.AwsApiGatewayRestApiResourceType)
|
||||
}
|
||||
|
||||
authorizers, err := e.repository.ListAllRestApiAuthorizers(apis)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]*resource.Resource, len(authorizers))
|
||||
|
||||
for _, authorizer := range authorizers {
|
||||
results = append(
|
||||
results,
|
||||
e.factory.CreateAbstractResource(
|
||||
string(e.SupportedType()),
|
||||
*authorizer.Id,
|
||||
map[string]interface{}{},
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
return results, err
|
||||
}
|
|
@ -185,6 +185,7 @@ func Init(version string, alerter *alerter.Alerter,
|
|||
remoteLibrary.AddEnumerator(NewApiGatewayRestApiEnumerator(apigatewayRepository, factory))
|
||||
remoteLibrary.AddEnumerator(NewApiGatewayAccountEnumerator(apigatewayRepository, factory))
|
||||
remoteLibrary.AddEnumerator(NewApiGatewayApiKeyEnumerator(apigatewayRepository, factory))
|
||||
remoteLibrary.AddEnumerator(NewApiGatewayAuthorizerEnumerator(apigatewayRepository, factory))
|
||||
|
||||
remoteLibrary.AddEnumerator(NewAppAutoscalingTargetEnumerator(appAutoScalingRepository, factory))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsAppAutoscalingTargetResourceType, common.NewGenericDetailsFetcher(aws.AwsAppAutoscalingTargetResourceType, provider, deserializer))
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
package repository
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
"github.com/aws/aws-sdk-go/service/apigateway"
|
||||
"github.com/aws/aws-sdk-go/service/apigateway/apigatewayiface"
|
||||
|
@ -11,6 +13,7 @@ type ApiGatewayRepository interface {
|
|||
ListAllRestApis() ([]*apigateway.RestApi, error)
|
||||
GetAccount() (*apigateway.Account, error)
|
||||
ListAllApiKeys() ([]*apigateway.ApiKey, error)
|
||||
ListAllRestApiAuthorizers([]*apigateway.RestApi) ([]*apigateway.Authorizer, error)
|
||||
}
|
||||
|
||||
type apigatewayRepository struct {
|
||||
|
@ -80,3 +83,27 @@ func (r *apigatewayRepository) ListAllApiKeys() ([]*apigateway.ApiKey, error) {
|
|||
r.cache.Put("apigatewayListAllApiKeys", apiKeys)
|
||||
return apiKeys, nil
|
||||
}
|
||||
|
||||
func (r *apigatewayRepository) ListAllRestApiAuthorizers(apis []*apigateway.RestApi) ([]*apigateway.Authorizer, error) {
|
||||
var authorizers []*apigateway.Authorizer
|
||||
for _, api := range apis {
|
||||
a := *api
|
||||
cacheKey := fmt.Sprintf("apigatewayListAllRestApiAuthorizers_api_%s", *a.Id)
|
||||
if v := r.cache.Get(cacheKey); v != nil {
|
||||
authorizers = append(authorizers, v.([]*apigateway.Authorizer)...)
|
||||
continue
|
||||
}
|
||||
|
||||
input := &apigateway.GetAuthorizersInput{
|
||||
RestApiId: a.Id,
|
||||
}
|
||||
resources, err := r.client.GetAuthorizers(input)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
r.cache.Put(cacheKey, resources.Items)
|
||||
authorizers = append(authorizers, resources.Items...)
