diff --git a/cloudformation/serverless/aws-serverless-function_apievent.go b/cloudformation/serverless/aws-serverless-function_apievent.go index 0b30f76c4b..273900d92b 100644 --- a/cloudformation/serverless/aws-serverless-function_apievent.go +++ b/cloudformation/serverless/aws-serverless-function_apievent.go @@ -8,6 +8,11 @@ import ( // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api type Function_ApiEvent struct { + // Auth AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api + Auth *Function_Auth `json:"Auth,omitempty"` + // Method AWS CloudFormation Property // Required: true // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api diff --git a/cloudformation/serverless/aws-serverless-function_auth.go b/cloudformation/serverless/aws-serverless-function_auth.go new file mode 100644 index 0000000000..b27cf4a98d --- /dev/null +++ b/cloudformation/serverless/aws-serverless-function_auth.go @@ -0,0 +1,50 @@ +package serverless + +import ( + "github.com/awslabs/goformation/v4/cloudformation/policies" +) + +// Function_Auth AWS CloudFormation Resource (AWS::Serverless::Function.Auth) +// See: https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object +type Function_Auth struct { + + // ApiKeyRequired AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + ApiKeyRequired bool `json:"ApiKeyRequired,omitempty"` + + // AuthorizationScopes AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + AuthorizationScopes []string `json:"AuthorizationScopes,omitempty"` + + // Authorizer AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + Authorizer string `json:"Authorizer,omitempty"` + + // ResourcePolicy AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + ResourcePolicy *Function_AuthResourcePolicy `json:"ResourcePolicy,omitempty"` + + // AWSCloudFormationDeletionPolicy represents a CloudFormation DeletionPolicy + AWSCloudFormationDeletionPolicy policies.DeletionPolicy `json:"-"` + + // AWSCloudFormationUpdateReplacePolicy represents a CloudFormation UpdateReplacePolicy + AWSCloudFormationUpdateReplacePolicy policies.UpdateReplacePolicy `json:"-"` + + // AWSCloudFormationDependsOn stores the logical ID of the resources to be created before this resource + AWSCloudFormationDependsOn []string `json:"-"` + + // AWSCloudFormationMetadata stores structured data associated with this resource + AWSCloudFormationMetadata map[string]interface{} `json:"-"` + + // AWSCloudFormationCondition stores the logical ID of the condition that must be satisfied for this resource to be created + AWSCloudFormationCondition string `json:"-"` +} + +// AWSCloudFormationType returns the AWS CloudFormation resource type +func (r *Function_Auth) AWSCloudFormationType() string { + return "AWS::Serverless::Function.Auth" +} diff --git a/cloudformation/serverless/aws-serverless-function_authresourcepolicy.go b/cloudformation/serverless/aws-serverless-function_authresourcepolicy.go new file mode 100644 index 0000000000..64c98bdb8f --- /dev/null +++ b/cloudformation/serverless/aws-serverless-function_authresourcepolicy.go @@ -0,0 +1,85 @@ +package serverless + +import ( + "github.com/awslabs/goformation/v4/cloudformation/policies" +) + +// Function_AuthResourcePolicy AWS CloudFormation Resource (AWS::Serverless::Function.AuthResourcePolicy) +// See: https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object +type Function_AuthResourcePolicy struct { + + // AwsAccountBlacklist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + AwsAccountBlacklist []string `json:"AwsAccountBlacklist,omitempty"` + + // AwsAccountWhitelist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + AwsAccountWhitelist []string `json:"AwsAccountWhitelist,omitempty"` + + // CustomStatements AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + CustomStatements []interface{} `json:"CustomStatements,omitempty"` + + // IntrinsicVpcBlacklist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IntrinsicVpcBlacklist []string `json:"IntrinsicVpcBlacklist,omitempty"` + + // IntrinsicVpcWhitelist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IntrinsicVpcWhitelist []string `json:"IntrinsicVpcWhitelist,omitempty"` + + // IntrinsicVpceBlacklist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IntrinsicVpceBlacklist []string `json:"IntrinsicVpceBlacklist,omitempty"` + + // IntrinsicVpceWhitelist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IntrinsicVpceWhitelist []string `json:"IntrinsicVpceWhitelist,omitempty"` + + // IpRangeBlacklist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IpRangeBlacklist []string `json:"IpRangeBlacklist,omitempty"` + + // IpRangeWhitelist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + IpRangeWhitelist []string `json:"IpRangeWhitelist,omitempty"` + + // SourceVpcBlacklist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + SourceVpcBlacklist []string `json:"SourceVpcBlacklist,omitempty"` + + // SourceVpcWhitelist