diff --git a/apps/ruststack-server/src/events_bridge.rs b/apps/ruststack-server/src/events_bridge.rs
index 79f984d..43af4df 100644
--- a/apps/ruststack-server/src/events_bridge.rs
+++ b/apps/ruststack-server/src/events_bridge.rs
@@ -7,7 +7,6 @@
use std::sync::Arc;
use async_trait::async_trait;
-
use ruststack_events_core::delivery::{DeliveryError, TargetDelivery};
use ruststack_sqs_core::provider::RustStackSqs;
use ruststack_sqs_model::input::SendMessageInput;
diff --git a/apps/ruststack-server/src/gateway.rs b/apps/ruststack-server/src/gateway.rs
index 43abf14..6f5bf71 100644
--- a/apps/ruststack-server/src/gateway.rs
+++ b/apps/ruststack-server/src/gateway.rs
@@ -8,13 +8,9 @@
//! intercepted at the gateway level and return a combined status for all
//! registered services.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
-use hyper::body::Incoming;
-use hyper::service::Service;
+use hyper::{body::Incoming, service::Service};
use crate::service::{GatewayBody, ServiceRouter, gateway_body_from_string};
diff --git a/apps/ruststack-server/src/handler.rs b/apps/ruststack-server/src/handler.rs
index b8dd18a..23350c1 100644
--- a/apps/ruststack-server/src/handler.rs
+++ b/apps/ruststack-server/src/handler.rs
@@ -5,22 +5,20 @@
//! dispatched to the corresponding `handle_*` method on [`RustStackS3`], with request
//! deserialization via [`FromS3Request`] and response serialization via [`IntoS3Response`].
-use std::collections::HashMap;
-use std::future::Future;
-use std::pin::Pin;
+use std::{collections::HashMap, future::Future, pin::Pin};
use bytes::Bytes;
use ruststack_s3_core::RustStackS3;
-use ruststack_s3_http::body::S3ResponseBody;
-use ruststack_s3_http::dispatch::S3Handler;
-use ruststack_s3_http::multipart;
-use ruststack_s3_http::request::FromS3Request;
-use ruststack_s3_http::response::IntoS3Response;
-use ruststack_s3_http::router::RoutingContext;
-use ruststack_s3_model::S3Operation;
-use ruststack_s3_model::error::{S3Error, S3ErrorCode};
-use ruststack_s3_model::input::PutObjectInput;
-use ruststack_s3_model::request::StreamingBlob;
+use ruststack_s3_http::{
+ body::S3ResponseBody, dispatch::S3Handler, multipart, request::FromS3Request,
+ response::IntoS3Response, router::RoutingContext,
+};
+use ruststack_s3_model::{
+ S3Operation,
+ error::{S3Error, S3ErrorCode},
+ input::PutObjectInput,
+ request::StreamingBlob,
+};
/// Wrapper that implements [`S3Handler`] by delegating to [`RustStackS3`] handler methods.
#[derive(Debug, Clone)]
@@ -623,13 +621,11 @@ async fn dispatch_post_object(
let etag = output.e_tag.unwrap_or_default();
let location = format!("/{bucket_name}/{key}");
let xml = format!(
- "\n\
- \n\
- {location}\n\
- {bucket_name}\n\
- {key}\n\
- {etag}\n\
- "
+ "\n\n{location}\\
+ \
+ n{bucket_name}\n{key}\n{etag}\n"
);
http::Response::builder()
.status(success_status)
diff --git a/apps/ruststack-server/src/main.rs b/apps/ruststack-server/src/main.rs
index d41def0..71a5452 100644
--- a/apps/ruststack-server/src/main.rs
+++ b/apps/ruststack-server/src/main.rs
@@ -30,16 +30,29 @@ mod service;
#[cfg(feature = "sns")]
mod sns_bridge;
-use std::net::SocketAddr;
-use std::sync::Arc;
+use std::{net::SocketAddr, sync::Arc};
use anyhow::{Context, Result};
-use hyper_util::rt::{TokioExecutor, TokioIo};
-use hyper_util::server::conn::auto::Builder as HttpConnBuilder;
-use tokio::net::TcpListener;
-use tracing::{info, warn};
-use tracing_subscriber::EnvFilter;
-
+use hyper_util::{
+ rt::{TokioExecutor, TokioIo},
+ server::conn::auto::Builder as HttpConnBuilder,
+};
+#[cfg(feature = "apigatewayv2")]
+use ruststack_apigatewayv2_core::config::ApiGatewayV2Config;
+#[cfg(feature = "apigatewayv2")]
+use ruststack_apigatewayv2_core::handler::RustStackApiGatewayV2Handler;
+#[cfg(feature = "apigatewayv2")]
+use ruststack_apigatewayv2_core::provider::RustStackApiGatewayV2;
+#[cfg(feature = "apigatewayv2")]
+use ruststack_apigatewayv2_http::service::{ApiGatewayV2HttpConfig, ApiGatewayV2HttpService};
+#[cfg(feature = "cloudwatch")]
+use ruststack_cloudwatch_core::config::CloudWatchConfig;
+#[cfg(feature = "cloudwatch")]
+use ruststack_cloudwatch_core::handler::RustStackCloudWatchHandler;
+#[cfg(feature = "cloudwatch")]
+use ruststack_cloudwatch_core::provider::RustStackCloudWatch;
+#[cfg(feature = "cloudwatch")]
+use ruststack_cloudwatch_http::service::{CloudWatchHttpConfig, CloudWatchHttpService};
#[cfg(feature = "dynamodb")]
use ruststack_dynamodb_core::config::DynamoDBConfig;
#[cfg(feature = "dynamodb")]
@@ -48,47 +61,22 @@ use ruststack_dynamodb_core::handler::RustStackDynamoDBHandler;
use ruststack_dynamodb_core::provider::RustStackDynamoDB;
#[cfg(feature = "dynamodb")]
use ruststack_dynamodb_http::service::{DynamoDBHttpConfig, DynamoDBHttpService};
-
-#[cfg(feature = "sqs")]
-use ruststack_sqs_core::config::SqsConfig;
-#[cfg(feature = "sqs")]
-use ruststack_sqs_core::handler::RustStackSqsHandler;
-#[cfg(feature = "sqs")]
-use ruststack_sqs_core::provider::RustStackSqs;
-#[cfg(feature = "sqs")]
-use ruststack_sqs_http::service::{SqsHttpConfig, SqsHttpService};
-
-#[cfg(feature = "ssm")]
-use ruststack_ssm_core::config::SsmConfig;
-#[cfg(feature = "ssm")]
-use ruststack_ssm_core::handler::RustStackSsmHandler;
-#[cfg(feature = "ssm")]
-use ruststack_ssm_core::provider::RustStackSsm;
-#[cfg(feature = "ssm")]
-use ruststack_ssm_http::service::{SsmHttpConfig, SsmHttpService};
-
-#[cfg(feature = "sns")]
-use crate::sns_bridge::RustStackSqsPublisher;
-#[cfg(feature = "sns")]
-use ruststack_sns_core::config::SnsConfig;
-#[cfg(feature = "sns")]
-use ruststack_sns_core::handler::RustStackSnsHandler;
-#[cfg(feature = "sns")]
-use ruststack_sns_core::provider::RustStackSns;
-#[cfg(feature = "sns")]
-use ruststack_sns_http::service::{SnsHttpConfig, SnsHttpService};
-
-#[cfg(feature = "lambda")]
-use ruststack_lambda_core::config::LambdaConfig;
-#[cfg(feature = "lambda")]
-use ruststack_lambda_core::handler::RustStackLambdaHandler;
-#[cfg(feature = "lambda")]
-use ruststack_lambda_core::provider::RustStackLambda;
-#[cfg(feature = "lambda")]
-use ruststack_lambda_http::service::{LambdaHttpConfig, LambdaHttpService};
-
-#[cfg(feature = "events")]
-use crate::events_bridge::LocalTargetDelivery;
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_core::config::DynamoDBStreamsConfig;
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_core::emitter::{
+ DynamoDBStreamEmitter, DynamoDBStreamLifecycleManager,
+};
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_core::handler::RustStackDynamoDBStreamsHandler;
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_core::provider::RustStackDynamoDBStreams;
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_core::storage::StreamStore;
+#[cfg(feature = "dynamodbstreams")]
+use ruststack_dynamodbstreams_http::service::{
+ DynamoDBStreamsHttpConfig, DynamoDBStreamsHttpService,
+};
#[cfg(feature = "events")]
use ruststack_events_core::config::EventsConfig;
#[cfg(feature = "events")]
@@ -97,25 +85,16 @@ use ruststack_events_core::handler::RustStackEventsHandler;
use ruststack_events_core::provider::RustStackEvents;
#[cfg(feature = "events")]
use ruststack_events_http::service::{EventsHttpConfig, EventsHttpService};
-
-#[cfg(feature = "logs")]
-use ruststack_logs_core::config::LogsConfig;
-#[cfg(feature = "logs")]
-use ruststack_logs_core::handler::RustStackLogsHandler;
-#[cfg(feature = "logs")]
-use ruststack_logs_core::provider::RustStackLogs;
-#[cfg(feature = "logs")]
-use ruststack_logs_http::service::{LogsHttpConfig, LogsHttpService};
-
-#[cfg(feature = "kms")]
-use ruststack_kms_core::config::KmsConfig;
-#[cfg(feature = "kms")]
-use ruststack_kms_core::handler::RustStackKmsHandler;
-#[cfg(feature = "kms")]
-use ruststack_kms_core::provider::RustStackKms;
-#[cfg(feature = "kms")]
-use ruststack_kms_http::service::{KmsHttpConfig, KmsHttpService};
-
+#[cfg(feature = "iam")]
+use ruststack_iam_core::config::IamConfig;
+#[cfg(feature = "iam")]
+use ruststack_iam_core::handler::RustStackIamHandler;
+#[cfg(feature = "iam")]
+use ruststack_iam_core::provider::RustStackIam;
+#[cfg(feature = "iam")]
+use ruststack_iam_core::store::IamStore;
+#[cfg(feature = "iam")]
+use ruststack_iam_http::service::{IamHttpConfig, IamHttpService};
#[cfg(feature = "kinesis")]
use ruststack_kinesis_core::config::KinesisConfig;
#[cfg(feature = "kinesis")]
@@ -124,7 +103,34 @@ use ruststack_kinesis_core::handler::RustStackKinesisHandler;
use ruststack_kinesis_core::provider::RustStackKinesis;
#[cfg(feature = "kinesis")]
use ruststack_kinesis_http::service::{KinesisHttpConfig, KinesisHttpService};
-
+#[cfg(feature = "kms")]
+use ruststack_kms_core::config::KmsConfig;
+#[cfg(feature = "kms")]
+use ruststack_kms_core::handler::RustStackKmsHandler;
+#[cfg(feature = "kms")]
+use ruststack_kms_core::provider::RustStackKms;
+#[cfg(feature = "kms")]
+use ruststack_kms_http::service::{KmsHttpConfig, KmsHttpService};
+#[cfg(feature = "lambda")]
+use ruststack_lambda_core::config::LambdaConfig;
+#[cfg(feature = "lambda")]
+use ruststack_lambda_core::handler::RustStackLambdaHandler;
+#[cfg(feature = "lambda")]
+use ruststack_lambda_core::provider::RustStackLambda;
+#[cfg(feature = "lambda")]
+use ruststack_lambda_http::service::{LambdaHttpConfig, LambdaHttpService};
+#[cfg(feature = "logs")]
+use ruststack_logs_core::config::LogsConfig;
+#[cfg(feature = "logs")]
+use ruststack_logs_core::handler::RustStackLogsHandler;
+#[cfg(feature = "logs")]
+use ruststack_logs_core::provider::RustStackLogs;
+#[cfg(feature = "logs")]
+use ruststack_logs_http::service::{LogsHttpConfig, LogsHttpService};
+#[cfg(feature = "s3")]
+use ruststack_s3_core::{RustStackS3, S3Config};
+#[cfg(feature = "s3")]
+use ruststack_s3_http::service::{S3HttpConfig, S3HttpService};
#[cfg(feature = "secretsmanager")]
use ruststack_secretsmanager_core::config::SecretsManagerConfig;
#[cfg(feature = "secretsmanager")]
@@ -133,7 +139,6 @@ use ruststack_secretsmanager_core::handler::RustStackSecretsManagerHandler;
use ruststack_secretsmanager_core::provider::RustStackSecretsManager;
#[cfg(feature = "secretsmanager")]
use ruststack_secretsmanager_http::service::{SecretsManagerHttpConfig, SecretsManagerHttpService};
-
#[cfg(feature = "ses")]
use ruststack_ses_core::config::SesConfig;
#[cfg(feature = "ses")]
@@ -144,53 +149,30 @@ use ruststack_ses_core::provider::RustStackSes;
use ruststack_ses_http::service::{SesHttpConfig, SesHttpService};
#[cfg(feature = "ses")]
use ruststack_ses_http::v2::SesV2HttpService;
-
-#[cfg(feature = "apigatewayv2")]
-use ruststack_apigatewayv2_core::config::ApiGatewayV2Config;
-#[cfg(feature = "apigatewayv2")]
-use ruststack_apigatewayv2_core::handler::RustStackApiGatewayV2Handler;
-#[cfg(feature = "apigatewayv2")]
-use ruststack_apigatewayv2_core::provider::RustStackApiGatewayV2;
-#[cfg(feature = "apigatewayv2")]
-use ruststack_apigatewayv2_http::service::{ApiGatewayV2HttpConfig, ApiGatewayV2HttpService};
-
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_core::config::DynamoDBStreamsConfig;
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_core::emitter::{
- DynamoDBStreamEmitter, DynamoDBStreamLifecycleManager,
-};
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_core::handler::RustStackDynamoDBStreamsHandler;
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_core::provider::RustStackDynamoDBStreams;
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_core::storage::StreamStore;
-#[cfg(feature = "dynamodbstreams")]
-use ruststack_dynamodbstreams_http::service::{
- DynamoDBStreamsHttpConfig, DynamoDBStreamsHttpService,
-};
-
-#[cfg(feature = "cloudwatch")]
-use ruststack_cloudwatch_core::config::CloudWatchConfig;
-#[cfg(feature = "cloudwatch")]
-use ruststack_cloudwatch_core::handler::RustStackCloudWatchHandler;
-#[cfg(feature = "cloudwatch")]
-use ruststack_cloudwatch_core::provider::RustStackCloudWatch;
-#[cfg(feature = "cloudwatch")]
-use ruststack_cloudwatch_http::service::{CloudWatchHttpConfig, CloudWatchHttpService};
-
-#[cfg(feature = "iam")]
-use ruststack_iam_core::config::IamConfig;
-#[cfg(feature = "iam")]
-use ruststack_iam_core::handler::RustStackIamHandler;
-#[cfg(feature = "iam")]
-use ruststack_iam_core::provider::RustStackIam;
-#[cfg(feature = "iam")]
-use ruststack_iam_core::store::IamStore;
-#[cfg(feature = "iam")]
-use ruststack_iam_http::service::{IamHttpConfig, IamHttpService};
-
+#[cfg(feature = "sns")]
+use ruststack_sns_core::config::SnsConfig;
+#[cfg(feature = "sns")]
+use ruststack_sns_core::handler::RustStackSnsHandler;
+#[cfg(feature = "sns")]
+use ruststack_sns_core::provider::RustStackSns;
+#[cfg(feature = "sns")]
+use ruststack_sns_http::service::{SnsHttpConfig, SnsHttpService};
+#[cfg(feature = "sqs")]
+use ruststack_sqs_core::config::SqsConfig;
+#[cfg(feature = "sqs")]
+use ruststack_sqs_core::handler::RustStackSqsHandler;
+#[cfg(feature = "sqs")]
+use ruststack_sqs_core::provider::RustStackSqs;
+#[cfg(feature = "sqs")]
+use ruststack_sqs_http::service::{SqsHttpConfig, SqsHttpService};
+#[cfg(feature = "ssm")]
+use ruststack_ssm_core::config::SsmConfig;
+#[cfg(feature = "ssm")]
+use ruststack_ssm_core::handler::RustStackSsmHandler;
+#[cfg(feature = "ssm")]
+use ruststack_ssm_core::provider::RustStackSsm;
+#[cfg(feature = "ssm")]
+use ruststack_ssm_http::service::{SsmHttpConfig, SsmHttpService};
#[cfg(feature = "sts")]
use ruststack_sts_core::config::StsConfig;
#[cfg(feature = "sts")]
@@ -199,14 +181,15 @@ use ruststack_sts_core::handler::RustStackStsHandler;
use ruststack_sts_core::provider::RustStackSts;
#[cfg(feature = "sts")]
use ruststack_sts_http::service::{StsHttpConfig, StsHttpService};
+use tokio::net::TcpListener;
+use tracing::{info, warn};
+use tracing_subscriber::EnvFilter;
-#[cfg(feature = "s3")]
-use ruststack_s3_core::{RustStackS3, S3Config};
-#[cfg(feature = "s3")]
-use ruststack_s3_http::service::{S3HttpConfig, S3HttpService};
-
-use crate::gateway::GatewayService;
-use crate::service::ServiceRouter;
+#[cfg(feature = "events")]
+use crate::events_bridge::LocalTargetDelivery;
+#[cfg(feature = "sns")]
+use crate::sns_bridge::RustStackSqsPublisher;
+use crate::{gateway::GatewayService, service::ServiceRouter};
/// Server version reported in health check responses.
const VERSION: &str = env!("CARGO_PKG_VERSION");
@@ -630,8 +613,10 @@ fn parse_services_value(raw: &str) -> Vec {
/// Exits with code 0 if the response is 200 OK and contains at least one
/// running service, 1 otherwise.
async fn run_health_check(addr: &str) -> Result<()> {
- use tokio::io::{AsyncReadExt, AsyncWriteExt};
- use tokio::net::TcpStream;
+ use tokio::{
+ io::{AsyncReadExt, AsyncWriteExt},
+ net::TcpStream,
+ };
let mut stream = TcpStream::connect(addr)
.await
@@ -1029,8 +1014,8 @@ async fn main() -> Result<()> {
if services.is_empty() {
anyhow::bail!(
- "no services enabled. Check the SERVICES environment variable \
- and compiled feature flags."
+ "no services enabled. Check the SERVICES environment variable and compiled feature \
+ flags."
);
}
diff --git a/apps/ruststack-server/src/service.rs b/apps/ruststack-server/src/service.rs
index 9926a7e..f719755 100644
--- a/apps/ruststack-server/src/service.rs
+++ b/apps/ruststack-server/src/service.rs
@@ -6,14 +6,10 @@
//!
//! [`GatewayBody`] is a type-erased HTTP response body shared by all services.
-use std::convert::Infallible;
-use std::future::Future;
-use std::io;
-use std::pin::Pin;
+use std::{convert::Infallible, future::Future, io, pin::Pin};
use bytes::Bytes;
-use http_body_util::combinators::BoxBody;
-use http_body_util::{BodyExt, Full};
+use http_body_util::{BodyExt, Full, combinators::BoxBody};
use hyper::body::Incoming;
/// Type-erased response body used by the gateway.
@@ -53,15 +49,11 @@ pub trait ServiceRouter: Send + Sync {
#[cfg(feature = "s3")]
mod s3_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_s3_http::dispatch::S3Handler;
- use ruststack_s3_http::service::S3HttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_s3_http::{dispatch::S3Handler, service::S3HttpService};
use super::{GatewayBody, ServiceRouter};
@@ -113,15 +105,11 @@ pub use s3_router::S3ServiceRouter;
#[cfg(feature = "dynamodb")]
mod dynamodb_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_dynamodb_http::dispatch::DynamoDBHandler;
- use ruststack_dynamodb_http::service::DynamoDBHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_dynamodb_http::{dispatch::DynamoDBHandler, service::DynamoDBHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -174,15 +162,13 @@ pub use dynamodb_router::DynamoDBServiceRouter;
#[cfg(feature = "dynamodbstreams")]
mod dynamodbstreams_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_dynamodbstreams_http::dispatch::DynamoDBStreamsHandler;
- use ruststack_dynamodbstreams_http::service::DynamoDBStreamsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_dynamodbstreams_http::{
+ dispatch::DynamoDBStreamsHandler, service::DynamoDBStreamsHttpService,
+ };
use super::{GatewayBody, ServiceRouter};
@@ -235,15 +221,11 @@ pub use dynamodbstreams_router::DynamoDBStreamsServiceRouter;
#[cfg(feature = "sqs")]
mod sqs_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_sqs_http::dispatch::SqsHandler;
- use ruststack_sqs_http::service::SqsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_sqs_http::{dispatch::SqsHandler, service::SqsHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -296,15 +278,11 @@ pub use sqs_router::SqsServiceRouter;
#[cfg(feature = "ssm")]
mod ssm_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_ssm_http::dispatch::SsmHandler;
- use ruststack_ssm_http::service::SsmHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_ssm_http::{dispatch::SsmHandler, service::SsmHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -357,15 +335,11 @@ pub use ssm_router::SsmServiceRouter;
#[cfg(feature = "sns")]
mod sns_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_sns_http::dispatch::SnsHandler;
- use ruststack_sns_http::service::SnsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_sns_http::{dispatch::SnsHandler, service::SnsHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -448,15 +422,11 @@ pub use sns_router::SnsServiceRouter;
#[cfg(feature = "lambda")]
mod lambda_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_lambda_http::dispatch::LambdaHandler;
- use ruststack_lambda_http::service::LambdaHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_lambda_http::{dispatch::LambdaHandler, service::LambdaHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -491,6 +461,27 @@ mod lambda_router {
}
}
}
+ // Layer paths (e.g., /2018-10-31/layers/{name}/versions).
+ if path.contains("/layers") {
+ if let Some(rest) = path.strip_prefix('/') {
+ let parts: Vec<&str> = rest.splitn(2, '/').collect();
+ if parts.len() == 2 && parts[0].len() == 10 && parts[1].starts_with("layers") {
+ return true;
+ }
+ }
+ }
+ // Event source mapping paths (e.g., /2015-03-31/event-source-mappings/).
+ if path.contains("/event-source-mappings") {
+ if let Some(rest) = path.strip_prefix('/') {
+ let parts: Vec<&str> = rest.splitn(2, '/').collect();
+ if parts.len() == 2
+ && parts[0].len() == 10
+ && parts[1].starts_with("event-source-mappings")
+ {
+ return true;
+ }
+ }
+ }
// Function URL invocation paths.
path.starts_with("/lambda-url/")
}
@@ -543,15 +534,11 @@ pub use lambda_router::LambdaServiceRouter;
#[cfg(feature = "events")]
mod events_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_events_http::dispatch::EventsHandler;
- use ruststack_events_http::service::EventsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_events_http::{dispatch::EventsHandler, service::EventsHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -604,15 +591,11 @@ pub use events_router::EventsServiceRouter;
#[cfg(feature = "logs")]
mod logs_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_logs_http::dispatch::LogsHandler;
- use ruststack_logs_http::service::LogsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_logs_http::{dispatch::LogsHandler, service::LogsHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -665,15 +648,11 @@ pub use logs_router::LogsServiceRouter;
#[cfg(feature = "kms")]
mod kms_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_kms_http::dispatch::KmsHandler;
- use ruststack_kms_http::service::KmsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_kms_http::{dispatch::KmsHandler, service::KmsHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -726,15 +705,11 @@ pub use kms_router::KmsServiceRouter;
#[cfg(feature = "kinesis")]
mod kinesis_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_kinesis_http::dispatch::KinesisHandler;
- use ruststack_kinesis_http::service::KinesisHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_kinesis_http::{dispatch::KinesisHandler, service::KinesisHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -787,15 +762,13 @@ pub use kinesis_router::KinesisServiceRouter;
#[cfg(feature = "secretsmanager")]
mod secretsmanager_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_secretsmanager_http::dispatch::SecretsManagerHandler;
- use ruststack_secretsmanager_http::service::SecretsManagerHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_secretsmanager_http::{
+ dispatch::SecretsManagerHandler, service::SecretsManagerHttpService,
+ };
use super::{GatewayBody, ServiceRouter};
@@ -848,16 +821,11 @@ pub use secretsmanager_router::SecretsManagerServiceRouter;
#[cfg(feature = "ses")]
mod ses_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_ses_http::dispatch::SesHandler;
- use ruststack_ses_http::service::SesHttpService;
- use ruststack_ses_http::v2::SesV2HttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_ses_http::{dispatch::SesHandler, service::SesHttpService, v2::SesV2HttpService};
use super::{GatewayBody, ServiceRouter};
@@ -978,7 +946,8 @@ mod ses_router {
headers.insert(
"authorization",
http::HeaderValue::from_static(
- "AWS4-HMAC-SHA256 Credential=test/20260319/us-east-1/ses/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=abc123",
+ "AWS4-HMAC-SHA256 Credential=test/20260319/us-east-1/ses/aws4_request, \
+ SignedHeaders=content-type;host;x-amz-date, Signature=abc123",
),
);
assert_eq!(extract_sigv4_service(&headers), Some("ses"));
@@ -990,7 +959,8 @@ mod ses_router {
headers.insert(
"authorization",
http::HeaderValue::from_static(
- "AWS4-HMAC-SHA256 Credential=AKID/20260319/us-east-1/email/aws4_request, SignedHeaders=host, Signature=abc123",
+ "AWS4-HMAC-SHA256 Credential=AKID/20260319/us-east-1/email/aws4_request, \
+ SignedHeaders=host, Signature=abc123",
),
);
assert_eq!(extract_sigv4_service(&headers), Some("email"));
@@ -1002,7 +972,8 @@ mod ses_router {
headers.insert(
"authorization",
http::HeaderValue::from_static(
- "AWS4-HMAC-SHA256 Credential=AKID/20260319/us-east-1/sns/aws4_request, SignedHeaders=host, Signature=abc123",
+ "AWS4-HMAC-SHA256 Credential=AKID/20260319/us-east-1/sns/aws4_request, \
+ SignedHeaders=host, Signature=abc123",
),
);
assert_eq!(extract_sigv4_service(&headers), Some("sns"));
@@ -1035,19 +1006,18 @@ pub use ses_router::SesServiceRouter;
#[cfg(feature = "apigatewayv2")]
mod apigatewayv2_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
- use std::sync::Arc;
+ use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_apigatewayv2_core::execution::{handle_execution, parse_execution_path};
- use ruststack_apigatewayv2_core::provider::RustStackApiGatewayV2;
- use ruststack_apigatewayv2_http::dispatch::ApiGatewayV2Handler;
- use ruststack_apigatewayv2_http::service::ApiGatewayV2HttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_apigatewayv2_core::{
+ execution::{handle_execution, parse_execution_path},
+ provider::RustStackApiGatewayV2,
+ };
+ use ruststack_apigatewayv2_http::{
+ dispatch::ApiGatewayV2Handler, service::ApiGatewayV2HttpService,
+ };
use super::{GatewayBody, ServiceRouter, gateway_body_from_string};
@@ -1223,15 +1193,11 @@ pub use apigatewayv2_router::{ApiGatewayV2ExecutionRouter, ApiGatewayV2Managemen
#[cfg(feature = "cloudwatch")]
mod cloudwatch_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_cloudwatch_http::dispatch::CloudWatchHandler;
- use ruststack_cloudwatch_http::service::CloudWatchHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_cloudwatch_http::{dispatch::CloudWatchHandler, service::CloudWatchHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -1276,8 +1242,8 @@ mod cloudwatch_router {
/// CloudWatch Metrics matches in three ways:
/// 1. awsQuery: form-urlencoded POST signed with `monitoring` SigV4 service.
/// 2. rpcv2Cbor path: POST to `/service/GraniteServiceVersion20100801/...`.
- /// 3. rpcv2Cbor header: POST with `smithy-protocol: rpc-v2-cbor` signed
- /// with `monitoring` SigV4 service (AWS SDK v1.108+).
+ /// 3. rpcv2Cbor header: POST with `smithy-protocol: rpc-v2-cbor` signed with `monitoring`
+ /// SigV4 service (AWS SDK v1.108+).
fn matches(&self, req: &http::Request) -> bool {
if *req.method() != http::Method::POST {
return false;
@@ -1347,15 +1313,11 @@ pub use cloudwatch_router::CloudWatchServiceRouter;
#[cfg(feature = "iam")]
mod iam_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_iam_http::dispatch::IamHandler;
- use ruststack_iam_http::service::IamHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_iam_http::{dispatch::IamHandler, service::IamHttpService};
use super::{GatewayBody, ServiceRouter};
@@ -1437,15 +1399,11 @@ pub use iam_router::IamServiceRouter;
#[cfg(feature = "sts")]
mod sts_router {
- use std::convert::Infallible;
- use std::future::Future;
- use std::pin::Pin;
+ use std::{convert::Infallible, future::Future, pin::Pin};
use http_body_util::BodyExt;
- use hyper::body::Incoming;
- use hyper::service::Service;
- use ruststack_sts_http::dispatch::StsHandler;
- use ruststack_sts_http::service::StsHttpService;
+ use hyper::{body::Incoming, service::Service};
+ use ruststack_sts_http::{dispatch::StsHandler, service::StsHttpService};
use super::{GatewayBody, ServiceRouter};
diff --git a/apps/ruststack-server/src/sns_bridge.rs b/apps/ruststack-server/src/sns_bridge.rs
index 8e7db93..c34bb9e 100644
--- a/apps/ruststack-server/src/sns_bridge.rs
+++ b/apps/ruststack-server/src/sns_bridge.rs
@@ -7,9 +7,10 @@
use std::sync::Arc;
use async_trait::async_trait;
-
-use ruststack_sns_core::config::SnsConfig;
-use ruststack_sns_core::publisher::{DeliveryError, SqsPublisher};
+use ruststack_sns_core::{
+ config::SnsConfig,
+ publisher::{DeliveryError, SqsPublisher},
+};
use ruststack_sqs_core::provider::RustStackSqs;
use ruststack_sqs_model::input::SendMessageInput;
diff --git a/crates/ruststack-apigatewayv2-core/src/execution/http_proxy.rs b/crates/ruststack-apigatewayv2-core/src/execution/http_proxy.rs
index 03278bb..0b7c563 100644
--- a/crates/ruststack-apigatewayv2-core/src/execution/http_proxy.rs
+++ b/crates/ruststack-apigatewayv2-core/src/execution/http_proxy.rs
@@ -4,9 +4,9 @@
use bytes::Bytes;
-use crate::error::ApiGatewayV2ServiceError;
-use crate::provider::RustStackApiGatewayV2;
-use crate::storage::IntegrationRecord;
+use crate::{
+ error::ApiGatewayV2ServiceError, provider::RustStackApiGatewayV2, storage::IntegrationRecord,
+};
/// Handle an HTTP proxy integration.
///
diff --git a/crates/ruststack-apigatewayv2-core/src/execution/lambda_proxy.rs b/crates/ruststack-apigatewayv2-core/src/execution/lambda_proxy.rs
index 34c9365..97f41f8 100644
--- a/crates/ruststack-apigatewayv2-core/src/execution/lambda_proxy.rs
+++ b/crates/ruststack-apigatewayv2-core/src/execution/lambda_proxy.rs
@@ -8,11 +8,10 @@ use std::collections::HashMap;
use bytes::Bytes;
use serde::Deserialize;
-use crate::error::ApiGatewayV2ServiceError;
-use crate::provider::RustStackApiGatewayV2;
-use crate::storage::IntegrationRecord;
-
use super::event::build_lambda_event;
+use crate::{
+ error::ApiGatewayV2ServiceError, provider::RustStackApiGatewayV2, storage::IntegrationRecord,
+};
/// Lambda function response (payload format version 2.0).
#[derive(Debug, Deserialize)]
diff --git a/crates/ruststack-apigatewayv2-core/src/execution/mock_integration.rs b/crates/ruststack-apigatewayv2-core/src/execution/mock_integration.rs
index 0d152bd..30a1b7a 100644
--- a/crates/ruststack-apigatewayv2-core/src/execution/mock_integration.rs
+++ b/crates/ruststack-apigatewayv2-core/src/execution/mock_integration.rs
@@ -4,8 +4,7 @@
use bytes::Bytes;
-use crate::error::ApiGatewayV2ServiceError;
-use crate::storage::IntegrationRecord;
+use crate::{error::ApiGatewayV2ServiceError, storage::IntegrationRecord};
/// Handle a mock integration.
///
diff --git a/crates/ruststack-apigatewayv2-core/src/execution/mod.rs b/crates/ruststack-apigatewayv2-core/src/execution/mod.rs
index eedb499..1b2e1b3 100644
--- a/crates/ruststack-apigatewayv2-core/src/execution/mod.rs
+++ b/crates/ruststack-apigatewayv2-core/src/execution/mod.rs
@@ -13,8 +13,7 @@ pub mod router;
use bytes::Bytes;
use ruststack_apigatewayv2_model::types::IntegrationType;
-use crate::error::ApiGatewayV2ServiceError;
-use crate::provider::RustStackApiGatewayV2;
+use crate::{error::ApiGatewayV2ServiceError, provider::RustStackApiGatewayV2};
/// Target for an API execution request.
#[derive(Debug)]
diff --git a/crates/ruststack-apigatewayv2-core/src/handler.rs b/crates/ruststack-apigatewayv2-core/src/handler.rs
index 216784b..bc83400 100644
--- a/crates/ruststack-apigatewayv2-core/src/handler.rs
+++ b/crates/ruststack-apigatewayv2-core/src/handler.rs
@@ -6,20 +6,18 @@
//! Uses manual `Pin>` return types because the `ApiGatewayV2Handler`
//! trait requires object safety for `Arc`.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_apigatewayv2_http::body::ApiGatewayV2ResponseBody;
-use ruststack_apigatewayv2_http::dispatch::ApiGatewayV2Handler;
-use ruststack_apigatewayv2_http::response::{empty_response, json_response};
-use ruststack_apigatewayv2_http::router::PathParams;
-use ruststack_apigatewayv2_model::error::ApiGatewayV2Error;
+use ruststack_apigatewayv2_http::{
+ body::ApiGatewayV2ResponseBody,
+ dispatch::ApiGatewayV2Handler,
+ response::{empty_response, json_response},
+ router::PathParams,
+};
#[allow(clippy::wildcard_imports)]
use ruststack_apigatewayv2_model::input::*;
-use ruststack_apigatewayv2_model::operations::ApiGatewayV2Operation;
+use ruststack_apigatewayv2_model::{error::ApiGatewayV2Error, operations::ApiGatewayV2Operation};
use crate::provider::RustStackApiGatewayV2;
diff --git a/crates/ruststack-apigatewayv2-core/src/provider.rs b/crates/ruststack-apigatewayv2-core/src/provider.rs
index 1f34454..4dc53be 100644
--- a/crates/ruststack-apigatewayv2-core/src/provider.rs
+++ b/crates/ruststack-apigatewayv2-core/src/provider.rs
@@ -3,12 +3,9 @@
//! Implements all 56 API Gateway v2 operations, maintaining internal storage
//! and converting between model input/output types and internal records.
-use std::collections::HashMap;
-use std::sync::Arc;
+use std::{collections::HashMap, sync::Arc};
use chrono::Utc;
-use tracing::info;
-
#[allow(clippy::wildcard_imports)]
use ruststack_apigatewayv2_model::input::*;
#[allow(clippy::wildcard_imports)]
@@ -18,13 +15,16 @@ use ruststack_apigatewayv2_model::types::{
DeploymentStatus, DomainName, Integration, Model, MutualTlsAuthentication, Route,
RouteResponse, Stage, TlsConfig, VpcLink, VpcLinkStatus, VpcLinkVersion,
};
+use tracing::info;
-use crate::config::ApiGatewayV2Config;
-use crate::error::ApiGatewayV2ServiceError;
-use crate::storage::{
- ApiMappingRecord, ApiRecord, ApiStore, AuthorizerRecord, DeploymentRecord, DomainNameRecord,
- IntegrationRecord, ModelRecord, RouteRecord, RouteResponseRecord, StageRecord, VpcLinkRecord,
- generate_id,
+use crate::{
+ config::ApiGatewayV2Config,
+ error::ApiGatewayV2ServiceError,
+ storage::{
+ ApiMappingRecord, ApiRecord, ApiStore, AuthorizerRecord, DeploymentRecord,
+ DomainNameRecord, IntegrationRecord, ModelRecord, RouteRecord, RouteResponseRecord,
+ StageRecord, VpcLinkRecord, generate_id,
+ },
};
/// Main API Gateway v2 provider. Owns resource storage and configuration.
diff --git a/crates/ruststack-apigatewayv2-core/src/storage.rs b/crates/ruststack-apigatewayv2-core/src/storage.rs
index 06bae7a..b35cef5 100644
--- a/crates/ruststack-apigatewayv2-core/src/storage.rs
+++ b/crates/ruststack-apigatewayv2-core/src/storage.rs
@@ -9,7 +9,6 @@ use std::collections::HashMap;
use chrono::{DateTime, Utc};
use dashmap::DashMap;
use rand::Rng;
-
use ruststack_apigatewayv2_model::types::{
AccessLogSettings, AuthorizationType, AuthorizerType, ConnectionType, ContentHandlingStrategy,
Cors, DeploymentStatus, DomainNameConfiguration, IntegrationType, IpAddressType,
diff --git a/crates/ruststack-apigatewayv2-http/src/body.rs b/crates/ruststack-apigatewayv2-http/src/body.rs
index 82bacfc..313ebac 100644
--- a/crates/ruststack-apigatewayv2-http/src/body.rs
+++ b/crates/ruststack-apigatewayv2-http/src/body.rs
@@ -1,7 +1,9 @@
//! API Gateway v2 HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-apigatewayv2-http/src/dispatch.rs b/crates/ruststack-apigatewayv2-http/src/dispatch.rs
index 23534ad..edc9e04 100644
--- a/crates/ruststack-apigatewayv2-http/src/dispatch.rs
+++ b/crates/ruststack-apigatewayv2-http/src/dispatch.rs
@@ -3,16 +3,12 @@
//! Uses manual `Pin>` return types because `ApiGatewayV2Handler`
//! requires object safety for dynamic dispatch (`Arc`).
