Merge pull request #546 from overmindtech/feat/apigateway-authorizer-deployment

(3) Feat/apigateway autorizer and deployment adapters

GitOrigin-RevId: ea93a996ee53c9a68b6f9df89747bc03f0339b26

Author: dylanratcliffe

aws-source/adapters/apigateway-authorizer.go

@@ -0,0 +1,120 @@
+package adapters
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/service/apigateway"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway/types"
+
+	"github.com/overmindtech/cli/aws-source/adapterhelpers"
+	"github.com/overmindtech/cli/sdp-go"
+)
+
+// convertGetAuthorizerOutputToAuthorizer converts a GetAuthorizerOutput to an Authorizer
+func convertGetAuthorizerOutputToAuthorizer(output *apigateway.GetAuthorizerOutput) *types.Authorizer {
+	return &types.Authorizer{
+		Id:                           output.Id,
+		Name:                         output.Name,
+		Type:                         output.Type,
+		ProviderARNs:                 output.ProviderARNs,
+		AuthType:                     output.AuthType,
+		AuthorizerUri:                output.AuthorizerUri,
+		AuthorizerCredentials:        output.AuthorizerCredentials,
+		IdentitySource:               output.IdentitySource,
+		IdentityValidationExpression: output.IdentityValidationExpression,
+		AuthorizerResultTtlInSeconds: output.AuthorizerResultTtlInSeconds,
+	}
+}
+
+func authorizerOutputMapper(query, scope string, awsItem *types.Authorizer) (*sdp.Item, error) {
+	attributes, err := adapterhelpers.ToAttributesWithExclude(awsItem, "tags")
+	if err != nil {
+		return nil, err
+	}
+
+	item := sdp.Item{
+		Type:            "apigateway-authorizer",
+		UniqueAttribute: "Id",
+		Attributes:      attributes,
+		Scope:           scope,
+	}
+
+	item.LinkedItemQueries = append(item.LinkedItemQueries, &sdp.LinkedItemQuery{
+		Query: &sdp.Query{
+			Type:   "apigateway-rest-api",
+			Method: sdp.QueryMethod_GET,
+			Query:  strings.Split(query, "/")[0],
+			Scope:  scope,
+		},
+		BlastPropagation: &sdp.BlastPropagation{
+			// They are tightly coupled, so we need to propagate the blast to the linked item
+			In:  true,
+			Out: true,
+		},
+	})
+
+	return &item, nil
+}
+
+func NewAPIGatewayAuthorizerAdapter(client *apigateway.Client, accountID string, region string) *adapterhelpers.GetListAdapter[*types.Authorizer, *apigateway.Client, *apigateway.Options] {
+	return &adapterhelpers.GetListAdapter[*types.Authorizer, *apigateway.Client, *apigateway.Options]{
+		ItemType:        "apigateway-authorizer",
+		Client:          client,
+		AccountID:       accountID,
+		Region:          region,
+		AdapterMetadata: authorizerAdapterMetadata,
+		GetFunc: func(ctx context.Context, client *apigateway.Client, scope, query string) (*types.Authorizer, error) {
+			f := strings.Split(query, "/")
+			if len(f) != 2 {
+				return nil, &sdp.QueryError{
+					ErrorType:   sdp.QueryError_NOTFOUND,
+					ErrorString: fmt.Sprintf("query must be in the format of: the rest-api-id/authorizer-id, but found: %s", query),
+				}
+			}
+			out, err := client.GetAuthorizer(ctx, &apigateway.GetAuthorizerInput{
+				RestApiId:    &f[0],
+				AuthorizerId: &f[1],
+			})
+			if err != nil {
+				return nil, err
+			}
+			return convertGetAuthorizerOutputToAuthorizer(out), nil
+		},
+		DisableList: true,
+		SearchFunc: func(ctx context.Context, client *apigateway.Client, scope string, query string) ([]*types.Authorizer, error) {
+			out, err := client.GetAuthorizers(ctx, &apigateway.GetAuthorizersInput{
+				RestApiId: &query,
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			authorizers := make([]*types.Authorizer, 0, len(out.Items))
+			for _, authorizer := range out.Items {
+				authorizers = append(authorizers, &authorizer)
+			}
+
+			return authorizers, nil
+		},
+		ItemMapper: func(query, scope string, awsItem *types.Authorizer) (*sdp.Item, error) {
+			return authorizerOutputMapper(query, scope, awsItem)
+		},
+	}
+}
+
+var authorizerAdapterMetadata = Metadata.Register(&sdp.AdapterMetadata{
+	Type:            "apigateway-authorizer",
+	DescriptiveName: "API Gateway Authorizer",
+	Category:        sdp.AdapterCategory_ADAPTER_CATEGORY_SECURITY,
+	SupportedQueryMethods: &sdp.AdapterSupportedQueryMethods{
+		Get:               true,
+		Search:            true,
+		GetDescription:    "Get an API Gateway Authorizer by its rest API ID and ID: rest-api-id/authorizer-id",
+		SearchDescription: "Search for API Gateway Authorizers by their rest API ID",
+	},
+	TerraformMappings: []*sdp.TerraformMapping{
+		{TerraformQueryMap: "aws_api_gateway_authorizer.id"},
+	},
+})