AWS CloudFormation Property + // Required: false + // See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object + SourceVpcWhitelist []string `json:"SourceVpcWhitelist,omitempty"` + + // AWSCloudFormationDeletionPolicy represents a CloudFormation DeletionPolicy + AWSCloudFormationDeletionPolicy policies.DeletionPolicy `json:"-"` + + // AWSCloudFormationUpdateReplacePolicy represents a CloudFormation UpdateReplacePolicy + AWSCloudFormationUpdateReplacePolicy policies.UpdateReplacePolicy `json:"-"` + + // AWSCloudFormationDependsOn stores the logical ID of the resources to be created before this resource + AWSCloudFormationDependsOn []string `json:"-"` + + // AWSCloudFormationMetadata stores structured data associated with this resource + AWSCloudFormationMetadata map[string]interface{} `json:"-"` + + // AWSCloudFormationCondition stores the logical ID of the condition that must be satisfied for this resource to be created + AWSCloudFormationCondition string `json:"-"` +} + +// AWSCloudFormationType returns the AWS CloudFormation resource type +func (r *Function_AuthResourcePolicy) AWSCloudFormationType() string { + return "AWS::Serverless::Function.AuthResourcePolicy" +} diff --git a/generate/sam-2016-10-31.json b/generate/sam-2016-10-31.json index e9298f78e6..9bad4ac12f 100644 --- a/generate/sam-2016-10-31.json +++ b/generate/sam-2016-10-31.json @@ -783,6 +783,124 @@ "Required": false, "PrimitiveType": "String", "UpdateType": "Immutable" + }, + "Auth": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api", + "Required": false, + "Type": "Auth", + "UpdateType": "Immutable" + } + } + }, + "AWS::Serverless::Function.Auth": { + "Documentation": "https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Properties": { + "Authorizer": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "PrimitiveType": "String", + "UpdateType": "Immutable" + }, + "AuthorizationScopes": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "ApiKeyRequired": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "PrimitiveType": "Boolean", + "UpdateType": "Immutable" + }, + "ResourcePolicy": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "AuthResourcePolicy", + "UpdateType": "Immutable" + } + } + }, + "AWS::Serverless::Function.AuthResourcePolicy": { + "Documentation": "https://github.com/aws/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Properties": { + "CustomStatements": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "Map", + "UpdateType": "Immutable" + }, + "AwsAccountBlacklist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "AwsAccountWhitelist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IntrinsicVpcBlacklist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IntrinsicVpcWhitelist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IntrinsicVpceBlacklist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IntrinsicVpceWhitelist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IpRangeBlacklist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "IpRangeWhitelist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "SourceVpcBlacklist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" + }, + "SourceVpcWhitelist": { + "Documentation": "https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#function-auth-object", + "Required": false, + "Type": "List", + "PrimitiveItemType": "String", + "UpdateType": "Immutable" } } }, diff --git a/goformation_test.go b/goformation_test.go index 9fbf265131..823ebfe4b8 100644 --- a/goformation_test.go +++ b/goformation_test.go @@ -1,9 +1,8 @@ package goformation_test import ( - "fmt" - "encoding/json" + "fmt" "github.com/sanathkr/yaml" @@ -788,7 +787,7 @@ var _ = Describe("Goformation", func() { }) - Context("with a YAML template with paramter overrides", func() { + Context("with a YAML template with parameter overrides", func() { template, err := goformation.OpenWithOptions("test/yaml/aws-serverless-function-env-vars.yaml", &intrinsics.ProcessorOptions{ ParameterOverrides: map[string]interface{}{"ExampleParameter": "SomeNewValue"}, @@ -837,6 +836,47 @@ var _ = Describe("Goformation", func() { }) }) + Context("with an API event source", func() { + event := serverless.Function_Properties{ + ApiEvent: &serverless.Function_ApiEvent{ + Auth: &serverless.Function_Auth{ + ApiKeyRequired: true, + AuthorizationScopes: []string{"scope1", "scope2"}, + Authorizer: "aws_iam", + ResourcePolicy: &serverless.Function_AuthResourcePolicy{ + CustomStatements: []interface{}{ + map[string]interface{}{ + "Effect": "Allow", + "Action": "execute-api:*", + "Resource": "*", + }, + }, + AwsAccountBlacklist: []string{"AwsAccountBlacklistValue"}, + AwsAccountWhitelist: []string{"AwsAccountWhitelistValue"}, + IntrinsicVpcBlacklist: []string{"IntrinsicVpcBlacklistValue"}, + IntrinsicVpcWhitelist: []string{"IntrinsicVpcWhitelistValue"}, + IntrinsicVpceBlacklist: []string{"IntrinsicVpceBlacklistValue"}, + IntrinsicVpceWhitelist: []string{"IntrinsicVpceWhitelistValue"}, + IpRangeBlacklist: []string{"IpRangeBlacklistValue"}, + IpRangeWhitelist: []string{"IpRangeWhitelistValue"}, + SourceVpcBlacklist: []string{"SourceVpcBlacklistValue"}, + SourceVpcWhitelist: []string{"SourceVpcWhitelistValue"}, + }, + }, + Method: "MethodValue", + Path: "PathValue", + RestApiId: "RestApiIdValue", + }, + } + + It("should marshal properties correctly", func() { + expectedString := `{"Auth":{"ApiKeyRequired":true,"AuthorizationScopes":["scope1","scope2"],"Authorizer":"aws_iam","ResourcePolicy":{"AwsAccountBlacklist":["AwsAccountBlacklistValue"],"AwsAccountWhitelist":["AwsAccountWhitelistValue"],"CustomStatements":[{"Action":"execute-api:*","Effect":"Allow","Resource":"*"}],"IntrinsicVpcBlacklist":["IntrinsicVpcBlacklistValue"],"IntrinsicVpcWhitelist":["IntrinsicVpcWhitelistValue"],"IntrinsicVpceBlacklist":["IntrinsicVpceBlacklistValue"],"IntrinsicVpceWhitelist":["IntrinsicVpceWhitelistValue"],"IpRangeBlacklist":["IpRangeBlacklistValue"],"IpRangeWhitelist":["IpRangeWhitelistValue"],"SourceVpcBlacklist":["SourceVpcBlacklistValue"],"SourceVpcWhitelist":["SourceVpcWhitelistValue"]}},"Method":"MethodValue","Path":"PathValue","RestApiId":"RestApiIdValue"}` + bytes, err := event.MarshalJSON() + Expect(err).To(BeNil()) + Expect(string(bytes)).To(Equal(expectedString)) + }) + }) + Context("with a template that contains a reference to another resource within the template", func() { template := &cloudformation.Template{ diff --git a/schema/sam.go b/schema/sam.go index e2cf6338b0..fb4e9b7bd8 100644 --- a/schema/sam.go +++ b/schema/sam.go @@ -100762,6 +100762,9 @@ var SamSchema = `{ "AWS::Serverless::Function.ApiEvent": { "additionalProperties": false, "properties": { + "Auth": { + "$ref": "#/definitions/AWS::Serverless::Function.Auth" + }, "Method": { "type": "string" }, @@ -100778,6 +100781,99 @@ var SamSchema = `{ ], "type": "object" }, + "AWS::Serverless::Function.Auth": { + "additionalProperties": false, + "properties": { + "ApiKeyRequired": { + "type": "boolean" + }, + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Authorizer": { + "type": "string" + }, + "ResourcePolicy": { + "$ref": "#/definitions/AWS::Serverless::Function.AuthResourcePolicy" + } + }, + "type": "object" + }, + "AWS::Serverless::Function.AuthResourcePolicy": { + "additionalProperties": false, + "properties": { + "AwsAccountBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AwsAccountWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CustomStatements": { + "items": { + "type": "object" + }, + "type": "array" + }, + "IntrinsicVpcBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpcWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpceBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpceWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IpRangeBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IpRangeWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SourceVpcBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SourceVpcWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Serverless::Function.BucketSAMPT": { "additionalProperties": false, "properties": { diff --git a/schema/sam.schema.json b/schema/sam.schema.json index 1f8ffb8b44..8fb7df294e 100644 --- a/schema/sam.schema.json +++ b/schema/sam.schema.json @@ -100759,6 +100759,9 @@ "AWS::Serverless::Function.ApiEvent": { "additionalProperties": false, "properties": { + "Auth": { + "$ref": "#/definitions/AWS::Serverless::Function.Auth" + }, "Method": { "type": "string" }, @@ -100775,6 +100778,99 @@ ], "type": "object" }, + "AWS::Serverless::Function.Auth": { + "additionalProperties": false, + "properties": { + "ApiKeyRequired": { + "type": "boolean" + }, + "AuthorizationScopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Authorizer": { + "type": "string" + }, + "ResourcePolicy": { + "$ref": "#/definitions/AWS::Serverless::Function.AuthResourcePolicy" + } + }, + "type": "object" + }, + "AWS::Serverless::Function.AuthResourcePolicy": { + "additionalProperties": false, + "properties": { + "AwsAccountBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "AwsAccountWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CustomStatements": { + "items": { + "type": "object" + }, + "type": "array" + }, + "IntrinsicVpcBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpcWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpceBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IntrinsicVpceWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IpRangeBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IpRangeWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SourceVpcBlacklist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SourceVpcWhitelist": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::Serverless::Function.BucketSAMPT": { "additionalProperties": false, "properties": {