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
+use ruststack_apigatewayv2_model::{error::ApiGatewayV2Error, operations::ApiGatewayV2Operation};
-use ruststack_apigatewayv2_model::error::ApiGatewayV2Error;
-use ruststack_apigatewayv2_model::operations::ApiGatewayV2Operation;
-
-use crate::body::ApiGatewayV2ResponseBody;
-use crate::router::PathParams;
+use crate::{body::ApiGatewayV2ResponseBody, router::PathParams};
/// The boundary between HTTP and business logic for API Gateway v2.
///
diff --git a/crates/ruststack-apigatewayv2-http/src/response.rs b/crates/ruststack-apigatewayv2-http/src/response.rs
index 8bdb6e9..0b9e529 100644
--- a/crates/ruststack-apigatewayv2-http/src/response.rs
+++ b/crates/ruststack-apigatewayv2-http/src/response.rs
@@ -4,9 +4,8 @@
//! `{"message": "..."}`
use bytes::Bytes;
-use serde::Serialize;
-
use ruststack_apigatewayv2_model::error::ApiGatewayV2Error;
+use serde::Serialize;
/// Content type for API Gateway v2 JSON responses.
pub const CONTENT_TYPE: &str = "application/json";
@@ -74,9 +73,10 @@ pub fn empty_response(status: u16) -> Result, ApiGatewayV2
#[cfg(test)]
mod tests {
- use super::*;
use ruststack_apigatewayv2_model::error::ApiGatewayV2ErrorCode;
+ use super::*;
+
#[test]
fn test_should_format_error_with_lowercase_message() {
let err = ApiGatewayV2Error::with_message(
diff --git a/crates/ruststack-apigatewayv2-http/src/router.rs b/crates/ruststack-apigatewayv2-http/src/router.rs
index eb4b53d..2309edf 100644
--- a/crates/ruststack-apigatewayv2-http/src/router.rs
+++ b/crates/ruststack-apigatewayv2-http/src/router.rs
@@ -5,8 +5,10 @@
use std::collections::HashMap;
-use ruststack_apigatewayv2_model::error::ApiGatewayV2Error;
-use ruststack_apigatewayv2_model::operations::{APIGATEWAYV2_ROUTES, ApiGatewayV2Operation};
+use ruststack_apigatewayv2_model::{
+ error::ApiGatewayV2Error,
+ operations::{APIGATEWAYV2_ROUTES, ApiGatewayV2Operation},
+};
/// Extracted path parameters from a matched route.
#[derive(Debug, Clone, Default)]
diff --git a/crates/ruststack-apigatewayv2-http/src/service.rs b/crates/ruststack-apigatewayv2-http/src/service.rs
index cfd06b2..6a8f17d 100644
--- a/crates/ruststack-apigatewayv2-http/src/service.rs
+++ b/crates/ruststack-apigatewayv2-http/src/service.rs
@@ -1,20 +1,18 @@
//! API Gateway v2 HTTP service implementing the hyper `Service` trait.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
+use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
-use bytes::Bytes;
use ruststack_apigatewayv2_model::error::ApiGatewayV2Error;
-use crate::body::ApiGatewayV2ResponseBody;
-use crate::dispatch::{ApiGatewayV2Handler, dispatch_operation};
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::ApiGatewayV2ResponseBody,
+ dispatch::{ApiGatewayV2Handler, dispatch_operation},
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the API Gateway v2 HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-auth/src/canonical.rs b/crates/ruststack-auth/src/canonical.rs
index b6e700a..f350546 100644
--- a/crates/ruststack-auth/src/canonical.rs
+++ b/crates/ruststack-auth/src/canonical.rs
@@ -68,9 +68,11 @@ pub fn build_canonical_request(
let canonical_headers = build_canonical_headers(headers, signed_headers);
let signed_headers_str = build_signed_headers_string(signed_headers);
- format!(
+ #[rustfmt::skip]
+ let result = format!(
"{method}\n{canonical_uri}\n{canonical_query}\n{canonical_headers}\n\n{signed_headers_str}\n{payload_hash}"
- )
+ );
+ result
}
/// Build the canonical URI by URI-encoding each path segment individually.
@@ -300,6 +302,7 @@ mod tests {
&headers.iter().map(|(k, v)| (*k, *v)).collect::>(),
&signed,
);
+ #[rustfmt::skip]
let expected = "host:examplebucket.s3.amazonaws.com\n\
range:bytes=0-9\n\
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n\
@@ -351,6 +354,7 @@ mod tests {
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
);
+ #[rustfmt::skip]
let expected = "GET\n\
/test.txt\n\
\n\
@@ -373,11 +377,9 @@ mod tests {
#[test]
fn test_should_handle_presigned_url_query_string() {
- let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256\
- &X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request\
- &X-Amz-Date=20130524T000000Z\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host";
+ let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%\
+ 2F20130524%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&\
+ X-Amz-Expires=86400&X-Amz-SignedHeaders=host";
let result = build_canonical_query_string(query);
// Should be sorted, raw values preserved
assert!(result.contains("X-Amz-Algorithm=AWS4-HMAC-SHA256"));
diff --git a/crates/ruststack-auth/src/credentials.rs b/crates/ruststack-auth/src/credentials.rs
index 23d37db..811f383 100644
--- a/crates/ruststack-auth/src/credentials.rs
+++ b/crates/ruststack-auth/src/credentials.rs
@@ -44,7 +44,8 @@ pub struct StaticCredentialProvider {
}
impl StaticCredentialProvider {
- /// Create a new `StaticCredentialProvider` from an iterable of (access_key_id, secret_key) pairs.
+ /// Create a new `StaticCredentialProvider` from an iterable of (access_key_id, secret_key)
+ /// pairs.
pub fn new(credentials: impl IntoIterator- ) -> Self {
Self {
credentials: credentials.into_iter().collect(),
diff --git a/crates/ruststack-auth/src/presigned.rs b/crates/ruststack-auth/src/presigned.rs
index f8cc2fe..924ab15 100644
--- a/crates/ruststack-auth/src/presigned.rs
+++ b/crates/ruststack-auth/src/presigned.rs
@@ -19,13 +19,15 @@ use sha2::{Digest, Sha256};
use subtle::ConstantTimeEq;
use tracing::debug;
-use crate::canonical::{
- build_canonical_headers, build_canonical_query_string, build_canonical_uri,
- build_signed_headers_string,
+use crate::{
+ canonical::{
+ build_canonical_headers, build_canonical_query_string, build_canonical_uri,
+ build_signed_headers_string,
+ },
+ credentials::CredentialProvider,
+ error::AuthError,
+ sigv4::{AuthResult, build_string_to_sign, compute_signature, derive_signing_key},
};
-use crate::credentials::CredentialProvider;
-use crate::error::AuthError;
-use crate::sigv4::{AuthResult, build_string_to_sign, compute_signature, derive_signing_key};
/// The payload hash value used for all presigned URL requests.
const UNSIGNED_PAYLOAD: &str = "UNSIGNED-PAYLOAD";
@@ -166,6 +168,7 @@ pub fn verify_presigned(
let signed_headers_str = build_signed_headers_string(&signed_header_refs);
// For presigned URLs, the payload hash is always UNSIGNED-PAYLOAD.
+ #[rustfmt::skip]
let canonical_request = format!(
"{method}\n{canonical_uri}\n{canonical_query}\n{canonical_headers}\n\n{signed_headers_str}\n{UNSIGNED_PAYLOAD}"
);
@@ -292,12 +295,8 @@ mod tests {
#[test]
fn test_should_parse_presigned_params() {
- let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256\
- &X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request\
- &X-Amz-Date=20130524T000000Z\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host\
- &X-Amz-Signature=aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404";
+ #[rustfmt::skip]
+ let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404";
let parsed = parse_presigned_params(query).unwrap();
assert_eq!(parsed.algorithm, "AWS4-HMAC-SHA256");
@@ -316,11 +315,9 @@ mod tests {
#[test]
fn test_should_reject_missing_algorithm_param() {
- let query = "X-Amz-Credential=AKID%2F20130524%2Fus-east-1%2Fs3%2Faws4_request\
- &X-Amz-Date=20130524T000000Z\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host\
- &X-Amz-Signature=abc";
+ let query = "X-Amz-Credential=AKID%2F20130524%2Fus-east-1%2Fs3%2Faws4_request&\
+ X-Amz-Date=20130524T000000Z&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&\
+ X-Amz-Signature=abc";
let result = parse_presigned_params(query);
assert!(matches!(result, Err(AuthError::MissingQueryParam(_))));
@@ -343,12 +340,9 @@ mod tests {
#[test]
fn test_should_build_query_string_without_signature() {
- let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256\
- &X-Amz-Credential=AKID%2F20130524%2Fus-east-1%2Fs3%2Faws4_request\
- &X-Amz-Date=20130524T000000Z\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host\
- &X-Amz-Signature=abc123";
+ let query = "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKID%2F20130524%\
+ 2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&\
+ X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=abc123";
let result = build_canonical_query_string_without_signature(query);
assert!(!result.contains("X-Amz-Signature"));
@@ -367,17 +361,11 @@ mod tests {
let signing_key = derive_signing_key(TEST_SECRET_KEY, "20130524", "us-east-1", "s3");
// Build canonical request for the presigned URL test vector.
- let canonical_request = "GET\n\
- /test.txt\n\
- X-Amz-Algorithm=AWS4-HMAC-SHA256\
- &X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%2Fs3%2Faws4_request\
- &X-Amz-Date=20130524T000000Z\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host\n\
- host:examplebucket.s3.amazonaws.com\n\
- \n\
- host\n\
- UNSIGNED-PAYLOAD";
+ let canonical_request = "GET\n/test.txt\nX-Amz-Algorithm=AWS4-HMAC-SHA256&\
+ X-Amz-Credential=AKIAIOSFODNN7EXAMPLE%2F20130524%2Fus-east-1%\
+ 2Fs3%2Faws4_request&X-Amz-Date=20130524T000000Z&\
+ X-Amz-Expires=86400&X-Amz-SignedHeaders=host\nhost:examplebucket.\
+ s3.amazonaws.com\n\nhost\nUNSIGNED-PAYLOAD";
let canonical_hash = hex::encode(Sha256::digest(canonical_request.as_bytes()));
assert_eq!(
@@ -411,16 +399,14 @@ mod tests {
// Build the canonical request components.
let canonical_uri = "/test.txt";
let query_without_sig = format!(
- "X-Amz-Algorithm=AWS4-HMAC-SHA256\
- &X-Amz-Credential={}\
- &X-Amz-Date={timestamp}\
- &X-Amz-Expires=86400\
- &X-Amz-SignedHeaders=host",
+ "X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential={}&X-Amz-Date={timestamp}&\
+ X-Amz-Expires=86400&X-Amz-SignedHeaders=host",
percent_encoding::utf8_percent_encode(&credential, percent_encoding::NON_ALPHANUMERIC)
);
let canonical_query = build_canonical_query_string(&query_without_sig);
+ #[rustfmt::skip]
let canonical_request = format!(
"GET\n{canonical_uri}\n{canonical_query}\nhost:examplebucket.s3.amazonaws.com\n\nhost\nUNSIGNED-PAYLOAD"
);
diff --git a/crates/ruststack-auth/src/sigv2.rs b/crates/ruststack-auth/src/sigv2.rs
index 7cd3874..5c3c2e7 100644
--- a/crates/ruststack-auth/src/sigv2.rs
+++ b/crates/ruststack-auth/src/sigv2.rs
@@ -20,16 +20,13 @@
use std::collections::BTreeMap;
-use base64::Engine;
-use base64::engine::general_purpose::STANDARD as BASE64;
+use base64::{Engine, engine::general_purpose::STANDARD as BASE64};
use hmac::{Hmac, Mac};
use sha1::Sha1;
use subtle::ConstantTimeEq;
use tracing::debug;
-use crate::credentials::CredentialProvider;
-use crate::error::AuthError;
-use crate::sigv4::AuthResult;
+use crate::{credentials::CredentialProvider, error::AuthError, sigv4::AuthResult};
type HmacSha1 = Hmac;
diff --git a/crates/ruststack-auth/src/sigv4.rs b/crates/ruststack-auth/src/sigv4.rs
index e699d6b..b94d0fd 100644
--- a/crates/ruststack-auth/src/sigv4.rs
+++ b/crates/ruststack-auth/src/sigv4.rs
@@ -2,13 +2,13 @@
//!
//! This module implements the core SigV4 signature verification flow:
//!
-//! 1. Parse the `Authorization` header to extract the algorithm, credential scope,
-//! signed headers, and provided signature.
+//! 1. Parse the `Authorization` header to extract the algorithm, credential scope, signed headers,
+//! and provided signature.
//! 2. Reconstruct the canonical request from the HTTP request parts.
//! 3. Build the string to sign from the timestamp, credential scope, and canonical request hash.
//! 4. Derive the signing key using HMAC-SHA256 from the secret key and credential scope components.
-//! 5. Compute the expected signature and compare it to the provided signature using
-//! constant-time comparison.
+//! 5. Compute the expected signature and compare it to the provided signature using constant-time
+//! comparison.
//!
//! The main entry point is [`verify_sigv4`].
@@ -17,9 +17,9 @@ use sha2::{Digest, Sha256};
use subtle::ConstantTimeEq;
use tracing::debug;
-use crate::canonical::build_canonical_request;
-use crate::credentials::CredentialProvider;
-use crate::error::AuthError;
+use crate::{
+ canonical::build_canonical_request, credentials::CredentialProvider, error::AuthError,
+};
/// The only algorithm supported by this implementation.
const SUPPORTED_ALGORITHM: &str = "AWS4-HMAC-SHA256";
@@ -72,7 +72,8 @@ pub struct ParsedAuth {
/// Returns [`AuthError::InvalidAuthHeader`] if the header format is invalid,
/// or [`AuthError::UnsupportedAlgorithm`] if the algorithm is not `AWS4-HMAC-SHA256`.
pub fn parse_authorization_header(header: &str) -> Result {
- // Split algorithm from the rest: "AWS4-HMAC-SHA256 Credential=...,SignedHeaders=...,Signature=..."
+ // Split algorithm from the rest: "AWS4-HMAC-SHA256
+ // Credential=...,SignedHeaders=...,Signature=..."
let (algorithm, rest) = header.split_once(' ').ok_or(AuthError::InvalidAuthHeader)?;
if algorithm != SUPPORTED_ALGORITHM {
@@ -361,8 +362,7 @@ pub fn hash_payload(payload: &[u8]) -> String {
#[cfg(test)]
mod tests {
use super::*;
- use crate::canonical::build_signed_headers_string;
- use crate::credentials::StaticCredentialProvider;
+ use crate::{canonical::build_signed_headers_string, credentials::StaticCredentialProvider};
const TEST_ACCESS_KEY: &str = "AKIAIOSFODNN7EXAMPLE";
const TEST_SECRET_KEY: &str = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
@@ -388,9 +388,9 @@ mod tests {
#[test]
fn test_should_parse_authorization_header() {
let header = "AWS4-HMAC-SHA256 \
- Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,\
- SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\
- Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41";
+ Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,\
+ SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\
+ Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41";
let parsed = parse_authorization_header(header).unwrap();
assert_eq!(parsed.algorithm, "AWS4-HMAC-SHA256");
@@ -410,16 +410,17 @@ mod tests {
#[test]
fn test_should_reject_unsupported_algorithm() {
- let header = "AWS4-HMAC-SHA512 Credential=AKID/20130524/us-east-1/s3/aws4_request,\
- SignedHeaders=host,Signature=abc";
+ let header = "AWS4-HMAC-SHA512 \
+ Credential=AKID/20130524/us-east-1/s3/aws4_request,SignedHeaders=host,\
+ Signature=abc";
let result = parse_authorization_header(header);
assert!(matches!(result, Err(AuthError::UnsupportedAlgorithm(_))));
}
#[test]
fn test_should_reject_invalid_credential_format() {
- let header = "AWS4-HMAC-SHA256 Credential=AKID/20130524/us-east-1,\
- SignedHeaders=host,Signature=abc";
+ let header =
+ "AWS4-HMAC-SHA256 Credential=AKID/20130524/us-east-1,SignedHeaders=host,Signature=abc";
let result = parse_authorization_header(header);
assert!(matches!(result, Err(AuthError::InvalidCredential)));
}
@@ -432,6 +433,7 @@ mod tests {
"20130524/us-east-1/s3/aws4_request",
canonical_hash,
);
+ #[rustfmt::skip]
let expected = "AWS4-HMAC-SHA256\n\
20130524T000000Z\n\
20130524/us-east-1/s3/aws4_request\n\
@@ -444,6 +446,7 @@ mod tests {
// Full end-to-end test using the AWS GET Object example.
let signing_key = derive_signing_key(TEST_SECRET_KEY, TEST_DATE, TEST_REGION, TEST_SERVICE);
+ #[rustfmt::skip]
let string_to_sign = "AWS4-HMAC-SHA256\n\
20130524T000000Z\n\
20130524/us-east-1/s3/aws4_request\n\
@@ -472,8 +475,9 @@ mod tests {
// Compute the expected signature to build the auth header.
let auth_value = format!(
- "AWS4-HMAC-SHA256 Credential={TEST_ACCESS_KEY}/20130524/us-east-1/s3/aws4_request,\
- SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\
+ "AWS4-HMAC-SHA256 \
+ Credential={TEST_ACCESS_KEY}/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;\
+ range;x-amz-content-sha256;x-amz-date,\
Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41"
);
builder = builder.header(http::header::AUTHORIZATION, &auth_value);
@@ -497,8 +501,9 @@ mod tests {
let empty_hash = hash_payload(b"");
let auth_value = format!(
- "AWS4-HMAC-SHA256 Credential={TEST_ACCESS_KEY}/20130524/us-east-1/s3/aws4_request,\
- SignedHeaders=host;range;x-amz-content-sha256;x-amz-date,\
+ "AWS4-HMAC-SHA256 \
+ Credential={TEST_ACCESS_KEY}/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;\
+ range;x-amz-content-sha256;x-amz-date,\
Signature=f0e8bdb87c964420e857bd35b5d6ed310bd44f0170aba48dd91039c6036bdb41"
);
@@ -540,11 +545,10 @@ mod tests {
let provider = StaticCredentialProvider::new(vec![]);
let empty_hash = hash_payload(b"");
- let auth_value =
- "AWS4-HMAC-SHA256 Credential=UNKNOWN_KEY/20130524/us-east-1/s3/aws4_request,\
- SignedHeaders=host;x-amz-date,\
- Signature=abc123"
- .to_owned();
+ let auth_value = "AWS4-HMAC-SHA256 \
+ Credential=UNKNOWN_KEY/20130524/us-east-1/s3/aws4_request,\
+ SignedHeaders=host;x-amz-date,Signature=abc123"
+ .to_owned();
let (parts, _body) = http::Request::builder()
.method("GET")
diff --git a/crates/ruststack-cloudwatch-core/src/alarm_store.rs b/crates/ruststack-cloudwatch-core/src/alarm_store.rs
index 1e78566..b62e5f5 100644
--- a/crates/ruststack-cloudwatch-core/src/alarm_store.rs
+++ b/crates/ruststack-cloudwatch-core/src/alarm_store.rs
@@ -225,10 +225,10 @@ impl Default for AlarmStore {
#[cfg(test)]
mod tests {
- use super::*;
-
use ruststack_cloudwatch_model::types::StateValue;
+ use super::*;
+
fn make_alarm(name: &str) -> MetricAlarm {
MetricAlarm {
alarm_name: Some(name.to_owned()),
diff --git a/crates/ruststack-cloudwatch-core/src/handler.rs b/crates/ruststack-cloudwatch-core/src/handler.rs
index 2c1e14d..09ac8ec 100644
--- a/crates/ruststack-cloudwatch-core/src/handler.rs
+++ b/crates/ruststack-cloudwatch-core/src/handler.rs
@@ -7,42 +7,43 @@
//! Covers all 31 CloudWatch operations: metrics, alarms, dashboards,
//! insight rules, anomaly detectors, metric streams, and tagging.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-use serde::Serialize;
-
-use ruststack_cloudwatch_http::body::CloudWatchResponseBody;
-use ruststack_cloudwatch_http::dispatch::{CloudWatchHandler, Protocol};
-use ruststack_cloudwatch_http::request::{
- get_optional_bool, get_optional_f64, get_optional_i32, get_optional_param, get_required_param,
- parse_dimension_filters, parse_dimensions, parse_form_params, parse_string_list,
- parse_struct_list, parse_tag_list,
+use ruststack_cloudwatch_http::{
+ body::CloudWatchResponseBody,
+ dispatch::{CloudWatchHandler, Protocol},
+ request::{
+ get_optional_bool, get_optional_f64, get_optional_i32, get_optional_param,
+ get_required_param, parse_dimension_filters, parse_dimensions, parse_form_params,
+ parse_string_list, parse_struct_list, parse_tag_list,
+ },
+ response::{XmlWriter, cbor_response, xml_response},
};
-use ruststack_cloudwatch_http::response::{XmlWriter, cbor_response, xml_response};
-use ruststack_cloudwatch_model::error::{CloudWatchError, CloudWatchErrorCode};
-use ruststack_cloudwatch_model::input::{
- DeleteAlarmsInput, DeleteAnomalyDetectorInput, DeleteDashboardsInput, DeleteInsightRulesInput,
- DeleteMetricStreamInput, DescribeAlarmHistoryInput, DescribeAlarmsForMetricInput,
- DescribeAlarmsInput, DescribeAnomalyDetectorsInput, DescribeInsightRulesInput,
- DisableAlarmActionsInput, EnableAlarmActionsInput, GetDashboardInput, GetMetricDataInput,
- GetMetricStatisticsInput, GetMetricStreamInput, ListDashboardsInput, ListMetricStreamsInput,
- ListMetricsInput, ListTagsForResourceInput, PutAnomalyDetectorInput, PutCompositeAlarmInput,
- PutDashboardInput, PutInsightRuleInput, PutManagedInsightRulesInput, PutMetricAlarmInput,
- PutMetricDataInput, PutMetricStreamInput, SetAlarmStateInput, TagResourceInput,
- UntagResourceInput,
-};
-use ruststack_cloudwatch_model::operations::CloudWatchOperation;
-use ruststack_cloudwatch_model::types::{
- AlarmType, AnomalyDetectorType, ComparisonOperator, CompositeAlarm, Dimension, DimensionFilter,
- HistoryItemType, LabelOptions, ManagedRule, MetricAlarm, MetricCharacteristics,
- MetricDataQuery, MetricDatum, MetricMathAnomalyDetector, MetricStat, MetricStreamFilter,
- MetricStreamOutputFormat, MetricStreamStatisticsConfiguration, MetricStreamStatisticsMetric,
- RecentlyActive, ScanBy, SingleMetricAnomalyDetector, StandardUnit, StateValue, Statistic,
- StatisticSet, Tag,
+use ruststack_cloudwatch_model::{
+ error::{CloudWatchError, CloudWatchErrorCode},
+ input::{
+ DeleteAlarmsInput, DeleteAnomalyDetectorInput, DeleteDashboardsInput,
+ DeleteInsightRulesInput, DeleteMetricStreamInput, DescribeAlarmHistoryInput,
+ DescribeAlarmsForMetricInput, DescribeAlarmsInput, DescribeAnomalyDetectorsInput,
+ DescribeInsightRulesInput, DisableAlarmActionsInput, EnableAlarmActionsInput,
+ GetDashboardInput, GetMetricDataInput, GetMetricStatisticsInput, GetMetricStreamInput,
+ ListDashboardsInput, ListMetricStreamsInput, ListMetricsInput, ListTagsForResourceInput,
+ PutAnomalyDetectorInput, PutCompositeAlarmInput, PutDashboardInput, PutInsightRuleInput,
+ PutManagedInsightRulesInput, PutMetricAlarmInput, PutMetricDataInput, PutMetricStreamInput,
+ SetAlarmStateInput, TagResourceInput, UntagResourceInput,
+ },
+ operations::CloudWatchOperation,
+ types::{
+ AlarmType, AnomalyDetectorType, ComparisonOperator, CompositeAlarm, Dimension,
+ DimensionFilter, HistoryItemType, LabelOptions, ManagedRule, MetricAlarm,
+ MetricCharacteristics, MetricDataQuery, MetricDatum, MetricMathAnomalyDetector, MetricStat,
+ MetricStreamFilter, MetricStreamOutputFormat, MetricStreamStatisticsConfiguration,
+ MetricStreamStatisticsMetric, RecentlyActive, ScanBy, SingleMetricAnomalyDetector,
+ StandardUnit, StateValue, Statistic, StatisticSet, Tag,
+ },
};
+use serde::Serialize;
use crate::provider::RustStackCloudWatch;
diff --git a/crates/ruststack-cloudwatch-core/src/provider.rs b/crates/ruststack-cloudwatch-core/src/provider.rs
index 6e6f5b6..ed4baf3 100644
--- a/crates/ruststack-cloudwatch-core/src/provider.rs
+++ b/crates/ruststack-cloudwatch-core/src/provider.rs
@@ -4,51 +4,54 @@
//! alarm management, dashboard CRUD, insight rules, anomaly detectors,
//! metric streams, and tagging.
-use std::collections::HashMap;
-use std::sync::Arc;
+use std::{collections::HashMap, sync::Arc};
use chrono::Utc;
-use tracing::instrument;
-
-use ruststack_cloudwatch_model::error::{CloudWatchError, CloudWatchErrorCode};
-use ruststack_cloudwatch_model::input::{
- DeleteAlarmsInput, DeleteAnomalyDetectorInput, DeleteDashboardsInput, DeleteInsightRulesInput,
- DeleteMetricStreamInput, DescribeAlarmHistoryInput, DescribeAlarmsForMetricInput,
- DescribeAlarmsInput, DescribeAnomalyDetectorsInput, DescribeInsightRulesInput,
- DisableAlarmActionsInput, EnableAlarmActionsInput, GetDashboardInput, GetMetricDataInput,
- GetMetricStatisticsInput, GetMetricStreamInput, ListDashboardsInput, ListMetricStreamsInput,
- ListMetricsInput, ListTagsForResourceInput, PutAnomalyDetectorInput, PutCompositeAlarmInput,
- PutDashboardInput, PutInsightRuleInput, PutManagedInsightRulesInput, PutMetricAlarmInput,
- PutMetricDataInput, PutMetricStreamInput, SetAlarmStateInput, TagResourceInput,
- UntagResourceInput,
-};
-use ruststack_cloudwatch_model::output::{
- DeleteAnomalyDetectorOutput, DeleteDashboardsOutput, DeleteInsightRulesOutput,
- DeleteMetricStreamOutput, DescribeAlarmHistoryOutput, DescribeAlarmsForMetricOutput,
- DescribeAlarmsOutput, DescribeAnomalyDetectorsOutput, DescribeInsightRulesOutput,
- GetDashboardOutput, GetMetricDataOutput, GetMetricStatisticsOutput, GetMetricStreamOutput,
- ListDashboardsOutput, ListMetricStreamsOutput, ListMetricsOutput, ListTagsForResourceOutput,
- PutAnomalyDetectorOutput, PutDashboardOutput, PutInsightRuleOutput,
- PutManagedInsightRulesOutput, PutMetricStreamOutput, TagResourceOutput, UntagResourceOutput,
-};
-use ruststack_cloudwatch_model::types::{
- AlarmHistoryItem, AlarmType, AnomalyDetector, CompositeAlarm, DashboardEntry, Datapoint,
- HistoryItemType, InsightRule, Metric, MetricAlarm, MetricDataResult, MetricStreamEntry,
- MetricStreamOutputFormat, StateValue, Statistic, StatusCode,
+use ruststack_cloudwatch_model::{
+ error::{CloudWatchError, CloudWatchErrorCode},
+ input::{
+ DeleteAlarmsInput, DeleteAnomalyDetectorInput, DeleteDashboardsInput,
+ DeleteInsightRulesInput, DeleteMetricStreamInput, DescribeAlarmHistoryInput,
+ DescribeAlarmsForMetricInput, DescribeAlarmsInput, DescribeAnomalyDetectorsInput,
+ DescribeInsightRulesInput, DisableAlarmActionsInput, EnableAlarmActionsInput,
+ GetDashboardInput, GetMetricDataInput, GetMetricStatisticsInput, GetMetricStreamInput,
+ ListDashboardsInput, ListMetricStreamsInput, ListMetricsInput, ListTagsForResourceInput,
+ PutAnomalyDetectorInput, PutCompositeAlarmInput, PutDashboardInput, PutInsightRuleInput,
+ PutManagedInsightRulesInput, PutMetricAlarmInput, PutMetricDataInput, PutMetricStreamInput,
+ SetAlarmStateInput, TagResourceInput, UntagResourceInput,
+ },
+ output::{
+ DeleteAnomalyDetectorOutput, DeleteDashboardsOutput, DeleteInsightRulesOutput,
+ DeleteMetricStreamOutput, DescribeAlarmHistoryOutput, DescribeAlarmsForMetricOutput,
+ DescribeAlarmsOutput, DescribeAnomalyDetectorsOutput, DescribeInsightRulesOutput,
+ GetDashboardOutput, GetMetricDataOutput, GetMetricStatisticsOutput, GetMetricStreamOutput,
+ ListDashboardsOutput, ListMetricStreamsOutput, ListMetricsOutput,
+ ListTagsForResourceOutput, PutAnomalyDetectorOutput, PutDashboardOutput,
+ PutInsightRuleOutput, PutManagedInsightRulesOutput, PutMetricStreamOutput,
+ TagResourceOutput, UntagResourceOutput,
+ },
+ types::{
+ AlarmHistoryItem, AlarmType, AnomalyDetector, CompositeAlarm, DashboardEntry, Datapoint,
+ HistoryItemType, InsightRule, Metric, MetricAlarm, MetricDataResult, MetricStreamEntry,
+ MetricStreamOutputFormat, StateValue, Statistic, StatusCode,
+ },
};
+use tracing::instrument;
-use crate::aggregation::aggregate_statistics;
-use crate::alarm_store::AlarmStore;
-use crate::anomaly_store::AnomalyStore;
-use crate::config::CloudWatchConfig;
-use crate::dashboard_store::{DashboardRecord, DashboardStore};
-use crate::dimensions::{dimensions_match, normalize_dimensions};
-use crate::insight_store::InsightStore;
-use crate::metric_store::{DataPoint, MetricKey, MetricStore, StatisticSet};
-use crate::metric_stream_store::{MetricStreamRecord, MetricStreamStore};
-use crate::validation::{
- validate_alarm_name, validate_dashboard_body, validate_dashboard_name, validate_dimensions,
- validate_metric_name, validate_namespace,
+use crate::{
+ aggregation::aggregate_statistics,
+ alarm_store::AlarmStore,
+ anomaly_store::AnomalyStore,
+ config::CloudWatchConfig,
+ dashboard_store::{DashboardRecord, DashboardStore},
+ dimensions::{dimensions_match, normalize_dimensions},
+ insight_store::InsightStore,
+ metric_store::{DataPoint, MetricKey, MetricStore, StatisticSet},
+ metric_stream_store::{MetricStreamRecord, MetricStreamStore},
+ validation::{
+ validate_alarm_name, validate_dashboard_body, validate_dashboard_name, validate_dimensions,
+ validate_metric_name, validate_namespace,
+ },
};
/// CloudWatch service provider implementing all 31 operations.
@@ -1254,12 +1257,15 @@ impl RustStackCloudWatch {
#[cfg(test)]
mod tests {
- use super::*;
- use ruststack_cloudwatch_model::input::{
- DeleteAlarmsInput, DescribeAlarmsInput, PutMetricAlarmInput, PutMetricDataInput,
- SetAlarmStateInput,
+ use ruststack_cloudwatch_model::{
+ input::{
+ DeleteAlarmsInput, DescribeAlarmsInput, PutMetricAlarmInput, PutMetricDataInput,
+ SetAlarmStateInput,
+ },
+ types::{ComparisonOperator, MetricDatum, StateValue},
};
- use ruststack_cloudwatch_model::types::{ComparisonOperator, MetricDatum, StateValue};
+
+ use super::*;
fn make_provider() -> RustStackCloudWatch {
RustStackCloudWatch::new(Arc::new(CloudWatchConfig::default()))
diff --git a/crates/ruststack-cloudwatch-core/src/validation.rs b/crates/ruststack-cloudwatch-core/src/validation.rs
index 18a5a3f..bca8b3b 100644
--- a/crates/ruststack-cloudwatch-core/src/validation.rs
+++ b/crates/ruststack-cloudwatch-core/src/validation.rs
@@ -1,7 +1,9 @@
//! Input validation for CloudWatch operations.
-use ruststack_cloudwatch_model::error::{CloudWatchError, CloudWatchErrorCode};
-use ruststack_cloudwatch_model::types::Dimension;
+use ruststack_cloudwatch_model::{
+ error::{CloudWatchError, CloudWatchErrorCode},
+ types::Dimension,
+};
/// Validate a namespace string.
pub fn validate_namespace(namespace: &str) -> Result<(), CloudWatchError> {
diff --git a/crates/ruststack-cloudwatch-http/src/body.rs b/crates/ruststack-cloudwatch-http/src/body.rs
index ca145f5..79130d5 100644
--- a/crates/ruststack-cloudwatch-http/src/body.rs
+++ b/crates/ruststack-cloudwatch-http/src/body.rs
@@ -1,7 +1,9 @@
//! CloudWatch HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-cloudwatch-http/src/dispatch.rs b/crates/ruststack-cloudwatch-http/src/dispatch.rs
index 6145e86..f9e46be 100644
--- a/crates/ruststack-cloudwatch-http/src/dispatch.rs
+++ b/crates/ruststack-cloudwatch-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! CloudWatch handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_cloudwatch_model::error::CloudWatchError;
-use ruststack_cloudwatch_model::operations::CloudWatchOperation;
+use ruststack_cloudwatch_model::{error::CloudWatchError, operations::CloudWatchOperation};
use crate::body::CloudWatchResponseBody;
diff --git a/crates/ruststack-cloudwatch-http/src/lib.rs b/crates/ruststack-cloudwatch-http/src/lib.rs
index 5342e3c..91a38dd 100644
--- a/crates/ruststack-cloudwatch-http/src/lib.rs
+++ b/crates/ruststack-cloudwatch-http/src/lib.rs
@@ -1,12 +1,12 @@
//! CloudWatch Metrics HTTP service layer for RustStack.
//!
//! Supports two wire protocols:
-//! - **awsQuery**: form-urlencoded requests, XML responses (legacy SDKs).
-//! Requests are `POST /` with `Content-Type: application/x-www-form-urlencoded`
-//! and the operation is dispatched via the `Action=` form parameter.
-//! - **rpcv2Cbor**: CBOR requests/responses (AWS SDK v1.108+).
-//! Requests are `POST /service/GraniteServiceVersion20100801/operation/{Op}`
-//! with `Content-Type: application/cbor` and `smithy-protocol: rpc-v2-cbor`.
+//! - **awsQuery**: form-urlencoded requests, XML responses (legacy SDKs). Requests are `POST /`
+//! with `Content-Type: application/x-www-form-urlencoded` and the operation is dispatched via the
+//! `Action=` form parameter.
