From 6e53c7a6034446cf3e671b39cdd442f03e72cf5a Mon Sep 17 00:00:00 2001
From: daviskoh <hello@daviskoh.com>
Date: Tue, 26 Feb 2019 19:46:16 -0500
Subject: [PATCH 1/5] add AppSyncIdentity

---
 events/appsync.go                             | 14 +++++++
 events/appsync_test.go                        | 40 +++++++++++++++++++
 events/testdata/appsync-identity-cognito.json | 25 ++++++++++++
 events/testdata/appsync-identity-iam.json     | 14 +++++++
 4 files changed, 93 insertions(+)
 create mode 100644 events/testdata/appsync-identity-cognito.json
 create mode 100644 events/testdata/appsync-identity-iam.json

diff --git a/events/appsync.go b/events/appsync.go
index d6ba49ec..8459ee31 100644
--- a/events/appsync.go
+++ b/events/appsync.go
@@ -9,6 +9,20 @@ type AppSyncResolverTemplate struct {
 	Payload   json.RawMessage  `json:"payload"`
 }
 
+// AppSyncIdentity contains information about the caller. The shape of this section depends on the authorization type of your AWS AppSync API
+type AppSyncIdentity struct {
+	AccountId             string                 `json:"accountId"`
+	Claims                map[string]interface{} `json:"claims"`
+	CognitoIdentityPoolId string                 `json:"cognitoIdentityPoolId"`
+	CognitoIdentityId     string                 `json:"cognitoIdentityId"`
+	DefaultAuthStrategy   string                 `json:"defaultAuthStrategy"`
+	Issuer                string                 `json:issuer`
+	SourceIp              []string               `json:"sourceIp"`
+	Sub                   string                 `json:"uuid"`
+	Username              string                 `json: "username"`
+	UserArn               string                 `json:"userArn"`
+}
+
 // AppSyncOperation specifies the operation type supported by Lambda operations
 type AppSyncOperation string
 
diff --git a/events/appsync_test.go b/events/appsync_test.go
index 583b5fda..21416332 100644
--- a/events/appsync_test.go
+++ b/events/appsync_test.go
@@ -47,3 +47,43 @@ func TestAppSyncResolverTemplate_batchinvoke(t *testing.T) {
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
 }
+
+func TestAppSyncIdentity_IAM(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-iam.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputEvent AppSyncResolverTemplate
+	if err = json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+	assert.Equal(t, OperationInvoke, inputEvent.Operation)
+
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
+
+func TestAppSyncIdentity_Cognito(t *testing.T) {
+	inputJSON, err := ioutil.ReadFile("./testdata/appsync-identity-cognito.json")
+	if err != nil {
+		t.Errorf("could not open test file. details: %v", err)
+	}
+
+	var inputEvent AppSyncResolverTemplate
+	if err = json.Unmarshal(inputJSON, &inputEvent); err != nil {
+		t.Errorf("could not unmarshal event. details: %v", err)
+	}
+	assert.Equal(t, OperationInvoke, inputEvent.Operation)
+
+	outputJSON, err := json.Marshal(inputEvent)
+	if err != nil {
+		t.Errorf("could not marshal event. details: %v", err)
+	}
+
+	assert.JSONEq(t, string(inputJSON), string(outputJSON))
+}
diff --git a/events/testdata/appsync-identity-cognito.json b/events/testdata/appsync-identity-cognito.json
new file mode 100644
index 00000000..0ae89768
--- /dev/null
+++ b/events/testdata/appsync-identity-cognito.json
@@ -0,0 +1,25 @@
+{
+    "version": "2017-02-28",
+    "operation": "Invoke",
+    "payload": {
+      "identity": {
+        "sub" : "123-456",
+        "issuer" : "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+        "username" : "user1",
+        "claims": {
+          "sub": "123-456",
+          "aud": "abcdefg",
+          "event_id": "123-123-123",
+          "token_use": "id",
+          "auth_time": 1551226125,
+          "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+          "cognito:username": "user1",
+          "exp": 1551228178628,
+          "iat": 1551228178629
+        },
+        "sourceIp" : ["192.168.196.186", "193.168.196.186"],
+        "defaultAuthStrategy" : "ALLOW"
+
+      }
+    }
+}
diff --git a/events/testdata/appsync-identity-iam.json b/events/testdata/appsync-identity-iam.json
new file mode 100644
index 00000000..e2c4a5af
--- /dev/null
+++ b/events/testdata/appsync-identity-iam.json
@@ -0,0 +1,14 @@
+{
+    "version": "2017-02-28",
+    "operation": "Invoke",
+    "payload": {
+      "identity": {
+        "accountId": "accountid123",
+        "cognitoIdentityPoolId": "identitypoolid123",
+        "cognitoIdentityId": "identityid123",
+        "sourceIp": "192.168.196.186",
+        "username": "user1",
+        "userArn": "arn:aws:iam::123456789012:user/appsync"
+      }
+    }
+}

