Skip to content

Commit 4493609

Browse files
msailescarlzogh
msailes
and
carlzogh
authored
Add IAM Response (aws#213)
Co-authored-by: Carl Zogheib <11421173+carlzogh@users.noreply.github.com>
1 parent 8dc5ba8 commit 4493609

6 files changed

Lines changed: 228 additions & 0 deletions

File tree

aws-lambda-java-events/pom.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,19 @@
5656
<version>5.7.0</version>
5757
<scope>test</scope>
5858
</dependency>
59+
<dependency>
60+
<groupId>com.fasterxml.jackson.core</groupId>
61+
<artifactId>jackson-databind</artifactId>
62+
<version>2.10.4</version>
63+
<scope>test</scope>
64+
</dependency>
65+
<dependency>
66+
<groupId>net.javacrumbs.json-unit</groupId>
67+
<artifactId>json-unit-assertj</artifactId>
68+
<version>2.22.0</version>
69+
<scope>test</scope>
70+
</dependency>
71+
5972
<dependency>
6073
<groupId>org.projectlombok</groupId>
6174
<artifactId>lombok</artifactId>

aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/IamPolicyResponse.java

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
package com.amazonaws.services.lambda.runtime.events;
2+
3+
import lombok.AllArgsConstructor;
4+
import lombok.Builder;
5+
import lombok.Data;
6+
import lombok.NoArgsConstructor;
7+
8+
import java.io.Serializable;
9+
import java.util.Collections;
10+
import java.util.HashMap;
11+
import java.util.List;
12+
import java.util.Map;
13+
14+
@Data
15+
@Builder(setterPrefix = "with")
16+
@NoArgsConstructor
17+
@AllArgsConstructor
18+
public class IamPolicyResponse implements Serializable, Cloneable {
19+
20+
public static final String EXECUTE_API_INVOKE = "execute-api:Invoke";
21+
public static final String VERSION_2012_10_17 = "2012-10-17";
22+
public static final String ALLOW = "Allow";
23+
public static final String DENY = "Deny";
24+
25+
private String principalId;
26+
private PolicyDocument policyDocument;
27+
private Map<String, Object> context;
28+
29+
public Map<String, Object> getPolicyDocument() {
30+
Map<String, Object> serializablePolicy = new HashMap<>();
31+
serializablePolicy.put("Version", policyDocument.getVersion());
32+
33+
int numberOfStatements = policyDocument.getStatement().size();
34+
Map<String, Object>[] serializableStatementArray = new Map[numberOfStatements];
35+
for (int i = 0; i < numberOfStatements; i++) {
36+
Statement statement = policyDocument.getStatement().get(i);
37+
Map<String, Object> serializableStatement = new HashMap<>();
38+
serializableStatement.put("Effect", statement.getEffect());
39+
serializableStatement.put("Action", statement.getAction());
40+
serializableStatement.put("Resource", statement.getResource().toArray(new String[0]));
41+
serializableStatement.put("Condition", statement.getCondition());
42+
serializableStatementArray[i] = serializableStatement;
43+
}
44+
serializablePolicy.put("Statement", serializableStatementArray);
45+
return serializablePolicy;
46+
}
47+
48+
public static Statement allowStatement(String resource) {
49+
return Statement.builder()
50+
.withEffect(ALLOW)
51+
.withResource(Collections.singletonList(resource))
52+
.withAction(EXECUTE_API_INVOKE)
53+
.build();
54+
}
55+
56+
public static Statement denyStatement(String resource) {
57+
return Statement.builder()
58+
.withEffect(DENY)
59+
.withResource(Collections.singletonList(resource))
60+
.withAction(EXECUTE_API_INVOKE)
61+
.build();
62+
}
63+
64+
@Data
65+
@Builder(setterPrefix = "with")
66+
@NoArgsConstructor
67+
@AllArgsConstructor
68+
public static class PolicyDocument implements Serializable, Cloneable {
69+
70+
private String version;
71+
private List<Statement> statement;
72+
}
73+
74+
@Data
75+
@Builder(setterPrefix = "with")
76+
@NoArgsConstructor
77+
@AllArgsConstructor
78+
public static class Statement implements Serializable, Cloneable {
79+
80+
private String action;
81+
private String effect;
82+
private List<String> resource;
83+
private Map<String, Map<String, Object>> condition;
84+
}
85+
}

aws-lambda-java-events/src/test/java/com/amazonaws/services/lambda/runtime/events/IamPolicyResponseTest.java