|
||||
}
|
||||
return authorizers, nil
|
||||
}
|
||||
|
|
|
@ -209,3 +209,77 @@ func Test_apigatewayRepository_ListAllApiKeys(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_apigatewayRepository_ListAllRestApiAuthorizers(t *testing.T) {
|
||||
apis := []*apigateway.RestApi{
|
||||
{Id: aws.String("restapi1")},
|
||||
{Id: aws.String("restapi2")},
|
||||
}
|
||||
|
||||
apiAuthorizers := []*apigateway.Authorizer{
|
||||
{Id: aws.String("resource1")},
|
||||
{Id: aws.String("resource2")},
|
||||
{Id: aws.String("resource3")},
|
||||
{Id: aws.String("resource4")},
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
mocks func(client *awstest.MockFakeApiGateway, store *cache.MockCache)
|
||||
want []*apigateway.Authorizer
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
name: "list multiple rest api authorizers",
|
||||
mocks: func(client *awstest.MockFakeApiGateway, store *cache.MockCache) {
|
||||
client.On("GetAuthorizers",
|
||||
&apigateway.GetAuthorizersInput{
|
||||
RestApiId: aws.String("restapi1"),
|
||||
}).Return(&apigateway.GetAuthorizersOutput{Items: apiAuthorizers[:2]}, nil).Once()
|
||||
|
||||
client.On("GetAuthorizers",
|
||||
&apigateway.GetAuthorizersInput{
|
||||
RestApiId: aws.String("restapi2"),
|
||||
}).Return(&apigateway.GetAuthorizersOutput{Items: apiAuthorizers[2:]}, nil).Once()
|
||||
|
||||
store.On("Get", "apigatewayListAllRestApiAuthorizers_api_restapi1").Return(nil).Times(1)
|
||||
store.On("Put", "apigatewayListAllRestApiAuthorizers_api_restapi1", apiAuthorizers[:2]).Return(false).Times(1)
|
||||
store.On("Get", "apigatewayListAllRestApiAuthorizers_api_restapi2").Return(nil).Times(1)
|
||||
store.On("Put", "apigatewayListAllRestApiAuthorizers_api_restapi2", apiAuthorizers[2:]).Return(false).Times(1)
|
||||
},
|
||||
want: apiAuthorizers,
|
||||
},
|
||||
{
|
||||
name: "should hit cache",
|
||||
mocks: func(client *awstest.MockFakeApiGateway, store *cache.MockCache) {
|
||||
store.On("Get", "apigatewayListAllRestApiAuthorizers_api_restapi1").Return(apiAuthorizers[:2]).Times(1)
|
||||
store.On("Get", "apigatewayListAllRestApiAuthorizers_api_restapi2").Return(apiAuthorizers[2:]).Times(1)
|
||||
},
|
||||
want: apiAuthorizers,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
store := &cache.MockCache{}
|
||||
client := &awstest.MockFakeApiGateway{}
|
||||
tt.mocks(client, store)
|
||||
r := &apigatewayRepository{
|
||||
client: client,
|
||||
cache: store,
|
||||
}
|
||||
got, err := r.ListAllRestApiAuthorizers(apis)
|
||||
assert.Equal(t, tt.wantErr, err)
|
||||
|
||||
changelog, err := diff.Diff(got, tt.want)
|
||||
assert.Nil(t, err)
|
||||
if len(changelog) > 0 {
|
||||
for _, change := range changelog {
|
||||
t.Errorf("%s: %s -> %s", strings.Join(change.Path, "."), change.From, change.To)
|
||||
}
|
||||
t.Fail()
|
||||
}
|
||||
store.AssertExpectations(t)
|
||||
client.AssertExpectations(t)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
@ -58,6 +58,29 @@ func (_m *MockApiGatewayRepository) ListAllApiKeys() ([]*apigateway.ApiKey, erro
|
|||
return r0, r1
|
||||
}
|
||||
|
||||
// ListAllRestApiAuthorizers provides a mock function with given fields: _a0
|
||||
func (_m *MockApiGatewayRepository) ListAllRestApiAuthorizers(_a0 []*apigateway.RestApi) ([]*apigateway.Authorizer, error) {
|
||||
ret := _m.Called(_a0)
|
||||
|
||||
var r0 []*apigateway.Authorizer
|
||||
if rf, ok := ret.Get(0).(func([]*apigateway.RestApi) []*apigateway.Authorizer); ok {
|
||||
r0 = rf(_a0)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*apigateway.Authorizer)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func([]*apigateway.RestApi) error); ok {
|
||||
r1 = rf(_a0)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListAllRestApis provides a mock function with given fields:
|
||||
func (_m *MockApiGatewayRepository) ListAllRestApis() ([]*apigateway.RestApi, error) {
|
||||
ret := _m.Called()
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
package aws
|
||||
|
||||
const AwsApiGatewayAuthorizerResourceType = "aws_api_gateway_authorizer"
|
|
@ -0,0 +1,30 @@
|
|||