From cb2b60a4fd3363aaf2d54b32e168bb881e2603fa Mon Sep 17 00:00:00 2001
From: daviskoh <hello@daviskoh.com>
Date: Tue, 26 Feb 2019 20:14:36 -0500
Subject: [PATCH 2/5] update Gopkg.lock & add /vendor to gitignore

---
 .gitignore |  2 ++
 Gopkg.lock | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..86114d92
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+# Go Dep
+vendor
diff --git a/Gopkg.lock b/Gopkg.lock
index a4928310..f0d4dba5 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -2,32 +2,43 @@
 
 
 [[projects]]
+  digest = "1:56c130d885a4aacae1dd9c7b71cfe39912c7ebc1ff7d2b46083c8812996dc43b"
   name = "github.com/davecgh/go-spew"
   packages = ["spew"]
+  pruneopts = ""
   revision = "346938d642f2ec3594ed81d874461961cd0faa76"
   version = "v1.1.0"
 
 [[projects]]
+  digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411"
   name = "github.com/pmezard/go-difflib"
   packages = ["difflib"]
+  pruneopts = ""
   revision = "792786c7400a136282c1664665ae0a8db921c6c2"
   version = "v1.0.0"
 
 [[projects]]
+  digest = "1:a30066593578732a356dc7e5d7f78d69184ca65aeeff5939241a3ab10559bb06"
   name = "github.com/stretchr/testify"
   packages = ["assert"]
+  pruneopts = ""
   revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71"
   version = "v1.2.1"
 
 [[projects]]
+  digest = "1:e85837cb04b78f61688c6eba93ea9d14f60d611e2aaf8319999b1a60d2dafbfa"
   name = "gopkg.in/urfave/cli.v1"
   packages = ["."]
+  pruneopts = ""
   revision = "cfb38830724cc34fedffe9a2a29fb54fa9169cd1"
   version = "v1.20.0"
 
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "21bf02839d69eb4ab638d20ad48614cf2e71753b2005ef5fa2b05cb9704ab5d2"
+  input-imports = [
+    "github.com/stretchr/testify/assert",
+    "gopkg.in/urfave/cli.v1",
+  ]
   solver-name = "gps-cdcl"
   solver-version = 1

From 92612934249ce35c4cacf25554d43e30e81032ad Mon Sep 17 00:00:00 2001
From: daviskoh <hello@daviskoh.com>
Date: Tue, 26 Feb 2019 21:28:06 -0500
Subject: [PATCH 3/5] fix json tags

---
 events/appsync.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/events/appsync.go b/events/appsync.go
index 8459ee31..cdc4a884 100644
--- a/events/appsync.go
+++ b/events/appsync.go
@@ -16,10 +16,10 @@ type AppSyncIdentity struct {
 	CognitoIdentityPoolId string                 `json:"cognitoIdentityPoolId"`
 	CognitoIdentityId     string                 `json:"cognitoIdentityId"`
 	DefaultAuthStrategy   string                 `json:"defaultAuthStrategy"`
-	Issuer                string                 `json:issuer`
+	Issuer                string                 `json:"issuer"`
 	SourceIp              []string               `json:"sourceIp"`
 	Sub                   string                 `json:"uuid"`
-	Username              string                 `json: "username"`
+	Username              string                 `json:"username"`
 	UserArn               string                 `json:"userArn"`
 }
 

From f5bf96196bcef6438d9f3f32652e88cf3ef41ae8 Mon Sep 17 00:00:00 2001
From: daviskoh <hello@daviskoh.com>
Date: Fri, 15 Mar 2019 14:44:30 -0400
Subject: [PATCH 4/5] Separate AppSyncIdentity into 2 separate types for IAM
 and Cognito * fix tests to check marshalling / unmarshalling of identity json