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,91 @@
1+
package com.amazonaws.services.lambda.runtime.events;
2+
3+
import com.fasterxml.jackson.core.JsonProcessingException;
4+
import com.fasterxml.jackson.databind.ObjectMapper;
5+
import org.junit.jupiter.api.Test;
6+
7+
import java.io.IOException;
8+
import java.nio.charset.StandardCharsets;
9+
import java.nio.file.Files;
10+
import java.nio.file.Path;
11+
import java.nio.file.Paths;
12+
import java.util.HashMap;
13+
import java.util.Map;
14+
15+
import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.ALLOW;
16+
import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.EXECUTE_API_INVOKE;
17+
import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.VERSION_2012_10_17;
18+
import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.allowStatement;
19+
import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.denyStatement;
20+
import static java.util.Collections.singletonList;
21+
import static java.util.Collections.singletonMap;
22+
import static net.javacrumbs.jsonunit.assertj.JsonAssertions.assertThatJson;
23+
24+
public class IamPolicyResponseTest {
25+
26+
private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
27+
28+
@Test
29+
public void testAllowStatement() throws JsonProcessingException {
30+
IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
31+
.withPrincipalId("me")
32+
.withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
33+
.withVersion(VERSION_2012_10_17)
34+
.withStatement(singletonList(allowStatement("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*")))
35+
.build())
36+
.build();
37+
38+
String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
39+
40+
assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/allow.json"));
41+
}
42+
43+
@Test
44+
public void testDenyStatement() throws JsonProcessingException {
45+
IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
46+
.withPrincipalId("me")
47+
.withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
48+
.withVersion(VERSION_2012_10_17)
49+
.withStatement(singletonList(denyStatement("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*")))
50+
.build())
51+
.build();
52+
53+
String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
54+
55+
assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/deny.json"));
56+
}
57+
58+
@Test
59+
public void testStatementWithCondition() throws JsonProcessingException {
60+
Map<String, Map<String, Object>> conditions = new HashMap<>();
61+
conditions.put("DateGreaterThan", singletonMap("aws:TokenIssueTime", "2020-01-01T00:00:01Z"));
62+
63+
IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
64+
.withPrincipalId("me")
65+
.withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
66+
.withVersion(VERSION_2012_10_17)
67+
.withStatement(singletonList(IamPolicyResponse.Statement.builder()
68+
.withAction(EXECUTE_API_INVOKE)
69+
.withEffect(ALLOW)
70+
.withResource(singletonList("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"))
71+
.withCondition(conditions)
72+
.build()))
73+
.build())
74+
.build();
75+
76+
String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
77+
78+
assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/allow-with-condition.json"));
79+
}
80+
81+
private String readResource(String name) {
82+
Path filePath = Paths.get("src", "test", "resources", name);
83+
byte[] bytes = new byte[0];
84+
try {
85+
bytes = Files.readAllBytes(filePath);
86+
} catch (IOException e) {
87+
e.printStackTrace();
88+
}
89+
return new String(bytes, StandardCharsets.UTF_8);
90+
}
91+
}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/allow-with-condition.json

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
{
2+
"principalId": "me",
3+
"policyDocument": {
4+
"Version": "2012-10-17",
5+
"Statement": [{
6+
"Action": "execute-api:Invoke",
7+
"Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
8+
"Effect": "Allow",
9+
"Condition": {"DateGreaterThan": {"aws:TokenIssueTime": "2020-01-01T00:00:01Z"}}
10+
}]
11+
},
12+
"context":null
13+
}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/allow.json

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
{
2+
"principalId": "me",
3+
"policyDocument": {
4+
"Version": "2012-10-17",
5+
"Statement": [{
6+
"Action": "execute-api:Invoke",
7+
"Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
8+
"Effect": "Allow",
9+
"Condition": null
10+
}]
11+
},
12+
"context":null
13+
}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/deny.json

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
{
2+
"principalId": "me",
3+
"policyDocument": {
4+
"Version": "2012-10-17",
5+
"Statement": [{
6+
"Action": "execute-api:Invoke",
7+
"Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
8+
"Effect": "Deny",
9+
"Condition": null
10+
}]
11+
},
12+
"context":null
13+
}

0 commit comments

Comments
 (0)