+//! - **rpcv2Cbor**: CBOR requests/responses (AWS SDK v1.108+). Requests are `POST
+//! /service/GraniteServiceVersion20100801/operation/{Op}` with `Content-Type: application/cbor`
+//! and `smithy-protocol: rpc-v2-cbor`.
pub mod body;
pub mod dispatch;
diff --git a/crates/ruststack-cloudwatch-http/src/response.rs b/crates/ruststack-cloudwatch-http/src/response.rs
index 5c503d5..c46d7aa 100644
--- a/crates/ruststack-cloudwatch-http/src/response.rs
+++ b/crates/ruststack-cloudwatch-http/src/response.rs
@@ -50,14 +50,9 @@ pub fn error_to_xml(error: &CloudWatchError, request_id: &str) -> String {
"Sender"
};
format!(
- "\
- \
- {fault}\
-
{}\
- {}\
- \
- {}\
- ",
+ "{fault}{}{}{}",
xml_escape(&error.code.to_string()),
xml_escape(&error.message),
xml_escape(request_id),
diff --git a/crates/ruststack-cloudwatch-http/src/router.rs b/crates/ruststack-cloudwatch-http/src/router.rs
index a6a49df..09b06cb 100644
--- a/crates/ruststack-cloudwatch-http/src/router.rs
+++ b/crates/ruststack-cloudwatch-http/src/router.rs
@@ -4,8 +4,7 @@
//! `Content-Type: application/x-www-form-urlencoded`. The operation is
//! specified by the `Action=` form parameter.
-use ruststack_cloudwatch_model::error::CloudWatchError;
-use ruststack_cloudwatch_model::operations::CloudWatchOperation;
+use ruststack_cloudwatch_model::{error::CloudWatchError, operations::CloudWatchOperation};
/// Resolve a CloudWatch operation from parsed form parameters.
///
diff --git a/crates/ruststack-cloudwatch-http/src/service.rs b/crates/ruststack-cloudwatch-http/src/service.rs
index 0814292..a117b8a 100644
--- a/crates/ruststack-cloudwatch-http/src/service.rs
+++ b/crates/ruststack-cloudwatch-http/src/service.rs
@@ -6,23 +6,20 @@
//!
//! The protocol is detected automatically from request headers and URL path.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
+use ruststack_cloudwatch_model::{error::CloudWatchError, operations::CloudWatchOperation};
-use ruststack_cloudwatch_model::error::CloudWatchError;
-use ruststack_cloudwatch_model::operations::CloudWatchOperation;
-
-use crate::body::CloudWatchResponseBody;
-use crate::dispatch::{CloudWatchHandler, Protocol, dispatch_operation};
-use crate::request::parse_form_params;
-use crate::response::{CONTENT_TYPE, cbor_error_response, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::CloudWatchResponseBody,
+ dispatch::{CloudWatchHandler, Protocol, dispatch_operation},
+ request::parse_form_params,
+ response::{CONTENT_TYPE, cbor_error_response, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the CloudWatch HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-dynamodb-core/src/expression/ast.rs b/crates/ruststack-dynamodb-core/src/expression/ast.rs
index cfdd12b..a8a8fdf 100644
--- a/crates/ruststack-dynamodb-core/src/expression/ast.rs
+++ b/crates/ruststack-dynamodb-core/src/expression/ast.rs
@@ -8,8 +8,7 @@
//! name and value references from parsed ASTs, used for validating that all
//! provided names/values are actually used in expressions.
-use std::collections::HashSet;
-use std::fmt;
+use std::{collections::HashSet, fmt};
/// Expression AST node for condition, filter, and key-condition expressions.
#[derive(Debug, Clone)]
diff --git a/crates/ruststack-dynamodb-core/src/expression/evaluator.rs b/crates/ruststack-dynamodb-core/src/expression/evaluator.rs
index a41572e..a1bea5a 100644
--- a/crates/ruststack-dynamodb-core/src/expression/evaluator.rs
+++ b/crates/ruststack-dynamodb-core/src/expression/evaluator.rs
@@ -8,11 +8,13 @@ use std::collections::HashMap;
use ruststack_dynamodb_model::AttributeValue;
-use super::ast::{
- AddAction, AttributePath, CompareOp, DeleteAction, Expr, FunctionName, LogicalOp, Operand,
- PathElement, SetAction, SetValue, UpdateExpr,
+use super::{
+ ast::{
+ AddAction, AttributePath, CompareOp, DeleteAction, Expr, FunctionName, LogicalOp, Operand,
+ PathElement, SetAction, SetValue, UpdateExpr,
+ },
+ parser::ExpressionError,
};
-use super::parser::ExpressionError;
// ---------------------------------------------------------------------------
// Evaluation context
@@ -105,16 +107,16 @@ impl EvalContext<'_> {
if is_query_constant(low) && is_query_constant(high) {
if std::mem::discriminant(lo) != std::mem::discriminant(hi) {
return Err(ExpressionError::TypeMismatch {
- message: "BETWEEN bounds must have the same type when both \
- are expression attribute values"
+ message: "BETWEEN bounds must have the same type when both are expression \
+ attribute values"
.to_owned(),
});
}
// Check ordering: if low > high, it is a ValidationException.
if compare_values(lo, hi, CompareOp::Gt)? {
return Err(ExpressionError::TypeMismatch {
- message: "BETWEEN bounds are in wrong order; \
- low bound must be less than or equal to high bound"
+ message: "BETWEEN bounds are in wrong order; low bound must be less than or \
+ equal to high bound"
.to_owned(),
});
}
@@ -196,8 +198,8 @@ impl EvalContext<'_> {
if !is_valid_type_descriptor(&expected_type) {
return Err(ExpressionError::TypeMismatch {
message: format!(
- "Invalid type: {expected_type}. \
- Valid types: S, SS, N, NS, B, BS, BOOL, NULL, L, M"
+ "Invalid type: {expected_type}. Valid types: S, SS, N, NS, B, BS, \
+ BOOL, NULL, L, M"
),
});
}
@@ -224,8 +226,8 @@ impl EvalContext<'_> {
return Err(ExpressionError::InvalidOperand {
operation: "begins_with".to_owned(),
message: format!(
- "Incorrect operand type for operator or function; \
- operator or function: begins_with, operand type: {td}",
+ "Incorrect operand type for operator or function; operator or \
+ function: begins_with, operand type: {td}",
td = v.type_descriptor()
),
});
@@ -504,8 +506,8 @@ impl EvalContext<'_> {
return Err(ExpressionError::InvalidOperand {
operation: "ADD".to_owned(),
message: format!(
- "Incorrect operand type for operator or function; \
- operator: ADD, operand type: {operand_type}"
+ "Incorrect operand type for operator or function; operator: ADD, operand \
+ type: {operand_type}"
),
});
}
@@ -539,8 +541,8 @@ impl EvalContext<'_> {
return Err(ExpressionError::InvalidOperand {
operation: "DELETE".to_owned(),
message: format!(
- "Incorrect operand type for operator or function; \
- operator: DELETE, operand type: {operand_type}"
+ "Incorrect operand type for operator or function; operator: DELETE, operand \
+ type: {operand_type}"
),
});
}
@@ -595,8 +597,8 @@ impl EvalContext<'_> {
return Err(ExpressionError::InvalidOperand {
operation: "DELETE".to_owned(),
message: format!(
- "Type mismatch for DELETE; operator type: {del_type}, \
- existing type: {existing_type}"
+ "Type mismatch for DELETE; operator type: {del_type}, existing type: \
+ {existing_type}"
),
});
}
@@ -681,8 +683,8 @@ fn validate_ordering_operand_type(
return Err(ExpressionError::InvalidOperand {
operation: "operator".to_owned(),
message: format!(
- "Incorrect operand type for operator or function; \
- operator: {operator_name}, operand type: {type_desc}",
+ "Incorrect operand type for operator or function; operator: {operator_name}, \
+ operand type: {type_desc}",
type_desc = resolved_value.type_descriptor()
),
});
@@ -973,7 +975,9 @@ fn precise_arithmetic(a: &str, b: &str, is_add: bool) -> Result 38 + 2 {
// Precision would be lost in the result.
return Err(ExpressionError::Validation {
- message: "Number overflow. Attempting to store a number with magnitude larger than supported range".to_owned(),
+ message: "Number overflow. Attempting to store a number with magnitude larger than \
+ supported range"
+ .to_owned(),
});
}
@@ -1012,7 +1016,9 @@ fn precise_arithmetic(a: &str, b: &str, is_add: bool) -> Result 38 {
return Err(ExpressionError::Validation {
- message: "Number overflow. Attempting to store a number with magnitude larger than supported range".to_owned(),
+ message: "Number overflow. Attempting to store a number with magnitude larger than \
+ supported range"
+ .to_owned(),
});
}
@@ -1020,12 +1026,16 @@ fn precise_arithmetic(a: &str, b: &str, is_add: bool) -> Result 125 {
return Err(ExpressionError::Validation {
- message: "Number overflow. Attempting to store a number with magnitude larger than supported range".to_owned(),
+ message: "Number overflow. Attempting to store a number with magnitude larger than \
+ supported range"
+ .to_owned(),
});
}
if magnitude < -130 {
return Err(ExpressionError::Validation {
- message: "Number underflow. Attempting to store a number with magnitude smaller than supported range".to_owned(),
+ message: "Number underflow. Attempting to store a number with magnitude smaller than \
+ supported range"
+ .to_owned(),
});
}
@@ -1366,8 +1376,7 @@ fn validate_nested_path_for_set(
// because DynamoDB requires existing intermediate containers.
return Err(ExpressionError::InvalidOperand {
operation: "SET".to_owned(),
- message: "The document path provided in the update expression \
- is invalid for update"
+ message: "The document path provided in the update expression is invalid for update"
.to_owned(),
});
};
@@ -1399,8 +1408,8 @@ fn validate_path_type(
}
_ => Err(ExpressionError::InvalidOperand {
operation: "SET".to_owned(),
- message: "The document path provided in the update expression \
- is invalid for update"
+ message: "The document path provided in the update expression is invalid for \
+ update"
.to_owned(),
}),
}
@@ -1416,8 +1425,8 @@ fn validate_path_type(
}
_ => Err(ExpressionError::InvalidOperand {
operation: "SET".to_owned(),
- message: "The document path provided in the update expression \
- is invalid for update"
+ message: "The document path provided in the update expression is invalid for \
+ update"
.to_owned(),
}),
},
@@ -1514,8 +1523,7 @@ fn apply_remove(
// Path root doesn't exist - this is a validation error for nested paths.
return Err(ExpressionError::InvalidOperand {
operation: "REMOVE".to_owned(),
- message: "The document path provided in the update expression \
- is invalid for update"
+ message: "The document path provided in the update expression is invalid for update"
.to_owned(),
});
}
@@ -1662,8 +1670,8 @@ fn compute_add_result(
Err(ExpressionError::InvalidOperand {
operation: "ADD".to_owned(),
message: format!(
- "Type mismatch for ADD; operator type: {add_type}, \
- existing type: {existing_type}"
+ "Type mismatch for ADD; operator type: {add_type}, existing type: \
+ {existing_type}"
),
})
}
diff --git a/crates/ruststack-dynamodb-core/src/expression/parser.rs b/crates/ruststack-dynamodb-core/src/expression/parser.rs
index cc98932..edd49cc 100644
--- a/crates/ruststack-dynamodb-core/src/expression/parser.rs
+++ b/crates/ruststack-dynamodb-core/src/expression/parser.rs
@@ -4,9 +4,7 @@
//! projection expressions. Keywords and function names are matched
//! case-insensitively per DynamoDB specification.
-use std::fmt;
-use std::iter::Peekable;
-use std::str::Chars;
+use std::{fmt, iter::Peekable, str::Chars};
use super::ast::{
AddAction, AttributePath, CompareOp, DeleteAction, Expr, FunctionName, LogicalOp, Operand,
@@ -565,8 +563,8 @@ impl Parser {
return Err(ExpressionError::InvalidOperand {
operation: name.to_owned(),
message: format!(
- "The function is not allowed to be used this way in an expression; \
- function: {name}"
+ "The function is not allowed to be used this way in an expression; function: \
+ {name}"
),
});
}
@@ -662,16 +660,15 @@ impl Parser {
expected: "valid function name".to_owned(),
found: format!(
"'{func_name}' is not a valid function; valid functions are: \
- attribute_exists, attribute_not_exists, attribute_type, begins_with, \
- contains, size"
+ attribute_exists, attribute_not_exists, attribute_type, begins_with, \
+ contains, size"
),
})
}
_ => Err(ExpressionError::UnexpectedToken {
expected: "comparison operator, BETWEEN, or IN after operand".to_owned(),
found: format!(
- "Syntax error; a standalone value or path is not a valid condition; \
- found: {}",
+ "Syntax error; a standalone value or path is not a valid condition; found: {}",
self.peek()
),
}),
@@ -726,8 +723,8 @@ impl Parser {
return Err(ExpressionError::InvalidOperand {
operation: "size".to_owned(),
message: format!(
- "Incorrect number of operands for operator or function; \
- operator or function: size, number of operands: {count}"
+ "Incorrect number of operands for operator or function; operator or \
+ function: size, number of operands: {count}"
),
});
}
@@ -830,9 +827,9 @@ impl Parser {
if seen_set {
return Err(ExpressionError::InvalidOperand {
operation: "UpdateExpression".to_owned(),
- message:
- "The \"SET\" section can only be used once in an update expression"
- .to_owned(),
+ message: "The \"SET\" section can only be used once in an update \
+ expression"
+ .to_owned(),
});
}
seen_set = true;
@@ -843,7 +840,9 @@ impl Parser {
if seen_remove {
return Err(ExpressionError::InvalidOperand {
operation: "UpdateExpression".to_owned(),
- message: "The \"REMOVE\" section can only be used once in an update expression".to_owned(),
+ message: "The \"REMOVE\" section can only be used once in an update \
+ expression"
+ .to_owned(),
});
}
seen_remove = true;
@@ -854,9 +853,9 @@ impl Parser {
if seen_add {
return Err(ExpressionError::InvalidOperand {
operation: "UpdateExpression".to_owned(),
- message:
- "The \"ADD\" section can only be used once in an update expression"
- .to_owned(),
+ message: "The \"ADD\" section can only be used once in an update \
+ expression"
+ .to_owned(),
});
}
seen_add = true;
@@ -867,7 +866,9 @@ impl Parser {
if seen_delete {
return Err(ExpressionError::InvalidOperand {
operation: "UpdateExpression".to_owned(),
- message: "The \"DELETE\" section can only be used once in an update expression".to_owned(),
+ message: "The \"DELETE\" section can only be used once in an update \
+ expression"
+ .to_owned(),
});
}
seen_delete = true;
@@ -1150,8 +1151,8 @@ pub fn parse_projection(input: &str) -> Result, ExpressionErr
if path.elements.len() > 32 {
return Err(ExpressionError::Validation {
message: format!(
- "Invalid ProjectionExpression: The document path has too many nesting \
- levels; nesting levels: {}",
+ "Invalid ProjectionExpression: The document path has too many nesting levels; \
+ nesting levels: {}",
path.elements.len()
),
});
@@ -1166,9 +1167,9 @@ pub fn parse_projection(input: &str) -> Result, ExpressionErr
if seen.contains(&repr) {
return Err(ExpressionError::Validation {
message: format!(
- "Invalid ProjectionExpression: Two document paths overlap with \
- each other; must remove or rewrite one of these paths; path one: \
- [{repr}], path two: [{repr}]"
+ "Invalid ProjectionExpression: Two document paths overlap with each \
+ other; must remove or rewrite one of these paths; path one: [{repr}], \
+ path two: [{repr}]"
),
});
}
@@ -1205,9 +1206,8 @@ fn path_to_resolved(path: &AttributePath) -> Vec {
/// Validate that no two projection paths overlap or conflict.
///
/// - **Overlap**: One path is a prefix of another, or two paths are identical.
-/// - **Conflict**: At a shared prefix point, one path accesses via dot (map key)
-/// and the other via index (list), meaning the same node would need to be both
-/// a map and a list simultaneously.
+/// - **Conflict**: At a shared prefix point, one path accesses via dot (map key) and the other via
+/// index (list), meaning the same node would need to be both a map and a list simultaneously.
fn validate_projection_paths(paths: &[AttributePath]) -> Result<(), ExpressionError> {
let resolved: Vec> = paths.iter().map(path_to_resolved).collect();
@@ -1238,9 +1238,9 @@ fn validate_projection_paths(paths: &[AttributePath]) -> Result<(), ExpressionEr
_ => {
return Err(ExpressionError::Validation {
message: format!(
- "Invalid ProjectionExpression: Two document paths conflict \
- with each other; must remove or rewrite one of these paths; \
- path one: [{}], path two: [{}]",
+ "Invalid ProjectionExpression: Two document paths conflict with \
+ each other; must remove or rewrite one of these paths; path one: \
+ [{}], path two: [{}]",
paths[i], paths[j]
),
});
@@ -1253,9 +1253,9 @@ fn validate_projection_paths(paths: &[AttributePath]) -> Result<(), ExpressionEr
if prefix_matches && (a.len() != b.len()) {
return Err(ExpressionError::Validation {
message: format!(
- "Invalid ProjectionExpression: Two document paths overlap with \
- each other; must remove or rewrite one of these paths; \
- path one: [{}], path two: [{}]",
+ "Invalid ProjectionExpression: Two document paths overlap with each \
+ other; must remove or rewrite one of these paths; path one: [{}], path \
+ two: [{}]",
paths[i], paths[j]
),
});
diff --git a/crates/ruststack-dynamodb-core/src/handler.rs b/crates/ruststack-dynamodb-core/src/handler.rs
index ff4eb2d..926170f 100644
--- a/crates/ruststack-dynamodb-core/src/handler.rs
+++ b/crates/ruststack-dynamodb-core/src/handler.rs
@@ -1,16 +1,12 @@
//! DynamoDB handler implementation bridging HTTP to business logic.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_dynamodb_http::body::DynamoDBResponseBody;
-use ruststack_dynamodb_http::dispatch::DynamoDBHandler;
-use ruststack_dynamodb_http::response::json_response;
-use ruststack_dynamodb_model::error::DynamoDBError;
-use ruststack_dynamodb_model::operations::DynamoDBOperation;
+use ruststack_dynamodb_http::{
+ body::DynamoDBResponseBody, dispatch::DynamoDBHandler, response::json_response,
+};
+use ruststack_dynamodb_model::{error::DynamoDBError, operations::DynamoDBOperation};
use crate::provider::RustStackDynamoDB;
@@ -44,6 +40,7 @@ impl DynamoDBHandler for RustStackDynamoDBHandler {
}
/// Dispatch a DynamoDB operation to the appropriate handler method.
+#[allow(clippy::too_many_lines)]
fn dispatch(
provider: &RustStackDynamoDB,
op: DynamoDBOperation,
@@ -118,6 +115,51 @@ fn dispatch(
let output = provider.handle_batch_write_item(input)?;
serialize(&output, &request_id)
}
+ DynamoDBOperation::TagResource => {
+ let input = deserialize(body)?;
+ let output = provider.handle_tag_resource(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::UntagResource => {
+ let input = deserialize(body)?;
+ let output = provider.handle_untag_resource(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::ListTagsOfResource => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_tags_of_resource(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::DescribeTimeToLive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_time_to_live(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::UpdateTimeToLive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_update_time_to_live(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::TransactGetItems => {
+ let input = deserialize(body)?;
+ let output = provider.handle_transact_get_items(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::TransactWriteItems => {
+ let input = deserialize(body)?;
+ let output = provider.handle_transact_write_items(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::DescribeLimits => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_limits(input)?;
+ serialize(&output, &request_id)
+ }
+ DynamoDBOperation::DescribeEndpoints => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_endpoints(input)?;
+ serialize(&output, &request_id)
+ }
}
}
diff --git a/crates/ruststack-dynamodb-core/src/provider.rs b/crates/ruststack-dynamodb-core/src/provider.rs
index 2d63b99..f3d3ba9 100644
--- a/crates/ruststack-dynamodb-core/src/provider.rs
+++ b/crates/ruststack-dynamodb-core/src/provider.rs
@@ -1,38 +1,51 @@
//! DynamoDB provider implementing all MVP operations.
-use std::collections::{HashMap, HashSet};
-use std::sync::Arc;
-
-use ruststack_dynamodb_model::AttributeValue;
-use ruststack_dynamodb_model::error::DynamoDBError;
-use ruststack_dynamodb_model::input::{
- BatchGetItemInput, BatchWriteItemInput, CreateTableInput, DeleteItemInput, DeleteTableInput,
- DescribeTableInput, GetItemInput, ListTablesInput, PutItemInput, QueryInput, ScanInput,
- UpdateItemInput, UpdateTableInput,
-};
-use ruststack_dynamodb_model::output::{
- BatchGetItemOutput, BatchWriteItemOutput, CreateTableOutput, DeleteItemOutput,
- DeleteTableOutput, DescribeTableOutput, GetItemOutput, ListTablesOutput, PutItemOutput,
- QueryOutput, ScanOutput, UpdateItemOutput, UpdateTableOutput,
-};
-use ruststack_dynamodb_model::types::{
- AttributeAction, AttributeDefinition, AttributeValueUpdate, BillingMode, ComparisonOperator,
- Condition, ConditionalOperator, ExpectedAttributeValue, KeyType, ReturnValue,
- ScalarAttributeType, Select, TableStatus,
+use std::{
+ collections::{HashMap, HashSet},
+ sync::Arc,
};
-use crate::config::DynamoDBConfig;
-use crate::error::{expression_error_to_dynamodb, storage_error_to_dynamodb};
-use crate::expression::{
- AttributePath, EvalContext, PathElement, UpdateExpr, collect_names_from_expr,
- collect_names_from_projection, collect_names_from_update, collect_paths_from_expr,
- collect_values_from_expr, collect_values_from_update, parse_condition, parse_projection,
- parse_update,
+use ruststack_dynamodb_model::{
+ AttributeValue,
+ error::DynamoDBError,
+ input::{
+ BatchGetItemInput, BatchWriteItemInput, CreateTableInput, DeleteItemInput,
+ DeleteTableInput, DescribeEndpointsInput, DescribeLimitsInput, DescribeTableInput,
+ DescribeTimeToLiveInput, GetItemInput, ListTablesInput, ListTagsOfResourceInput,
+ PutItemInput, QueryInput, ScanInput, TagResourceInput, TransactGetItemsInput,
+ TransactWriteItemsInput, UntagResourceInput, UpdateItemInput, UpdateTableInput,
+ UpdateTimeToLiveInput,
+ },
+ output::{
+ BatchGetItemOutput, BatchWriteItemOutput, CreateTableOutput, DeleteItemOutput,
+ DeleteTableOutput, DescribeEndpointsOutput, DescribeLimitsOutput, DescribeTableOutput,
+ DescribeTimeToLiveOutput, Endpoint, GetItemOutput, ListTablesOutput,
+ ListTagsOfResourceOutput, PutItemOutput, QueryOutput, ScanOutput, TagResourceOutput,
+ TransactGetItemsOutput, TransactWriteItemsOutput, UntagResourceOutput, UpdateItemOutput,
+ UpdateTableOutput, UpdateTimeToLiveOutput,
+ },
+ types::{
+ AttributeAction, AttributeDefinition, AttributeValueUpdate, BillingMode,
+ CancellationReason, ComparisonOperator, Condition, ConditionalOperator,
+ ExpectedAttributeValue, ItemResponse, KeyType, ReturnValue, ScalarAttributeType, Select,
+ TableStatus, TimeToLiveDescription,
+ },
};
-use crate::state::{DynamoDBServiceState, DynamoDBTable};
-use crate::storage::{
- KeyAttribute, KeySchema, PrimaryKey, SortKeyCondition, SortableAttributeValue, TableStorage,
- calculate_item_size, extract_primary_key, partition_key_segment,
+
+use crate::{
+ config::DynamoDBConfig,
+ error::{expression_error_to_dynamodb, storage_error_to_dynamodb},
+ expression::{
+ AttributePath, EvalContext, PathElement, UpdateExpr, collect_names_from_expr,
+ collect_names_from_projection, collect_names_from_update, collect_paths_from_expr,
+ collect_values_from_expr, collect_values_from_update, parse_condition, parse_projection,
+ parse_update,
+ },
+ state::{DynamoDBServiceState, DynamoDBTable},
+ storage::{
+ KeyAttribute, KeySchema, PrimaryKey, SortKeyCondition, SortableAttributeValue,
+ TableStorage, calculate_item_size, extract_primary_key, partition_key_segment,
+ },
};
/// Maximum item size in bytes (400 KB).
@@ -98,7 +111,8 @@ fn validate_number_string(s: &str) -> Result<(), DynamoDBError> {
if ch == '.' {
if has_dot {
return Err(DynamoDBError::validation(
- "The parameter cannot be converted to a numeric value: numeric value is not valid",
+ "The parameter cannot be converted to a numeric value: numeric value is not \
+ valid",
));
}
has_dot = true;
@@ -136,7 +150,8 @@ fn validate_number_string(s: &str) -> Result<(), DynamoDBError> {
}
// Compute the actual magnitude of the number.
- // The number is: significant_digits * 10^(explicit_exp - frac_digits + trailing_zeros_in_significant)
+ // The number is: significant_digits * 10^(explicit_exp - frac_digits +
+ // trailing_zeros_in_significant)
let dot_pos = mantissa.find('.');
#[allow(clippy::cast_possible_wrap)]
let frac_digits = if let Some(pos) = dot_pos {
@@ -153,7 +168,8 @@ fn validate_number_string(s: &str) -> Result<(), DynamoDBError> {
if magnitude > 125 {
return Err(DynamoDBError::validation(
- "Number overflow. Attempting to store a number with magnitude larger than supported range",
+ "Number overflow. Attempting to store a number with magnitude larger than supported \
+ range",
));
}
// The smallest allowed magnitude is -130.
@@ -161,7 +177,8 @@ fn validate_number_string(s: &str) -> Result<(), DynamoDBError> {
// A number like 1e-131 has magnitude = -131, which is NOT allowed.
if magnitude < -130 {
return Err(DynamoDBError::validation(
- "Number underflow. Attempting to store a number with magnitude smaller than supported range",
+ "Number underflow. Attempting to store a number with magnitude smaller than supported \
+ range",
));
}
@@ -206,8 +223,8 @@ fn validate_numbers_in_value(val: &AttributeValue) -> Result<(), DynamoDBError>
fn validate_table_name(name: &str) -> Result<(), DynamoDBError> {
if name.len() < 3 || name.len() > 255 {
return Err(DynamoDBError::validation(format!(
- "TableName must be at least 3 characters long and at most 255 characters long, \
- but was {} characters",
+ "TableName must be at least 3 characters long and at most 255 characters long, but \
+ was {} characters",
name.len()
)));
}
@@ -233,17 +250,15 @@ fn validate_key_not_empty(
match val {
AttributeValue::S(s) if s.is_empty() => {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values are not valid. \
- The AttributeValue for a key attribute cannot contain an \
- empty string value. Key: {}",
+ "One or more parameter values are not valid. The AttributeValue for a key \
+ attribute cannot contain an empty string value. Key: {}",
ka.name
)));
}
AttributeValue::B(b) if b.is_empty() => {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values are not valid. \
- The AttributeValue for a key attribute cannot contain an \
- empty string value. Key: {}",
+ "One or more parameter values are not valid. The AttributeValue for a key \
+ attribute cannot contain an empty string value. Key: {}",
ka.name
)));
}
@@ -262,9 +277,8 @@ fn validate_key_only_has_key_attrs(
for attr_name in key.keys() {
if !is_key_attribute(attr_name, key_schema) {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values are not valid. \
- Number of user supplied keys don't match number of table schema keys. \
- Keys provided: [{}], schema keys: [{}]",
+ "One or more parameter values are not valid. Number of user supplied keys don't \
+ match number of table schema keys. Keys provided: [{}], schema keys: [{}]",
format_key_names(key),
format_schema_key_names(key_schema),
)));
@@ -291,8 +305,8 @@ fn validate_key_types(
};
if !type_matches {
return Err(DynamoDBError::validation(format!(
- "The provided key element does not match the schema. \
- Expected type {expected} for key column {name}, got type {actual}",
+ "The provided key element does not match the schema. Expected type {expected} \
+ for key column {name}, got type {actual}",
expected = ka.attr_type,
name = ka.name,
actual = val.type_descriptor(),
@@ -309,8 +323,8 @@ fn validate_no_duplicate_attributes_to_get(attrs: &[String]) -> Result<(), Dynam
for attr in attrs {
if !seen.insert(attr.as_str()) {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values are not valid. \
- Duplicate value in AttributesToGet: {attr}"
+ "One or more parameter values are not valid. Duplicate value in AttributesToGet: \
+ {attr}"
)));
}
}
@@ -356,7 +370,8 @@ fn validate_select(
Select::SpecificAttributes => {
if !has_projection && !has_attributes_to_get {
return Err(DynamoDBError::validation(
- "SPECIFIC_ATTRIBUTES requires either ProjectionExpression or AttributesToGet",
+ "SPECIFIC_ATTRIBUTES requires either ProjectionExpression or \
+ AttributesToGet",
));
}
}
@@ -395,8 +410,8 @@ fn validate_parallel_scan(
// TotalSegments must be in [1, MAX_TOTAL_SEGMENTS].
if total > MAX_TOTAL_SEGMENTS {
return Err(DynamoDBError::validation(format!(
- "1 validation error detected: Value '{total}' at 'totalSegments' failed \
- to satisfy constraint: Member must have value less than or equal to \
+ "1 validation error detected: Value '{total}' at 'totalSegments' failed to \
+ satisfy constraint: Member must have value less than or equal to \
{MAX_TOTAL_SEGMENTS}. The Segment parameter is required but was not present \
in the request when parameter TotalSegments is present"
)));
@@ -404,8 +419,8 @@ fn validate_parallel_scan(
// Segment must be in [0, TotalSegments).
if seg >= total {
return Err(DynamoDBError::validation(format!(
- "The Segment parameter is zero-indexed and must be less than \
- parameter TotalSegments. Segment: {seg}, TotalSegments: {total}"
+ "The Segment parameter is zero-indexed and must be less than parameter \
+ TotalSegments. Segment: {seg}, TotalSegments: {total}"
)));
}
// ExclusiveStartKey must map to the same segment.
@@ -415,8 +430,8 @@ fn validate_parallel_scan(
#[allow(clippy::cast_sign_loss)]
if key_segment != seg as u32 {
return Err(DynamoDBError::validation(
- "The provided Exclusive start key does not map to the provided \
- Segment and TotalSegments values."
+ "The provided Exclusive start key does not map to the provided Segment \
+ and TotalSegments values."
.to_owned(),
));
}
@@ -429,12 +444,12 @@ fn validate_parallel_scan(
// missing one, but boto3 rejects this client-side. We still
// handle it for raw API callers.
(Some(_), None) => Err(DynamoDBError::validation(
- "The TotalSegments parameter is required but was not present in the request \
- when parameter Segment is present",
+ "The TotalSegments parameter is required but was not present in the request when \
+ parameter Segment is present",
)),
(None, Some(_)) => Err(DynamoDBError::validation(
- "The Segment parameter is required but was not present in the request \
- when parameter TotalSegments is present",
+ "The Segment parameter is required but was not present in the request when parameter \
+ TotalSegments is present",
)),
}
}
@@ -510,9 +525,8 @@ impl RustStackDynamoDB {
// Validate attribute definitions are present.
if input.attribute_definitions.is_empty() {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: \
- Some AttributeDefinitions are not valid. \
- AttributeDefinitions must be provided for all key attributes",
+ "One or more parameter values were invalid: Some AttributeDefinitions are not \
+ valid. AttributeDefinitions must be provided for all key attributes",
));
}
@@ -563,6 +577,7 @@ impl RustStackDynamoDB {
stream_specification: input.stream_specification,
sse_specification: input.sse_specification,
tags: parking_lot::RwLock::new(input.tags),
+ ttl: parking_lot::RwLock::new(None),
arn,
table_id: uuid::Uuid::new_v4().to_string(),
created_at: chrono::Utc::now(),
@@ -728,7 +743,8 @@ impl RustStackDynamoDB {
if !input.expected.is_empty() && input.condition_expression.is_some() {
return Err(DynamoDBError::validation(
"Can not use both expression and non-expression parameters in the same request: \
- Non-expression parameters: {Expected} Expression parameters: {ConditionExpression}",
+ Non-expression parameters: {Expected} Expression parameters: \
+ {ConditionExpression}",
));
}
@@ -951,7 +967,8 @@ impl RustStackDynamoDB {
if !input.expected.is_empty() && input.condition_expression.is_some() {
return Err(DynamoDBError::validation(
"Can not use both expression and non-expression parameters in the same request: \
- Non-expression parameters: {Expected} Expression parameters: {ConditionExpression}",
+ Non-expression parameters: {Expected} Expression parameters: \
+ {ConditionExpression}",
));
}
@@ -1077,13 +1094,15 @@ impl RustStackDynamoDB {
if !input.attribute_updates.is_empty() && input.update_expression.is_some() {
return Err(DynamoDBError::validation(
"Can not use both expression and non-expression parameters in the same request: \
- Non-expression parameters: {AttributeUpdates} Expression parameters: {UpdateExpression}",
+ Non-expression parameters: {AttributeUpdates} Expression parameters: \
+ {UpdateExpression}",
));
}
if !input.attribute_updates.is_empty() && input.condition_expression.is_some() {
return Err(DynamoDBError::validation(
"Can not use both expression and non-expression parameters in the same request: \
- Non-expression parameters: {AttributeUpdates} Expression parameters: {ConditionExpression}",
+ Non-expression parameters: {AttributeUpdates} Expression parameters: \
+ {ConditionExpression}",
));
}
if !input.expected.is_empty() && input.update_expression.is_some() {
@@ -1095,7 +1114,8 @@ impl RustStackDynamoDB {
if !input.expected.is_empty() && input.condition_expression.is_some() {
return Err(DynamoDBError::validation(
"Can not use both expression and non-expression parameters in the same request: \
- Non-expression parameters: {Expected} Expression parameters: {ConditionExpression}",
+ Non-expression parameters: {Expected} Expression parameters: \
+ {ConditionExpression}",
));
}
@@ -1150,8 +1170,7 @@ impl RustStackDynamoDB {
}
Some(existing_val) => {
return Err(DynamoDBError::validation(format!(
- "Type mismatch for ADD; operator type: L, \
- existing type: {}",
+ "Type mismatch for ADD; operator type: L, existing type: {}",
existing_val.type_descriptor(),
)));
}
@@ -1891,8 +1910,8 @@ impl RustStackDynamoDB {
let total_writes: usize = input.request_items.values().map(Vec::len).sum();
if total_writes > 25 {
return Err(DynamoDBError::validation(format!(
- "Too many items in the BatchWriteItem request; \
- the request length {total_writes} exceeds the limit of 25"
+ "Too many items in the BatchWriteItem request; the request length {total_writes} \
+ exceeds the limit of 25"
)));
}
@@ -1995,6 +2014,681 @@ impl RustStackDynamoDB {
}
}
+// ---------------------------------------------------------------------------
+// Tagging operations
+// ---------------------------------------------------------------------------
+
+/// Maximum number of tags per resource.
+const MAX_TAGS_PER_RESOURCE: usize = 50;
+
+/// Maximum tag key length (characters).
+const MAX_TAG_KEY_LENGTH: usize = 128;
+
+/// Maximum tag value length (characters).
+const MAX_TAG_VALUE_LENGTH: usize = 256;
+
+impl RustStackDynamoDB {
+ /// Resolve a DynamoDB resource ARN to a table name.
+ fn resolve_table_from_arn(arn: &str) -> Result<&str, DynamoDBError> {
+ arn.rsplit_once('/')
+ .map(|(_, name)| name)
+ .filter(|name| !name.is_empty())
+ .ok_or_else(|| DynamoDBError::validation("Invalid resource ARN"))
+ }
+
+ /// Handle `TagResource`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_tag_resource(
+ &self,
+ input: TagResourceInput,
+ ) -> Result {
+ let table_name = Self::resolve_table_from_arn(&input.resource_arn)?;
+ let table = self.state.require_table(table_name)?;
+
+ // Validate each tag.
+ for tag in &input.tags {
+ if tag.key.is_empty() || tag.key.len() > MAX_TAG_KEY_LENGTH {
+ return Err(DynamoDBError::validation(format!(
+ "Tag key must be between 1 and {MAX_TAG_KEY_LENGTH} characters long"
+ )));
+ }
+ if tag.value.len() > MAX_TAG_VALUE_LENGTH {
+ return Err(DynamoDBError::validation(format!(
+ "Tag value must be no more than {MAX_TAG_VALUE_LENGTH} characters long"
+ )));
+ }
+ if tag.key.starts_with("aws:") {
+ return Err(DynamoDBError::validation(
+ "Tag keys starting with 'aws:' are reserved for system use",
+ ));
+ }
+ }
+
+ let mut tags = table.tags.write();
+
+ // Clone, merge, validate count, then commit — avoids TOCTOU where
+ // over-limit tags persist if validation fails after mutation.