aws-source/adapters/apigateway-authorizer_test.go

@@ -0,0 +1,64 @@
+package adapters
+
+import (
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway/types"
+
+	"github.com/overmindtech/cli/aws-source/adapterhelpers"
+	"github.com/overmindtech/cli/sdp-go"
+)
+
+func TestAuthorizerOutputMapper(t *testing.T) {
+	awsItem := &types.Authorizer{
+		Id:                           aws.String("authorizer-id"),
+		Name:                         aws.String("authorizer-name"),
+		Type:                         types.AuthorizerTypeRequest,
+		ProviderARNs:                 []string{"arn:aws:iam::123456789012:role/service-role"},
+		AuthType:                     aws.String("custom"),
+		AuthorizerUri:                aws.String("arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:my-function/invocations"),
+		AuthorizerCredentials:        aws.String("arn:aws:iam::123456789012:role/service-role"),
+		IdentitySource:               aws.String("method.request.header.Authorization"),
+		IdentityValidationExpression: aws.String(".*"),
+		AuthorizerResultTtlInSeconds: aws.Int32(300),
+	}
+
+	item, err := authorizerOutputMapper("rest-api-id", "scope", awsItem)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := item.Validate(); err != nil {
+		t.Error(err)
+	}
+
+	tests := adapterhelpers.QueryTests{
+		{
+			ExpectedType:   "apigateway-rest-api",
+			ExpectedMethod: sdp.QueryMethod_GET,
+			ExpectedQuery:  "rest-api-id",
+			ExpectedScope:  "scope",
+		},
+	}
+
+	tests.Execute(t, item)
+}
+
+func TestNewAPIGatewayAuthorizerAdapter(t *testing.T) {
+	config, account, region := adapterhelpers.GetAutoConfig(t)
+
+	client := apigateway.NewFromConfig(config)
+
+	adapter := NewAPIGatewayAuthorizerAdapter(client, account, region)
+
+	test := adapterhelpers.E2ETest{
+		Adapter:  adapter,
+		Timeout:  10 * time.Second,
+		SkipList: true,
+	}
+
+	test.Run(t)
+}

aws-source/adapters/apigateway-deployment.go

@@ -0,0 +1,114 @@
+package adapters
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/service/apigateway"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway/types"
+
+	"github.com/overmindtech/cli/aws-source/adapterhelpers"
+	"github.com/overmindtech/cli/sdp-go"
+)
+
+// convertGetDeploymentOutputToDeployment converts a GetDeploymentOutput to a Deployment
+func convertGetDeploymentOutputToDeployment(output *apigateway.GetDeploymentOutput) *types.Deployment {
+	return &types.Deployment{
+		Id:          output.Id,
+		CreatedDate: output.CreatedDate,
+		Description: output.Description,
+		ApiSummary:  output.ApiSummary,
+	}
+}
+
+func deploymentOutputMapper(query, scope string, awsItem *types.Deployment) (*sdp.Item, error) {
+	attributes, err := adapterhelpers.ToAttributesWithExclude(awsItem, "tags")
+	if err != nil {
+		return nil, err
+	}
+
+	item := sdp.Item{
+		Type:            "apigateway-deployment",
+		UniqueAttribute: "Id",
+		Attributes:      attributes,
+		Scope:           scope,
+	}
+
+	item.LinkedItemQueries = append(item.LinkedItemQueries, &sdp.LinkedItemQuery{
+		Query: &sdp.Query{
+			Type:   "apigateway-rest-api",
+			Method: sdp.QueryMethod_GET,
+			Query:  strings.Split(query, "/")[0],
+			Scope:  scope,
+		},
+		BlastPropagation: &sdp.BlastPropagation{
+			// They are tightly coupled, so we need to propagate the blast to the linked item
+			In:  true,
+			Out: true,
+		},
+	})
+
+	return &item, nil
+}
+
+func NewAPIGatewayDeploymentAdapter(client *apigateway.Client, accountID string, region string) *adapterhelpers.GetListAdapter[*types.Deployment, *apigateway.Client, *apigateway.Options] {
+	return &adapterhelpers.GetListAdapter[*types.Deployment, *apigateway.Client, *apigateway.Options]{
+		ItemType:        "apigateway-deployment",
+		Client:          client,
+		AccountID:       accountID,
+		Region:          region,
+		AdapterMetadata: deploymentAdapterMetadata,
+		GetFunc: func(ctx context.Context, client *apigateway.Client, scope, query string) (*types.Deployment, error) {
+			f := strings.Split(query, "/")
+			if len(f) != 2 {
+				return nil, &sdp.QueryError{
+					ErrorType:   sdp.QueryError_NOTFOUND,
+					ErrorString: fmt.Sprintf("query must be in the format of: the rest-api-id/deployment-id, but found: %s", query),
+				}
+			}
+			out, err := client.GetDeployment(ctx, &apigateway.GetDeploymentInput{
+				RestApiId:    &f[0],
+				DeploymentId: &f[1],
+			})
+			if err != nil {
+				return nil, err
+			}
+			return convertGetDeploymentOutputToDeployment(out), nil
+		},
+		DisableList: true,
+		SearchFunc: func(ctx context.Context, client *apigateway.Client, scope string, query string) ([]*types.Deployment, error) {
+			out, err := client.GetDeployments(ctx, &apigateway.GetDeploymentsInput{
+				RestApiId: &query,
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			response := make([]*types.Deployment, 0, len(out.Items))
+			for _, item := range out.Items {
+				response = append(response, &item)
+			}
+
+			return response, nil
+		},
+		ItemMapper: func(query, scope string, awsItem *types.Deployment) (*sdp.Item, error) {
+			return deploymentOutputMapper(query, scope, awsItem)
+		},
+	}
+}
+
+var deploymentAdapterMetadata = Metadata.Register(&sdp.AdapterMetadata{
+	Type:            "apigateway-deployment",
+	DescriptiveName: "API Gateway Deployment",
+	Category:        sdp.AdapterCategory_ADAPTER_CATEGORY_CONFIGURATION,
+	SupportedQueryMethods: &sdp.AdapterSupportedQueryMethods{
+		Get:               true,
+		Search:            true,
+		GetDescription:    "Get an API Gateway Deployment by its rest API ID and ID: rest-api-id/deployment-id",
+		SearchDescription: "Search for API Gateway Deployments by their rest API ID",
+	},
+	TerraformMappings: []*sdp.TerraformMapping{
+		{TerraformQueryMap: "aws_api_gateway_deployment.id"},
+	},
+})