---
 events/appsync.go                             | 30 ++++++++------
 events/appsync_test.go                        | 22 +++++------
 events/testdata/appsync-identity-cognito.json | 39 ++++++++-----------
 events/testdata/appsync-identity-iam.json     | 18 +++------
 4 files changed, 50 insertions(+), 59 deletions(-)

diff --git a/events/appsync.go b/events/appsync.go
index cdc4a884..e5b478b7 100644
--- a/events/appsync.go
+++ b/events/appsync.go
@@ -9,18 +9,24 @@ type AppSyncResolverTemplate struct {
 	Payload   json.RawMessage  `json:"payload"`
 }
 
-// AppSyncIdentity contains information about the caller. The shape of this section depends on the authorization type of your AWS AppSync API
-type AppSyncIdentity struct {
-	AccountId             string                 `json:"accountId"`
-	Claims                map[string]interface{} `json:"claims"`
-	CognitoIdentityPoolId string                 `json:"cognitoIdentityPoolId"`
-	CognitoIdentityId     string                 `json:"cognitoIdentityId"`
-	DefaultAuthStrategy   string                 `json:"defaultAuthStrategy"`
-	Issuer                string                 `json:"issuer"`
-	SourceIp              []string               `json:"sourceIp"`
-	Sub                   string                 `json:"uuid"`
-	Username              string                 `json:"username"`
-	UserArn               string                 `json:"userArn"`
+// AppSyncIAMIdentity contains information about the caller authed via IAM.
+type AppSyncIAMIdentity struct {
+	AccountId             string   `json:"accountId"`
+	CognitoIdentityPoolId string   `json:"cognitoIdentityPoolId"`
+	CognitoIdentityId     string   `json:"cognitoIdentityId"`
+	SourceIp              []string `json:"sourceIp"`
+	Username              string   `json:"username"`
+	UserArn               string   `json:"userArn"`
+}
+
+// AppSyncCognitoIdentity contains information about the caller authed via Cognito.
+type AppSyncCognitoIdentity struct {
+	Sub                 string                 `json:"sub"`
+	Issuer              string                 `json:"issuer"`
+	Username            string                 `json:"username"`
+	Claims              map[string]interface{} `json:"claims"`
+	SourceIp            []string               `json:"sourceIp"`
+	DefaultAuthStrategy string                 `json:"defaultAuthStrategy"`
 }
 
 // AppSyncOperation specifies the operation type supported by Lambda operations
diff --git a/events/appsync_test.go b/events/appsync_test.go
index 21416332..caba4275 100644
--- a/events/appsync_test.go
+++ b/events/appsync_test.go
@@ -54,15 +54,14 @@ func TestAppSyncIdentity_IAM(t *testing.T) {
 		t.Errorf("could not open test file. details: %v", err)
 	}
 
-	var inputEvent AppSyncResolverTemplate
-	if err = json.Unmarshal(inputJSON, &inputEvent); err != nil {
-		t.Errorf("could not unmarshal event. details: %v", err)
+	var inputIdentity AppSyncIAMIdentity
+	if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil {
+		t.Errorf("could not unmarshal identity. details: %v", err)
 	}
-	assert.Equal(t, OperationInvoke, inputEvent.Operation)
 
-	outputJSON, err := json.Marshal(inputEvent)
+	outputJSON, err := json.Marshal(inputIdentity)
 	if err != nil {
-		t.Errorf("could not marshal event. details: %v", err)
+		t.Errorf("could not marshal identity. details: %v", err)
 	}
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
@@ -74,15 +73,14 @@ func TestAppSyncIdentity_Cognito(t *testing.T) {
 		t.Errorf("could not open test file. details: %v", err)
 	}
 
-	var inputEvent AppSyncResolverTemplate
-	if err = json.Unmarshal(inputJSON, &inputEvent); err != nil {
-		t.Errorf("could not unmarshal event. details: %v", err)
+	var inputIdentity AppSyncCognitoIdentity
+	if err = json.Unmarshal(inputJSON, &inputIdentity); err != nil {
+		t.Errorf("could not unmarshal identity. details: %v", err)
 	}
-	assert.Equal(t, OperationInvoke, inputEvent.Operation)
 