+ let mut merged = tags.clone();
+ for new_tag in &input.tags {
+ if let Some(existing) = merged.iter_mut().find(|t| t.key == new_tag.key) {
+ existing.value.clone_from(&new_tag.value);
+ } else {
+ merged.push(new_tag.clone());
+ }
+ }
+
+ if merged.len() > MAX_TAGS_PER_RESOURCE {
+ return Err(DynamoDBError::validation(format!(
+ "The number of tags exceeds the limit of {MAX_TAGS_PER_RESOURCE}"
+ )));
+ }
+
+ *tags = merged;
+
+ Ok(TagResourceOutput {})
+ }
+
+ /// Handle `UntagResource`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_untag_resource(
+ &self,
+ input: UntagResourceInput,
+ ) -> Result {
+ let table_name = Self::resolve_table_from_arn(&input.resource_arn)?;
+ let table = self.state.require_table(table_name)?;
+
+ let keys_to_remove: HashSet<&str> = input.tag_keys.iter().map(String::as_str).collect();
+ let mut tags = table.tags.write();
+ tags.retain(|t| !keys_to_remove.contains(t.key.as_str()));
+
+ Ok(UntagResourceOutput {})
+ }
+
+ /// Handle `ListTagsOfResource`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_list_tags_of_resource(
+ &self,
+ input: ListTagsOfResourceInput,
+ ) -> Result {
+ let table_name = Self::resolve_table_from_arn(&input.resource_arn)?;
+ let table = self.state.require_table(table_name)?;
+
+ let tags = table.tags.read().clone();
+ Ok(ListTagsOfResourceOutput {
+ tags: Some(tags),
+ next_token: None,
+ })
+ }
+}
+
+// ---------------------------------------------------------------------------
+// Time to Live operations
+// ---------------------------------------------------------------------------
+
+impl RustStackDynamoDB {
+ /// Handle `UpdateTimeToLive`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_update_time_to_live(
+ &self,
+ input: UpdateTimeToLiveInput,
+ ) -> Result {
+ validate_table_name(&input.table_name)?;
+ let table = self.state.require_table(&input.table_name)?;
+
+ if input.time_to_live_specification.attribute_name.is_empty() {
+ return Err(DynamoDBError::validation(
+ "TimeToLiveSpecification AttributeName must not be empty",
+ ));
+ }
+
+ let spec = input.time_to_live_specification;
+ *table.ttl.write() = Some(spec.clone());
+
+ Ok(UpdateTimeToLiveOutput {
+ time_to_live_specification: Some(spec),
+ })
+ }
+
+ /// Handle `DescribeTimeToLive`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_describe_time_to_live(
+ &self,
+ input: DescribeTimeToLiveInput,
+ ) -> Result {
+ validate_table_name(&input.table_name)?;
+ let table = self.state.require_table(&input.table_name)?;
+
+ let ttl_guard = table.ttl.read();
+ let description = match ttl_guard.as_ref() {
+ Some(spec) => TimeToLiveDescription {
+ attribute_name: Some(spec.attribute_name.clone()),
+ time_to_live_status: Some(if spec.enabled {
+ "ENABLED".to_owned()
+ } else {
+ "DISABLED".to_owned()
+ }),
+ },
+ None => TimeToLiveDescription {
+ attribute_name: None,
+ time_to_live_status: Some("DISABLED".to_owned()),
+ },
+ };
+
+ Ok(DescribeTimeToLiveOutput {
+ time_to_live_description: Some(description),
+ })
+ }
+}
+
+// ---------------------------------------------------------------------------
+// Describe operations
+// ---------------------------------------------------------------------------
+
+impl RustStackDynamoDB {
+ /// Handle `DescribeLimits`.
+ ///
+ /// Returns hardcoded account and table capacity limits matching the default
+ /// AWS DynamoDB provisioned-mode limits.
+ pub fn handle_describe_limits(
+ &self,
+ _input: DescribeLimitsInput,
+ ) -> Result {
+ Ok(DescribeLimitsOutput {
+ account_max_read_capacity_units: Some(80_000),
+ account_max_write_capacity_units: Some(80_000),
+ table_max_read_capacity_units: Some(40_000),
+ table_max_write_capacity_units: Some(40_000),
+ })
+ }
+
+ /// Handle `DescribeEndpoints`.
+ ///
+ /// Returns a single endpoint for the configured region with a 1440-minute
+ /// (24 hour) cache period, matching the real DynamoDB behaviour.
+ pub fn handle_describe_endpoints(
+ &self,
+ _input: DescribeEndpointsInput,
+ ) -> Result {
+ let address = format!("dynamodb.{}.amazonaws.com", self.config.default_region);
+ Ok(DescribeEndpointsOutput {
+ endpoints: vec![Endpoint {
+ address,
+ cache_period_in_minutes: 1440,
+ }],
+ })
+ }
+}
+
+// ---------------------------------------------------------------------------
+// Transaction operations
+// ---------------------------------------------------------------------------
+
+/// Maximum number of items in a transaction.
+const MAX_TRANSACT_ITEMS: usize = 100;
+
+impl RustStackDynamoDB {
+ /// Handle `TransactGetItems`.
+ #[allow(clippy::needless_pass_by_value)]
+ pub fn handle_transact_get_items(
+ &self,
+ input: TransactGetItemsInput,
+ ) -> Result {
+ if input.transact_items.is_empty() {
+ return Err(DynamoDBError::validation(
+ "1 validation error detected: Value null at 'transactItems' failed to satisfy \
+ constraint: Member must not be null",
+ ));
+ }
+ if input.transact_items.len() > MAX_TRANSACT_ITEMS {
+ return Err(DynamoDBError::validation(format!(
+ "1 validation error detected: Value '[TransactGetItem]' at 'transactItems' failed \
+ to satisfy constraint: Member must have length less than or equal to \
+ {MAX_TRANSACT_ITEMS}"
+ )));
+ }
+
+ let mut responses = Vec::with_capacity(input.transact_items.len());
+
+ for transact_item in &input.transact_items {
+ let get = &transact_item.get;
+ let table = self.state.require_table(&get.table_name)?;
+ let pk = extract_primary_key(&table.key_schema, &get.key)
+ .map_err(storage_error_to_dynamodb)?;
+
+ let item = table.storage.get_item(&pk);
+
+ // Apply projection if specified.
+ let result_item = match (item, &get.projection_expression) {
+ (Some(found_item), Some(projection)) => {
+ let names = get.expression_attribute_names.as_ref();
+ let empty_names = HashMap::new();
+ let names_ref = names.unwrap_or(&empty_names);
+ let paths =
+ parse_projection(projection).map_err(projection_error_to_dynamodb)?;
+ let empty_values = HashMap::new();
+ let ctx = EvalContext {
+ item: &found_item,
+ names: names_ref,
+ values: &empty_values,
+ };
+ let projected = ctx.apply_projection(&paths);
+ if projected.is_empty() {
+ None
+ } else {
+ Some(projected)
+ }
+ }
+ (Some(found_item), None) => Some(found_item),
+ (None, _) => None,
+ };
+
+ responses.push(ItemResponse { item: result_item });
+ }
+
+ Ok(TransactGetItemsOutput {
+ consumed_capacity: Vec::new(),
+ responses: Some(responses),
+ })
+ }
+
+ /// Handle `TransactWriteItems`.
+ #[allow(clippy::too_many_lines, clippy::needless_pass_by_value)]
+ pub fn handle_transact_write_items(
+ &self,
+ input: TransactWriteItemsInput,
+ ) -> Result {
+ if input.transact_items.is_empty() {
+ return Err(DynamoDBError::validation(
+ "1 validation error detected: Value null at 'transactItems' failed to satisfy \
+ constraint: Member must not be null",
+ ));
+ }
+ if input.transact_items.len() > MAX_TRANSACT_ITEMS {
+ return Err(DynamoDBError::validation(format!(
+ "1 validation error detected: Value '[TransactWriteItem]' at 'transactItems' \
+ failed to satisfy constraint: Member must have length less than or equal to \
+ {MAX_TRANSACT_ITEMS}"
+ )));
+ }
+
+ // Phase 1: Validate each item has exactly one action and collect
+ // (table_name, primary_key) pairs for duplicate detection.
+ let mut seen_keys: HashSet<(String, PrimaryKey)> = HashSet::new();
+
+ for (idx, item) in input.transact_items.iter().enumerate() {
+ let action_count = [
+ item.condition_check.is_some(),
+ item.put.is_some(),
+ item.delete.is_some(),
+ item.update.is_some(),
+ ]
+ .iter()
+ .filter(|&&b| b)
+ .count();
+
+ if action_count != 1 {
+ return Err(DynamoDBError::validation(format!(
+ "TransactItems[{idx}] must specify exactly one of ConditionCheck, Put, \
+ Delete, or Update"
+ )));
+ }
+
+ // Extract (table_name, key) for duplicate detection.
+ let (table_name, key_map) = if let Some(ref cc) = item.condition_check {
+ (cc.table_name.as_str(), &cc.key)
+ } else if let Some(ref put) = item.put {
+ let table = self.state.require_table(&put.table_name)?;
+ let pk = extract_primary_key(&table.key_schema, &put.item)
+ .map_err(storage_error_to_dynamodb)?;
+ if !seen_keys.insert((put.table_name.clone(), pk)) {
+ return Err(DynamoDBError::validation(
+ "Transaction request cannot include multiple operations on one item",
+ ));
+ }
+ continue;
+ } else if let Some(ref del) = item.delete {
+ (del.table_name.as_str(), &del.key)
+ } else if let Some(ref upd) = item.update {
+ (upd.table_name.as_str(), &upd.key)
+ } else {
+ continue;
+ };
+
+ let table = self.state.require_table(table_name)?;
+ let pk = extract_primary_key(&table.key_schema, key_map)
+ .map_err(storage_error_to_dynamodb)?;
+ if !seen_keys.insert((table_name.to_owned(), pk)) {
+ return Err(DynamoDBError::validation(
+ "Transaction request cannot include multiple operations on one item",
+ ));
+ }
+ }
+
+ // Phase 2: Evaluate all condition expressions.
+ let mut cancellation_reasons: Vec = vec![
+ CancellationReason {
+ code: Some("None".to_owned()),
+ message: Some("None".to_owned()),
+ item: None,
+ };
+ input.transact_items.len()
+ ];
+ let mut any_cancelled = false;
+
+ for (idx, item) in input.transact_items.iter().enumerate() {
+ let condition_result = self.evaluate_transact_write_condition(item);
+ match condition_result {
+ Ok(()) => {}
+ Err(reason) => {
+ cancellation_reasons[idx] = reason;
+ any_cancelled = true;
+ }
+ }
+ }
+
+ if any_cancelled {
+ return Err(DynamoDBError::transaction_cancelled(cancellation_reasons));
+ }
+
+ // Phase 3: Apply all writes.
+ for item in &input.transact_items {
+ if let Some(ref put) = item.put {
+ let table = self.state.require_table(&put.table_name)?;
+ let old = table
+ .storage
+ .put_item(put.item.clone())
+ .map_err(storage_error_to_dynamodb)?;
+
+ if table
+ .stream_specification
+ .as_ref()
+ .is_some_and(|s| s.stream_enabled)
+ {
+ let event_name = if old.is_some() {
+ crate::stream::ChangeEventName::Modify
+ } else {
+ crate::stream::ChangeEventName::Insert
+ };
+ let keys = extract_key_attributes(&put.item, &table.key_schema_elements);
+ let size = calculate_item_size(&put.item);
+ self.emitter.emit(crate::stream::ChangeEvent {
+ table_name: table.name.clone(),
+ event_name,
+ keys,
+ old_image: old,
+ new_image: Some(put.item.clone()),
+ size_bytes: size,
+ });
+ }
+ } else if let Some(ref del) = item.delete {
+ let table = self.state.require_table(&del.table_name)?;
+ let pk = extract_primary_key(&table.key_schema, &del.key)
+ .map_err(storage_error_to_dynamodb)?;
+ let old = table.storage.delete_item(&pk);
+
+ if table
+ .stream_specification
+ .as_ref()
+ .is_some_and(|s| s.stream_enabled)
+ {
+ if let Some(ref old_item) = old {
+ let keys = extract_key_attributes(old_item, &table.key_schema_elements);
+ let size = calculate_item_size(old_item);
+ self.emitter.emit(crate::stream::ChangeEvent {
+ table_name: table.name.clone(),
+ event_name: crate::stream::ChangeEventName::Remove,
+ keys,
+ old_image: Some(old_item.clone()),
+ new_image: None,
+ size_bytes: size,
+ });
+ }
+ }
+ } else if let Some(ref upd) = item.update {
+ let table = self.state.require_table(&upd.table_name)?;
+ let pk = extract_primary_key(&table.key_schema, &upd.key)
+ .map_err(storage_error_to_dynamodb)?;
+ let existing = table.storage.get_item(&pk);
+ let current = existing.clone().unwrap_or_else(|| upd.key.clone());
+
+ let names = upd.expression_attribute_names.as_ref();
+ let values = upd.expression_attribute_values.as_ref();
+ let empty_names = HashMap::new();
+ let empty_values = HashMap::new();
+ let names_ref = names.unwrap_or(&empty_names);
+ let values_ref = values.unwrap_or(&empty_values);
+
+ let parsed =
+ parse_update(&upd.update_expression).map_err(expression_error_to_dynamodb)?;
+ let ctx = EvalContext {
+ item: ¤t,
+ names: names_ref,
+ values: values_ref,
+ };
+ let updated = ctx
+ .apply_update(&parsed)
+ .map_err(expression_error_to_dynamodb)?;
+
+ let old = table
+ .storage
+ .put_item(updated.clone())
+ .map_err(storage_error_to_dynamodb)?;
+
+ if table
+ .stream_specification
+ .as_ref()
+ .is_some_and(|s| s.stream_enabled)
+ {
+ let event_name = if existing.is_some() {
+ crate::stream::ChangeEventName::Modify
+ } else {
+ crate::stream::ChangeEventName::Insert
+ };
+ let keys = extract_key_attributes(&updated, &table.key_schema_elements);
+ let size = calculate_item_size(&updated);
+ self.emitter.emit(crate::stream::ChangeEvent {
+ table_name: table.name.clone(),
+ event_name,
+ keys,
+ old_image: old,
+ new_image: Some(updated),
+ size_bytes: size,
+ });
+ }
+ }
+ // ConditionCheck: no mutation needed.
+ }
+
+ Ok(TransactWriteItemsOutput {
+ consumed_capacity: Vec::new(),
+ item_collection_metrics: HashMap::new(),
+ })
+ }
+
+ /// Evaluate a condition expression for a single transaction write item.
+ ///
+ /// Returns `Ok(())` if the condition passes (or no condition exists),
+ /// or a `CancellationReason` if the condition fails.
+ fn evaluate_transact_write_condition(
+ &self,
+ item: &ruststack_dynamodb_model::types::TransactWriteItem,
+ ) -> Result<(), CancellationReason> {
+ if let Some(ref cc) = item.condition_check {
+ self.evaluate_condition_for_key(
+ &cc.table_name,
+ &cc.key,
+ Some(&cc.condition_expression),
+ cc.expression_attribute_names.as_ref(),
+ cc.expression_attribute_values.as_ref(),
+ cc.return_values_on_condition_check_failure.as_deref(),
+ )
+ } else if let Some(ref put) = item.put {
+ if let Some(ref condition) = put.condition_expression {
+ self.evaluate_transact_put_condition(put, condition)
+ } else {
+ Ok(())
+ }
+ } else if let Some(ref del) = item.delete {
+ self.evaluate_condition_for_key(
+ &del.table_name,
+ &del.key,
+ del.condition_expression.as_deref(),
+ del.expression_attribute_names.as_ref(),
+ del.expression_attribute_values.as_ref(),
+ del.return_values_on_condition_check_failure.as_deref(),
+ )
+ } else if let Some(ref upd) = item.update {
+ self.evaluate_condition_for_key(
+ &upd.table_name,
+ &upd.key,
+ upd.condition_expression.as_deref(),
+ upd.expression_attribute_names.as_ref(),
+ upd.expression_attribute_values.as_ref(),
+ upd.return_values_on_condition_check_failure.as_deref(),
+ )
+ } else {
+ Ok(())
+ }
+ }
+
+ /// Evaluate a condition expression for a `TransactPut` action.
+ ///
+ /// Put actions derive their primary key from the item rather than a
+ /// separate `Key` field, requiring special handling.
+ fn evaluate_transact_put_condition(
+ &self,
+ put: &ruststack_dynamodb_model::types::TransactPut,
+ condition: &str,
+ ) -> Result<(), CancellationReason> {
+ let table = self
+ .state
+ .require_table(&put.table_name)
+ .map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.message.clone()),
+ item: None,
+ })?;
+ let pk =
+ extract_primary_key(&table.key_schema, &put.item).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+ let key_map: HashMap =
+ extract_key_attributes(&put.item, &table.key_schema_elements);
+ let existing = table.storage.get_item(&pk);
+ let empty = HashMap::new();
+ let item_ref = existing.as_ref().unwrap_or(&empty);
+ let empty_names = HashMap::new();
+ let empty_values = HashMap::new();
+ let names = put
+ .expression_attribute_names
+ .as_ref()
+ .unwrap_or(&empty_names);
+ let values = put
+ .expression_attribute_values
+ .as_ref()
+ .unwrap_or(&empty_values);
+
+ let expr = parse_condition(condition).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+ let ctx = EvalContext {
+ item: item_ref,
+ names,
+ values,
+ };
+ let result = ctx.evaluate(&expr).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+ if !result {
+ let return_item =
+ if put.return_values_on_condition_check_failure.as_deref() == Some("ALL_OLD") {
+ existing
+ } else {
+ None
+ };
+ return Err(CancellationReason {
+ code: Some("ConditionalCheckFailed".to_owned()),
+ message: Some("The conditional request failed".to_owned()),
+ item: return_item.or(Some(key_map)),
+ });
+ }
+ Ok(())
+ }
+
+ /// Evaluate a condition expression for a given table and key.
+ fn evaluate_condition_for_key(
+ &self,
+ table_name: &str,
+ key: &HashMap,
+ condition_expression: Option<&str>,
+ expression_names: Option<&HashMap>,
+ expression_values: Option<&HashMap>,
+ return_values_on_failure: Option<&str>,
+ ) -> Result<(), CancellationReason> {
+ let Some(condition_str) = condition_expression else {
+ return Ok(());
+ };
+
+ let table = self
+ .state
+ .require_table(table_name)
+ .map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.message.clone()),
+ item: None,
+ })?;
+ let pk = extract_primary_key(&table.key_schema, key).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+ let existing = table.storage.get_item(&pk);
+ let empty = HashMap::new();
+ let item_ref = existing.as_ref().unwrap_or(&empty);
+ let empty_names = HashMap::new();
+ let empty_values = HashMap::new();
+ let names = expression_names.unwrap_or(&empty_names);
+ let values = expression_values.unwrap_or(&empty_values);
+
+ let expr = parse_condition(condition_str).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+ let ctx = EvalContext {
+ item: item_ref,
+ names,
+ values,
+ };
+ let result = ctx.evaluate(&expr).map_err(|e| CancellationReason {
+ code: Some("ValidationException".to_owned()),
+ message: Some(e.to_string()),
+ item: None,
+ })?;
+
+ if !result {
+ let return_item = if return_values_on_failure == Some("ALL_OLD") {
+ existing
+ } else {
+ None
+ };
+ return Err(CancellationReason {
+ code: Some("ConditionalCheckFailed".to_owned()),
+ message: Some("The conditional request failed".to_owned()),
+ item: return_item,
+ });
+ }
+
+ Ok(())
+ }
+}
+
// ---------------------------------------------------------------------------
// Legacy API conversion functions
// ---------------------------------------------------------------------------
@@ -2287,7 +2981,8 @@ fn build_condition_fragment(
values.insert(val_ph.clone(), v.clone());
}
format!(
- "(attribute_exists({name_placeholder}) AND NOT contains({name_placeholder}, {val_ph}))"
+ "(attribute_exists({name_placeholder}) AND NOT contains({name_placeholder}, \
+ {val_ph}))"
)
}
ComparisonOperator::BeginsWith => {
@@ -2380,8 +3075,8 @@ fn validate_return_values_on_condition_check_failure(
if v != "NONE" && v != "ALL_OLD" {
return Err(DynamoDBError::validation(format!(
"1 validation error detected: Value '{v}' at \
- 'returnValuesOnConditionCheckFailure' failed to satisfy constraint: \
- Member must satisfy enum value set: [NONE, ALL_OLD]"
+ 'returnValuesOnConditionCheckFailure' failed to satisfy constraint: Member must \
+ satisfy enum value set: [NONE, ALL_OLD]"
)));
}
}
@@ -2422,27 +3117,24 @@ fn validate_comparison_operator(
| ComparisonOperator::BeginsWith => {
if count != 1 {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- Invalid number of argument(s) for the {comp_op} \
- ComparisonOperator"
+ "One or more parameter values were invalid: Invalid number of argument(s) for \
+ the {comp_op} ComparisonOperator"
)));
}
}
ComparisonOperator::Contains | ComparisonOperator::NotContains => {
if count != 1 {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- Invalid number of argument(s) for the {comp_op} \
- ComparisonOperator"
+ "One or more parameter values were invalid: Invalid number of argument(s) for \
+ the {comp_op} ComparisonOperator"
)));
}
// CONTAINS/NOT_CONTAINS only accept scalar types (S, N, B).
if let Some(val) = value_list.first() {
if !is_scalar_attribute_value(val) {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- ComparisonOperator {comp_op} is not valid for {val_type} \
- AttributeValue type",
+ "One or more parameter values were invalid: ComparisonOperator {comp_op} \
+ is not valid for {val_type} AttributeValue type",
val_type = val.type_descriptor(),
)));
}
@@ -2451,27 +3143,24 @@ fn validate_comparison_operator(
ComparisonOperator::Between => {
if count != 2 {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: \
- Invalid number of argument(s) for the BETWEEN \
- ComparisonOperator",
+ "One or more parameter values were invalid: Invalid number of argument(s) for \
+ the BETWEEN ComparisonOperator",
));
}
}
ComparisonOperator::In => {
if count == 0 {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: \
- Invalid number of argument(s) for the IN \
- ComparisonOperator",
+ "One or more parameter values were invalid: Invalid number of argument(s) for \
+ the IN ComparisonOperator",
));
}
// IN requires all values to be scalar and of the same type.
for val in value_list {
if !is_scalar_attribute_value(val) {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: \
- ComparisonOperator IN is not valid for non-scalar \
- AttributeValue type",
+ "One or more parameter values were invalid: ComparisonOperator IN is not \
+ valid for non-scalar AttributeValue type",
));
}
}
@@ -2481,9 +3170,8 @@ fn validate_comparison_operator(
for val in &value_list[1..] {
if val.type_descriptor() != first_type {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: \
- AttributeValues inside AttributeValueList must all \
- be of the same type",
+ "One or more parameter values were invalid: AttributeValues inside \
+ AttributeValueList must all be of the same type",
));
}
}
@@ -2492,9 +3180,8 @@ fn validate_comparison_operator(
ComparisonOperator::Null | ComparisonOperator::NotNull => {
if count != 0 {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- Invalid number of argument(s) for the {comp_op} \
- ComparisonOperator"
+ "One or more parameter values were invalid: Invalid number of argument(s) for \
+ the {comp_op} ComparisonOperator"
)));
}
}
@@ -2525,15 +3212,14 @@ fn validate_expected(
} else if exp.exists == Some(true) && exp.value.is_none() {
// Exists:True without Value is a validation error.
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- Exists is set to TRUE for attribute ({attr_name}), \
- Value must also be set"
+ "One or more parameter values were invalid: Exists is set to TRUE for attribute \
+ ({attr_name}), Value must also be set"
)));
} else if exp.exists == Some(false) && exp.value.is_some() {
// Exists:False with Value is a validation error.
return Err(DynamoDBError::validation(format!(
- "One or more parameter values were invalid: \
- Value cannot be used when Exists is set to FALSE for attribute ({attr_name})"
+ "One or more parameter values were invalid: Value cannot be used when Exists is \
+ set to FALSE for attribute ({attr_name})"
)));
}
}
@@ -2552,8 +3238,8 @@ fn validate_no_empty_sets(values: &HashMap) -> Result<()
for (key, val) in values {
if is_empty_set(val) {
return Err(DynamoDBError::validation(format!(
- "One or more parameter values are not valid. The AttributeValue for a member \
- of the ExpressionAttributeValues ({key}) contains an empty set"
+ "One or more parameter values are not valid. The AttributeValue for a member of \
+ the ExpressionAttributeValues ({key}) contains an empty set"
)));
}
}
@@ -2619,8 +3305,8 @@ fn validate_item_no_empty_sets(
for val in item.values() {
if contains_empty_set(val) {
return Err(DynamoDBError::validation(
- "One or more parameter values were invalid: An number of elements of the \
- input set is empty",
+ "One or more parameter values were invalid: An number of elements of the input \
+ set is empty",
));
}
}
@@ -2698,8 +3384,8 @@ fn validate_no_unresolved_names(
for name in used_names {
if name.starts_with('#') && !provided_names.contains_key(name.as_str()) {
return Err(DynamoDBError::validation(format!(
- "Value provided in ExpressionAttributeNames unused in expressions: \
- unresolved attribute name reference: {name}"
+ "Value provided in ExpressionAttributeNames unused in expressions: unresolved \
+ attribute name reference: {name}"
)));
}
}
@@ -2845,14 +3531,14 @@ fn validate_update_paths(
for j in (i + 1)..resolved.len() {
if paths_overlap(&resolved[i], &resolved[j]) {
return Err(DynamoDBError::validation(
- "Invalid UpdateExpression: Two document paths overlap with each other; \
- must remove or rewrite one of these paths",
+ "Invalid UpdateExpression: Two document paths overlap with each other; must \
+ remove or rewrite one of these paths",
));
}
if paths_conflict(&resolved[i], &resolved[j]) {
return Err(DynamoDBError::validation(
- "Invalid UpdateExpression: Two document paths conflict with each other; \
- must remove or rewrite one of these paths",
+ "Invalid UpdateExpression: Two document paths conflict with each other; must \
+ remove or rewrite one of these paths",
));
}
}
@@ -3047,12 +3733,12 @@ fn merge_attribute_values(target: &mut AttributeValue, source: AttributeValue) {
/// - `NONE` / `None`: empty map
/// - `ALL_OLD`: all attributes of the old item (or empty if no old item)
/// - `ALL_NEW`: all attributes of the new item
-/// - `UPDATED_OLD`: for each path targeted by the update expression, return
-/// the old value if it existed (before the update). Only returns the
-/// specific nested sub-path, not the entire top-level attribute.
-/// - `UPDATED_NEW`: for each path targeted by the update expression, return
-/// the new value if it exists (after the update). For REMOVE'd attributes,
-/// the path no longer exists so it is not returned.
+/// - `UPDATED_OLD`: for each path targeted by the update expression, return the old value if it
+/// existed (before the update). Only returns the specific nested sub-path, not the entire
+/// top-level attribute.
+/// - `UPDATED_NEW`: for each path targeted by the update expression, return the new value if it
+/// exists (after the update). For REMOVE'd attributes, the path no longer exists so it is not
+/// returned.
fn compute_update_return_values(
return_values: Option<&ReturnValue>,
old_item: Option<&HashMap>,
@@ -4045,14 +4731,17 @@ fn gsi_build_last_key(
#[cfg(test)]
mod tests {
- use super::*;
- use ruststack_dynamodb_model::error::DynamoDBErrorCode;
- use ruststack_dynamodb_model::input::{BatchWriteItemInput, CreateTableInput, UpdateItemInput};
- use ruststack_dynamodb_model::types::{
- AttributeDefinition, KeySchemaElement, KeyType, PutRequest, ScalarAttributeType,
- WriteRequest,
+ use ruststack_dynamodb_model::{
+ error::DynamoDBErrorCode,
+ input::{BatchWriteItemInput, CreateTableInput, UpdateItemInput},
+ types::{
+ AttributeDefinition, KeySchemaElement, KeyType, PutRequest, ScalarAttributeType,
+ WriteRequest,
+ },
};
+ use super::*;
+
/// Create a provider with a pre-configured test table named "TestTable".
fn setup_provider_with_table() -> RustStackDynamoDB {
let provider = RustStackDynamoDB::new(DynamoDBConfig::default());
diff --git a/crates/ruststack-dynamodb-core/src/state.rs b/crates/ruststack-dynamodb-core/src/state.rs
index e51a9c7..ff997c8 100644
--- a/crates/ruststack-dynamodb-core/src/state.rs
+++ b/crates/ruststack-dynamodb-core/src/state.rs
@@ -3,14 +3,15 @@
use std::sync::Arc;
use dashmap::DashMap;
-
-use ruststack_dynamodb_model::error::DynamoDBError;
-use ruststack_dynamodb_model::types::{
- AttributeDefinition, BillingMode, BillingModeSummary, GlobalSecondaryIndex,
- GlobalSecondaryIndexDescription, IndexStatus, KeySchemaElement, LocalSecondaryIndex,
- LocalSecondaryIndexDescription, ProvisionedThroughput, ProvisionedThroughputDescription,
- SSEDescription, SSESpecification, SseStatus, SseType, StreamSpecification, TableDescription,
- TableStatus, Tag,
+use ruststack_dynamodb_model::{
+ error::DynamoDBError,
+ types::{
+ AttributeDefinition, BillingMode, BillingModeSummary, GlobalSecondaryIndex,
+ GlobalSecondaryIndexDescription, IndexStatus, KeySchemaElement, LocalSecondaryIndex,
+ LocalSecondaryIndexDescription, ProvisionedThroughput, ProvisionedThroughputDescription,
+ SSEDescription, SSESpecification, SseStatus, SseType, StreamSpecification,
+ TableDescription, TableStatus, Tag, TimeToLiveSpecification,
+ },
};
use crate::storage::{KeySchema, TableStorage};
@@ -119,6 +120,8 @@ pub struct DynamoDBTable {
pub sse_specification: Option,
/// Tags.
pub tags: parking_lot::RwLock>,
+ /// Time-to-Live specification.
+ pub ttl: parking_lot::RwLock>,
/// Table ARN.
pub arn: String,
/// Stable table ID (UUID v4), assigned at creation time.
diff --git a/crates/ruststack-dynamodb-core/src/storage.rs b/crates/ruststack-dynamodb-core/src/storage.rs
index dba032d..b5e3f09 100644
--- a/crates/ruststack-dynamodb-core/src/storage.rs
+++ b/crates/ruststack-dynamodb-core/src/storage.rs
@@ -10,27 +10,26 @@
//! DashMap>
//! ```
//!
-//! - Partition-level concurrency: different partitions can be read/written
-//! concurrently without contention.
-//! - Sort key ordering: within each partition, items are stored in a `BTreeMap`
-//! keyed by [`SortableAttributeValue`], which implements [`Ord`] following
-//! DynamoDB comparison rules.
-//! - For tables without a sort key, a sentinel value is used as the single
-//! BTreeMap key per partition.
-
-use std::cmp::Ordering;
-use std::collections::{BTreeMap, HashMap};
-use std::hash::{DefaultHasher, Hash, Hasher};
-use std::ops::Bound;
-use std::sync::atomic::{AtomicU64, Ordering as AtomicOrdering};
+//! - Partition-level concurrency: different partitions can be read/written concurrently without
+//! contention.
+//! - Sort key ordering: within each partition, items are stored in a `BTreeMap` keyed by
+//! [`SortableAttributeValue`], which implements [`Ord`] following DynamoDB comparison rules.
+//! - For tables without a sort key, a sentinel value is used as the single BTreeMap key per
+//! partition.
+
+use std::{
+ cmp::Ordering,
+ collections::{BTreeMap, HashMap},
+ hash::{DefaultHasher, Hash, Hasher},
+ ops::Bound,
+ sync::atomic::{AtomicU64, Ordering as AtomicOrdering},
+};
use dashmap::DashMap;
+use ruststack_dynamodb_model::{AttributeValue, types::ScalarAttributeType};
use thiserror::Error;
use tracing::debug;
-use ruststack_dynamodb_model::AttributeValue;
-use ruststack_dynamodb_model::types::ScalarAttributeType;
-
// ---------------------------------------------------------------------------
// Errors
// ---------------------------------------------------------------------------
@@ -97,12 +96,11 @@ pub struct PrimaryKey {
///
/// Ordering rules follow DynamoDB semantics:
/// - **Strings (S)**: UTF-8 byte ordering.
-/// - **Numbers (N)**: Numeric ordering (parsed as `f64`). Full 38-digit
-/// precision would require `bigdecimal`, but `f64` is sufficient for
-/// local development use cases.
+/// - **Numbers (N)**: Numeric ordering (parsed as `f64`). Full 38-digit precision would require
+/// `bigdecimal`, but `f64` is sufficient for local development use cases.
/// - **Binary (B)**: Byte-by-byte unsigned ordering.
-/// - **Sentinel**: A special value used when the table has no sort key.
-/// It always compares equal to itself.
+/// - **Sentinel**: A special value used when the table has no sort key. It always compares equal to
+/// itself.
#[derive(Debug, Clone)]
pub enum SortableAttributeValue {
/// String sort key.
diff --git a/crates/ruststack-dynamodb-http/src/body.rs b/crates/ruststack-dynamodb-http/src/body.rs
index 881aaa0..fb8e065 100644
--- a/crates/ruststack-dynamodb-http/src/body.rs
+++ b/crates/ruststack-dynamodb-http/src/body.rs
@@ -1,7 +1,9 @@
//! DynamoDB HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-dynamodb-http/src/dispatch.rs b/crates/ruststack-dynamodb-http/src/dispatch.rs
index 423d57a..81a0af0 100644
--- a/crates/ruststack-dynamodb-http/src/dispatch.rs
+++ b/crates/ruststack-dynamodb-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! DynamoDB handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_dynamodb_model::error::DynamoDBError;
-use ruststack_dynamodb_model::operations::DynamoDBOperation;
+use ruststack_dynamodb_model::{error::DynamoDBError, operations::DynamoDBOperation};
use crate::body::DynamoDBResponseBody;
diff --git a/crates/ruststack-dynamodb-http/src/response.rs b/crates/ruststack-dynamodb-http/src/response.rs
index 48f5b94..386b185 100644
--- a/crates/ruststack-dynamodb-http/src/response.rs
+++ b/crates/ruststack-dynamodb-http/src/response.rs
@@ -26,6 +26,10 @@ pub fn error_to_json(error: &DynamoDBError) -> Vec {
if let Some(ref item) = error.item {
obj["Item"] = serde_json::to_value(item).expect("Item serialization cannot fail");
}
+ if !error.cancellation_reasons.is_empty() {
+ obj["CancellationReasons"] = serde_json::to_value(&error.cancellation_reasons)
+ .expect("CancellationReasons serialization cannot fail");
+ }
serde_json::to_vec(&obj).expect("JSON serialization of error cannot fail")
}
@@ -75,9 +79,10 @@ pub fn json_response(json: Vec, request_id: &str) -> http::Response>,
+ /// Cancellation reasons for `TransactionCanceledException`.
+ pub cancellation_reasons: Vec,
}
impl fmt::Display for DynamoDBError {
@@ -176,6 +177,7 @@ impl DynamoDBError {
code,
source: None,
item: None,
+ cancellation_reasons: Vec::new(),
}
}
@@ -188,6 +190,7 @@ impl DynamoDBError {
code,
source: None,
item: None,
+ cancellation_reasons: Vec::new(),
}
}
@@ -206,6 +209,13 @@ impl DynamoDBError {
self
}
+ /// Attach cancellation reasons to a `TransactionCanceledException`.
+ #[must_use]
+ pub fn with_cancellation_reasons(mut self, reasons: Vec) -> Self {
+ self.cancellation_reasons = reasons;
+ self
+ }
+
/// Returns the `__type` string for the JSON error response.
#[must_use]
pub fn error_type(&self) -> &'static str {
@@ -259,6 +269,17 @@ impl DynamoDBError {
)
}
+ /// Transaction cancelled with cancellation reasons.
+ #[must_use]
+ pub fn transaction_cancelled(reasons: Vec) -> Self {
+ Self::with_message(
+ DynamoDBErrorCode::TransactionCanceledException,
+ "Transaction cancelled, please refer cancellation reasons for specific reasons [See \
+ the CancellationReasons field]",
+ )
+ .with_cancellation_reasons(reasons)
+ }
+
/// Unknown operation.