aws-source/adapters/apigateway-deployment_test.go

@@ -0,0 +1,58 @@
+package adapters
+
+import (
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway"
+	"github.com/aws/aws-sdk-go-v2/service/apigateway/types"
+
+	"github.com/overmindtech/cli/aws-source/adapterhelpers"
+	"github.com/overmindtech/cli/sdp-go"
+)
+
+func TestDeploymentOutputMapper(t *testing.T) {
+	awsItem := &types.Deployment{
+		Id:          aws.String("deployment-id"),
+		CreatedDate: aws.Time(time.Now()),
+		Description: aws.String("deployment-description"),
+		ApiSummary:  map[string]map[string]types.MethodSnapshot{},
+	}
+
+	item, err := deploymentOutputMapper("rest-api-id", "scope", awsItem)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	if err := item.Validate(); err != nil {
+		t.Error(err)
+	}
+
+	tests := adapterhelpers.QueryTests{
+		{
+			ExpectedType:   "apigateway-rest-api",
+			ExpectedMethod: sdp.QueryMethod_GET,
+			ExpectedQuery:  "rest-api-id",
+			ExpectedScope:  "scope",
+		},
+	}
+
+	tests.Execute(t, item)
+}
+
+func TestNewAPIGatewayDeploymentAdapter(t *testing.T) {
+	config, account, region := adapterhelpers.GetAutoConfig(t)
+
+	client := apigateway.NewFromConfig(config)
+
+	adapter := NewAPIGatewayDeploymentAdapter(client, account, region)
+
+	test := adapterhelpers.E2ETest{
+		Adapter:  adapter,
+		Timeout:  10 * time.Second,
+		SkipList: true,
+	}
+
+	test.Run(t)
+}

aws-source/adapters/apigateway-rest-api.go

@@ -139,6 +139,36 @@ func restApiOutputMapper(scope string, awsItem *types.RestApi) (*sdp.Item, error
 		},
 	})
 
+	item.LinkedItemQueries = append(item.LinkedItemQueries, &sdp.LinkedItemQuery{
+		Query: &sdp.Query{
+			Type:   "apigateway-deployment",
+			Method: sdp.QueryMethod_SEARCH,
+			Query:  *awsItem.Id,
+			Scope:  scope,
+		},
+		BlastPropagation: &sdp.BlastPropagation{
+			// Updating a deployment won't affect the REST API
+			In: false,
+			// Updating the REST API will affect the deployments
+			Out: true,
+		},
+	})
+
+	item.LinkedItemQueries = append(item.LinkedItemQueries, &sdp.LinkedItemQuery{
+		Query: &sdp.Query{
+			Type:   "apigateway-authorizer",
+			Method: sdp.QueryMethod_SEARCH,
+			Query:  *awsItem.Id,
+			Scope:  scope,
+		},
+		BlastPropagation: &sdp.BlastPropagation{
+			// Updating an authorizer won't affect the REST API
+			In: false,
+			// Updating the REST API will affect the authorizers
+			Out: true,
+		},
+	})
+
 	return &item, nil
 }