-	outputJSON, err := json.Marshal(inputEvent)
+	outputJSON, err := json.Marshal(inputIdentity)
 	if err != nil {
-		t.Errorf("could not marshal event. details: %v", err)
+		t.Errorf("could not marshal identity. details: %v", err)
 	}
 
 	assert.JSONEq(t, string(inputJSON), string(outputJSON))
diff --git a/events/testdata/appsync-identity-cognito.json b/events/testdata/appsync-identity-cognito.json
index 0ae89768..0b0ee5ff 100644
--- a/events/testdata/appsync-identity-cognito.json
+++ b/events/testdata/appsync-identity-cognito.json
@@ -1,25 +1,18 @@
 {
-    "version": "2017-02-28",
-    "operation": "Invoke",
-    "payload": {
-      "identity": {
-        "sub" : "123-456",
-        "issuer" : "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
-        "username" : "user1",
-        "claims": {
-          "sub": "123-456",
-          "aud": "abcdefg",
-          "event_id": "123-123-123",
-          "token_use": "id",
-          "auth_time": 1551226125,
-          "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
-          "cognito:username": "user1",
-          "exp": 1551228178628,
-          "iat": 1551228178629
-        },
-        "sourceIp" : ["192.168.196.186", "193.168.196.186"],
-        "defaultAuthStrategy" : "ALLOW"
-
-      }
-    }
+  "sub": "123-456",
+  "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+  "username": "user1",
+  "claims": {
+    "sub": "123-456",
+    "aud": "abcdefg",
+    "event_id": "123-123-123",
+    "token_use": "id",
+    "auth_time": 1551226125,
+    "iss": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc",
+    "cognito:username": "user1",
+    "exp": 1551228178628,
+    "iat": 1551228178629
+  },
+  "sourceIp": ["192.168.196.186", "193.168.196.186"],
+  "defaultAuthStrategy": "ALLOW"
 }
diff --git a/events/testdata/appsync-identity-iam.json b/events/testdata/appsync-identity-iam.json
index e2c4a5af..a3802625 100644
--- a/events/testdata/appsync-identity-iam.json
+++ b/events/testdata/appsync-identity-iam.json
@@ -1,14 +1,8 @@
 {
-    "version": "2017-02-28",
-    "operation": "Invoke",
-    "payload": {
-      "identity": {
-        "accountId": "accountid123",
-        "cognitoIdentityPoolId": "identitypoolid123",
-        "cognitoIdentityId": "identityid123",
-        "sourceIp": "192.168.196.186",
-        "username": "user1",
-        "userArn": "arn:aws:iam::123456789012:user/appsync"
-      }
-    }
+  "accountId": "accountid123",
+  "cognitoIdentityPoolId": "identitypoolid123",
+  "cognitoIdentityId": "identityid123",
+  "sourceIp": ["192.168.196.186", "193.168.196.186"],
+  "username": "user1",
+  "userArn": "arn:aws:iam::123456789012:user/appsync"
 }

From 46027bba13f52dc3eee70c320fd4c30fc4d2e02b Mon Sep 17 00:00:00 2001
From: Bryan Moffatt <bmoffatt@users.noreply.github.com>
Date: Fri, 15 Mar 2019 18:53:19 +0000
Subject: [PATCH 5/5] update initialisims

Arn -> ARN
Id -> ID
Ip -> IP
---
 events/appsync.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/events/appsync.go b/events/appsync.go
index e5b478b7..3ada83f3 100644
--- a/events/appsync.go
+++ b/events/appsync.go
@@ -11,12 +11,12 @@ type AppSyncResolverTemplate struct {
 
 // AppSyncIAMIdentity contains information about the caller authed via IAM.
 type AppSyncIAMIdentity struct {
-	AccountId             string   `json:"accountId"`
-	CognitoIdentityPoolId string   `json:"cognitoIdentityPoolId"`
-	CognitoIdentityId     string   `json:"cognitoIdentityId"`
-	SourceIp              []string `json:"sourceIp"`
+	AccountID             string   `json:"accountId"`
+	CognitoIdentityPoolID string   `json:"cognitoIdentityPoolId"`
+	CognitoIdentityID     string   `json:"cognitoIdentityId"`
+	SourceIP              []string `json:"sourceIp"`
 	Username              string   `json:"username"`
-	UserArn               string   `json:"userArn"`
+	UserARN               string   `json:"userArn"`
 }
 
 // AppSyncCognitoIdentity contains information about the caller authed via Cognito.
@@ -25,7 +25,7 @@ type AppSyncCognitoIdentity struct {
 	Issuer              string                 `json:"issuer"`
 	Username            string                 `json:"username"`
 	Claims              map[string]interface{} `json:"claims"`
-	SourceIp            []string               `json:"sourceIp"`
+	SourceIP            []string               `json:"sourceIp"`
 	DefaultAuthStrategy string                 `json:"defaultAuthStrategy"`
 }