#[must_use]
pub fn unknown_operation(target: &str) -> Self {
diff --git a/crates/ruststack-dynamodb-model/src/input.rs b/crates/ruststack-dynamodb-model/src/input.rs
index 896f290..43c4c88 100644
--- a/crates/ruststack-dynamodb-model/src/input.rs
+++ b/crates/ruststack-dynamodb-model/src/input.rs
@@ -8,13 +8,15 @@ use std::collections::HashMap;
use serde::{Deserialize, Serialize};
-use crate::attribute_value::AttributeValue;
-use crate::types::{
- AttributeDefinition, AttributeValueUpdate, BillingMode, Condition, ConditionalOperator,
- ExpectedAttributeValue, GlobalSecondaryIndex, KeySchemaElement, KeysAndAttributes,
- LocalSecondaryIndex, ProvisionedThroughput, ReturnConsumedCapacity,
- ReturnItemCollectionMetrics, ReturnValue, SSESpecification, Select, StreamSpecification, Tag,
- WriteRequest,
+use crate::{
+ attribute_value::AttributeValue,
+ types::{
+ AttributeDefinition, AttributeValueUpdate, BillingMode, Condition, ConditionalOperator,
+ ExpectedAttributeValue, GlobalSecondaryIndex, KeySchemaElement, KeysAndAttributes,
+ LocalSecondaryIndex, ProvisionedThroughput, ReturnConsumedCapacity,
+ ReturnItemCollectionMetrics, ReturnValue, SSESpecification, Select, StreamSpecification,
+ Tag, TimeToLiveSpecification, TransactGetItem, TransactWriteItem, WriteRequest,
+ },
};
// ---------------------------------------------------------------------------
@@ -487,3 +489,106 @@ pub struct BatchWriteItemInput {
#[serde(skip_serializing_if = "Option::is_none")]
pub return_item_collection_metrics: Option,
}
+
+// ---------------------------------------------------------------------------
+// Tagging
+// ---------------------------------------------------------------------------
+
+/// Input for the `TagResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TagResourceInput {
+ /// The ARN of the resource to tag.
+ pub resource_arn: String,
+ /// The tags to add to the resource.
+ pub tags: Vec,
+}
+
+/// Input for the `UntagResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct UntagResourceInput {
+ /// The ARN of the resource to untag.
+ pub resource_arn: String,
+ /// The tag keys to remove.
+ pub tag_keys: Vec,
+}
+
+/// Input for the `ListTagsOfResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct ListTagsOfResourceInput {
+ /// The ARN of the resource.
+ pub resource_arn: String,
+ /// An optional pagination token.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub next_token: Option,
+}
+
+// ---------------------------------------------------------------------------
+// Time to Live
+// ---------------------------------------------------------------------------
+
+/// Input for the `UpdateTimeToLive` operation.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct UpdateTimeToLiveInput {
+ /// The name of the table.
+ pub table_name: String,
+ /// The TTL specification to apply.
+ pub time_to_live_specification: TimeToLiveSpecification,
+}
+
+/// Input for the `DescribeTimeToLive` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeTimeToLiveInput {
+ /// The name of the table.
+ pub table_name: String,
+}
+
+// ---------------------------------------------------------------------------
+// Transactions
+// ---------------------------------------------------------------------------
+
+/// Input for the `TransactWriteItems` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactWriteItemsInput {
+ /// The list of write actions to perform atomically.
+ pub transact_items: Vec,
+ /// Determines the level of detail about provisioned throughput consumption.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_consumed_capacity: Option,
+ /// Determines whether item collection metrics are returned.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_item_collection_metrics: Option,
+ /// An idempotency token for the transaction.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub client_request_token: Option,
+}
+
+/// Input for the `TransactGetItems` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactGetItemsInput {
+ /// The list of get actions to perform.
+ pub transact_items: Vec,
+ /// Determines the level of detail about provisioned throughput consumption.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_consumed_capacity: Option,
+}
+
+// ---------------------------------------------------------------------------
+// Describe operations
+// ---------------------------------------------------------------------------
+
+/// Input for the `DescribeLimits` operation (empty).
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeLimitsInput {}
+
+/// Input for the `DescribeEndpoints` operation (empty).
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeEndpointsInput {}
diff --git a/crates/ruststack-dynamodb-model/src/operations.rs b/crates/ruststack-dynamodb-model/src/operations.rs
index 5c6dae5..124c7ad 100644
--- a/crates/ruststack-dynamodb-model/src/operations.rs
+++ b/crates/ruststack-dynamodb-model/src/operations.rs
@@ -38,6 +38,32 @@ pub enum DynamoDBOperation {
BatchGetItem,
/// Batch write (put/delete) items to multiple tables.
BatchWriteItem,
+
+ // Tagging
+ /// Add tags to a resource.
+ TagResource,
+ /// Remove tags from a resource.
+ UntagResource,
+ /// List tags for a resource.
+ ListTagsOfResource,
+
+ // Time to Live
+ /// Describe the TTL settings for a table.
+ DescribeTimeToLive,
+ /// Update the TTL settings for a table.
+ UpdateTimeToLive,
+
+ // Transactions
+ /// Get items atomically across tables.
+ TransactGetItems,
+ /// Write items atomically across tables.
+ TransactWriteItems,
+
+ // Describe
+ /// Describe account limits for DynamoDB.
+ DescribeLimits,
+ /// Describe regional endpoints for DynamoDB.
+ DescribeEndpoints,
}
impl DynamoDBOperation {
@@ -58,6 +84,15 @@ impl DynamoDBOperation {
Self::Scan => "Scan",
Self::BatchGetItem => "BatchGetItem",
Self::BatchWriteItem => "BatchWriteItem",
+ Self::TagResource => "TagResource",
+ Self::UntagResource => "UntagResource",
+ Self::ListTagsOfResource => "ListTagsOfResource",
+ Self::DescribeTimeToLive => "DescribeTimeToLive",
+ Self::UpdateTimeToLive => "UpdateTimeToLive",
+ Self::TransactGetItems => "TransactGetItems",
+ Self::TransactWriteItems => "TransactWriteItems",
+ Self::DescribeLimits => "DescribeLimits",
+ Self::DescribeEndpoints => "DescribeEndpoints",
}
}
@@ -78,6 +113,15 @@ impl DynamoDBOperation {
"Scan" => Some(Self::Scan),
"BatchGetItem" => Some(Self::BatchGetItem),
"BatchWriteItem" => Some(Self::BatchWriteItem),
+ "TagResource" => Some(Self::TagResource),
+ "UntagResource" => Some(Self::UntagResource),
+ "ListTagsOfResource" => Some(Self::ListTagsOfResource),
+ "DescribeTimeToLive" => Some(Self::DescribeTimeToLive),
+ "UpdateTimeToLive" => Some(Self::UpdateTimeToLive),
+ "TransactGetItems" => Some(Self::TransactGetItems),
+ "TransactWriteItems" => Some(Self::TransactWriteItems),
+ "DescribeLimits" => Some(Self::DescribeLimits),
+ "DescribeEndpoints" => Some(Self::DescribeEndpoints),
_ => None,
}
}
diff --git a/crates/ruststack-dynamodb-model/src/output.rs b/crates/ruststack-dynamodb-model/src/output.rs
index 1e4a752..d712317 100644
--- a/crates/ruststack-dynamodb-model/src/output.rs
+++ b/crates/ruststack-dynamodb-model/src/output.rs
@@ -8,9 +8,12 @@ use std::collections::HashMap;
use serde::{Deserialize, Serialize};
-use crate::attribute_value::AttributeValue;
-use crate::types::{
- ConsumedCapacity, ItemCollectionMetrics, KeysAndAttributes, TableDescription, WriteRequest,
+use crate::{
+ attribute_value::AttributeValue,
+ types::{
+ ConsumedCapacity, ItemCollectionMetrics, ItemResponse, KeysAndAttributes, TableDescription,
+ Tag, TimeToLiveDescription, TimeToLiveSpecification, WriteRequest,
+ },
};
// ---------------------------------------------------------------------------
@@ -236,3 +239,119 @@ pub struct BatchWriteItemOutput {
#[serde(default, skip_serializing_if = "Vec::is_empty")]
pub consumed_capacity: Vec,
}
+
+// ---------------------------------------------------------------------------
+// Tagging
+// ---------------------------------------------------------------------------
+
+/// Output for the `TagResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TagResourceOutput {}
+
+/// Output for the `UntagResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct UntagResourceOutput {}
+
+/// Output for the `ListTagsOfResource` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct ListTagsOfResourceOutput {
+ /// The tags associated with the resource.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub tags: Option>,
+ /// A pagination token for subsequent requests.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub next_token: Option,
+}
+
+// ---------------------------------------------------------------------------
+// Time to Live
+// ---------------------------------------------------------------------------
+
+/// Output for the `UpdateTimeToLive` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct UpdateTimeToLiveOutput {
+ /// The TTL specification that was applied.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub time_to_live_specification: Option,
+}
+
+/// Output for the `DescribeTimeToLive` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeTimeToLiveOutput {
+ /// The current TTL description for the table.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub time_to_live_description: Option,
+}
+
+// ---------------------------------------------------------------------------
+// Transactions
+// ---------------------------------------------------------------------------
+
+/// Output for the `TransactWriteItems` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactWriteItemsOutput {
+ /// The capacity units consumed by the operation for each table.
+ #[serde(default, skip_serializing_if = "Vec::is_empty")]
+ pub consumed_capacity: Vec,
+ /// Item collection metrics for the affected tables.
+ #[serde(default, skip_serializing_if = "HashMap::is_empty")]
+ pub item_collection_metrics: HashMap>,
+}
+
+/// Output for the `TransactGetItems` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactGetItemsOutput {
+ /// The capacity units consumed by the operation for each table.
+ #[serde(default, skip_serializing_if = "Vec::is_empty")]
+ pub consumed_capacity: Vec,
+ /// The items retrieved, in the same order as the input.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub responses: Option>,
+}
+
+// ---------------------------------------------------------------------------
+// Describe operations
+// ---------------------------------------------------------------------------
+
+/// Output for the `DescribeLimits` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeLimitsOutput {
+ /// Maximum read capacity units per account.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub account_max_read_capacity_units: Option,
+ /// Maximum write capacity units per account.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub account_max_write_capacity_units: Option,
+ /// Maximum read capacity units per table.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub table_max_read_capacity_units: Option,
+ /// Maximum write capacity units per table.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub table_max_write_capacity_units: Option,
+}
+
+/// Output for the `DescribeEndpoints` operation.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct DescribeEndpointsOutput {
+ /// The list of endpoints.
+ pub endpoints: Vec,
+}
+
+/// A DynamoDB endpoint descriptor.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct Endpoint {
+ /// The endpoint address.
+ pub address: String,
+ /// The cache period in minutes.
+ pub cache_period_in_minutes: i64,
+}
diff --git a/crates/ruststack-dynamodb-model/src/types.rs b/crates/ruststack-dynamodb-model/src/types.rs
index 96e0646..2306af1 100644
--- a/crates/ruststack-dynamodb-model/src/types.rs
+++ b/crates/ruststack-dynamodb-model/src/types.rs
@@ -898,6 +898,193 @@ pub struct SSEDescription {
pub inaccessible_encryption_date_time: Option,
}
+// ---------------------------------------------------------------------------
+// Structs - Time to Live
+// ---------------------------------------------------------------------------
+
+/// Time-to-Live specification for enabling or disabling TTL on a table.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TimeToLiveSpecification {
+ /// The name of the TTL attribute used to store the expiration time.
+ pub attribute_name: String,
+ /// Whether TTL is enabled (`true`) or disabled (`false`).
+ pub enabled: bool,
+}
+
+/// Time-to-Live description with status information.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TimeToLiveDescription {
+ /// The name of the TTL attribute.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub attribute_name: Option,
+ /// The TTL status: `ENABLED`, `DISABLED`, `ENABLING`, or `DISABLING`.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub time_to_live_status: Option,
+}
+
+// ---------------------------------------------------------------------------
+// Structs - Transaction Types
+// ---------------------------------------------------------------------------
+
+/// A single write action within a `TransactWriteItems` request.
+///
+/// Exactly one of the four fields must be set.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactWriteItem {
+ /// A condition check against an existing item (no mutation).
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub condition_check: Option,
+ /// A put (insert or replace) action.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub put: Option,
+ /// A delete action.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub delete: Option,
+ /// An update action.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub update: Option,
+}
+
+/// A condition check within a transaction (no mutation).
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct ConditionCheck {
+ /// The table containing the item.
+ pub table_name: String,
+ /// The primary key of the item to check.
+ pub key: HashMap,
+ /// The condition expression that must evaluate to true.
+ pub condition_expression: String,
+ /// Substitution tokens for attribute names.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_names: Option>,
+ /// Substitution tokens for attribute values.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_values: Option>,
+ /// Determines whether to return item attributes on condition check failure.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_values_on_condition_check_failure: Option,
+}
+
+/// A put action within a transaction.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactPut {
+ /// The table to put the item into.
+ pub table_name: String,
+ /// The item to put.
+ pub item: HashMap,
+ /// An optional condition expression.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub condition_expression: Option,
+ /// Substitution tokens for attribute names.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_names: Option>,
+ /// Substitution tokens for attribute values.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_values: Option>,
+ /// Determines whether to return item attributes on condition check failure.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_values_on_condition_check_failure: Option,
+}
+
+/// A delete action within a transaction.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactDelete {
+ /// The table containing the item to delete.
+ pub table_name: String,
+ /// The primary key of the item to delete.
+ pub key: HashMap,
+ /// An optional condition expression.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub condition_expression: Option,
+ /// Substitution tokens for attribute names.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_names: Option>,
+ /// Substitution tokens for attribute values.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_values: Option>,
+ /// Determines whether to return item attributes on condition check failure.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_values_on_condition_check_failure: Option,
+}
+
+/// An update action within a transaction.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactUpdate {
+ /// The table containing the item to update.
+ pub table_name: String,
+ /// The primary key of the item to update.
+ pub key: HashMap,
+ /// The update expression defining the mutations.
+ pub update_expression: String,
+ /// An optional condition expression.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub condition_expression: Option,
+ /// Substitution tokens for attribute names.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_names: Option>,
+ /// Substitution tokens for attribute values.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_values: Option>,
+ /// Determines whether to return item attributes on condition check failure.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub return_values_on_condition_check_failure: Option,
+}
+
+/// A single get action within a `TransactGetItems` request.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct TransactGetItem {
+ /// The get operation to perform.
+ pub get: Get,
+}
+
+/// A get operation targeting a single item by primary key.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct Get {
+ /// The table containing the item.
+ pub table_name: String,
+ /// The primary key of the item to retrieve.
+ pub key: HashMap,
+ /// A projection expression to limit returned attributes.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub projection_expression: Option,
+ /// Substitution tokens for attribute names.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub expression_attribute_names: Option>,
+}
+
+/// A reason why a transaction item was cancelled.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct CancellationReason {
+ /// The cancellation reason code.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub code: Option,
+ /// A human-readable cancellation reason message.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub message: Option,
+ /// The item that failed the condition check, if applicable.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub item: Option>,
+}
+
+/// A response item from a `TransactGetItems` operation.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct ItemResponse {
+ /// The retrieved item, or `None` if not found.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub item: Option>,
+}
+
// ---------------------------------------------------------------------------
// Structs - Tags
// ---------------------------------------------------------------------------
diff --git a/crates/ruststack-dynamodbstreams-core/src/handler.rs b/crates/ruststack-dynamodbstreams-core/src/handler.rs
index b23ef5e..7cf1808 100644
--- a/crates/ruststack-dynamodbstreams-core/src/handler.rs
+++ b/crates/ruststack-dynamodbstreams-core/src/handler.rs
@@ -1,16 +1,14 @@
//! DynamoDB Streams handler implementation bridging HTTP to business logic.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_dynamodbstreams_http::body::DynamoDBStreamsResponseBody;
-use ruststack_dynamodbstreams_http::dispatch::DynamoDBStreamsHandler;
-use ruststack_dynamodbstreams_http::response::json_response;
-use ruststack_dynamodbstreams_model::error::DynamoDBStreamsError;
-use ruststack_dynamodbstreams_model::operations::DynamoDBStreamsOperation;
+use ruststack_dynamodbstreams_http::{
+ body::DynamoDBStreamsResponseBody, dispatch::DynamoDBStreamsHandler, response::json_response,
+};
+use ruststack_dynamodbstreams_model::{
+ error::DynamoDBStreamsError, operations::DynamoDBStreamsOperation,
+};
use crate::provider::RustStackDynamoDBStreams;
diff --git a/crates/ruststack-dynamodbstreams-core/src/provider.rs b/crates/ruststack-dynamodbstreams-core/src/provider.rs
index a4621da..820cd86 100644
--- a/crates/ruststack-dynamodbstreams-core/src/provider.rs
+++ b/crates/ruststack-dynamodbstreams-core/src/provider.rs
@@ -1,24 +1,23 @@
//! DynamoDB Streams provider implementing all 4 operations.
-use std::collections::HashMap;
-use std::sync::Arc;
+use std::{collections::HashMap, sync::Arc};
use ruststack_dynamodb_model::AttributeValue;
-use ruststack_dynamodbstreams_model::error::DynamoDBStreamsError;
-use ruststack_dynamodbstreams_model::input::{
- DescribeStreamInput, GetRecordsInput, GetShardIteratorInput, ListStreamsInput,
-};
-use ruststack_dynamodbstreams_model::output::{
- DescribeStreamOutput, GetRecordsOutput, GetShardIteratorOutput, ListStreamsOutput,
-};
-use ruststack_dynamodbstreams_model::types::{
- self as streams_types, OperationType, Record, SequenceNumberRange, Shard, Stream,
- StreamDescription, StreamRecord, StreamStatus,
+use ruststack_dynamodbstreams_model::{
+ error::DynamoDBStreamsError,
+ input::{DescribeStreamInput, GetRecordsInput, GetShardIteratorInput, ListStreamsInput},
+ output::{DescribeStreamOutput, GetRecordsOutput, GetShardIteratorOutput, ListStreamsOutput},
+ types::{
+ self as streams_types, OperationType, Record, SequenceNumberRange, Shard, Stream,
+ StreamDescription, StreamRecord, StreamStatus,
+ },
};
-use crate::config::DynamoDBStreamsConfig;
-use crate::iterator::{decode_iterator, encode_iterator};
-use crate::storage::{StreamChangeRecord, StreamStore};
+use crate::{
+ config::DynamoDBStreamsConfig,
+ iterator::{decode_iterator, encode_iterator},
+ storage::{StreamChangeRecord, StreamStore},
+};
/// Main DynamoDB Streams provider implementing all 4 operations.
#[derive(Debug)]
diff --git a/crates/ruststack-dynamodbstreams-core/src/storage.rs b/crates/ruststack-dynamodbstreams-core/src/storage.rs
index c3c2a14..5c7b928 100644
--- a/crates/ruststack-dynamodbstreams-core/src/storage.rs
+++ b/crates/ruststack-dynamodbstreams-core/src/storage.rs
@@ -6,7 +6,6 @@ use std::collections::{HashMap, VecDeque};
use dashmap::DashMap;
use parking_lot::RwLock;
-
use ruststack_dynamodb_core::stream::ChangeEvent;
use ruststack_dynamodb_model::AttributeValue;
use ruststack_dynamodbstreams_model::types::{
@@ -363,9 +362,10 @@ fn convert_stream_view_type(
#[cfg(test)]
mod tests {
- use super::*;
use ruststack_dynamodb_core::stream::ChangeEventName;
+ use super::*;
+
#[test]
fn test_should_create_and_list_streams() {
let store = StreamStore::new();
diff --git a/crates/ruststack-dynamodbstreams-http/src/body.rs b/crates/ruststack-dynamodbstreams-http/src/body.rs
index c2b9504..078a888 100644
--- a/crates/ruststack-dynamodbstreams-http/src/body.rs
+++ b/crates/ruststack-dynamodbstreams-http/src/body.rs
@@ -1,7 +1,9 @@
//! DynamoDB Streams HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-dynamodbstreams-http/src/dispatch.rs b/crates/ruststack-dynamodbstreams-http/src/dispatch.rs
index 30ff9f3..d39fdb5 100644
--- a/crates/ruststack-dynamodbstreams-http/src/dispatch.rs
+++ b/crates/ruststack-dynamodbstreams-http/src/dispatch.rs
@@ -1,12 +1,11 @@
//! DynamoDB Streams handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_dynamodbstreams_model::error::DynamoDBStreamsError;
-use ruststack_dynamodbstreams_model::operations::DynamoDBStreamsOperation;
+use ruststack_dynamodbstreams_model::{
+ error::DynamoDBStreamsError, operations::DynamoDBStreamsOperation,
+};
use crate::body::DynamoDBStreamsResponseBody;
diff --git a/crates/ruststack-dynamodbstreams-http/src/response.rs b/crates/ruststack-dynamodbstreams-http/src/response.rs
index 9bb3fd7..e72a518 100644
--- a/crates/ruststack-dynamodbstreams-http/src/response.rs
+++ b/crates/ruststack-dynamodbstreams-http/src/response.rs
@@ -77,9 +77,10 @@ pub fn json_response(
#[cfg(test)]
mod tests {
- use super::*;
use ruststack_dynamodbstreams_model::error::DynamoDBStreamsErrorCode;
+ use super::*;
+
#[test]
fn test_should_format_error_json() {
let err = DynamoDBStreamsError::with_message(
diff --git a/crates/ruststack-dynamodbstreams-http/src/router.rs b/crates/ruststack-dynamodbstreams-http/src/router.rs
index 6719482..cb40a49 100644
--- a/crates/ruststack-dynamodbstreams-http/src/router.rs
+++ b/crates/ruststack-dynamodbstreams-http/src/router.rs
@@ -7,8 +7,9 @@
//! X-Amz-Target: DynamoDBStreams_20120810.DescribeStream
//! ```
-use ruststack_dynamodbstreams_model::error::DynamoDBStreamsError;
-use ruststack_dynamodbstreams_model::operations::DynamoDBStreamsOperation;
+use ruststack_dynamodbstreams_model::{
+ error::DynamoDBStreamsError, operations::DynamoDBStreamsOperation,
+};
/// The expected prefix for the `X-Amz-Target` header value.
const TARGET_PREFIX: &str = "DynamoDBStreams_20120810.";
diff --git a/crates/ruststack-dynamodbstreams-http/src/service.rs b/crates/ruststack-dynamodbstreams-http/src/service.rs
index 7140984..52a2780 100644
--- a/crates/ruststack-dynamodbstreams-http/src/service.rs
+++ b/crates/ruststack-dynamodbstreams-http/src/service.rs
@@ -1,20 +1,18 @@
//! DynamoDB Streams HTTP service implementing the hyper `Service` trait.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
use ruststack_dynamodbstreams_model::error::DynamoDBStreamsError;
-use crate::body::DynamoDBStreamsResponseBody;
-use crate::dispatch::{DynamoDBStreamsHandler, dispatch_operation};
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::DynamoDBStreamsResponseBody,
+ dispatch::{DynamoDBStreamsHandler, dispatch_operation},
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the DynamoDB Streams HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-events-core/src/handler.rs b/crates/ruststack-events-core/src/handler.rs
index 753569c..d9ad2af 100644
--- a/crates/ruststack-events-core/src/handler.rs
+++ b/crates/ruststack-events-core/src/handler.rs
@@ -1,16 +1,12 @@
//! EventBridge handler implementation bridging HTTP to business logic.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_events_http::body::EventsResponseBody;
-use ruststack_events_http::dispatch::EventsHandler;
-use ruststack_events_http::response::json_response;
-use ruststack_events_model::error::EventsError;
-use ruststack_events_model::operations::EventsOperation;
+use ruststack_events_http::{
+ body::EventsResponseBody, dispatch::EventsHandler, response::json_response,
+};
+use ruststack_events_model::{error::EventsError, operations::EventsOperation};
use crate::provider::RustStackEvents;
@@ -180,33 +176,143 @@ fn dispatch(
serialize(&output, &request_id)
}
- // Phase 3: Stubs - return empty JSON object
- EventsOperation::CreateArchive
- | EventsOperation::DeleteArchive
- | EventsOperation::DescribeArchive
- | EventsOperation::ListArchives
- | EventsOperation::UpdateArchive
- | EventsOperation::StartReplay
- | EventsOperation::CancelReplay
- | EventsOperation::DescribeReplay
- | EventsOperation::ListReplays
- | EventsOperation::CreateApiDestination
- | EventsOperation::DeleteApiDestination
- | EventsOperation::DescribeApiDestination
- | EventsOperation::ListApiDestinations
- | EventsOperation::UpdateApiDestination
- | EventsOperation::CreateConnection
- | EventsOperation::DeleteConnection
- | EventsOperation::DescribeConnection
- | EventsOperation::ListConnections
- | EventsOperation::UpdateConnection
- | EventsOperation::DeauthorizeConnection
- | EventsOperation::CreateEndpoint
- | EventsOperation::DeleteEndpoint
- | EventsOperation::DescribeEndpoint
- | EventsOperation::ListEndpoints
- | EventsOperation::UpdateEndpoint
- | EventsOperation::ActivateEventSource
+ // Phase 3: Archives
+ EventsOperation::CreateArchive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_create_archive(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DeleteArchive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_delete_archive(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DescribeArchive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_archive(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::ListArchives => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_archives(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::UpdateArchive => {
+ let input = deserialize(body)?;
+ let output = provider.handle_update_archive(&input)?;
+ serialize(&output, &request_id)
+ }
+
+ // Phase 3: Replays
+ EventsOperation::StartReplay => {
+ let input = deserialize(body)?;
+ let output = provider.handle_start_replay(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::CancelReplay => {
+ let input = deserialize(body)?;
+ let output = provider.handle_cancel_replay(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DescribeReplay => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_replay(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::ListReplays => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_replays(&input)?;
+ serialize(&output, &request_id)
+ }
+
+ // Phase 3: API Destinations
+ EventsOperation::CreateApiDestination => {
+ let input = deserialize(body)?;
+ let output = provider.handle_create_api_destination(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DeleteApiDestination => {
+ let input = deserialize(body)?;
+ let output = provider.handle_delete_api_destination(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DescribeApiDestination => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_api_destination(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::ListApiDestinations => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_api_destinations(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::UpdateApiDestination => {
+ let input = deserialize(body)?;
+ let output = provider.handle_update_api_destination(&input)?;
+ serialize(&output, &request_id)
+ }
+
+ // Phase 3: Connections
+ EventsOperation::CreateConnection => {
+ let input = deserialize(body)?;
+ let output = provider.handle_create_connection(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DeleteConnection => {
+ let input = deserialize(body)?;
+ let output = provider.handle_delete_connection(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DescribeConnection => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_connection(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::ListConnections => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_connections(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::UpdateConnection => {
+ let input = deserialize(body)?;
+ let output = provider.handle_update_connection(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DeauthorizeConnection => {
+ let input = deserialize(body)?;
+ let output = provider.handle_deauthorize_connection(&input)?;
+ serialize(&output, &request_id)
+ }
+
+ // Phase 3: Endpoints
+ EventsOperation::CreateEndpoint => {
+ let input = deserialize(body)?;
+ let output = provider.handle_create_endpoint(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DeleteEndpoint => {
+ let input = deserialize(body)?;
+ let output = provider.handle_delete_endpoint(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::DescribeEndpoint => {
+ let input = deserialize(body)?;
+ let output = provider.handle_describe_endpoint(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::ListEndpoints => {
+ let input = deserialize(body)?;
+ let output = provider.handle_list_endpoints(&input)?;
+ serialize(&output, &request_id)
+ }
+ EventsOperation::UpdateEndpoint => {
+ let input = deserialize(body)?;
+ let output = provider.handle_update_endpoint(&input)?;
+ serialize(&output, &request_id)
+ }
+
+ // Phase 3: Partner event sources stubs - return empty JSON
+ EventsOperation::ActivateEventSource
| EventsOperation::CreatePartnerEventSource
| EventsOperation::DeactivateEventSource
| EventsOperation::DeletePartnerEventSource
diff --git a/crates/ruststack-events-core/src/pattern/engine.rs b/crates/ruststack-events-core/src/pattern/engine.rs
index bdfd829..3c82cc4 100644
--- a/crates/ruststack-events-core/src/pattern/engine.rs
+++ b/crates/ruststack-events-core/src/pattern/engine.rs
@@ -7,8 +7,10 @@
use serde_json::Value;
-use super::operators::match_single_value;
-use super::value::{EventPattern, FieldMatcher, MatchCondition, PatternNode};
+use super::{
+ operators::match_single_value,
+ value::{EventPattern, FieldMatcher, MatchCondition, PatternNode},
+};
/// Match an event pattern against a JSON event.
///
diff --git a/crates/ruststack-events-core/src/provider.rs b/crates/ruststack-events-core/src/provider.rs
index 089cb08..1363291 100644
--- a/crates/ruststack-events-core/src/provider.rs
+++ b/crates/ruststack-events-core/src/provider.rs
@@ -4,36 +4,31 @@
//! the design simple without an actor model. Pattern matching is synchronous;
//! only delivery to targets is asynchronous.
-use std::collections::HashMap;
-use std::sync::Arc;
-
-use dashmap::DashMap;
-use dashmap::mapref::entry::Entry;
-
-use ruststack_events_model::error::EventsError;
-use ruststack_events_model::input::{
- CreateEventBusInput, DeleteEventBusInput, DeleteRuleInput, DescribeEventBusInput,
- DescribeRuleInput, DisableRuleInput, EnableRuleInput, ListEventBusesInput,
- ListRuleNamesByTargetInput, ListRulesInput, ListTagsForResourceInput, ListTargetsByRuleInput,
- PutEventsInput, PutPermissionInput, PutRuleInput, PutTargetsInput, RemovePermissionInput,
- RemoveTargetsInput, TagResourceInput, TestEventPatternInput, UntagResourceInput,
- UpdateEventBusInput,
-};
-use ruststack_events_model::output::{
- CreateEventBusOutput, DeleteEventBusOutput, DeleteRuleOutput, DescribeEventBusOutput,
- DescribeRuleOutput, DisableRuleOutput, EnableRuleOutput, ListEventBusesOutput,
- ListRuleNamesByTargetOutput, ListRulesOutput, ListTagsForResourceOutput,
- ListTargetsByRuleOutput, PutEventsOutput, PutPermissionOutput, PutRuleOutput, PutTargetsOutput,
- RemovePermissionOutput, RemoveTargetsOutput, TagResourceOutput, TestEventPatternOutput,
- UntagResourceOutput, UpdateEventBusOutput,
-};
-use ruststack_events_model::types::{
- EventBus, InputTransformer, PutEventsResultEntry, Rule, Tag, Target,
+use std::{collections::HashMap, sync::Arc};
+
+use dashmap::{DashMap, mapref::entry::Entry};
+use ruststack_events_model::{
+ error::EventsError,
+ input::{
+ CreateEventBusInput, DeleteEventBusInput, DeleteRuleInput, DescribeEventBusInput,
+ DescribeRuleInput, DisableRuleInput, EnableRuleInput, GenericInput, ListEventBusesInput,
+ ListRuleNamesByTargetInput, ListRulesInput, ListTagsForResourceInput,
+ ListTargetsByRuleInput, PutEventsInput, PutPermissionInput, PutRuleInput, PutTargetsInput,
+ RemovePermissionInput, RemoveTargetsInput, TagResourceInput, TestEventPatternInput,
+ UntagResourceInput, UpdateEventBusInput,
+ },
+ output::{
+ CreateEventBusOutput, DeleteEventBusOutput, DeleteRuleOutput, DescribeEventBusOutput,
+ DescribeRuleOutput, DisableRuleOutput, EnableRuleOutput, GenericOutput,
+ ListEventBusesOutput, ListRuleNamesByTargetOutput, ListRulesOutput,
+ ListTagsForResourceOutput, ListTargetsByRuleOutput, PutEventsOutput, PutPermissionOutput,
+ PutRuleOutput, PutTargetsOutput, RemovePermissionOutput, RemoveTargetsOutput,
+ TagResourceOutput, TestEventPatternOutput, UntagResourceOutput, UpdateEventBusOutput,
+ },
+ types::{EventBus, InputTransformer, PutEventsResultEntry, Rule, Tag, Target},
};
-use crate::config::EventsConfig;
-use crate::delivery::TargetDelivery;
-use crate::pattern::EventPattern;
+use crate::{config::EventsConfig, delivery::TargetDelivery, pattern::EventPattern};
/// Maximum number of entries per `PutEvents` call.
const MAX_PUT_EVENTS_ENTRIES: usize = 10;
@@ -108,6 +103,16 @@ pub struct RustStackEvents {
config: EventsConfig,
buses: DashMap,
delivery: Arc,
+ /// Phase 3: Archive metadata storage (key = archive name).
+ archives: DashMap,
+ /// Phase 3: Connection metadata storage (key = connection name).
+ connections: DashMap,
+ /// Phase 3: API Destination metadata storage (key = destination name).
+ api_destinations: DashMap,
+ /// Phase 3: Endpoint metadata storage (key = endpoint name).
+ endpoints: DashMap,
+ /// Phase 3: Replay metadata storage (key = replay name).
+ replays: DashMap,
}
impl std::fmt::Debug for RustStackEvents {
@@ -115,6 +120,11 @@ impl std::fmt::Debug for RustStackEvents {
f.debug_struct("RustStackEvents")
.field("config", &self.config)
.field("bus_count", &self.buses.len())
+ .field("archive_count", &self.archives.len())
+ .field("connection_count", &self.connections.len())
+ .field("api_destination_count", &self.api_destinations.len())
+ .field("endpoint_count", &self.endpoints.len())
+ .field("replay_count", &self.replays.len())
.finish_non_exhaustive()
}
}
@@ -128,6 +138,11 @@ impl RustStackEvents {
config,
buses: DashMap::new(),
delivery,
+ archives: DashMap::new(),
+ connections: DashMap::new(),
+ api_destinations: DashMap::new(),
+ endpoints: DashMap::new(),
+ replays: DashMap::new(),
};
provider.create_default_bus();
provider
@@ -1175,6 +1190,679 @@ impl RustStackEvents {
..Default::default()
})
}
+
+ // -----------------------------------------------------------------------
+ // Phase 3: Generic resource helpers
+ // -----------------------------------------------------------------------
+
+ fn build_resource_arn(&self, resource_type: &str, name: &str) -> String {
+ format!(
+ "arn:aws:events:{}:{}:{}/{}",
+ self.config.default_region, self.config.account_id, resource_type, name,
+ )
+ }
+
+ fn now_timestamp() -> serde_json::Value {
+ // EventBridge returns timestamps as epoch seconds in JSON.
+ serde_json::Value::Number(serde_json::Number::from(chrono::Utc::now().timestamp()))
+ }
+
+ /// Extract a required string field from JSON input, returning a validation error if missing.
+ fn require_name(input: &serde_json::Value, field: &str) -> Result {
+ input
+ .get(field)
+ .and_then(serde_json::Value::as_str)
+ .map(ToOwned::to_owned)
+ .ok_or_else(|| {
+ EventsError::validation(format!(
+ "1 validation error detected: Value at '{field}' failed to satisfy \
+ constraint: Member must not be null"
+ ))
+ })
+ }
+
+ /// Generic create for a `DashMap` resource collection.
+ fn generic_create(
+ store: &DashMap,
+ name: &str,
+ mut record: serde_json::Value,
+ arn: &str,
+ initial_state: &str,
+ resource_label: &str,
+ ) -> Result {
+ let now = Self::now_timestamp();
+ if let Some(obj) = record.as_object_mut() {
+ obj.insert("Arn".to_owned(), serde_json::Value::String(arn.to_owned()));
+ obj.insert(
+ "State".to_owned(),
+ serde_json::Value::String(initial_state.to_owned()),
+ );
+ obj.insert("CreationTime".to_owned(), now.clone());
+ obj.insert("LastModifiedTime".to_owned(), now);
+ }
+
+ match store.entry(name.to_owned()) {
+ Entry::Occupied(_) => Err(EventsError::resource_already_exists(format!(
+ "{resource_label} {name} already exists."
+ ))),
+ Entry::Vacant(v) => {
+ let response = record.clone();
+ v.insert(record);
+ Ok(response)
+ }
+ }
+ }
+
+ /// Generic describe: look up a resource by name.
+ fn generic_describe(
+ store: &DashMap,
+ name: &str,
+ resource_label: &str,
+ ) -> Result {
+ store.get(name).map(|r| r.value().clone()).ok_or_else(|| {
+ EventsError::resource_not_found(format!("{resource_label} {name} does not exist."))
+ })
+ }
+
+ /// Generic delete: remove a resource by name.
+ fn generic_delete(
+ store: &DashMap,
+ name: &str,
+ resource_label: &str,
+ ) -> Result {
+ store
+ .remove(name)
+ .map(|_| serde_json::json!({}))
+ .ok_or_else(|| {
+ EventsError::resource_not_found(format!("{resource_label} {name} does not exist."))
+ })
+ }
+
+ /// Generic update: merge fields from input JSON into stored record.
+ fn generic_update(
+ store: &DashMap,
+ name: &str,
+ updates: &serde_json::Value,
+ resource_label: &str,
+ ) -> Result {
+ let mut entry = store.get_mut(name).ok_or_else(|| {
+ EventsError::resource_not_found(format!("{resource_label} {name} does not exist."))
+ })?;
+
+ let now = Self::now_timestamp();
+ if let (Some(stored), Some(input_obj)) = (entry.as_object_mut(), updates.as_object()) {
+ for (k, v) in input_obj {
+ // Skip the name/key field itself, don't overwrite ARN or creation time.
