AppSync Api -> Lambda connector (#3145)

aws · May 9, 2023 · 7b5de1a · 7b5de1a
1 parent c3c8bde
commit 7b5de1a
Show file tree

Hide file tree

Showing 10 changed files with 599 additions and 0 deletions.
diff --git a/integration/combination/test_connectors.py b/integration/combination/test_connectors.py
@@ -26,6 +26,7 @@ def tearDown(self):
 
     @parameterized.expand(
         [
+            ("combination/connector_appsync_api_to_lambda",),
             ("combination/connector_appsync_to_lambda",),
             ("combination/connector_appsync_to_table",),
             ("combination/connector_function_to_function",),

diff --git a/integration/resources/expected/combination/connector_appsync_api_to_lambda.json b/integration/resources/expected/combination/connector_appsync_api_to_lambda.json
@@ -0,0 +1,42 @@
+[
+  {
+    "LogicalResourceId": "Api",
+    "ResourceType": "AWS::AppSync::GraphQLApi"
+  },
+  {
+    "LogicalResourceId": "ApiSchema",
+    "ResourceType": "AWS::AppSync::GraphQLSchema"
+  },
+  {
+    "LogicalResourceId": "NoneDataSource",
+    "ResourceType": "AWS::AppSync::DataSource"
+  },
+  {
+    "LogicalResourceId": "SayHelloResolver",
+    "ResourceType": "AWS::AppSync::Resolver"
+  },
+  {
+    "LogicalResourceId": "SayHelloFunc",
+    "ResourceType": "AWS::AppSync::FunctionConfiguration"
+  },
+  {
+    "LogicalResourceId": "Authorizer",
+    "ResourceType": "AWS::Lambda::Function"
+  },
+  {
+    "LogicalResourceId": "AuthorizerRole",
+    "ResourceType": "AWS::IAM::Role"
+  },
+  {
+    "LogicalResourceId": "TriggerFunction",
+    "ResourceType": "AWS::Lambda::Function"
+  },
+  {
+    "LogicalResourceId": "TriggerFunctionRole",
+    "ResourceType": "AWS::IAM::Role"
+  },
+  {
+    "LogicalResourceId": "GraphQlApiToLambdaConnectorWriteLambdaPermission",
+    "ResourceType": "AWS::Lambda::Permission"
+  }
+]
diff --git a/integration/resources/templates/combination/connector_appsync_api_to_lambda.yaml b/integration/resources/templates/combination/connector_appsync_api_to_lambda.yaml
@@ -0,0 +1,169 @@
+Resources:
+  Api:
+    Type: AWS::AppSync::GraphQLApi
+    Properties:
+      Name: Api
+      AuthenticationType: AWS_LAMBDA
+      LambdaAuthorizerConfig:
+        AuthorizerUri: !GetAtt Authorizer.Arn
+
+  ApiSchema:
+    Type: AWS::AppSync::GraphQLSchema
+    Properties:
+      ApiId: !GetAtt Api.ApiId
+      Definition: |
+        type Query {
+          sayHello: String!
+        }
+        schema {
+          query: Query
+        }
+
+  NoneDataSource:
+    Type: AWS::AppSync::DataSource
+    Properties:
+      Type: NONE
+      ApiId: !GetAtt Api.ApiId
+      Name: NoneDataSource
+
+  SayHelloResolver:
+    DependsOn: ApiSchema
+    Type: AWS::AppSync::Resolver
+    Properties:
+      ApiId: !GetAtt Api.ApiId
+      TypeName: Query
+      FieldName: sayHello
+      Kind: PIPELINE
+      PipelineConfig:
+        Functions:
+        - !GetAtt SayHelloFunc.FunctionId
+      Code: |
+        export function request(ctx) {
+            return {};
+        }
+
+        export function response(ctx) {
+            return ctx.prev.result;
+        }
+      Runtime:
+        Name: APPSYNC_JS
+        RuntimeVersion: 1.0.0
+
+  SayHelloFunc:
+    Type: AWS::AppSync::FunctionConfiguration
+    Properties:
+      ApiId: !GetAtt Api.ApiId
+      Name: SayHelloFunc
+      DataSourceName: !GetAtt NoneDataSource.Name
+      Code: |
+        export function request(ctx) {
+          return {};
+        }
+
+        export function response(ctx) {
+          return "Hello World";
+        }
+      Runtime:
+        Name: APPSYNC_JS
+        RuntimeVersion: 1.0.0
+
+  GraphQlApiToLambdaConnector:
+    Type: AWS::Serverless::Connector
+    Properties:
+      Source:
+        Id: Api
+      Destination:
+        Id: Authorizer
+      Permissions:
+      - Write
+
+  Authorizer:
+    Type: AWS::Serverless::Function
+    Properties:
+      InlineCode: |
+        exports.handler = async (_) => {
+          return {
+            isAuthorized: true,
+            deniedFields: [],
+          }
+        }
+      PackageType: Zip
+      Runtime: nodejs14.x
+      Handler: index.handler
+
+  TriggerFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Environment:
+        Variables:
+          GRAPHQL_URL: !GetAtt Api.GraphQLUrl
+      Runtime: nodejs14.x
+      Handler: index.handler
+      InlineCode: |
+        const https = require("https");
+
+        exports.handler = async (_) => {
+          const queries = {
+            sayHello: /* GraphQL */ `
+              query {
+                sayHello
+              }
+            `,
+          };
+
+
+          const fetch = async (url, options) =>
+            new Promise((resolve, reject) => {
+              const req = https.request(url, options, (res) => {
+                const body = [];
+                res.on("data", (chunk) => body.push(chunk));
+                res.on("end", () => {
+                  const resString = Buffer.concat(body).toString();
+                  resolve(resString);
+                });
+              });
+
+              req.on("error", (err) => {
+                reject(err);
+              });
+
+              req.on("timeout", () => {
+                req.destroy();
+                reject(new Error("Request time out"));
+              });
+
+              req.write(options.body);
+              req.end();
+            });
+
+
+          const makeRequest = async (queryName) => {
+            const options = {
+              method: "POST",
+              headers: {
+                "Authorization": "n'importe quoi",
+              },
+              body: JSON.stringify({ query: queries[queryName] }),
+              timeout: 10000, // ms
+            };
+
+            const response = await fetch(process.env.GRAPHQL_URL, options);
+            const body = JSON.parse(response);
+            const data = body.data?.[queryName];
+
+            if (body.errors !== undefined) {
+              throw JSON.stringify(body.errors);
+            }
+            
+            if (data !== "Hello World") {
+              throw new Error(`${queryName} error: '${data}' must be 'Hello World'`);
+            }
+
+            return body.data;
+          };
+
+
+          return await makeRequest("sayHello");
+        };
+Metadata:
+  SamTransformTest: true
diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py
@@ -217,6 +217,9 @@ def _get_resource_queue_url(logical_id: str, resource_type: str) -> Optional[Dic
 def _get_resource_id(logical_id: str, resource_type: str) -> Optional[Dict[str, Any]]:
     if resource_type in ["AWS::ApiGateway::RestApi", "AWS::ApiGatewayV2::Api"]:
         return ref(logical_id)
+    if resource_type == "AWS::AppSync::GraphQLApi":
+        # unfortunately ref(AppSyncApi) == arn
+        return fnGetAtt(logical_id, "ApiId")
     return None
 
