add AppSyncIdentity (#173)

* add AppSyncIdentity

* update Gopkg.lock & add /vendor to gitignore

* fix json tags

* Separate AppSyncIdentity into 2 separate types for IAM and Cognito
* fix tests to check marshalling / unmarshalling of identity json

* update initialisims

Arn -> ARN
Id -> ID
Ip -> IP

.gitignore

@@ -0,0 +1,2 @@
+# Go Dep
+vendor

events/appsync.go

@@ -9,6 +9,26 @@ type AppSyncResolverTemplate struct {
 	Payload   json.RawMessage  `json:"payload"`
 }
 
+// AppSyncIAMIdentity contains information about the caller authed via IAM.
+type AppSyncIAMIdentity struct {
+	AccountID             string   `json:"accountId"`
+	CognitoIdentityPoolID string   `json:"cognitoIdentityPoolId"`
+	CognitoIdentityID     string   `json:"cognitoIdentityId"`
+	SourceIP              []string `json:"sourceIp"`
+	Username              string   `json:"username"`
+	UserARN               string   `json:"userArn"`
+}
+
+// AppSyncCognitoIdentity contains information about the caller authed via Cognito.
+type AppSyncCognitoIdentity struct {
+	Sub                 string                 `json:"sub"`
+	Issuer              string                 `json:"issuer"`
+	Username            string                 `json:"username"`
+	Claims              map[string]interface{} `json:"claims"`
+	SourceIP            []string               `json:"sourceIp"`
+	DefaultAuthStrategy string                 `json:"defaultAuthStrategy"`
+}
+
 // AppSyncOperation specifies the operation type supported by Lambda operations
 type AppSyncOperation string
 

events/appsync_test.go

@@ -47,3 +47,41 @@ func TestAppSyncResolverTemplate_batchinvoke(t *testing.T) {
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
+
+func TestAppSyncIdentity_IAM(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-iam.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputIdentity AppSyncIAMIdentity
+	if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil {
+		t.Errorf("could not unmarshal identity. details: %v", err)
+	}
+
+	outputJSON, err := json.Marshal(inputIdentity)
+	if err != nil {
+		t.Errorf("could not marshal identity. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
+
+func TestAppSyncIdentity_Cognito(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-cognito.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputIdentity AppSyncCognitoIdentity
+	if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil {
+		t.Errorf("could not unmarshal identity. details: %v", err)
+	}
+
+	outputJSON, err := json.Marshal(inputIdentity)
+	if err != nil {
+		t.Errorf("could not marshal identity. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}

events/testdata/appsync-identity-cognito.json

@@ -0,0 +1,18 @@
+{
+  "sub": "123-456",
+  "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+  "username": "user1",
+  "claims": {
+    "sub": "123-456",
+    "aud": "abcdefg",
+    "event_id": "123-123-123",
+    "token_use": "id",
+    "auth_time": 1551226125,
+    "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+    "cognito:username": "user1",
+    "exp": 1551228178628,
+    "iat": 1551228178629
+  },
+  "sourceIp": ["192.168.196.186", "193.168.196.186"],
+  "defaultAuthStrategy": "ALLOW"
+}

events/testdata/appsync-identity-iam.json

@@ -0,0 +1,8 @@
+{
+  "accountId": "accountid123",
+  "cognitoIdentityPoolId": "identitypoolid123",
+  "cognitoIdentityId": "identityid123",
+  "sourceIp": ["192.168.196.186", "193.168.196.186"],
+  "username": "user1",
+  "userArn": "arn:aws:iam::123456789012:user/appsync"
+}