+ if k == "Name"
+ || k == "ReplayName"
+ || k == "ConnectionName"
+ || k == "ArchiveName"
+ || k == "ApiDestinationName"
+ || k == "EndpointName"
+ || k == "Arn"
+ || k == "CreationTime"
+ {
+ continue;
+ }
+ stored.insert(k.clone(), v.clone());
+ }
+ stored.insert("LastModifiedTime".to_owned(), now);
+ }
+
+ Ok(entry.clone())
+ }
+
+ /// Generic list: iterate all items in a collection, optionally filter by name prefix.
+ fn generic_list(
+ store: &DashMap,
+ name_prefix: Option<&str>,
+ list_key: &str,
+ ) -> serde_json::Value {
+ let items: Vec = store
+ .iter()
+ .filter(|entry| name_prefix.is_none_or(|prefix| entry.key().starts_with(prefix)))
+ .map(|entry| entry.value().clone())
+ .collect();
+
+ serde_json::json!({ list_key: items })
+ }
+
+ // -----------------------------------------------------------------------
+ // Phase 3: Archives
+ // -----------------------------------------------------------------------
+
+ /// Handle `CreateArchive`.
+ pub fn handle_create_archive(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "ArchiveName")?;
+ let arn = self.build_resource_arn("archive", &name);
+ let result = Self::generic_create(
+ &self.archives,
+ &name,
+ input.value.clone(),
+ &arn,
+ "ENABLED",
+ "Archive",
+ )?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ArchiveArn": result.get("Arn"),
+ "ArchiveName": name,
+ "State": "ENABLED",
+ "CreationTime": result.get("CreationTime"),
+ }),
+ })
+ }
+
+ /// Handle `DeleteArchive`.
+ pub fn handle_delete_archive(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "ArchiveName")?;
+ let result = Self::generic_delete(&self.archives, &name, "Archive")?;
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `DescribeArchive`.
+ pub fn handle_describe_archive(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "ArchiveName")?;
+ let stored = Self::generic_describe(&self.archives, &name, "Archive")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ArchiveArn": stored.get("Arn"),
+ "ArchiveName": name,
+ "Description": stored.get("Description"),
+ "EventSourceArn": stored.get("EventSourceArn"),
+ "EventPattern": stored.get("EventPattern"),
+ "State": stored.get("State"),
+ "RetentionDays": stored.get("RetentionDays"),
+ "SizeBytes": 0,
+ "EventCount": 0,
+ "CreationTime": stored.get("CreationTime"),
+ }),
+ })
+ }
+
+ /// Handle `ListArchives`.
+ pub fn handle_list_archives(&self, input: &GenericInput) -> Result {
+ let prefix = input
+ .value
+ .get("NamePrefix")
+ .and_then(serde_json::Value::as_str);
+ let result = Self::generic_list(&self.archives, prefix, "Archives");
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `UpdateArchive`.
+ pub fn handle_update_archive(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "ArchiveName")?;
+ let updated = Self::generic_update(&self.archives, &name, &input.value, "Archive")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ArchiveArn": updated.get("Arn"),
+ "ArchiveName": name,
+ "State": updated.get("State"),
+ "CreationTime": updated.get("CreationTime"),
+ }),
+ })
+ }
+
+ // -----------------------------------------------------------------------
+ // Phase 3: Replays
+ // -----------------------------------------------------------------------
+
+ /// Handle `StartReplay`.
+ pub fn handle_start_replay(&self, input: &GenericInput) -> Result {
+ let name = Self::require_name(&input.value, "ReplayName")?;
+ let arn = self.build_resource_arn("replay", &name);
+ let result = Self::generic_create(
+ &self.replays,
+ &name,
+ input.value.clone(),
+ &arn,
+ "STARTING",
+ "Replay",
+ )?;
+
+ // Transition immediately to RUNNING for local dev simulation.
+ if let Some(mut entry) = self.replays.get_mut(&name) {
+ if let Some(obj) = entry.as_object_mut() {
+ obj.insert(
+ "State".to_owned(),
+ serde_json::Value::String("RUNNING".to_owned()),
+ );
+ }
+ }
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ReplayArn": result.get("Arn"),
+ "ReplayName": name,
+ "State": "STARTING",
+ "StateReason": "Replay starting",
+ "ReplayStartTime": result.get("CreationTime"),
+ }),
+ })
+ }
+
+ /// Handle `CancelReplay`.
+ pub fn handle_cancel_replay(&self, input: &GenericInput) -> Result {
+ let name = Self::require_name(&input.value, "ReplayName")?;
+
+ let mut entry = self.replays.get_mut(&name).ok_or_else(|| {
+ EventsError::resource_not_found(format!("Replay {name} does not exist."))
+ })?;
+
+ if let Some(obj) = entry.as_object_mut() {
+ obj.insert(
+ "State".to_owned(),
+ serde_json::Value::String("CANCELLED".to_owned()),
+ );
+ obj.insert("LastModifiedTime".to_owned(), Self::now_timestamp());
+ }
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ReplayArn": entry.get("Arn"),
+ "ReplayName": name,
+ "State": "CANCELLING",
+ "StateReason": "Replay is being cancelled",
+ }),
+ })
+ }
+
+ /// Handle `DescribeReplay`.
+ pub fn handle_describe_replay(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "ReplayName")?;
+ let stored = Self::generic_describe(&self.replays, &name, "Replay")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ReplayArn": stored.get("Arn"),
+ "ReplayName": name,
+ "Description": stored.get("Description"),
+ "State": stored.get("State"),
+ "StateReason": stored.get("StateReason"),
+ "EventSourceArn": stored.get("EventSourceArn"),
+ "Destination": stored.get("Destination"),
+ "EventStartTime": stored.get("EventStartTime"),
+ "EventEndTime": stored.get("EventEndTime"),
+ "EventLastReplayedTime": stored.get("EventLastReplayedTime"),
+ "ReplayStartTime": stored.get("CreationTime"),
+ "ReplayEndTime": stored.get("ReplayEndTime"),
+ }),
+ })
+ }
+
+ /// Handle `ListReplays`.
+ pub fn handle_list_replays(&self, input: &GenericInput) -> Result {
+ let prefix = input
+ .value
+ .get("NamePrefix")
+ .and_then(serde_json::Value::as_str);
+ let result = Self::generic_list(&self.replays, prefix, "Replays");
+ Ok(GenericOutput { value: result })
+ }
+
+ // -----------------------------------------------------------------------
+ // Phase 3: API Destinations
+ // -----------------------------------------------------------------------
+
+ /// Handle `CreateApiDestination`.
+ pub fn handle_create_api_destination(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let arn = self.build_resource_arn("api-destination", &name);
+ let result = Self::generic_create(
+ &self.api_destinations,
+ &name,
+ input.value.clone(),
+ &arn,
+ "ACTIVE",
+ "ApiDestination",
+ )?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ApiDestinationArn": result.get("Arn"),
+ "ApiDestinationState": "ACTIVE",
+ "CreationTime": result.get("CreationTime"),
+ "LastModifiedTime": result.get("LastModifiedTime"),
+ }),
+ })
+ }
+
+ /// Handle `DeleteApiDestination`.
+ pub fn handle_delete_api_destination(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let result = Self::generic_delete(&self.api_destinations, &name, "ApiDestination")?;
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `DescribeApiDestination`.
+ pub fn handle_describe_api_destination(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let stored = Self::generic_describe(&self.api_destinations, &name, "ApiDestination")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ApiDestinationArn": stored.get("Arn"),
+ "Name": name,
+ "Description": stored.get("Description"),
+ "ApiDestinationState": stored.get("State"),
+ "ConnectionArn": stored.get("ConnectionArn"),
+ "InvocationEndpoint": stored.get("InvocationEndpoint"),
+ "HttpMethod": stored.get("HttpMethod"),
+ "InvocationRateLimitPerSecond": stored.get("InvocationRateLimitPerSecond"),
+ "CreationTime": stored.get("CreationTime"),
+ "LastModifiedTime": stored.get("LastModifiedTime"),
+ }),
+ })
+ }
+
+ /// Handle `ListApiDestinations`.
+ pub fn handle_list_api_destinations(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let prefix = input
+ .value
+ .get("NamePrefix")
+ .and_then(serde_json::Value::as_str);
+ let result = Self::generic_list(&self.api_destinations, prefix, "ApiDestinations");
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `UpdateApiDestination`.
+ pub fn handle_update_api_destination(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let updated = Self::generic_update(
+ &self.api_destinations,
+ &name,
+ &input.value,
+ "ApiDestination",
+ )?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ApiDestinationArn": updated.get("Arn"),
+ "ApiDestinationState": updated.get("State"),
+ "CreationTime": updated.get("CreationTime"),
+ "LastModifiedTime": updated.get("LastModifiedTime"),
+ }),
+ })
+ }
+
+ // -----------------------------------------------------------------------
+ // Phase 3: Connections
+ // -----------------------------------------------------------------------
+
+ /// Handle `CreateConnection`.
+ pub fn handle_create_connection(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let arn = self.build_resource_arn("connection", &name);
+ let result = Self::generic_create(
+ &self.connections,
+ &name,
+ input.value.clone(),
+ &arn,
+ "AUTHORIZED",
+ "Connection",
+ )?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ConnectionArn": result.get("Arn"),
+ "ConnectionState": "AUTHORIZED",
+ "CreationTime": result.get("CreationTime"),
+ "LastModifiedTime": result.get("LastModifiedTime"),
+ }),
+ })
+ }
+
+ /// Handle `DeleteConnection`.
+ pub fn handle_delete_connection(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let stored = self.connections.remove(&name).ok_or_else(|| {
+ EventsError::resource_not_found(format!("Connection {name} does not exist."))
+ })?;
+ let (_, val) = stored;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ConnectionArn": val.get("Arn"),
+ "ConnectionState": "DELETING",
+ "CreationTime": val.get("CreationTime"),
+ "LastModifiedTime": val.get("LastModifiedTime"),
+ "LastAuthorizedTime": val.get("LastAuthorizedTime"),
+ }),
+ })
+ }
+
+ /// Handle `DescribeConnection`.
+ pub fn handle_describe_connection(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let stored = Self::generic_describe(&self.connections, &name, "Connection")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ConnectionArn": stored.get("Arn"),
+ "Name": name,
+ "Description": stored.get("Description"),
+ "ConnectionState": stored.get("State"),
+ "AuthorizationType": stored.get("AuthorizationType"),
+ "AuthParameters": stored.get("AuthParameters"),
+ "SecretArn": stored.get("SecretArn"),
+ "CreationTime": stored.get("CreationTime"),
+ "LastModifiedTime": stored.get("LastModifiedTime"),
+ "LastAuthorizedTime": stored.get("LastAuthorizedTime"),
+ }),
+ })
+ }
+
+ /// Handle `ListConnections`.
+ pub fn handle_list_connections(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let prefix = input
+ .value
+ .get("NamePrefix")
+ .and_then(serde_json::Value::as_str);
+ let result = Self::generic_list(&self.connections, prefix, "Connections");
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `UpdateConnection`.
+ pub fn handle_update_connection(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let updated = Self::generic_update(&self.connections, &name, &input.value, "Connection")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ConnectionArn": updated.get("Arn"),
+ "ConnectionState": updated.get("State"),
+ "CreationTime": updated.get("CreationTime"),
+ "LastModifiedTime": updated.get("LastModifiedTime"),
+ "LastAuthorizedTime": updated.get("LastAuthorizedTime"),
+ }),
+ })
+ }
+
+ /// Handle `DeauthorizeConnection`.
+ pub fn handle_deauthorize_connection(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+
+ let mut entry = self.connections.get_mut(&name).ok_or_else(|| {
+ EventsError::resource_not_found(format!("Connection {name} does not exist."))
+ })?;
+
+ let now = Self::now_timestamp();
+ if let Some(obj) = entry.as_object_mut() {
+ obj.insert(
+ "State".to_owned(),
+ serde_json::Value::String("DEAUTHORIZING".to_owned()),
+ );
+ obj.insert("LastModifiedTime".to_owned(), now);
+ }
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "ConnectionArn": entry.get("Arn"),
+ "ConnectionState": "DEAUTHORIZING",
+ "CreationTime": entry.get("CreationTime"),
+ "LastModifiedTime": entry.get("LastModifiedTime"),
+ "LastAuthorizedTime": entry.get("LastAuthorizedTime"),
+ }),
+ })
+ }
+
+ // -----------------------------------------------------------------------
+ // Phase 3: Endpoints
+ // -----------------------------------------------------------------------
+
+ /// Handle `CreateEndpoint`.
+ pub fn handle_create_endpoint(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let arn = self.build_resource_arn("endpoint", &name);
+ let result = Self::generic_create(
+ &self.endpoints,
+ &name,
+ input.value.clone(),
+ &arn,
+ "ACTIVE",
+ "Endpoint",
+ )?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "Arn": result.get("Arn"),
+ "Name": name,
+ "State": "CREATING",
+ "EventBuses": result.get("EventBuses"),
+ "RoutingConfig": result.get("RoutingConfig"),
+ "ReplicationConfig": result.get("ReplicationConfig"),
+ "RoleArn": result.get("RoleArn"),
+ }),
+ })
+ }
+
+ /// Handle `DeleteEndpoint`.
+ pub fn handle_delete_endpoint(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let result = Self::generic_delete(&self.endpoints, &name, "Endpoint")?;
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `DescribeEndpoint`.
+ pub fn handle_describe_endpoint(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let stored = Self::generic_describe(&self.endpoints, &name, "Endpoint")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "Arn": stored.get("Arn"),
+ "Name": name,
+ "Description": stored.get("Description"),
+ "State": stored.get("State"),
+ "StateReason": stored.get("StateReason"),
+ "EventBuses": stored.get("EventBuses"),
+ "RoutingConfig": stored.get("RoutingConfig"),
+ "ReplicationConfig": stored.get("ReplicationConfig"),
+ "RoleArn": stored.get("RoleArn"),
+ "EndpointId": stored.get("EndpointId"),
+ "EndpointUrl": stored.get("EndpointUrl"),
+ "CreationTime": stored.get("CreationTime"),
+ "LastModifiedTime": stored.get("LastModifiedTime"),
+ }),
+ })
+ }
+
+ /// Handle `ListEndpoints`.
+ pub fn handle_list_endpoints(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let prefix = input
+ .value
+ .get("NamePrefix")
+ .and_then(serde_json::Value::as_str);
+ let result = Self::generic_list(&self.endpoints, prefix, "Endpoints");
+ Ok(GenericOutput { value: result })
+ }
+
+ /// Handle `UpdateEndpoint`.
+ pub fn handle_update_endpoint(
+ &self,
+ input: &GenericInput,
+ ) -> Result {
+ let name = Self::require_name(&input.value, "Name")?;
+ let updated = Self::generic_update(&self.endpoints, &name, &input.value, "Endpoint")?;
+
+ Ok(GenericOutput {
+ value: serde_json::json!({
+ "Arn": updated.get("Arn"),
+ "Name": name,
+ "State": "UPDATING",
+ "EventBuses": updated.get("EventBuses"),
+ "RoutingConfig": updated.get("RoutingConfig"),
+ "ReplicationConfig": updated.get("ReplicationConfig"),
+ "RoleArn": updated.get("RoleArn"),
+ "EndpointId": updated.get("EndpointId"),
+ "EndpointUrl": updated.get("EndpointUrl"),
+ }),
+ })
+ }
}
// ---------------------------------------------------------------------------
diff --git a/crates/ruststack-events-http/src/body.rs b/crates/ruststack-events-http/src/body.rs
index 2e61ae4..e858131 100644
--- a/crates/ruststack-events-http/src/body.rs
+++ b/crates/ruststack-events-http/src/body.rs
@@ -1,7 +1,9 @@
//! EventBridge HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-events-http/src/dispatch.rs b/crates/ruststack-events-http/src/dispatch.rs
index 6a81e2e..bf20a55 100644
--- a/crates/ruststack-events-http/src/dispatch.rs
+++ b/crates/ruststack-events-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! EventBridge handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_events_model::error::EventsError;
-use ruststack_events_model::operations::EventsOperation;
+use ruststack_events_model::{error::EventsError, operations::EventsOperation};
use crate::body::EventsResponseBody;
diff --git a/crates/ruststack-events-http/src/response.rs b/crates/ruststack-events-http/src/response.rs
index bff60bc..31db8d6 100644
--- a/crates/ruststack-events-http/src/response.rs
+++ b/crates/ruststack-events-http/src/response.rs
@@ -74,9 +74,10 @@ pub fn json_response(json: Vec, request_id: &str) -> http::Response bool {
matches!(
self,
+ // Phase 0
Self::CreateEventBus
| Self::DeleteEventBus
| Self::DescribeEventBus
@@ -292,13 +293,45 @@ impl EventsOperation {
| Self::ListTargetsByRule
| Self::PutEvents
| Self::TestEventPattern
+ // Phase 1
| Self::TagResource
| Self::UntagResource
| Self::ListTagsForResource
| Self::PutPermission
| Self::RemovePermission
| Self::ListRuleNamesByTarget
+ // Phase 2
| Self::UpdateEventBus
+ // Phase 3: Archives
+ | Self::CreateArchive
+ | Self::DeleteArchive
+ | Self::DescribeArchive
+ | Self::ListArchives
+ | Self::UpdateArchive
+ // Phase 3: Replays
+ | Self::StartReplay
+ | Self::CancelReplay
+ | Self::DescribeReplay
+ | Self::ListReplays
+ // Phase 3: API Destinations
+ | Self::CreateApiDestination
+ | Self::DeleteApiDestination
+ | Self::DescribeApiDestination
+ | Self::ListApiDestinations
+ | Self::UpdateApiDestination
+ // Phase 3: Connections
+ | Self::CreateConnection
+ | Self::DeleteConnection
+ | Self::DescribeConnection
+ | Self::ListConnections
+ | Self::UpdateConnection
+ | Self::DeauthorizeConnection
+ // Phase 3: Endpoints
+ | Self::CreateEndpoint
+ | Self::DeleteEndpoint
+ | Self::DescribeEndpoint
+ | Self::ListEndpoints
+ | Self::UpdateEndpoint
)
}
}
diff --git a/crates/ruststack-iam-core/src/handler.rs b/crates/ruststack-iam-core/src/handler.rs
index d8b49c6..b361431 100644
--- a/crates/ruststack-iam-core/src/handler.rs
+++ b/crates/ruststack-iam-core/src/handler.rs
@@ -6,18 +6,13 @@
//! Covers all four phases: users/roles/policies, groups/instance profiles,
//! policy versions/inline policies, and tagging/service-linked roles.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_iam_http::body::IamResponseBody;
-use ruststack_iam_http::dispatch::IamHandler;
-use ruststack_iam_http::request::parse_form_params;
-use ruststack_iam_http::response::xml_response;
-use ruststack_iam_model::error::IamError;
-use ruststack_iam_model::operations::IamOperation;
+use ruststack_iam_http::{
+ body::IamResponseBody, dispatch::IamHandler, request::parse_form_params, response::xml_response,
+};
+use ruststack_iam_model::{error::IamError, operations::IamOperation};
use crate::provider::RustStackIam;
@@ -180,6 +175,28 @@ fn dispatch(
IamOperation::GetAccountAuthorizationDetails => {
provider.get_account_authorization_details(¶ms)?
}
+
+ // Phase 4: OIDC Providers
+ IamOperation::CreateOpenIDConnectProvider => {
+ provider.create_open_id_connect_provider(¶ms)?
+ }
+ IamOperation::GetOpenIDConnectProvider => provider.get_open_id_connect_provider(¶ms)?,
+ IamOperation::DeleteOpenIDConnectProvider => {
+ provider.delete_open_id_connect_provider(¶ms)?
+ }
+ IamOperation::ListOpenIDConnectProviders => {
+ provider.list_open_id_connect_providers(¶ms)?
+ }
+
+ // Phase 4: Policy Tags
+ IamOperation::TagPolicy => provider.tag_policy(¶ms)?,
+ IamOperation::UntagPolicy => provider.untag_policy(¶ms)?,
+ IamOperation::ListPolicyTags => provider.list_policy_tags(¶ms)?,
+
+ // Phase 4: Instance Profile Tags
+ IamOperation::TagInstanceProfile => provider.tag_instance_profile(¶ms)?,
+ IamOperation::UntagInstanceProfile => provider.untag_instance_profile(¶ms)?,
+ IamOperation::ListInstanceProfileTags => provider.list_instance_profile_tags(¶ms)?,
};
Ok(xml_response(xml, &request_id))
diff --git a/crates/ruststack-iam-core/src/provider.rs b/crates/ruststack-iam-core/src/provider.rs
index b4d2e7d..3cbb86d 100644
--- a/crates/ruststack-iam-core/src/provider.rs
+++ b/crates/ruststack-iam-core/src/provider.rs
@@ -11,30 +11,36 @@
//! - **Phase 3**: Tagging, service-linked roles, simulation stubs, authorization details
#![allow(clippy::too_many_lines)]
-use std::collections::{HashMap, HashSet};
-use std::sync::Arc;
+use std::{
+ collections::{HashMap, HashSet},
+ sync::Arc,
+};
use dashmap::mapref::entry::Entry;
use percent_encoding::{AsciiSet, NON_ALPHANUMERIC, utf8_percent_encode};
-use tracing::debug;
-
-use ruststack_iam_http::request::{
- get_optional_bool, get_optional_i32, get_optional_param, get_required_param, parse_string_list,
- parse_tag_list,
+use ruststack_iam_http::{
+ request::{
+ get_optional_bool, get_optional_i32, get_optional_param, get_required_param,
+ parse_string_list, parse_tag_list,
+ },
+ response::XmlWriter,
};
-use ruststack_iam_http::response::XmlWriter;
use ruststack_iam_model::error::IamError;
+use tracing::debug;
-use crate::arn::iam_arn;
-use crate::config::IamConfig;
-use crate::id_gen::{generate_access_key_id, generate_iam_id, generate_secret_access_key};
-use crate::store::IamStore;
-use crate::types::{
- AccessKeyRecord, GroupRecord, InstanceProfileRecord, ManagedPolicyRecord, PolicyVersionRecord,
- RoleRecord, UserRecord,
-};
-use crate::validation::{
- validate_entity_name, validate_max_session_duration, validate_path, validate_policy_document,
+use crate::{
+ arn::iam_arn,
+ config::IamConfig,
+ id_gen::{generate_access_key_id, generate_iam_id, generate_secret_access_key},
+ store::IamStore,
+ types::{
+ AccessKeyRecord, GroupRecord, InstanceProfileRecord, ManagedPolicyRecord,
+ OidcProviderRecord, PolicyVersionRecord, RoleRecord, UserRecord,
+ },
+ validation::{
+ validate_entity_name, validate_max_session_duration, validate_path,
+ validate_policy_document,
+ },
};
/// Characters that must be percent-encoded in policy document output.
@@ -3491,3 +3497,343 @@ fn capitalize_service_name(name: &str) -> String {
None => String::new(),
}
}
+
+// ============================================================================
+// Phase 4 operations
+// ============================================================================
+
+impl RustStackIam {
+ // ---- OIDC Providers ----
+
+ /// Normalize an OIDC provider URL by stripping the `https://` scheme.
+ fn normalize_oidc_url(url: &str) -> String {
+ url.strip_prefix("https://")
+ .or_else(|| url.strip_prefix("http://"))
+ .unwrap_or(url)
+ .trim_end_matches('/')
+ .to_owned()
+ }
+
+ /// Create an OIDC identity provider.
+ pub fn create_open_id_connect_provider(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let url = get_required_param(params, "Url")?;
+ let client_id_list = parse_string_list(params, "ClientIDList");
+ let thumbprint_list = parse_string_list(params, "ThumbprintList");
+ let tags = parse_tag_list(params);
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ if url.is_empty() {
+ return Err(IamError::invalid_input("Url must not be empty"));
+ }
+
+ if thumbprint_list.is_empty() {
+ return Err(IamError::invalid_input(
+ "ThumbprintList must contain at least one thumbprint",
+ ));
+ }
+
+ if tags.len() > MAX_TAGS_PER_ENTITY {
+ return Err(IamError::limit_exceeded(format!(
+ "Cannot exceed {MAX_TAGS_PER_ENTITY} tags per entity"
+ )));
+ }
+
+ let normalized = Self::normalize_oidc_url(url);
+ let arn = format!(
+ "arn:aws:iam::{}:oidc-provider/{}",
+ self.config.account_id, normalized
+ );
+
+ if self.store.oidc_providers.contains_key(&arn) {
+ return Err(IamError::entity_already_exists(format!(
+ "Provider with url {url} already exists."
+ )));
+ }
+
+ let record = OidcProviderRecord {
+ arn: arn.clone(),
+ url: url.to_owned(),
+ client_id_list,
+ thumbprint_list,
+ tags,
+ create_date: now_iso8601(),
+ };
+
+ self.store.oidc_providers.insert(arn.clone(), record);
+
+ debug!(url, arn, "created OIDC provider");
+
+ let mut w = XmlWriter::new();
+ w.start_response("CreateOpenIDConnectProvider");
+ w.start_result("CreateOpenIDConnectProvider");
+ w.write_element("OpenIDConnectProviderArn", &arn);
+ w.end_element("CreateOpenIDConnectProviderResult");
+ w.write_response_metadata(&request_id);
+ w.end_element("CreateOpenIDConnectProviderResponse");
+
+ Ok((w.into_string(), request_id))
+ }
+
+ /// Get an OIDC identity provider.
+ pub fn get_open_id_connect_provider(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let arn = get_required_param(params, "OpenIDConnectProviderArn")?;
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let provider = self.store.oidc_providers.get(arn).ok_or_else(|| {
+ IamError::no_such_entity(format!("OpenIDConnect provider not found for ARN: {arn}"))
+ })?;
+
+ let mut w = XmlWriter::new();
+ w.start_response("GetOpenIDConnectProvider");
+ w.start_result("GetOpenIDConnectProvider");
+ w.write_element("Url", &provider.url);
+ w.start_element("ClientIDList");
+ for cid in &provider.client_id_list {
+ w.write_element("member", cid);
+ }
+ w.end_element("ClientIDList");
+ w.start_element("ThumbprintList");
+ for tp in &provider.thumbprint_list {
+ w.write_element("member", tp);
+ }
+ w.end_element("ThumbprintList");
+ w.write_element("CreateDate", &provider.create_date);
+ if !provider.tags.is_empty() {
+ write_tags_xml(&mut w, &provider.tags);
+ }
+ w.end_element("GetOpenIDConnectProviderResult");
+ w.write_response_metadata(&request_id);
+ w.end_element("GetOpenIDConnectProviderResponse");
+
+ Ok((w.into_string(), request_id))
+ }
+
+ /// Delete an OIDC identity provider.
+ pub fn delete_open_id_connect_provider(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let arn = get_required_param(params, "OpenIDConnectProviderArn")?;
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ if self.store.oidc_providers.remove(arn).is_none() {
+ return Err(IamError::no_such_entity(format!(
+ "OpenIDConnect provider not found for ARN: {arn}"
+ )));
+ }
+
+ debug!(arn, "deleted OIDC provider");
+ Ok((
+ empty_response("DeleteOpenIDConnectProvider", &request_id),
+ request_id,
+ ))
+ }
+
+ /// List all OIDC identity providers.
+ pub fn list_open_id_connect_providers(
+ &self,
+ _params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let mut w = XmlWriter::new();
+ w.start_response("ListOpenIDConnectProviders");
+ w.start_result("ListOpenIDConnectProviders");
+ w.start_element("OpenIDConnectProviderList");
+ for entry in &self.store.oidc_providers {
+ w.start_element("member");
+ w.write_element("Arn", &entry.value().arn);
+ w.end_element("member");
+ }
+ w.end_element("OpenIDConnectProviderList");
+ w.end_element("ListOpenIDConnectProvidersResult");
+ w.write_response_metadata(&request_id);
+ w.end_element("ListOpenIDConnectProvidersResponse");
+
+ Ok((w.into_string(), request_id))
+ }
+
+ // ---- Policy Tags ----
+
+ /// Tag a managed policy.
+ pub fn tag_policy(&self, params: &[(String, String)]) -> Result<(String, String), IamError> {
+ let policy_arn = get_required_param(params, "PolicyArn")?;
+ let new_tags = parse_tag_list(params);
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let mut policy = self.store.policies.get_mut(policy_arn).ok_or_else(|| {
+ IamError::no_such_entity(format!("Policy {policy_arn} does not exist."))
+ })?;
+
+ let mut merged_tags = policy.tags.clone();
+ for (key, value) in &new_tags {
+ if let Some(existing) = merged_tags.iter_mut().find(|(k, _)| k == key) {
+ existing.1.clone_from(value);
+ } else {
+ merged_tags.push((key.clone(), value.clone()));
+ }
+ }
+
+ if merged_tags.len() > MAX_TAGS_PER_ENTITY {
+ return Err(IamError::limit_exceeded(format!(
+ "Cannot exceed {MAX_TAGS_PER_ENTITY} tags per entity"
+ )));
+ }
+
+ policy.tags = merged_tags;
+
+ debug!(policy_arn, count = new_tags.len(), "tagged policy");
+ Ok((empty_response("TagPolicy", &request_id), request_id))
+ }
+
+ /// Remove tags from a managed policy.
+ pub fn untag_policy(&self, params: &[(String, String)]) -> Result<(String, String), IamError> {
+ let policy_arn = get_required_param(params, "PolicyArn")?;
+ let tag_keys = parse_string_list(params, "TagKeys");
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let mut policy = self.store.policies.get_mut(policy_arn).ok_or_else(|| {
+ IamError::no_such_entity(format!("Policy {policy_arn} does not exist."))
+ })?;
+
+ policy.tags.retain(|(k, _)| !tag_keys.contains(k));
+
+ debug!(policy_arn, count = tag_keys.len(), "untagged policy");
+ Ok((empty_response("UntagPolicy", &request_id), request_id))
+ }
+
+ /// List tags for a managed policy.
+ pub fn list_policy_tags(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let policy_arn = get_required_param(params, "PolicyArn")?;
+ let (marker, max_items) = parse_pagination(params);
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let policy = self.store.policies.get(policy_arn).ok_or_else(|| {
+ IamError::no_such_entity(format!("Policy {policy_arn} does not exist."))
+ })?;
+
+ let (page, is_truncated, next_marker) = paginate(&policy.tags, marker, max_items);
+
+ let mut w = XmlWriter::new();
+ w.start_response("ListPolicyTags");
+ w.start_result("ListPolicyTags");
+ write_tags_xml(&mut w, page);
+ w.write_bool_element("IsTruncated", is_truncated);
+ if let Some(ref m) = next_marker {
+ w.write_element("Marker", m);
+ }
+ w.end_element("ListPolicyTagsResult");
+ w.write_response_metadata(&request_id);
+ w.end_element("ListPolicyTagsResponse");
+
+ Ok((w.into_string(), request_id))
+ }
+
+ // ---- Instance Profile Tags ----
+
+ /// Tag an instance profile.
+ pub fn tag_instance_profile(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let ip_name = get_required_param(params, "InstanceProfileName")?;
+ let new_tags = parse_tag_list(params);
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let mut ip = self
+ .store
+ .instance_profiles
+ .get_mut(ip_name)
+ .ok_or_else(|| {
+ IamError::no_such_entity(format!("Instance profile {ip_name} does not exist."))
+ })?;
+
+ let mut merged_tags = ip.tags.clone();
+ for (key, value) in &new_tags {
+ if let Some(existing) = merged_tags.iter_mut().find(|(k, _)| k == key) {
+ existing.1.clone_from(value);
+ } else {
+ merged_tags.push((key.clone(), value.clone()));
+ }
+ }
+
+ if merged_tags.len() > MAX_TAGS_PER_ENTITY {
+ return Err(IamError::limit_exceeded(format!(
+ "Cannot exceed {MAX_TAGS_PER_ENTITY} tags per entity"
+ )));
+ }
+
+ ip.tags = merged_tags;
+
+ debug!(ip_name, count = new_tags.len(), "tagged instance profile");
+ Ok((
+ empty_response("TagInstanceProfile", &request_id),
+ request_id,
+ ))
+ }
+
+ /// Remove tags from an instance profile.
+ pub fn untag_instance_profile(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let ip_name = get_required_param(params, "InstanceProfileName")?;
+ let tag_keys = parse_string_list(params, "TagKeys");
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let mut ip = self
+ .store
+ .instance_profiles
+ .get_mut(ip_name)
+ .ok_or_else(|| {
+ IamError::no_such_entity(format!("Instance profile {ip_name} does not exist."))
+ })?;
+
+ ip.tags.retain(|(k, _)| !tag_keys.contains(k));
+
+ debug!(ip_name, count = tag_keys.len(), "untagged instance profile");
+ Ok((
+ empty_response("UntagInstanceProfile", &request_id),
+ request_id,
+ ))
+ }
+
+ /// List tags for an instance profile.
+ pub fn list_instance_profile_tags(
+ &self,
+ params: &[(String, String)],
+ ) -> Result<(String, String), IamError> {
+ let ip_name = get_required_param(params, "InstanceProfileName")?;
+ let (marker, max_items) = parse_pagination(params);
+ let request_id = uuid::Uuid::new_v4().to_string();
+
+ let ip = self.store.instance_profiles.get(ip_name).ok_or_else(|| {
+ IamError::no_such_entity(format!("Instance profile {ip_name} does not exist."))
+ })?;
+
+ let (page, is_truncated, next_marker) = paginate(&ip.tags, marker, max_items);
+
+ let mut w = XmlWriter::new();
+ w.start_response("ListInstanceProfileTags");
+ w.start_result("ListInstanceProfileTags");
+ write_tags_xml(&mut w, page);
+ w.write_bool_element("IsTruncated", is_truncated);
+ if let Some(ref m) = next_marker {
+ w.write_element("Marker", m);
+ }
+ w.end_element("ListInstanceProfileTagsResult");
+ w.write_response_metadata(&request_id);
+ w.end_element("ListInstanceProfileTagsResponse");
+
+ Ok((w.into_string(), request_id))
+ }
+}
diff --git a/crates/ruststack-iam-core/src/store.rs b/crates/ruststack-iam-core/src/store.rs
index dee9b57..bb1e46d 100644
--- a/crates/ruststack-iam-core/src/store.rs
+++ b/crates/ruststack-iam-core/src/store.rs
@@ -5,8 +5,8 @@
use dashmap::DashMap;
use crate::types::{
- AccessKeyRecord, GroupRecord, InstanceProfileRecord, ManagedPolicyRecord, RoleRecord,
- UserRecord,
+ AccessKeyRecord, GroupRecord, InstanceProfileRecord, ManagedPolicyRecord, OidcProviderRecord,
+ RoleRecord, UserRecord,
};
/// Concurrent in-memory store holding all IAM entity collections.
@@ -24,6 +24,8 @@ pub struct IamStore {
pub instance_profiles: DashMap,
/// Access keys keyed by access key ID.
pub access_keys: DashMap,
+ /// OIDC providers keyed by provider ARN.
+ pub oidc_providers: DashMap,
}
impl IamStore {
@@ -37,6 +39,7 @@ impl IamStore {
policies: DashMap::new(),
instance_profiles: DashMap::new(),
access_keys: DashMap::new(),
+ oidc_providers: DashMap::new(),
}
}
}
diff --git a/crates/ruststack-iam-core/src/types.rs b/crates/ruststack-iam-core/src/types.rs
index ed97365..791be66 100644
--- a/crates/ruststack-iam-core/src/types.rs
+++ b/crates/ruststack-iam-core/src/types.rs
@@ -146,6 +146,23 @@ pub struct InstanceProfileRecord {
pub roles: Vec,
}
+/// Internal record for an OIDC identity provider.
+#[derive(Debug, Clone)]
+pub struct OidcProviderRecord {
+ /// The Amazon Resource Name (ARN) that identifies the provider.
+ pub arn: String,
+ /// The URL of the identity provider (e.g., `https://accounts.google.com`).
+ pub url: String,
+ /// A list of client IDs (audiences) registered with the provider.
+ pub client_id_list: Vec,
+ /// A list of server certificate thumbprints for the provider.
+ pub thumbprint_list: Vec,
+ /// Tags attached to this provider as `(key, value)` pairs.
+ pub tags: Vec<(String, String)>,
+ /// ISO 8601 date-time when the provider was created.
+ pub create_date: String,
+}
+
/// Internal record for an IAM access key.
#[derive(Debug, Clone)]
pub struct AccessKeyRecord {
diff --git a/crates/ruststack-iam-core/src/validation.rs b/crates/ruststack-iam-core/src/validation.rs
index e6f9922..7956da7 100644
--- a/crates/ruststack-iam-core/src/validation.rs
+++ b/crates/ruststack-iam-core/src/validation.rs
@@ -28,8 +28,8 @@ pub fn validate_entity_name(name: &str, max_len: usize) -> Result<(), IamError>
.all(|c| c.is_ascii_alphanumeric() || "+=,.@_-".contains(c))
{
return Err(IamError::invalid_input(format!(
- "Entity name '{name}' contains invalid characters. \
- Only alphanumeric characters and +=,.@_- are allowed."
