feat: Add lambda as additional auth provider (#52)

jindrichskupa · web-flow · commit 9d641a415af9 · 2023-08-10T14:20:36.000+02:00
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -139,6 +139,13 @@ module "appsync" {
         app_id_client_regex = aws_cognito_user_pool_client.this.id
       }
     }
+
+    lambda = {
+      authentication_type = "AWS_LAMBDA"
+      lambda_authorizer_config = {
+        authorizer_uri = "arn:aws:lambda:eu-west-1:835367859851:function:appsync_auth_2"
+      }
+    }
   }
 
   functions = {
diff --git a/main.tf b/main.tf
@@ -83,6 +83,15 @@ resource "aws_appsync_graphql_api" "this" {
           aws_region          = lookup(user_pool_config.value, "aws_region", null)
         }
       }
+      dynamic "lambda_authorizer_config" {
+        for_each = length(keys(lookup(additional_authentication_provider.value, "lambda_authorizer_config", {}))) == 0 ? [] : [additional_authentication_provider.value.lambda_authorizer_config]
+
+        content {
+          authorizer_uri                   = lambda_authorizer_config.value.authorizer_uri
+          authorizer_result_ttl_in_seconds = lookup(lambda_authorizer_config.value, "authorizer_result_ttl_in_seconds", null)
+          identity_validation_expression   = lookup(lambda_authorizer_config.value, "identity_validation_expression", null)
+        }
+      }
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,13 @@ module "appsync" {`
`139`	`139`	`app_id_client_regex = aws_cognito_user_pool_client.this.id`
`140`	`140`	`}`
`141`	`141`	`}`
	`142`	`+`
	`143`	`+ lambda = {`
	`144`	`+ authentication_type = "AWS_LAMBDA"`
	`145`	`+ lambda_authorizer_config = {`
	`146`	`+ authorizer_uri = "arn:aws:lambda:eu-west-1:835367859851:function:appsync_auth_2"`
	`147`	`+ }`
	`148`	`+ }`
`142`	`149`	`}`
`143`	`150`
`144`	`151`	`functions = {`
Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,15 @@ resource "aws_appsync_graphql_api" "this" {`
`83`	`83`	`aws_region = lookup(user_pool_config.value, "aws_region", null)`
`84`	`84`	`}`
`85`	`85`	`}`
	`86`	`+ dynamic "lambda_authorizer_config" {`
	`87`	`+ for_each = length(keys(lookup(additional_authentication_provider.value, "lambda_authorizer_config", {}))) == 0 ? [] : [additional_authentication_provider.value.lambda_authorizer_config]`
	`88`	`+`
	`89`	`+ content {`
	`90`	`+ authorizer_uri = lambda_authorizer_config.value.authorizer_uri`
	`91`	`+ authorizer_result_ttl_in_seconds = lookup(lambda_authorizer_config.value, "authorizer_result_ttl_in_seconds", null)`
	`92`	`+ identity_validation_expression = lookup(lambda_authorizer_config.value, "identity_validation_expression", null)`
	`93`	`+ }`
	`94`	`+ }`
`86`	`95`	`}`
`87`	`96`	`}`
`88`	`97`