in src/integ_test_resources/ios/sdk/integration/cdk/cdk_integration_tests_ios/iot_stack.py [0:0]
def setup_custom_authorizer_user_pass(self):
custom_authorizer_name = self.custom_auth_user_pass_default_authorizer_name
self._parameters_to_save["custom_authorizer_user_pass_name"] = custom_authorizer_name
token_key_name = "IoTTokenKeyName"
self._parameters_to_save["custom_authorizer_user_pass_token_key_name"] = token_key_name
token_value = "allow"
self._parameters_to_save["custom_authorizer_user_pass_token_value"] = token_value
self._parameters_to_save[
"custom_authorizer_user_pass_username"
] = self.custom_auth_user_pass_username
self._parameters_to_save[
"custom_authorizer_user_pass_password"
] = self.custom_auth_user_pass_password
iot_custom_authorizer_key_resource = self.create_custom_authorizer_signing_key_generic(
"2",
"Manages an asymmetric CMK and token signature for iot custom authorizer with "
"username and password.",
token_value,
)
custom_authorizer_token_signature = iot_custom_authorizer_key_resource.get_att(
"custom_authorizer_token_signature"
).to_string()
self._parameters_to_save[
"custom_authorizer_user_pass_token_signature"
] = custom_authorizer_token_signature
# Force region to 'us-east-1' due to enhanced custom authorizers only available there
# TODO: remove override when enhanced custom authorizers are available in all regions
authorizer_function_arn = self.setup_custom_authorizer_function(
"2",
"custom_resources/iot_custom_authorizer_user_pass_function",
"iot_custom_authorizer_user_pass.handler",
"Sample custom authorizer that allows or denies based on username and password",
{
"custom_auth_user_pass_username": self.custom_auth_user_pass_username,
"custom_auth_user_pass_password": self.custom_auth_user_pass_password,
},
"us-east-1",
)
create_authorizer_policy = aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
"iot:CreateAuthorizer",
"iot:UpdateAuthorizer",
"iot:DeleteAuthorizer",
"iot:UpdateDomainConfiguration",
"iot:CreateDomainConfiguration",
"iot:DescribeDomainConfiguration",
"iot:DeleteDomainConfiguration",
],
resources=["*"],
)
provider_lambda = aws_lambda.SingletonFunction(
self,
"iot_custom_authorizer_user_pass_provider_lambda",
uuid="iot_custom_authorizer_user_pass_provider_lambda_20200727123737",
runtime=aws_lambda.Runtime.PYTHON_3_7,
code=aws_lambda.Code.asset("custom_resources/iot_custom_authorizer_user_pass_provider"),
handler="iot_custom_authorizer_user_pass_provider.on_event",
description="Sets up an IoT custom authorizer for user password & required domain "
"config due to beta status",
environment={
"custom_auth_user_pass_uuid": self.custom_auth_user_pass_uuid,
"custom_auth_user_pass_default_authorizer_name": (
self.custom_auth_user_pass_default_authorizer_name
),
"custom_auth_user_pass_domain_configuration_name": (
self.custom_auth_user_pass_domain_configuration_name
),
},
current_version_options=aws_lambda.VersionOptions(
removal_policy=core.RemovalPolicy.DESTROY
),
initial_policy=[create_authorizer_policy],
)
provider = custom_resources.Provider(
self, "iot_custom_authorizer_user_pass_provider", on_event_handler=provider_lambda
)
public_key = iot_custom_authorizer_key_resource.get_att(
"custom_authorizer_public_key"
).to_string()
iot_endpoint = core.CustomResource(
self,
"iot_custom_authorizer_user_pass",
resource_type="Custom::IoTCustomAuthorizer",
service_token=provider.service_token,
properties={
"authorizer_function_arn": authorizer_function_arn,
"authorizer_name": custom_authorizer_name,
"public_key": public_key,
"token_key_name": token_key_name,
},
)
endpoint_address = iot_endpoint.get_att("BetaEndpointAddress").to_string()
self._parameters_to_save["iot_beta_endpoint_address"] = endpoint_address