+ "Entity name '{name}' contains invalid characters. Only alphanumeric characters and \
+ +=,.@_- are allowed."
)));
}
Ok(())
diff --git a/crates/ruststack-iam-http/src/body.rs b/crates/ruststack-iam-http/src/body.rs
index e89e577..0075bd7 100644
--- a/crates/ruststack-iam-http/src/body.rs
+++ b/crates/ruststack-iam-http/src/body.rs
@@ -1,7 +1,9 @@
//! IAM HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-iam-http/src/dispatch.rs b/crates/ruststack-iam-http/src/dispatch.rs
index b36d9c0..911c24e 100644
--- a/crates/ruststack-iam-http/src/dispatch.rs
+++ b/crates/ruststack-iam-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! IAM handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_iam_model::error::IamError;
-use ruststack_iam_model::operations::IamOperation;
+use ruststack_iam_model::{error::IamError, operations::IamOperation};
use crate::body::IamResponseBody;
diff --git a/crates/ruststack-iam-http/src/response.rs b/crates/ruststack-iam-http/src/response.rs
index 3f76e50..8cc6ec9 100644
--- a/crates/ruststack-iam-http/src/response.rs
+++ b/crates/ruststack-iam-http/src/response.rs
@@ -59,14 +59,9 @@ pub fn xml_response(xml: String, request_id: &str) -> http::Response String {
format!(
- "\
- \
- {}\
- {}\
- {}\
- \
- {}\
- ",
+ "{}{}{}{}",
error.code.fault(),
error.code.code(),
xml_escape(&error.message),
diff --git a/crates/ruststack-iam-http/src/router.rs b/crates/ruststack-iam-http/src/router.rs
index e37cd20..ee021cc 100644
--- a/crates/ruststack-iam-http/src/router.rs
+++ b/crates/ruststack-iam-http/src/router.rs
@@ -4,8 +4,7 @@
//! `Content-Type: application/x-www-form-urlencoded`. The operation is
//! specified by the `Action=` form parameter.
-use ruststack_iam_model::error::IamError;
-use ruststack_iam_model::operations::IamOperation;
+use ruststack_iam_model::{error::IamError, operations::IamOperation};
/// Resolve an IAM operation from parsed form parameters.
///
diff --git a/crates/ruststack-iam-http/src/service.rs b/crates/ruststack-iam-http/src/service.rs
index a87dffe..5142906 100644
--- a/crates/ruststack-iam-http/src/service.rs
+++ b/crates/ruststack-iam-http/src/service.rs
@@ -4,22 +4,20 @@
//! `application/x-www-form-urlencoded` and the response is `text/xml`.
//! Like SNS, IAM uses the `Action=` form parameter for operation routing.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
use ruststack_iam_model::error::IamError;
-use crate::body::IamResponseBody;
-use crate::dispatch::{IamHandler, dispatch_operation};
-use crate::request::parse_form_params;
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::IamResponseBody,
+ dispatch::{IamHandler, dispatch_operation},
+ request::parse_form_params,
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the IAM HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-iam-model/src/operations.rs b/crates/ruststack-iam-model/src/operations.rs
index 4be519f..d2d5e22 100644
--- a/crates/ruststack-iam-model/src/operations.rs
+++ b/crates/ruststack-iam-model/src/operations.rs
@@ -151,6 +151,26 @@ pub enum IamOperation {
ListEntitiesForPolicy,
/// The GetAccountAuthorizationDetails operation.
GetAccountAuthorizationDetails,
+ /// The CreateOpenIDConnectProvider operation.
+ CreateOpenIDConnectProvider,
+ /// The GetOpenIDConnectProvider operation.
+ GetOpenIDConnectProvider,
+ /// The DeleteOpenIDConnectProvider operation.
+ DeleteOpenIDConnectProvider,
+ /// The ListOpenIDConnectProviders operation.
+ ListOpenIDConnectProviders,
+ /// The TagPolicy operation.
+ TagPolicy,
+ /// The UntagPolicy operation.
+ UntagPolicy,
+ /// The ListPolicyTags operation.
+ ListPolicyTags,
+ /// The TagInstanceProfile operation.
+ TagInstanceProfile,
+ /// The UntagInstanceProfile operation.
+ UntagInstanceProfile,
+ /// The ListInstanceProfileTags operation.
+ ListInstanceProfileTags,
}
impl IamOperation {
@@ -232,6 +252,16 @@ impl IamOperation {
Self::SimulateCustomPolicy => "SimulateCustomPolicy",
Self::ListEntitiesForPolicy => "ListEntitiesForPolicy",
Self::GetAccountAuthorizationDetails => "GetAccountAuthorizationDetails",
+ Self::CreateOpenIDConnectProvider => "CreateOpenIDConnectProvider",
+ Self::GetOpenIDConnectProvider => "GetOpenIDConnectProvider",
+ Self::DeleteOpenIDConnectProvider => "DeleteOpenIDConnectProvider",
+ Self::ListOpenIDConnectProviders => "ListOpenIDConnectProviders",
+ Self::TagPolicy => "TagPolicy",
+ Self::UntagPolicy => "UntagPolicy",
+ Self::ListPolicyTags => "ListPolicyTags",
+ Self::TagInstanceProfile => "TagInstanceProfile",
+ Self::UntagInstanceProfile => "UntagInstanceProfile",
+ Self::ListInstanceProfileTags => "ListInstanceProfileTags",
}
}
@@ -313,6 +343,16 @@ impl IamOperation {
"SimulateCustomPolicy" => Some(Self::SimulateCustomPolicy),
"ListEntitiesForPolicy" => Some(Self::ListEntitiesForPolicy),
"GetAccountAuthorizationDetails" => Some(Self::GetAccountAuthorizationDetails),
+ "CreateOpenIDConnectProvider" => Some(Self::CreateOpenIDConnectProvider),
+ "GetOpenIDConnectProvider" => Some(Self::GetOpenIDConnectProvider),
+ "DeleteOpenIDConnectProvider" => Some(Self::DeleteOpenIDConnectProvider),
+ "ListOpenIDConnectProviders" => Some(Self::ListOpenIDConnectProviders),
+ "TagPolicy" => Some(Self::TagPolicy),
+ "UntagPolicy" => Some(Self::UntagPolicy),
+ "ListPolicyTags" => Some(Self::ListPolicyTags),
+ "TagInstanceProfile" => Some(Self::TagInstanceProfile),
+ "UntagInstanceProfile" => Some(Self::UntagInstanceProfile),
+ "ListInstanceProfileTags" => Some(Self::ListInstanceProfileTags),
_ => None,
}
}
diff --git a/crates/ruststack-kinesis-core/src/handler.rs b/crates/ruststack-kinesis-core/src/handler.rs
index 386f10b..4f7c064 100644
--- a/crates/ruststack-kinesis-core/src/handler.rs
+++ b/crates/ruststack-kinesis-core/src/handler.rs
@@ -1,16 +1,15 @@
//! Kinesis handler implementation bridging HTTP to business logic.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_kinesis_http::body::KinesisResponseBody;
-use ruststack_kinesis_http::dispatch::KinesisHandler;
-use ruststack_kinesis_http::response::json_response;
-use ruststack_kinesis_model::error::{KinesisError, KinesisErrorCode};
-use ruststack_kinesis_model::operations::KinesisOperation;
+use ruststack_kinesis_http::{
+ body::KinesisResponseBody, dispatch::KinesisHandler, response::json_response,
+};
+use ruststack_kinesis_model::{
+ error::{KinesisError, KinesisErrorCode},
+ operations::KinesisOperation,
+};
use crate::provider::RustStackKinesis;
diff --git a/crates/ruststack-kinesis-core/src/provider.rs b/crates/ruststack-kinesis-core/src/provider.rs
index a009656..bd62fba 100644
--- a/crates/ruststack-kinesis-core/src/provider.rs
+++ b/crates/ruststack-kinesis-core/src/provider.rs
@@ -1,43 +1,47 @@
//! Kinesis service provider implementing all operations.
-use std::collections::HashMap;
-use std::sync::Arc;
-use std::time::Duration;
+use std::{collections::HashMap, sync::Arc, time::Duration};
use chrono::{DateTime, Utc};
use dashmap::DashMap;
+use ruststack_kinesis_model::{
+ error::{KinesisError, KinesisErrorCode},
+ input::{
+ AddTagsToStreamInput, CreateStreamInput, DecreaseStreamRetentionPeriodInput,
+ DeleteResourcePolicyInput, DeleteStreamInput, DeregisterStreamConsumerInput,
+ DescribeLimitsInput, DescribeStreamConsumerInput, DescribeStreamInput,
+ DescribeStreamSummaryInput, GetRecordsInput, GetResourcePolicyInput, GetShardIteratorInput,
+ IncreaseStreamRetentionPeriodInput, ListShardsInput, ListStreamConsumersInput,
+ ListStreamsInput, ListTagsForStreamInput, MergeShardsInput, PutRecordInput,
+ PutRecordsInput, PutResourcePolicyInput, RegisterStreamConsumerInput,
+ RemoveTagsFromStreamInput, SplitShardInput, StartStreamEncryptionInput,
+ StopStreamEncryptionInput, SubscribeToShardInput, UpdateShardCountInput,
+ },
+ output::{
+ DescribeLimitsOutput, DescribeStreamConsumerOutput, DescribeStreamOutput,
+ DescribeStreamSummaryOutput, GetRecordsOutput, GetResourcePolicyOutput,
+ GetShardIteratorOutput, ListShardsOutput, ListStreamConsumersOutput, ListStreamsOutput,
+ ListTagsForStreamOutput, PutRecordOutput, PutRecordsOutput, RegisterStreamConsumerOutput,
+ UpdateShardCountOutput,
+ },
+ types::{
+ Consumer, ConsumerDescription, ConsumerStatus, EncryptionType, EnhancedMetrics,
+ PutRecordsResultEntry, Record, SequenceNumberRange, Shard, ShardFilterType,
+ ShardIteratorType, StreamDescription, StreamDescriptionSummary, StreamMode,
+ StreamModeDetails, StreamStatus, StreamSummary, Tag,
+ },
+};
use tokio::sync::{mpsc, oneshot};
use uuid::Uuid;
-use ruststack_kinesis_model::error::{KinesisError, KinesisErrorCode};
-use ruststack_kinesis_model::input::{
- AddTagsToStreamInput, CreateStreamInput, DecreaseStreamRetentionPeriodInput,
- DeleteResourcePolicyInput, DeleteStreamInput, DeregisterStreamConsumerInput,
- DescribeLimitsInput, DescribeStreamConsumerInput, DescribeStreamInput,
- DescribeStreamSummaryInput, GetRecordsInput, GetResourcePolicyInput, GetShardIteratorInput,
- IncreaseStreamRetentionPeriodInput, ListShardsInput, ListStreamConsumersInput,
- ListStreamsInput, ListTagsForStreamInput, MergeShardsInput, PutRecordInput, PutRecordsInput,
- PutResourcePolicyInput, RegisterStreamConsumerInput, RemoveTagsFromStreamInput,
- SplitShardInput, StartStreamEncryptionInput, StopStreamEncryptionInput, SubscribeToShardInput,
- UpdateShardCountInput,
-};
-use ruststack_kinesis_model::output::{
- DescribeLimitsOutput, DescribeStreamConsumerOutput, DescribeStreamOutput,
- DescribeStreamSummaryOutput, GetRecordsOutput, GetResourcePolicyOutput, GetShardIteratorOutput,
- ListShardsOutput, ListStreamConsumersOutput, ListStreamsOutput, ListTagsForStreamOutput,
- PutRecordOutput, PutRecordsOutput, RegisterStreamConsumerOutput, UpdateShardCountOutput,
+use crate::{
+ config::KinesisConfig,
+ shard::{
+ actor::{IteratorRequest, ShardCommand, ShardHandle, ShardInfo},
+ hash::{HashKey, HashKeyRange},
+ iterator::ShardIteratorToken,
+ },
};
-use ruststack_kinesis_model::types::{
- Consumer, ConsumerDescription, ConsumerStatus, EncryptionType, EnhancedMetrics,
- PutRecordsResultEntry, Record, SequenceNumberRange, Shard, ShardFilterType, ShardIteratorType,
- StreamDescription, StreamDescriptionSummary, StreamMode, StreamModeDetails, StreamStatus,
- StreamSummary, Tag,
-};
-
-use crate::config::KinesisConfig;
-use crate::shard::actor::{IteratorRequest, ShardCommand, ShardHandle, ShardInfo};
-use crate::shard::hash::{HashKey, HashKeyRange};
-use crate::shard::iterator::ShardIteratorToken;
/// Internal consumer metadata.
#[derive(Debug, Clone)]
diff --git a/crates/ruststack-kinesis-core/src/shard/actor.rs b/crates/ruststack-kinesis-core/src/shard/actor.rs
index 5a85433..b04aa31 100644
--- a/crates/ruststack-kinesis-core/src/shard/actor.rs
+++ b/crates/ruststack-kinesis-core/src/shard/actor.rs
@@ -1,17 +1,17 @@
//! Shard actor implementing the actor-per-shard pattern.
-use std::str::FromStr;
-use std::time::Duration;
+use std::{str::FromStr, time::Duration};
use bytes::Bytes;
use chrono::{DateTime, Utc};
-use tokio::sync::{mpsc, oneshot};
-
use ruststack_kinesis_model::types::HashKeyRange as ModelHashKeyRange;
+use tokio::sync::{mpsc, oneshot};
-use super::hash::HashKeyRange;
-use super::sequence::{SequenceNumber, SequenceNumberGenerator};
-use super::storage::{ShardRecordLog, StoredRecord};
+use super::{
+ hash::HashKeyRange,
+ sequence::{SequenceNumber, SequenceNumberGenerator},
+ storage::{ShardRecordLog, StoredRecord},
+};
/// Commands sent to a shard actor.
#[derive(Debug)]
diff --git a/crates/ruststack-kinesis-core/src/shard/iterator.rs b/crates/ruststack-kinesis-core/src/shard/iterator.rs
index fd9c274..0147119 100644
--- a/crates/ruststack-kinesis-core/src/shard/iterator.rs
+++ b/crates/ruststack-kinesis-core/src/shard/iterator.rs
@@ -1,7 +1,6 @@
//! Shard iterator token encoding and decoding.
-use base64::Engine;
-use base64::engine::general_purpose::STANDARD;
+use base64::{Engine, engine::general_purpose::STANDARD};
/// A shard iterator token encoding the stream name, shard ID, position, and nonce.
#[derive(Debug, Clone, PartialEq, Eq)]
diff --git a/crates/ruststack-kinesis-core/src/shard/sequence.rs b/crates/ruststack-kinesis-core/src/shard/sequence.rs
index 4519d08..9609a97 100644
--- a/crates/ruststack-kinesis-core/src/shard/sequence.rs
+++ b/crates/ruststack-kinesis-core/src/shard/sequence.rs
@@ -1,7 +1,9 @@
//! Sequence number generation for Kinesis records.
-use std::str::FromStr;
-use std::sync::atomic::{AtomicU64, Ordering};
+use std::{
+ str::FromStr,
+ sync::atomic::{AtomicU64, Ordering},
+};
/// A 128-bit sequence number for a Kinesis record.
///
diff --git a/crates/ruststack-kinesis-http/src/body.rs b/crates/ruststack-kinesis-http/src/body.rs
index 52565ab..8d946b7 100644
--- a/crates/ruststack-kinesis-http/src/body.rs
+++ b/crates/ruststack-kinesis-http/src/body.rs
@@ -1,7 +1,9 @@
//! Kinesis HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-kinesis-http/src/dispatch.rs b/crates/ruststack-kinesis-http/src/dispatch.rs
index c27cfa9..aa161bc 100644
--- a/crates/ruststack-kinesis-http/src/dispatch.rs
+++ b/crates/ruststack-kinesis-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! Kinesis handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_kinesis_model::error::KinesisError;
-use ruststack_kinesis_model::operations::KinesisOperation;
+use ruststack_kinesis_model::{error::KinesisError, operations::KinesisOperation};
use crate::body::KinesisResponseBody;
diff --git a/crates/ruststack-kinesis-http/src/router.rs b/crates/ruststack-kinesis-http/src/router.rs
index 0fc1d57..0c9b17e 100644
--- a/crates/ruststack-kinesis-http/src/router.rs
+++ b/crates/ruststack-kinesis-http/src/router.rs
@@ -7,8 +7,7 @@
//! X-Amz-Target: Kinesis_20131202.PutRecord
//! ```
-use ruststack_kinesis_model::error::KinesisError;
-use ruststack_kinesis_model::operations::KinesisOperation;
+use ruststack_kinesis_model::{error::KinesisError, operations::KinesisOperation};
/// The expected prefix for the `X-Amz-Target` header value.
const TARGET_PREFIX: &str = "Kinesis_20131202.";
diff --git a/crates/ruststack-kinesis-http/src/service.rs b/crates/ruststack-kinesis-http/src/service.rs
index 9e5309e..6c56aee 100644
--- a/crates/ruststack-kinesis-http/src/service.rs
+++ b/crates/ruststack-kinesis-http/src/service.rs
@@ -1,20 +1,18 @@
//! Kinesis HTTP service implementing the hyper `Service` trait.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
use ruststack_kinesis_model::error::KinesisError;
-use crate::body::KinesisResponseBody;
-use crate::dispatch::{KinesisHandler, dispatch_operation};
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::KinesisResponseBody,
+ dispatch::{KinesisHandler, dispatch_operation},
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the Kinesis HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-kinesis-model/src/blob.rs b/crates/ruststack-kinesis-model/src/blob.rs
index 19c4e2d..96155e1 100644
--- a/crates/ruststack-kinesis-model/src/blob.rs
+++ b/crates/ruststack-kinesis-model/src/blob.rs
@@ -4,8 +4,7 @@
//! in JSON. This module provides custom serde serializers/deserializers for
//! `bytes::Bytes` that handle the base64 encoding.
-use base64::Engine;
-use base64::engine::general_purpose::STANDARD;
+use base64::{Engine, engine::general_purpose::STANDARD};
use serde::{Deserialize, Deserializer, Serialize, Serializer};
/// Serialize `bytes::Bytes` as a base64 string.
diff --git a/crates/ruststack-kinesis-model/src/epoch_seconds.rs b/crates/ruststack-kinesis-model/src/epoch_seconds.rs
index aa2b756..7b29829 100644
--- a/crates/ruststack-kinesis-model/src/epoch_seconds.rs
+++ b/crates/ruststack-kinesis-model/src/epoch_seconds.rs
@@ -56,9 +56,10 @@ pub fn deserialize<'de, D: Deserializer<'de>>(d: D) -> Result, D::
/// Serde helpers for `Option>` as epoch seconds.
pub mod option {
- use super::{DateTime, Deserializer, Serializer, TimeZone, Utc, epoch_to_datetime};
use serde::de;
+ use super::{DateTime, Deserializer, Serializer, TimeZone, Utc, epoch_to_datetime};
+
/// Serialize `Option>` as epoch seconds (f64) or null.
pub fn serialize(dt: &Option>, s: S) -> Result {
match dt {
diff --git a/crates/ruststack-kms-core/src/crypto.rs b/crates/ruststack-kms-core/src/crypto.rs
index 1e6f714..97ab993 100644
--- a/crates/ruststack-kms-core/src/crypto.rs
+++ b/crates/ruststack-kms-core/src/crypto.rs
@@ -5,19 +5,21 @@
use std::collections::HashMap;
-use aws_lc_rs::aead::{self, Aad, BoundKey, NONCE_LEN, Nonce, NonceSequence, SealingKey};
-use aws_lc_rs::encoding::AsDer;
-use aws_lc_rs::rand::{SecureRandom, SystemRandom};
-use aws_lc_rs::signature::{self, EcdsaKeyPair, KeyPair as _, RsaKeyPair};
-
-use ruststack_kms_model::error::{KmsError, KmsErrorCode};
-use ruststack_kms_model::types::{
- DataKeyPairSpec, DataKeySpec, EncryptionAlgorithmSpec, KeySpec, MacAlgorithmSpec,
- SigningAlgorithmSpec,
+use aws_lc_rs::{
+ aead::{self, Aad, BoundKey, NONCE_LEN, Nonce, NonceSequence, SealingKey},
+ encoding::AsDer,
+ rand::{SecureRandom, SystemRandom},
+ signature::{self, EcdsaKeyPair, KeyPair as _, RsaKeyPair},
+};
+use ruststack_kms_model::{
+ error::{KmsError, KmsErrorCode},
+ types::{
+ DataKeyPairSpec, DataKeySpec, EncryptionAlgorithmSpec, KeySpec, MacAlgorithmSpec,
+ SigningAlgorithmSpec,
+ },
};
-use crate::ciphertext;
-use crate::key::KeyMaterial;
+use crate::{ciphertext, key::KeyMaterial};
/// Thread-safe random number generator.
fn rng() -> &'static SystemRandom {
diff --git a/crates/ruststack-kms-core/src/handler.rs b/crates/ruststack-kms-core/src/handler.rs
index 5b93683..dc39340 100644
--- a/crates/ruststack-kms-core/src/handler.rs
+++ b/crates/ruststack-kms-core/src/handler.rs
@@ -1,16 +1,10 @@
//! KMS handler implementation bridging HTTP to business logic.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_kms_http::body::KmsResponseBody;
-use ruststack_kms_http::dispatch::KmsHandler;
-use ruststack_kms_http::response::json_response;
-use ruststack_kms_model::error::KmsError;
-use ruststack_kms_model::operations::KmsOperation;
+use ruststack_kms_http::{body::KmsResponseBody, dispatch::KmsHandler, response::json_response};
+use ruststack_kms_model::{error::KmsError, operations::KmsOperation};
use crate::provider::RustStackKms;
diff --git a/crates/ruststack-kms-core/src/key.rs b/crates/ruststack-kms-core/src/key.rs
index 9d90312..751cd93 100644
--- a/crates/ruststack-kms-core/src/key.rs
+++ b/crates/ruststack-kms-core/src/key.rs
@@ -3,7 +3,6 @@
use std::collections::HashMap;
use chrono::{DateTime, Utc};
-
use ruststack_kms_model::types::{
EncryptionAlgorithmSpec, KeySpec, KeyState, KeyUsageType, MacAlgorithmSpec, OriginType,
SigningAlgorithmSpec,
diff --git a/crates/ruststack-kms-core/src/provider.rs b/crates/ruststack-kms-core/src/provider.rs
index dc736c6..0567ce0 100644
--- a/crates/ruststack-kms-core/src/provider.rs
+++ b/crates/ruststack-kms-core/src/provider.rs
@@ -1,44 +1,48 @@
//! KMS provider implementing all 39 operations.
-use std::collections::HashMap;
-use std::sync::Arc;
+use std::{collections::HashMap, sync::Arc};
use chrono::Utc;
-
-use ruststack_kms_model::error::{KmsError, KmsErrorCode};
-use ruststack_kms_model::input::{
- CancelKeyDeletionInput, CreateAliasInput, CreateGrantInput, CreateKeyInput, DecryptInput,
- DeleteAliasInput, DescribeKeyInput, DisableKeyInput, DisableKeyRotationInput, EnableKeyInput,
- EnableKeyRotationInput, EncryptInput, GenerateDataKeyInput, GenerateDataKeyPairInput,
- GenerateDataKeyPairWithoutPlaintextInput, GenerateDataKeyWithoutPlaintextInput,
- GenerateMacInput, GenerateRandomInput, GetKeyPolicyInput, GetKeyRotationStatusInput,
- GetPublicKeyInput, ListAliasesInput, ListGrantsInput, ListKeyPoliciesInput, ListKeysInput,
- ListResourceTagsInput, ListRetirableGrantsInput, PutKeyPolicyInput, ReEncryptInput,
- RetireGrantInput, RevokeGrantInput, ScheduleKeyDeletionInput, SignInput, TagResourceInput,
- UntagResourceInput, UpdateAliasInput, UpdateKeyDescriptionInput, VerifyInput, VerifyMacInput,
-};
-use ruststack_kms_model::output::{
- CancelKeyDeletionResponse, CreateGrantResponse, CreateKeyResponse, DecryptResponse,
- DescribeKeyResponse, EncryptResponse, GenerateDataKeyPairResponse,
- GenerateDataKeyPairWithoutPlaintextResponse, GenerateDataKeyResponse,
- GenerateDataKeyWithoutPlaintextResponse, GenerateMacResponse, GenerateRandomResponse,
- GetKeyPolicyResponse, GetKeyRotationStatusResponse, GetPublicKeyResponse, ListAliasesResponse,
- ListGrantsResponse, ListKeyPoliciesResponse, ListKeysResponse, ListResourceTagsResponse,
- ReEncryptResponse, ScheduleKeyDeletionResponse, SignResponse, VerifyMacResponse,
- VerifyResponse,
-};
-use ruststack_kms_model::types::{
- AliasListEntry, DataKeySpec, EncryptionAlgorithmSpec, GrantListEntry, KeyListEntry,
- KeyManagerType, KeyMetadata, KeySpec, KeyState, KeyUsageType, OriginType, Tag,
+use ruststack_kms_model::{
+ error::{KmsError, KmsErrorCode},
+ input::{
+ CancelKeyDeletionInput, CreateAliasInput, CreateGrantInput, CreateKeyInput, DecryptInput,
+ DeleteAliasInput, DescribeKeyInput, DisableKeyInput, DisableKeyRotationInput,
+ EnableKeyInput, EnableKeyRotationInput, EncryptInput, GenerateDataKeyInput,
+ GenerateDataKeyPairInput, GenerateDataKeyPairWithoutPlaintextInput,
+ GenerateDataKeyWithoutPlaintextInput, GenerateMacInput, GenerateRandomInput,
+ GetKeyPolicyInput, GetKeyRotationStatusInput, GetPublicKeyInput, ListAliasesInput,
+ ListGrantsInput, ListKeyPoliciesInput, ListKeysInput, ListResourceTagsInput,
+ ListRetirableGrantsInput, PutKeyPolicyInput, ReEncryptInput, RetireGrantInput,
+ RevokeGrantInput, ScheduleKeyDeletionInput, SignInput, TagResourceInput,
+ UntagResourceInput, UpdateAliasInput, UpdateKeyDescriptionInput, VerifyInput,
+ VerifyMacInput,
+ },
+ output::{
+ CancelKeyDeletionResponse, CreateGrantResponse, CreateKeyResponse, DecryptResponse,
+ DescribeKeyResponse, EncryptResponse, GenerateDataKeyPairResponse,
+ GenerateDataKeyPairWithoutPlaintextResponse, GenerateDataKeyResponse,
+ GenerateDataKeyWithoutPlaintextResponse, GenerateMacResponse, GenerateRandomResponse,
+ GetKeyPolicyResponse, GetKeyRotationStatusResponse, GetPublicKeyResponse,
+ ListAliasesResponse, ListGrantsResponse, ListKeyPoliciesResponse, ListKeysResponse,
+ ListResourceTagsResponse, ReEncryptResponse, ScheduleKeyDeletionResponse, SignResponse,
+ VerifyMacResponse, VerifyResponse,
+ },
+ types::{
+ AliasListEntry, DataKeySpec, EncryptionAlgorithmSpec, GrantListEntry, KeyListEntry,
+ KeyManagerType, KeyMetadata, KeySpec, KeyState, KeyUsageType, OriginType, Tag,
+ },
};
-use crate::ciphertext;
-use crate::config::KmsConfig;
-use crate::crypto;
-use crate::key::{KeyMaterial, KmsKey};
-use crate::resolve::resolve_key_id;
-use crate::state::{AliasEntry, GrantEntry, KmsStore};
-use crate::validation;
+use crate::{
+ ciphertext,
+ config::KmsConfig,
+ crypto,
+ key::{KeyMaterial, KmsKey},
+ resolve::resolve_key_id,
+ state::{AliasEntry, GrantEntry, KmsStore},
+ validation,
+};
/// The KMS business logic provider.
#[derive(Debug)]
diff --git a/crates/ruststack-kms-core/src/state.rs b/crates/ruststack-kms-core/src/state.rs
index 75b4a19..20d0074 100644
--- a/crates/ruststack-kms-core/src/state.rs
+++ b/crates/ruststack-kms-core/src/state.rs
@@ -3,7 +3,6 @@
use std::collections::HashMap;
use dashmap::DashMap;
-
use ruststack_kms_model::types::{GrantConstraints, GrantOperation};
use crate::key::KmsKey;
diff --git a/crates/ruststack-kms-core/src/validation.rs b/crates/ruststack-kms-core/src/validation.rs
index 2f3b8b0..0574eed 100644
--- a/crates/ruststack-kms-core/src/validation.rs
+++ b/crates/ruststack-kms-core/src/validation.rs
@@ -1,9 +1,11 @@
//! Input validation for KMS operations.
-use ruststack_kms_model::error::{KmsError, KmsErrorCode};
-use ruststack_kms_model::types::{
- EncryptionAlgorithmSpec, KeySpec, KeyState, KeyUsageType, MacAlgorithmSpec,
- SigningAlgorithmSpec,
+use ruststack_kms_model::{
+ error::{KmsError, KmsErrorCode},
+ types::{
+ EncryptionAlgorithmSpec, KeySpec, KeyState, KeyUsageType, MacAlgorithmSpec,
+ SigningAlgorithmSpec,
+ },
};
use crate::key::KmsKey;
diff --git a/crates/ruststack-kms-http/src/body.rs b/crates/ruststack-kms-http/src/body.rs
index 7dc36e2..a3aef48 100644
--- a/crates/ruststack-kms-http/src/body.rs
+++ b/crates/ruststack-kms-http/src/body.rs
@@ -1,7 +1,9 @@
//! KMS HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-kms-http/src/dispatch.rs b/crates/ruststack-kms-http/src/dispatch.rs
index 99b2117..1b433cb 100644
--- a/crates/ruststack-kms-http/src/dispatch.rs
+++ b/crates/ruststack-kms-http/src/dispatch.rs
@@ -1,12 +1,9 @@
//! KMS handler trait and operation dispatch.
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
-
-use ruststack_kms_model::error::KmsError;
-use ruststack_kms_model::operations::KmsOperation;
+use ruststack_kms_model::{error::KmsError, operations::KmsOperation};
use crate::body::KmsResponseBody;
diff --git a/crates/ruststack-kms-http/src/router.rs b/crates/ruststack-kms-http/src/router.rs
index 0eb5685..657fd68 100644
--- a/crates/ruststack-kms-http/src/router.rs
+++ b/crates/ruststack-kms-http/src/router.rs
@@ -7,8 +7,7 @@
//! X-Amz-Target: TrentService.CreateKey
//! ```
-use ruststack_kms_model::error::KmsError;
-use ruststack_kms_model::operations::KmsOperation;
+use ruststack_kms_model::{error::KmsError, operations::KmsOperation};
/// The expected prefix for the `X-Amz-Target` header value.
const TARGET_PREFIX: &str = "TrentService.";
diff --git a/crates/ruststack-kms-http/src/service.rs b/crates/ruststack-kms-http/src/service.rs
index 38ad31e..40b3537 100644
--- a/crates/ruststack-kms-http/src/service.rs
+++ b/crates/ruststack-kms-http/src/service.rs
@@ -1,20 +1,18 @@
//! KMS HTTP service implementing the hyper `Service` trait.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
use ruststack_kms_model::error::KmsError;
-use crate::body::KmsResponseBody;
-use crate::dispatch::{KmsHandler, dispatch_operation};
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::KmsResponseBody,
+ dispatch::{KmsHandler, dispatch_operation},
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the KMS HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-kms-model/src/blob.rs b/crates/ruststack-kms-model/src/blob.rs
index 88a9d51..d206cda 100644
--- a/crates/ruststack-kms-model/src/blob.rs
+++ b/crates/ruststack-kms-model/src/blob.rs
@@ -4,8 +4,7 @@
//! as base64-encoded strings in JSON. This module provides custom serde
//! serializers/deserializers for `bytes::Bytes` that handle the base64 encoding.
-use base64::Engine;
-use base64::engine::general_purpose::STANDARD;
+use base64::{Engine, engine::general_purpose::STANDARD};
use serde::{Deserialize, Deserializer, Serialize, Serializer};
/// Serialize `bytes::Bytes` as a base64 string.
diff --git a/crates/ruststack-lambda-core/src/error.rs b/crates/ruststack-lambda-core/src/error.rs
index 2084669..dbc2cfa 100644
--- a/crates/ruststack-lambda-core/src/error.rs
+++ b/crates/ruststack-lambda-core/src/error.rs
@@ -72,6 +72,22 @@ pub enum LambdaServiceError {
#[error("Docker not available")]
DockerNotAvailable,
+ /// Event source mapping does not exist.
+ #[error("Event source mapping not found: {uuid}")]
+ EventSourceMappingNotFound {
+ /// UUID that was not found.
+ uuid: String,
+ },
+
+ /// Event invoke config does not exist.
+ #[error("Event invoke config not found: {function_name}:{qualifier}")]
+ EventInvokeConfigNotFound {
+ /// Function name.
+ function_name: String,
+ /// Qualifier.
+ qualifier: String,
+ },
+
/// Policy statement not found.
#[error("Policy not found: {sid}")]
PolicyNotFound {
@@ -106,13 +122,15 @@ impl From for LambdaError {
ref function_name,
ref version,
} => LambdaError::resource_not_found(format!(
- "Function not found: arn:aws:lambda:us-east-1:000000000000:function:{function_name}:{version}"
+ "Function not found: \
+ arn:aws:lambda:us-east-1:000000000000:function:{function_name}:{version}"
)),
LambdaServiceError::AliasNotFound {
ref function_name,
ref alias,
} => LambdaError::resource_not_found(format!(
- "Function not found: arn:aws:lambda:us-east-1:000000000000:function:{function_name}:{alias}"
+ "Function not found: \
+ arn:aws:lambda:us-east-1:000000000000:function:{function_name}:{alias}"
)),
LambdaServiceError::ResourceConflict { ref message } => {
LambdaError::resource_conflict(message)
@@ -135,9 +153,23 @@ impl From for LambdaError {
LambdaServiceError::RequestTooLarge { ref message } => {
LambdaError::new(LambdaErrorCode::RequestTooLargeException, message.clone())
}
+ LambdaServiceError::EventSourceMappingNotFound { ref uuid } => {
+ LambdaError::resource_not_found(format!(
+ "The resource you requested does not exist. (Service: Lambda, Status Code: \
+ 404, Request ID: 00000000-0000-0000-0000-000000000000, Extended Request ID: \
+ null) UUID: {uuid}"
+ ))
+ }
LambdaServiceError::PolicyNotFound { ref sid } => {
LambdaError::resource_not_found(format!("No policy is found for: {sid}"))
}
+ LambdaServiceError::EventInvokeConfigNotFound {
+ ref function_name,
+ ref qualifier,
+ } => LambdaError::resource_not_found(format!(
+ "The function {function_name} doesn't have an EventInvokeConfig for qualifier \
+ {qualifier}"
+ )),
LambdaServiceError::Internal { ref message } => {
LambdaError::service_error(message.clone())
}
diff --git a/crates/ruststack-lambda-core/src/handler.rs b/crates/ruststack-lambda-core/src/handler.rs
index 8154cdf..846402d 100644
--- a/crates/ruststack-lambda-core/src/handler.rs
+++ b/crates/ruststack-lambda-core/src/handler.rs
@@ -6,24 +6,29 @@
//! Uses manual `Pin>` return types because the `LambdaHandler`
//! trait requires object safety for `Arc`.
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
-
-use ruststack_lambda_http::body::LambdaResponseBody;
-use ruststack_lambda_http::dispatch::LambdaHandler;
-use ruststack_lambda_http::response::{empty_response, json_response};
-use ruststack_lambda_http::router::PathParams;
-use ruststack_lambda_model::error::LambdaError;
-use ruststack_lambda_model::input::{
- AddPermissionInput, CreateAliasInput, CreateFunctionInput, CreateFunctionUrlConfigInput,
- PublishVersionInput, TagResourceInput, UpdateAliasInput, UpdateFunctionCodeInput,
- UpdateFunctionConfigurationInput, UpdateFunctionUrlConfigInput,
+use ruststack_lambda_http::{
+ body::LambdaResponseBody,
+ dispatch::LambdaHandler,
+ response::{empty_response, json_response},
+ router::PathParams,
+};
+use ruststack_lambda_model::{
+ error::LambdaError,
+ input::{
+ AddLayerVersionPermissionInput, AddPermissionInput, CreateAliasInput,
+ CreateEventSourceMappingInput, CreateFunctionInput, CreateFunctionUrlConfigInput,
+ EventInvokeConfigInput, PublishLayerVersionInput, PublishVersionInput,
+ PutFunctionConcurrencyInput, TagResourceInput, UpdateAliasInput,
+ UpdateEventSourceMappingInput, UpdateFunctionCodeInput, UpdateFunctionConfigurationInput,
+ UpdateFunctionUrlConfigInput,
+ },
+ operations::LambdaOperation,
+ output::ListFunctionEventInvokeConfigsOutput,
+ types::InvocationType,
};
-use ruststack_lambda_model::operations::LambdaOperation;
-use ruststack_lambda_model::types::InvocationType;
use crate::provider::RustStackLambda;
@@ -433,6 +438,258 @@ async fn dispatch(
wrap_json_response(200, &output)
}
+ // ---- Phase 2b: Lambda Layers ----
+ LambdaOperation::PublishLayerVersion => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let input: PublishLayerVersionInput = serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?;
+ let output = provider
+ .publish_layer_version(layer_name, &input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(201, &output)
+ }
+
+ LambdaOperation::GetLayerVersion => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let version_number = require_path_param(path_params, "VersionNumber")?;
+ let version: u64 = version_number.parse().map_err(|_| {
+ LambdaError::invalid_parameter(format!("Invalid version number: {version_number}"))
+ })?;
+ let output = provider
+ .get_layer_version(layer_name, version)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::GetLayerVersionByArn => {
+ // The ARN is passed as a query parameter.