 

diff --git a/samtranslator/model/connector_profiles/profiles.json b/samtranslator/model/connector_profiles/profiles.json
@@ -791,6 +791,21 @@
           }
         }
       }
+    },
+    "AWS::AppSync::GraphQLApi": {
+      "AWS::Lambda::Function": {
+        "Type": "AWS_LAMBDA_PERMISSION",
+        "Properties": {
+          "SourcePolicy": false,
+          "AccessCategories": {
+            "Write": {
+              "Action": "lambda:InvokeFunction",
+              "Principal": "appsync.amazonaws.com",
+              "SourceArn": "arn:${AWS::Partition}:appsync:${AWS::Region}:${AWS::AccountId}:apis/%{Source.ResourceId}"
+            }
+          }
+        }
+      }
     }
   }
 }
diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json
@@ -18715,6 +18715,13 @@
         "Condition": {
           "type": "string"
         },
+        "Connectors": {
+          "additionalProperties": {
+            "$ref": "#/definitions/EmbeddedConnector"
+          },
+          "title": "Connectors",
+          "type": "object"
+        },
         "DeletionPolicy": {
           "enum": [
             "Delete",

diff --git a/tests/translator/input/connector_appsync_api_to_lambda.yaml b/tests/translator/input/connector_appsync_api_to_lambda.yaml
@@ -0,0 +1,32 @@
+Resources:
+  Api:
+    Type: AWS::AppSync::GraphQLApi
+    Properties:
+      Name: Api
+      AuthenticationType: AWS_LAMBDA
+      LambdaAuthorizerConfig:
+        AuthorizerUri: !GetAtt Authorizer.Arn
+
+  GraphQlApiToLambdaConnector:
+    Type: AWS::Serverless::Connector
+    Properties:
+      Source:
+        Id: Api
+      Destination:
+        Id: Authorizer
+      Permissions:
+      - Write
+
+  Authorizer:
+    Type: AWS::Serverless::Function
+    Properties:
+      InlineCode: |
+        exports.handler = async (_) => {
+          return {
+            isAuthorized: true,
+            deniedFields: [],
+          }
+        }
+      PackageType: Zip
+      Runtime: nodejs14.x
+      Handler: index.handler