Add IAM Response (#213)

Co-authored-by: Carl Zogheib <11421173+carlzogh@users.noreply.github.com>

Author: msailes

aws-lambda-java-events/pom.xml

@@ -56,6 +56,19 @@
       <version>5.7.0</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+        <version>2.10.4</version>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>net.javacrumbs.json-unit</groupId>
+      <artifactId>json-unit-assertj</artifactId>
+      <version>2.22.0</version>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>

aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/IamPolicyResponse.java

@@ -0,0 +1,85 @@
+package com.amazonaws.services.lambda.runtime.events;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Data
+@Builder(setterPrefix = "with")
+@NoArgsConstructor
+@AllArgsConstructor
+public class IamPolicyResponse implements Serializable, Cloneable {
+
+    public static final String EXECUTE_API_INVOKE = "execute-api:Invoke";
+    public static final String VERSION_2012_10_17 = "2012-10-17";
+    public static final String ALLOW = "Allow";
+    public static final String DENY = "Deny";
+
+    private String principalId;
+    private PolicyDocument policyDocument;
+    private Map<String, Object> context;
+
+    public Map<String, Object> getPolicyDocument() {
+        Map<String, Object> serializablePolicy = new HashMap<>();
+        serializablePolicy.put("Version", policyDocument.getVersion());
+
+        int numberOfStatements = policyDocument.getStatement().size();
+        Map<String, Object>[] serializableStatementArray = new Map[numberOfStatements];
+        for (int i = 0; i < numberOfStatements; i++) {
+            Statement statement = policyDocument.getStatement().get(i);
+            Map<String, Object> serializableStatement = new HashMap<>();
+            serializableStatement.put("Effect", statement.getEffect());
+            serializableStatement.put("Action", statement.getAction());
+            serializableStatement.put("Resource", statement.getResource().toArray(new String[0]));
+            serializableStatement.put("Condition", statement.getCondition());
+            serializableStatementArray[i] = serializableStatement;
+        }
+        serializablePolicy.put("Statement", serializableStatementArray);
+        return serializablePolicy;
+    }
+
+    public static Statement allowStatement(String resource) {
+        return Statement.builder()
+                .withEffect(ALLOW)
+                .withResource(Collections.singletonList(resource))
+                .withAction(EXECUTE_API_INVOKE)
+                .build();
+    }
+
+    public static Statement denyStatement(String resource) {
+        return Statement.builder()
+                .withEffect(DENY)
+                .withResource(Collections.singletonList(resource))
+                .withAction(EXECUTE_API_INVOKE)
+                .build();
+    }
+
+    @Data
+    @Builder(setterPrefix = "with")
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class PolicyDocument implements Serializable, Cloneable {
+
+        private String version;
+        private List<Statement> statement;
+    }
+
+    @Data
+    @Builder(setterPrefix = "with")
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class Statement implements Serializable, Cloneable {
+
+        private String action;
+        private String effect;
+        private List<String> resource;
+        private Map<String, Map<String, Object>> condition;
+    }
+}

aws-lambda-java-events/src/test/java/com/amazonaws/services/lambda/runtime/events/IamPolicyResponseTest.java

@@ -0,0 +1,91 @@
+package com.amazonaws.services.lambda.runtime.events;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.Test;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+
+import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.ALLOW;
+import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.EXECUTE_API_INVOKE;
+import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.VERSION_2012_10_17;
+import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.allowStatement;
+import static com.amazonaws.services.lambda.runtime.events.IamPolicyResponse.denyStatement;
+import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
+import static net.javacrumbs.jsonunit.assertj.JsonAssertions.assertThatJson;
+
+public class IamPolicyResponseTest {
+
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
+    @Test
+    public void testAllowStatement() throws JsonProcessingException {
+        IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
+                .withPrincipalId("me")
+                .withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
+                        .withVersion(VERSION_2012_10_17)
+                        .withStatement(singletonList(allowStatement("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*")))
+                        .build())
+                .build();
+
+        String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
+
+        assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/allow.json"));
+    }
+
+    @Test
+    public void testDenyStatement() throws JsonProcessingException {
+        IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
+                .withPrincipalId("me")
+                .withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
+                        .withVersion(VERSION_2012_10_17)
+                        .withStatement(singletonList(denyStatement("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*")))
+                        .build())
+                .build();
+
+        String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
+
+        assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/deny.json"));
+    }
+
+    @Test
+    public void testStatementWithCondition() throws JsonProcessingException {
+        Map<String, Map<String, Object>> conditions = new HashMap<>();
+        conditions.put("DateGreaterThan", singletonMap("aws:TokenIssueTime", "2020-01-01T00:00:01Z"));
+
+        IamPolicyResponse iamPolicyResponse = IamPolicyResponse.builder()
+                .withPrincipalId("me")
+                .withPolicyDocument(IamPolicyResponse.PolicyDocument.builder()
+                        .withVersion(VERSION_2012_10_17)
+                        .withStatement(singletonList(IamPolicyResponse.Statement.builder()
+                                .withAction(EXECUTE_API_INVOKE)
+                                .withEffect(ALLOW)
+                                .withResource(singletonList("arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"))
+                                .withCondition(conditions)
+                                .build()))
+                        .build())
+                .build();
+
+        String json = OBJECT_MAPPER.writeValueAsString(iamPolicyResponse);
+
+        assertThatJson(json).isEqualTo(readResource("iamPolicyResponses/allow-with-condition.json"));
+    }
+
+    private String readResource(String name) {
+        Path filePath = Paths.get("src", "test", "resources", name);
+        byte[] bytes = new byte[0];
+        try {
+            bytes = Files.readAllBytes(filePath);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return new String(bytes, StandardCharsets.UTF_8);
+    }
+}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/allow-with-condition.json

@@ -0,0 +1,13 @@
+{
+  "principalId": "me",
+  "policyDocument": {
+    "Version": "2012-10-17",
+    "Statement": [{
+      "Action": "execute-api:Invoke",
+      "Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
+      "Effect": "Allow",
+      "Condition": {"DateGreaterThan": {"aws:TokenIssueTime": "2020-01-01T00:00:01Z"}}
+    }]
+  },
+  "context":null
+}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/allow.json

@@ -0,0 +1,13 @@
+{
+  "principalId": "me",
+  "policyDocument": {
+    "Version": "2012-10-17",
+    "Statement": [{
+      "Action": "execute-api:Invoke",
+      "Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
+      "Effect": "Allow",
+      "Condition": null
+    }]
+  },
+  "context":null
+}

aws-lambda-java-events/src/test/resources/iamPolicyResponses/deny.json

@@ -0,0 +1,13 @@
+{
+  "principalId": "me",
+  "policyDocument": {
+    "Version": "2012-10-17",
+    "Statement": [{
+      "Action": "execute-api:Invoke",
+      "Resource": ["arn:aws:execute-api:eu-west-1:123456789012:1234abc/$deafult/*/*"],
+      "Effect": "Deny",
+      "Condition": null
+    }]
+  },
+  "context":null
+}