package aws_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/acceptance"
|
||||
)
|
||||
|
||||
func TestAcc_Aws_ApiGatewayAuthorizer(t *testing.T) {
|
||||
acceptance.Run(t, acceptance.AccTestCase{
|
||||
TerraformVersion: "0.15.5",
|
||||
Paths: []string{"./testdata/acc/aws_api_gateway_authorizer"},
|
||||
Args: []string{"scan", "--filter", "Type=='aws_api_gateway_authorizer'"},
|
||||
Checks: []acceptance.AccCheck{
|
||||
{
|
||||
Env: map[string]string{
|
||||
"AWS_REGION": "us-east-1",
|
||||
},
|
||||
Check: func(result *test.ScanResult, stdout string, err error) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
result.AssertInfrastructureIsInSync()
|
||||
result.AssertManagedCount(2)
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
20
pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl
vendored
Normal file
20
pkg/resource/aws/testdata/acc/aws_api_gateway_authorizer/.terraform.lock.hcl
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "3.19.0"
|
||||
constraints = "3.19.0"
|
||||
hashes = [
|
||||
"h1:xur9tF49NgsovNnmwmBR8RdpN8Fcg1TD4CKQPJD6n1A=",
|
||||
"zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b",
|
||||
"zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c",
|
||||
"zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd",
|
||||
"zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377",
|
||||
"zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a",
|
||||
"zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79",
|
||||
"zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c",
|
||||
"zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723",
|
||||
"zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31",
|
||||
"zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc",
|
||||
]
|
||||
}
|
Binary file not shown.
|
@ -0,0 +1,95 @@
|
|||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
aws = "3.19.0"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_api_gateway_rest_api" "foo" {
|
||||
name = "foo"
|
||||
description = "This is foo API"
|
||||
}
|
||||
|
||||
resource "aws_api_gateway_authorizer" "foo" {
|
||||
name = "foo"
|
||||
rest_api_id = aws_api_gateway_rest_api.foo.id
|
||||
authorizer_uri = aws_lambda_function.authorizer.invoke_arn
|
||||
authorizer_credentials = aws_iam_role.invocation_role.arn
|
||||
}
|
||||
|
||||
resource "aws_api_gateway_authorizer" "bar" {
|
||||
name = "bar"
|
||||
rest_api_id = aws_api_gateway_rest_api.foo.id
|
||||
authorizer_uri = aws_lambda_function.authorizer.invoke_arn
|
||||
authorizer_credentials = aws_iam_role.invocation_role.arn
|
||||
}
|
||||
|
||||
resource "aws_iam_role" "invocation_role" {
|
||||
name = "api_gateway_auth_invocation"
|
||||
path = "/"
|
||||
|
||||
assume_role_policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "sts:AssumeRole",
|
||||
"Principal": {
|
||||
"Service": "apigateway.amazonaws.com"
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "aws_iam_role_policy" "invocation_policy" {
|
||||
name = "default"
|
||||
role = aws_iam_role.invocation_role.id
|
||||
|
||||
policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "lambda:InvokeFunction",
|
||||
"Effect": "Allow",
|
||||
"Resource": "${aws_lambda_function.authorizer.arn}"
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "aws_iam_role" "lambda" {
|
||||
name = "demo-lambda"
|
||||
|
||||
assume_role_policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "sts:AssumeRole",
|
||||
"Principal": {
|
||||
"Service": "lambda.amazonaws.com"
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "aws_lambda_function" "authorizer" {
|
||||
filename = "lambda.zip"
|
||||
function_name = "api_gateway_authorizer"
|
||||
role = aws_iam_role.lambda.arn
|
||||
handler = "lambda.handler"
|
||||
runtime = "nodejs12.x"
|
||||
}
|
|
@ -63,6 +63,7 @@ var supportedTypes = map[string]struct{}{
|
|||
"aws_api_gateway_rest_api": {},
|
||||
"aws_api_gateway_account": {},
|
||||
"aws_api_gateway_api_key": {},
|
||||
"aws_api_gateway_authorizer": {},
|
||||
"aws_appautoscaling_target": {},
|
||||
"aws_rds_cluster_instance": {},
|
||||
|
||||
|
|
Loading…
Reference in New Issue