+ let arn = get_query_param(&query_params, "Arn")
+ .ok_or_else(|| LambdaError::invalid_parameter("Arn query parameter is required"))?;
+ let output = provider
+ .get_layer_version_by_arn(arn)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::ListLayerVersions => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let marker = get_query_param(&query_params, "Marker");
+ let max_items =
+ get_query_param(&query_params, "MaxItems").and_then(|v| v.parse::().ok());
+ let output = provider
+ .list_layer_versions(layer_name, marker, max_items)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::ListLayers => {
+ let marker = get_query_param(&query_params, "Marker");
+ let max_items =
+ get_query_param(&query_params, "MaxItems").and_then(|v| v.parse::().ok());
+ let output = provider.list_layers(marker, max_items);
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::DeleteLayerVersion => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let version_number = require_path_param(path_params, "VersionNumber")?;
+ let version: u64 = version_number.parse().map_err(|_| {
+ LambdaError::invalid_parameter(format!("Invalid version number: {version_number}"))
+ })?;
+ provider
+ .delete_layer_version(layer_name, version)
+ .map_err(LambdaError::from)?;
+ wrap_empty_response(204)
+ }
+
+ LambdaOperation::AddLayerVersionPermission => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let version_number = require_path_param(path_params, "VersionNumber")?;
+ let version: u64 = version_number.parse().map_err(|_| {
+ LambdaError::invalid_parameter(format!("Invalid version number: {version_number}"))
+ })?;
+ let input: AddLayerVersionPermissionInput =
+ serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?;
+ let output = provider
+ .add_layer_version_permission(layer_name, version, &input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(201, &output)
+ }
+
+ LambdaOperation::GetLayerVersionPolicy => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let version_number = require_path_param(path_params, "VersionNumber")?;
+ let version: u64 = version_number.parse().map_err(|_| {
+ LambdaError::invalid_parameter(format!("Invalid version number: {version_number}"))
+ })?;
+ let output = provider
+ .get_layer_version_policy(layer_name, version)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::RemoveLayerVersionPermission => {
+ let layer_name = require_path_param(path_params, "LayerName")?;
+ let version_number = require_path_param(path_params, "VersionNumber")?;
+ let version: u64 = version_number.parse().map_err(|_| {
+ LambdaError::invalid_parameter(format!("Invalid version number: {version_number}"))
+ })?;
+ let statement_id = require_path_param(path_params, "StatementId")?;
+ provider
+ .remove_layer_version_permission(layer_name, version, statement_id)
+ .map_err(LambdaError::from)?;
+ wrap_empty_response(204)
+ }
+
+ // ---- Phase 3: Event Source Mappings ----
+ LambdaOperation::CreateEventSourceMapping => {
+ let input: CreateEventSourceMappingInput =
+ serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?;
+ let output = provider
+ .create_event_source_mapping(&input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(202, &output)
+ }
+
+ LambdaOperation::GetEventSourceMapping => {
+ let uuid = require_path_param(path_params, "UUID")?;
+ let output = provider
+ .get_event_source_mapping(uuid)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::UpdateEventSourceMapping => {
+ let uuid = require_path_param(path_params, "UUID")?;
+ let input: UpdateEventSourceMappingInput =
+ serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?;
+ let output = provider
+ .update_event_source_mapping(uuid, &input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(202, &output)
+ }
+
+ LambdaOperation::DeleteEventSourceMapping => {
+ let uuid = require_path_param(path_params, "UUID")?;
+ let output = provider
+ .delete_event_source_mapping(uuid)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(202, &output)
+ }
+
+ LambdaOperation::ListEventSourceMappings => {
+ let function_name = get_query_param(&query_params, "FunctionName");
+ let event_source_arn = get_query_param(&query_params, "EventSourceArn");
+ let marker = get_query_param(&query_params, "Marker");
+ let max_items =
+ get_query_param(&query_params, "MaxItems").and_then(|v| v.parse::().ok());
+ let output = provider.list_event_source_mappings(
+ function_name,
+ event_source_arn,
+ marker,
+ max_items,
+ );
+ wrap_json_response(200, &output)
+ }
+
+ // ---- Phase 6: Concurrency ----
+ LambdaOperation::PutFunctionConcurrency => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let input: PutFunctionConcurrencyInput = serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?;
+ let output = provider
+ .put_function_concurrency(function_name, input.reserved_concurrent_executions)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::GetFunctionConcurrency => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let output = provider
+ .get_function_concurrency(function_name)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::DeleteFunctionConcurrency => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ provider
+ .delete_function_concurrency(function_name)
+ .map_err(LambdaError::from)?;
+ wrap_empty_response(204)
+ }
+
+ // ---- Phase 6: Event Invoke Config ----
+ LambdaOperation::PutFunctionEventInvokeConfig => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let input: EventInvokeConfigInput = if body.is_empty() {
+ EventInvokeConfigInput::default()
+ } else {
+ serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?
+ };
+ let output = provider
+ .put_function_event_invoke_config(function_name, qualifier, &input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::GetFunctionEventInvokeConfig => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let output = provider
+ .get_function_event_invoke_config(function_name, qualifier)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::UpdateFunctionEventInvokeConfig => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let input: EventInvokeConfigInput = if body.is_empty() {
+ EventInvokeConfigInput::default()
+ } else {
+ serde_json::from_slice(body).map_err(|e| {
+ LambdaError::invalid_parameter(format!("Invalid request body: {e}"))
+ })?
+ };
+ let output = provider
+ .update_function_event_invoke_config(function_name, qualifier, &input)
+ .map_err(LambdaError::from)?;
+ wrap_json_response(200, &output)
+ }
+
+ LambdaOperation::DeleteFunctionEventInvokeConfig => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ provider
+ .delete_function_event_invoke_config(function_name, qualifier)
+ .map_err(LambdaError::from)?;
+ wrap_empty_response(204)
+ }
+
+ LambdaOperation::ListFunctionEventInvokeConfigs => {
+ let function_name = require_path_param(path_params, "FunctionName")?;
+ let configs = provider
+ .list_function_event_invoke_configs(function_name)
+ .map_err(LambdaError::from)?;
+ let output = ListFunctionEventInvokeConfigsOutput {
+ function_event_invoke_configs: if configs.is_empty() {
+ None
+ } else {
+ Some(configs)
+ },
+ next_marker: None,
+ };
+ wrap_json_response(200, &output)
+ }
+
_ => Err(LambdaError::service_error(format!(
"Operation {op} is not implemented"
))),
diff --git a/crates/ruststack-lambda-core/src/provider.rs b/crates/ruststack-lambda-core/src/provider.rs
index 6469c56..4235677 100644
--- a/crates/ruststack-lambda-core/src/provider.rs
+++ b/crates/ruststack-lambda-core/src/provider.rs
@@ -16,39 +16,53 @@ const MAX_ZIP_SIZE: u64 = 50 * 1024 * 1024;
/// Maximum synchronous invoke payload size (6 MB, per Appendix C).
const MAX_SYNC_PAYLOAD: usize = 6 * 1024 * 1024;
-use ruststack_lambda_model::input::{
- AddPermissionInput, CreateAliasInput, CreateFunctionInput, CreateFunctionUrlConfigInput,
- PublishVersionInput, TagResourceInput, UpdateAliasInput, UpdateFunctionCodeInput,
- UpdateFunctionConfigurationInput, UpdateFunctionUrlConfigInput,
-};
-use ruststack_lambda_model::output::{
- AccountLimit, AccountUsage, AddPermissionOutput, GetAccountSettingsOutput, GetFunctionOutput,
- GetPolicyOutput, ListAliasesOutput, ListFunctionUrlConfigsOutput, ListFunctionsOutput,
- ListTagsOutput, ListVersionsOutput,
-};
-use ruststack_lambda_model::types::{
- AliasConfiguration, AliasRoutingConfiguration, EnvironmentResponse, EphemeralStorage,
- FunctionCodeLocation, FunctionConfiguration, FunctionUrlConfig, ImageConfigResponse, Layer,
- SnapStartResponse, TracingConfigResponse, VpcConfigResponse,
+use ruststack_lambda_model::{
+ input::{
+ AddLayerVersionPermissionInput, AddPermissionInput, CreateAliasInput,
+ CreateEventSourceMappingInput, CreateFunctionInput, CreateFunctionUrlConfigInput,
+ EventInvokeConfigInput, PublishLayerVersionInput, PublishVersionInput, TagResourceInput,
+ UpdateAliasInput, UpdateEventSourceMappingInput, UpdateFunctionCodeInput,
+ UpdateFunctionConfigurationInput, UpdateFunctionUrlConfigInput,
+ },
+ output::{
+ AccountLimit, AccountUsage, AddLayerVersionPermissionOutput, AddPermissionOutput,
+ GetAccountSettingsOutput, GetFunctionOutput, GetLayerVersionPolicyOutput, GetPolicyOutput,
+ ListAliasesOutput, ListEventSourceMappingsOutput, ListFunctionUrlConfigsOutput,
+ ListFunctionsOutput, ListLayerVersionsOutput, ListLayersOutput, ListTagsOutput,
+ ListVersionsOutput, PublishLayerVersionOutput,
+ },
+ types::{
+ AliasConfiguration, AliasRoutingConfiguration, Concurrency, EnvironmentResponse,
+ EphemeralStorage, EventSourceMappingConfiguration, FunctionCodeLocation,
+ FunctionConfiguration, FunctionEventInvokeConfig, FunctionUrlConfig, ImageConfigResponse,
+ Layer, LayerVersionContentOutput, LayerVersionsListItem, LayersListItem, SnapStartResponse,
+ TracingConfigResponse, VpcConfigResponse,
+ },
};
-use crate::config::LambdaConfig;
-use crate::error::LambdaServiceError;
-use crate::resolver::{
- alias_arn, function_arn, function_version_arn, resolve_function_ref, resolve_version,
-};
-use crate::storage::{
- AliasRecord, FunctionRecord, FunctionStore, FunctionUrlConfigRecord, PolicyDocument,
- PolicyStatement, VersionRecord, compute_sha256,
+use crate::{
+ config::LambdaConfig,
+ error::LambdaServiceError,
+ resolver::{
+ alias_arn, function_arn, function_version_arn, layer_arn, layer_version_arn,
+ parse_layer_version_arn, resolve_function_ref, resolve_version,
+ },
+ storage::{
+ AliasRecord, EventInvokeConfigRecord, EventSourceMappingRecord, EventSourceMappingStore,
+ FunctionRecord, FunctionStore, FunctionUrlConfigRecord, LayerStore, LayerVersionRecord,
+ PolicyDocument, PolicyStatement, VersionRecord, compute_sha256,
+ },
};
/// Lambda business logic provider.
///
-/// Holds the function store and service configuration. All operations
-/// are implemented as async methods that return domain types or errors.
+/// Holds the function store, layer store, and service configuration.
+/// All operations are implemented as methods that return domain types or errors.
#[derive(Debug)]
pub struct RustStackLambda {
store: FunctionStore,
+ layer_store: LayerStore,
+ esm_store: EventSourceMappingStore,
config: LambdaConfig,
}
@@ -56,7 +70,12 @@ impl RustStackLambda {
/// Create a new Lambda provider with the given store and config.
#[must_use]
pub fn with_store(store: FunctionStore, config: LambdaConfig) -> Self {
- Self { store, config }
+ Self {
+ store,
+ layer_store: LayerStore::new(),
+ esm_store: EventSourceMappingStore::new(),
+ config,
+ }
}
/// Create a new Lambda provider from config, using a temp directory for code.
@@ -64,7 +83,12 @@ impl RustStackLambda {
pub fn new(config: LambdaConfig) -> Self {
let code_dir = std::env::temp_dir().join("ruststack-lambda-code");
let store = FunctionStore::new(code_dir);
- Self { store, config }
+ Self {
+ store,
+ layer_store: LayerStore::new(),
+ esm_store: EventSourceMappingStore::new(),
+ config,
+ }
}
/// Returns a reference to the underlying function store.
@@ -73,6 +97,18 @@ impl RustStackLambda {
&self.store
}
+ /// Returns a reference to the layer store.
+ #[must_use]
+ pub fn layer_store(&self) -> &LayerStore {
+ &self.layer_store
+ }
+
+ /// Returns a reference to the event source mapping store.
+ #[must_use]
+ pub fn esm_store(&self) -> &EventSourceMappingStore {
+ &self.esm_store
+ }
+
/// Returns a reference to the service configuration.
#[must_use]
pub fn config(&self) -> &LambdaConfig {
@@ -277,6 +313,8 @@ impl RustStackLambda {
policy: PolicyDocument::default(),
tags: input.tags.clone().unwrap_or_default(),
url_config: None,
+ reserved_concurrent_executions: None,
+ event_invoke_configs: HashMap::new(),
created_at: now,
};
@@ -609,7 +647,8 @@ impl RustStackLambda {
let payload_len = payload.len();
return Err(LambdaServiceError::RequestTooLarge {
message: format!(
- "Request payload size {payload_len} exceeds the synchronous invoke limit of {MAX_SYNC_PAYLOAD} bytes",
+ "Request payload size {payload_len} exceeds the synchronous invoke limit of \
+ {MAX_SYNC_PAYLOAD} bytes",
),
});
}
@@ -1403,228 +1442,1130 @@ impl RustStackLambda {
}
// ---------------------------------------------------------------
- // Internal helpers
+ // Phase 2b: Lambda Layers
// ---------------------------------------------------------------
- /// Get a function record by name, returning `FunctionNotFound` if absent.
- fn get_record(&self, name: &str) -> Result {
- self.store
- .get(name)
- .ok_or(LambdaServiceError::FunctionNotFound {
- name: name.to_owned(),
- })
- }
-
- /// Process code input (zip or image URI), returning code metadata.
- async fn process_code(
+ /// Publish a new layer version.
+ pub fn publish_layer_version(
&self,
- function_name: &str,
- version: &str,
- zip_file_b64: Option<&str>,
- image_uri: Option<&str>,
- ) -> Result<
- (
- String,
- u64,
- Option,
- Option,
- Option,
- ),
- LambdaServiceError,
- > {
- if let Some(b64) = zip_file_b64 {
- use base64::Engine;
- let zip_bytes = base64::engine::general_purpose::STANDARD
- .decode(b64)
- .map_err(|e| LambdaServiceError::InvalidZipFile {
- message: format!("Invalid base64 encoding: {e}"),
- })?;
-
- let (code_path, sha256, size) = self
- .store
- .store_zip_code(function_name, version, &zip_bytes)
- .await?;
+ layer_name: &str,
+ input: &PublishLayerVersionInput,
+ ) -> Result {
+ if layer_name.is_empty() || layer_name.len() > 140 {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "Layer name must be between 1 and 140 characters".to_owned(),
+ });
+ }
- Ok((
- sha256,
- size,
- Some(Bytes::from(zip_bytes)),
- Some(code_path),
- None,
- ))
- } else if let Some(uri) = image_uri {
- let sha256 = compute_sha256(uri.as_bytes());
- Ok((sha256, 0, None, None, Some(uri.to_owned())))
- } else {
- // No code provided - use empty hash.
- let sha256 = compute_sha256(b"");
- Ok((sha256, 0, None, None, None))
+ if let Some(ref license) = input.license_info {
+ if license.len() > 512 {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "License info must be at most 512 characters".to_owned(),
+ });
+ }
}
- }
- /// Build a `FunctionConfiguration` from internal records.
- fn build_function_configuration(
- &self,
- record: &FunctionRecord,
- version: &VersionRecord,
- ) -> FunctionConfiguration {
- let arn = if version.version == "$LATEST" {
- record.arn.clone()
+ // Process layer code.
+ let (code_sha256, code_size) = if let Some(ref content) = input.content {
+ if let Some(ref b64) = content.zip_file {
+ use base64::Engine;
+ let zip_bytes = base64::engine::general_purpose::STANDARD
+ .decode(b64)
+ .map_err(|e| LambdaServiceError::InvalidZipFile {
+ message: format!("Invalid base64 encoding: {e}"),
+ })?;
+ let sha256 = compute_sha256(&zip_bytes);
+ let size = zip_bytes.len() as u64;
+ (sha256, size)
+ } else {
+ // S3 source accepted but not functional; use empty hash.
+ (compute_sha256(b""), 0)
+ }
} else {
- function_version_arn(
- &self.config.default_region,
- &self.config.account_id,
- &record.name,
- &version.version,
- )
+ (compute_sha256(b""), 0)
};
- let env_response = if version.environment.is_empty() {
- None
- } else {
- Some(EnvironmentResponse {
- variables: Some(version.environment.clone()),
- error: None,
- })
+ let now = now_iso8601();
+ let la = layer_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ layer_name,
+ );
+
+ // Create a temporary version record; the store will assign the actual version number.
+ let version_record = LayerVersionRecord {
+ version: 0, // will be overwritten
+ description: input.description.clone().unwrap_or_default(),
+ compatible_runtimes: input.compatible_runtimes.clone().unwrap_or_default(),
+ compatible_architectures: input.compatible_architectures.clone().unwrap_or_default(),
+ license_info: input.license_info.clone(),
+ code_sha256: code_sha256.clone(),
+ code_size,
+ created_date: now.clone(),
+ layer_arn: la.clone(),
+ layer_version_arn: String::new(), // will be overwritten
+ policy: PolicyDocument::default(),
};
- let vpc_response = version.vpc_config.as_ref().map(|vpc| VpcConfigResponse {
- subnet_ids: vpc.subnet_ids.clone(),
- security_group_ids: vpc.security_group_ids.clone(),
- vpc_id: None,
- });
+ let version_num = self
+ .layer_store
+ .publish_version(layer_name, &la, version_record);
- let tracing_response = version
- .tracing_config
- .as_ref()
- .map(|tc| TracingConfigResponse {
- mode: tc.mode.clone(),
- });
+ // Update the version number and ARN in the stored record.
+ let lva = layer_version_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ layer_name,
+ version_num,
+ );
+ self.layer_store
+ .update_version(layer_name, version_num, |ver| {
+ ver.version = version_num;
+ ver.layer_version_arn.clone_from(&lva);
+ })?;
- let layers = if version.layers.is_empty() {
- None
- } else {
- Some(
- version
- .layers
- .iter()
- .map(|l| Layer {
- arn: Some(l.clone()),
- code_size: None,
- signing_profile_version_arn: None,
- signing_job_arn: None,
- })
- .collect(),
- )
- };
+ info!(layer_name = %layer_name, version = %version_num, "published layer version");
- let image_config_response = version.image_config.as_ref().map(|ic| ImageConfigResponse {
- image_config: Some(ic.clone()),
- error: None,
- });
+ #[allow(clippy::cast_possible_wrap)]
+ Ok(PublishLayerVersionOutput {
+ content: Some(LayerVersionContentOutput {
+ code_sha256: Some(code_sha256),
+ code_size: Some(code_size as i64),
+ ..Default::default()
+ }),
+ layer_arn: Some(la),
+ layer_version_arn: Some(lva),
+ description: input.description.clone(),
+ created_date: Some(now),
+ version: Some(version_num as i64),
+ compatible_runtimes: input.compatible_runtimes.clone(),
+ license_info: input.license_info.clone(),
+ compatible_architectures: input.compatible_architectures.clone(),
+ })
+ }
- let snap_start_response = version.snap_start.as_ref().map(|ss| SnapStartResponse {
- apply_on: ss.apply_on.clone(),
- optimization_status: Some("Off".to_owned()),
- });
+ /// Get a specific layer version.
+ pub fn get_layer_version(
+ &self,
+ layer_name: &str,
+ version_number: u64,
+ ) -> Result {
+ let ver = self
+ .layer_store
+ .get_version(layer_name, version_number)
+ .ok_or(LambdaServiceError::InvalidParameter {
+ message: format!("Layer version not found: {layer_name}:{version_number}"),
+ })?;
- FunctionConfiguration {
- function_name: Some(record.name.clone()),
- function_arn: Some(arn),
- runtime: version.runtime.clone(),
- role: Some(version.role.clone()),
- handler: version.handler.clone(),
- #[allow(clippy::cast_possible_wrap)]
- code_size: Some(version.code_size as i64),
- description: if version.description.is_empty() {
- None
- } else {
- Some(version.description.clone())
- },
- timeout: Some(version.timeout),
- memory_size: Some(version.memory_size),
- last_modified: Some(version.last_modified.clone()),
- code_sha256: Some(version.code_sha256.clone()),
- version: Some(version.version.clone()),
- environment: env_response,
- vpc_config: vpc_response,
- dead_letter_config: version.dead_letter_config.clone(),
- tracing_config: tracing_response,
- revision_id: Some(version.revision_id.clone()),
- layers,
- state: Some(version.state.clone()),
- state_reason: None,
- state_reason_code: None,
- package_type: Some(version.package_type.clone()),
- architectures: Some(version.architectures.clone()),
- ephemeral_storage: Some(EphemeralStorage {
- size: version.ephemeral_storage_size,
- }),
- logging_config: version.logging_config.clone(),
- snap_start: snap_start_response,
- image_config_response,
- last_update_status: Some("Successful".to_owned()),
- last_update_status_reason: None,
- last_update_status_reason_code: None,
- }
+ Ok(Self::build_layer_version_output(&ver))
}
- /// Extract function name from a Lambda function ARN.
- fn extract_function_name_from_arn(arn: &str) -> Result {
- // Try ARN parsing first.
- if arn.starts_with("arn:") {
- let (name, _) = resolve_function_ref(arn)?;
- return Ok(name);
- }
- // If it's not an ARN, treat it as a function name.
- Ok(arn.to_owned())
+ /// Get a layer version by its full ARN.
+ pub fn get_layer_version_by_arn(
+ &self,
+ arn: &str,
+ ) -> Result {
+ let (name, version) = parse_layer_version_arn(arn)?;
+ self.get_layer_version(&name, version)
}
-}
-/// Get current time in ISO 8601 format matching AWS Lambda conventions.
-fn now_iso8601() -> String {
- chrono::Utc::now()
- .format("%Y-%m-%dT%H:%M:%S%.3f+0000")
- .to_string()
-}
+ /// List versions of a layer.
+ pub fn list_layer_versions(
+ &self,
+ layer_name: &str,
+ marker: Option<&str>,
+ max_items: Option,
+ ) -> Result {
+ let versions = self.layer_store.list_versions(layer_name);
+ let max = max_items.unwrap_or(50).min(10_000);
-#[cfg(test)]
-mod tests {
- use super::*;
+ let start = marker
+ .and_then(|m| m.parse::().ok())
+ .and_then(|marker_ver| versions.iter().position(|v| v.version > marker_ver))
+ .unwrap_or(0);
- fn test_provider() -> RustStackLambda {
- let tmp = tempfile::tempdir().unwrap();
- let store = FunctionStore::new(tmp.path());
- let config = LambdaConfig::default();
- RustStackLambda::with_store(store, config)
- }
+ #[allow(clippy::cast_possible_wrap)]
+ let page: Vec = versions
+ .iter()
+ .skip(start)
+ .take(max)
+ .map(|v| LayerVersionsListItem {
+ layer_version_arn: Some(v.layer_version_arn.clone()),
+ version: Some(v.version as i64),
+ description: if v.description.is_empty() {
+ None
+ } else {
+ Some(v.description.clone())
+ },
+ created_date: Some(v.created_date.clone()),
+ compatible_runtimes: if v.compatible_runtimes.is_empty() {
+ None
+ } else {
+ Some(v.compatible_runtimes.clone())
+ },
+ license_info: v.license_info.clone(),
+ compatible_architectures: if v.compatible_architectures.is_empty() {
+ None
+ } else {
+ Some(v.compatible_architectures.clone())
+ },
+ })
+ .collect();
- fn sample_create_input(name: &str) -> CreateFunctionInput {
- use base64::Engine;
- let zip_data = base64::engine::general_purpose::STANDARD.encode(b"PK\x03\x04fake");
- CreateFunctionInput {
- function_name: name.to_owned(),
- runtime: Some("python3.12".to_owned()),
- role: "arn:aws:iam::000000000000:role/test-role".to_owned(),
- handler: Some("index.handler".to_owned()),
- code: ruststack_lambda_model::types::FunctionCode {
- zip_file: Some(zip_data),
- ..Default::default()
- },
- ..Default::default()
- }
+ let next_marker = if start + max < versions.len() {
+ page.last()
+ .and_then(|v| v.version.map(|ver| ver.to_string()))
+ } else {
+ None
+ };
+
+ Ok(ListLayerVersionsOutput {
+ layer_versions: Some(page),
+ next_marker,
+ })
}
- #[tokio::test]
- async fn test_should_create_and_get_function() {
- let provider = test_provider();
+ /// List all layers.
+ #[must_use]
+ pub fn list_layers(&self, marker: Option<&str>, max_items: Option) -> ListLayersOutput {
+ let all = self.layer_store.list_layers();
+ let max = max_items.unwrap_or(50).min(10_000);
- let config = provider
- .create_function(sample_create_input("my-func"))
- .await
- .unwrap();
- assert_eq!(config.function_name, Some("my-func".to_owned()));
- assert_eq!(config.runtime, Some("python3.12".to_owned()));
+ let start = marker
+ .and_then(|m| all.iter().position(|r| r.name.as_str() > m))
+ .unwrap_or(0);
+
+ #[allow(clippy::cast_possible_wrap)]
+ let page: Vec = all
+ .iter()
+ .skip(start)
+ .take(max)
+ .map(|r| {
+ let latest = r
+ .versions
+ .values()
+ .next_back()
+ .map(|v| LayerVersionsListItem {
+ layer_version_arn: Some(v.layer_version_arn.clone()),
+ version: Some(v.version as i64),
+ description: if v.description.is_empty() {
+ None
+ } else {
+ Some(v.description.clone())
+ },
+ created_date: Some(v.created_date.clone()),
+ compatible_runtimes: if v.compatible_runtimes.is_empty() {
+ None
+ } else {
+ Some(v.compatible_runtimes.clone())
+ },
+ license_info: v.license_info.clone(),
+ compatible_architectures: if v.compatible_architectures.is_empty() {
+ None
+ } else {
+ Some(v.compatible_architectures.clone())
+ },
+ });
+ LayersListItem {
+ layer_name: Some(r.name.clone()),
+ layer_arn: Some(r.layer_arn.clone()),
+ latest_matching_version: latest,
+ }
+ })
+ .collect();
+
+ let next_marker = if start + max < all.len() {
+ page.last().and_then(|l| l.layer_name.clone())
+ } else {
+ None
+ };
+
+ ListLayersOutput {
+ layers: Some(page),
+ next_marker,
+ }
+ }
+
+ /// Delete a layer version.
+ pub fn delete_layer_version(
+ &self,
+ layer_name: &str,
+ version_number: u64,
+ ) -> Result<(), LambdaServiceError> {
+ // AWS silently succeeds even if the version doesn't exist.
+ let _ = self.layer_store.delete_version(layer_name, version_number);
+ info!(layer_name = %layer_name, version = %version_number, "deleted layer version");
+ Ok(())
+ }
+
+ /// Add a permission to a layer version's resource policy.
+ pub fn add_layer_version_permission(
+ &self,
+ layer_name: &str,
+ version_number: u64,
+ input: &AddLayerVersionPermissionInput,
+ ) -> Result {
+ // Validate required fields.
+ let sid = match &input.statement_id {
+ Some(s) if !s.is_empty() => s.clone(),
+ _ => {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "StatementId is required".to_owned(),
+ });
+ }
+ };
+ let action = match &input.action {
+ Some(a) if !a.is_empty() => a.clone(),
+ _ => {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "Action is required".to_owned(),
+ });
+ }
+ };
+ let principal = match &input.principal {
+ Some(p) if !p.is_empty() => p.clone(),
+ _ => {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "Principal is required".to_owned(),
+ });
+ }
+ };
+
+ let lva = layer_version_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ layer_name,
+ version_number,
+ );
+
+ let statement = PolicyStatement {
+ sid: sid.clone(),
+ effect: "Allow".to_owned(),
+ principal: principal.clone(),
+ action: action.clone(),
+ resource: lva,
+ condition: None,
+ };
+
+ let statement_json = serde_json::json!({
+ "Sid": sid,
+ "Effect": "Allow",
+ "Principal": { "Service": principal },
+ "Action": action,
+ "Resource": statement.resource,
+ });
+
+ let revision_id = self.layer_store.update_version(
+ layer_name,
+ version_number,
+ |ver| -> Result {
+ if ver.policy.statements.iter().any(|s| s.sid == sid) {
+ return Err(LambdaServiceError::ResourceConflict {
+ message: format!("The statement id ({sid}) provided already exists."),
+ });
+ }
+ ver.policy.statements.push(statement);
+ Ok(uuid::Uuid::new_v4().to_string())
+ },
+ )??;
+
+ Ok(AddLayerVersionPermissionOutput {
+ statement: Some(statement_json.to_string()),
+ revision_id: Some(revision_id),
+ })
+ }
+
+ /// Get the resource policy for a layer version.
+ pub fn get_layer_version_policy(
+ &self,
+ layer_name: &str,
+ version_number: u64,
+ ) -> Result {
+ let ver = self
+ .layer_store
+ .get_version(layer_name, version_number)
+ .ok_or(LambdaServiceError::InvalidParameter {
+ message: format!("Layer version not found: {layer_name}:{version_number}"),
+ })?;
+
+ if ver.policy.statements.is_empty() {
+ return Err(LambdaServiceError::PolicyNotFound {
+ sid: format!("{layer_name}:{version_number}"),
+ });
+ }
+
+ let statements: Vec = ver
+ .policy
+ .statements
+ .iter()
+ .map(|s| {
+ serde_json::json!({
+ "Sid": s.sid,
+ "Effect": s.effect,
+ "Principal": { "Service": s.principal },
+ "Action": s.action,
+ "Resource": s.resource,
+ })
+ })
+ .collect();
+
+ let policy = serde_json::json!({
+ "Version": "2012-10-17",
+ "Id": "default",
+ "Statement": statements,
+ });
+
+ Ok(GetLayerVersionPolicyOutput {
+ policy: Some(policy.to_string()),
+ revision_id: Some(uuid::Uuid::new_v4().to_string()),
+ })
+ }
+
+ /// Remove a permission from a layer version's resource policy.
+ pub fn remove_layer_version_permission(
+ &self,
+ layer_name: &str,
+ version_number: u64,
+ statement_id: &str,
+ ) -> Result<(), LambdaServiceError> {
+ self.layer_store.update_version(
+ layer_name,
+ version_number,
+ |ver| -> Result<(), LambdaServiceError> {
+ let initial_len = ver.policy.statements.len();
+ ver.policy.statements.retain(|s| s.sid != statement_id);
+ if ver.policy.statements.len() == initial_len {
+ return Err(LambdaServiceError::PolicyNotFound {
+ sid: statement_id.to_owned(),
+ });
+ }
+ Ok(())
+ },
+ )??;
+
+ Ok(())
+ }
+
+ // ---------------------------------------------------------------
+ // Phase 3: Event Source Mappings
+ // ---------------------------------------------------------------
+
+ /// Create an event source mapping.
+ ///
+ /// Validates the function exists, generates a UUID, and stores the mapping.
+ /// Defaults: `batch_size=10`, `enabled=true`.
+ ///
+ /// # Errors
+ ///
+ /// Returns `FunctionNotFound` if the specified function does not exist.
+ /// Returns `InvalidParameter` if `event_source_arn` is empty.
+ pub fn create_event_source_mapping(
+ &self,
+ input: &CreateEventSourceMappingInput,
+ ) -> Result {
+ if input.event_source_arn.is_empty() {
+ return Err(LambdaServiceError::InvalidParameter {
+ message: "eventSourceArn is required".to_owned(),
+ });
+ }
+
+ // Resolve function name to ARN; validates the function exists.
+ let (name, _) = resolve_function_ref(&input.function_name)?;
+ let _record = self.get_record(&name)?;
+ let func_arn = function_arn(&self.config.default_region, &self.config.account_id, &name);
+
+ let uuid = uuid::Uuid::new_v4().to_string();
+ let enabled = input.enabled.unwrap_or(true);
+ let batch_size = input.batch_size.unwrap_or(10);
+ let max_batching_window = input.maximum_batching_window_in_seconds.unwrap_or(0);
+ let state = if enabled { "Enabled" } else { "Disabled" }.to_owned();
+ let now = chrono::Utc::now().timestamp();
+
+ let esm_record = EventSourceMappingRecord {
+ uuid: uuid.clone(),
+ event_source_arn: input.event_source_arn.clone(),
+ function_arn: func_arn,
+ enabled,
+ batch_size,
+ maximum_batching_window_in_seconds: max_batching_window,
+ starting_position: input.starting_position.clone(),
+ starting_position_timestamp: input.starting_position_timestamp.clone(),
+ maximum_record_age_in_seconds: input.maximum_record_age_in_seconds,
+ bisect_batch_on_function_error: input.bisect_batch_on_function_error,
+ maximum_retry_attempts: input.maximum_retry_attempts,
+ parallelization_factor: input.parallelization_factor,
+ function_response_types: input.function_response_types.clone().unwrap_or_default(),
+ state,
+ state_transition_reason: "User action".to_owned(),
+ last_modified: now,
+ last_processing_result: "No records processed".to_owned(),
+ };
+
+ let config = Self::record_to_configuration(&esm_record);
+ self.esm_store.create(esm_record);
+
+ info!(uuid = %uuid, function_name = %name, "Created event source mapping");
+
+ Ok(config)
+ }
+
+ /// Get an event source mapping by UUID.
+ ///
+ /// # Errors
+ ///
+ /// Returns `EventSourceMappingNotFound` if the UUID does not exist.
+ pub fn get_event_source_mapping(
+ &self,
+ uuid: &str,
+ ) -> Result {
+ let record = self.esm_store.get(uuid).ok_or_else(|| {
+ LambdaServiceError::EventSourceMappingNotFound {
+ uuid: uuid.to_owned(),
+ }
+ })?;
+ Ok(Self::record_to_configuration(&record))
+ }
+
+ /// Update an event source mapping.
+ ///
+ /// # Errors
+ ///
+ /// Returns `EventSourceMappingNotFound` if the UUID does not exist.
+ /// Returns `FunctionNotFound` if a new function name is provided that does not exist.
+ pub fn update_event_source_mapping(
+ &self,
+ uuid: &str,
+ input: &UpdateEventSourceMappingInput,
+ ) -> Result {
+ // If a new function name is provided, validate it exists and resolve the ARN.
+ let new_function_arn = if let Some(ref fn_name) = input.function_name {
+ let (name, _) = resolve_function_ref(fn_name)?;
+ let _record = self.get_record(&name)?;
+ Some(function_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ &name,
+ ))
+ } else {
+ None
+ };
+
+ let now = chrono::Utc::now().timestamp();
+
+ let updated = self.esm_store.update(uuid, |record| {
+ if let Some(ref arn) = new_function_arn {
+ record.function_arn.clone_from(arn);
+ }
+ if let Some(enabled) = input.enabled {
+ record.enabled = enabled;
+ if enabled { "Enabled" } else { "Disabled" }.clone_into(&mut record.state);
+ }
+ if let Some(batch_size) = input.batch_size {
+ record.batch_size = batch_size;
+ }
+ if let Some(max_window) = input.maximum_batching_window_in_seconds {
+ record.maximum_batching_window_in_seconds = max_window;
+ }
+ if let Some(max_age) = input.maximum_record_age_in_seconds {
+ record.maximum_record_age_in_seconds = Some(max_age);
+ }
+ if let Some(bisect) = input.bisect_batch_on_function_error {
+ record.bisect_batch_on_function_error = Some(bisect);
+ }
+ if let Some(retries) = input.maximum_retry_attempts {
+ record.maximum_retry_attempts = Some(retries);
+ }
+ if let Some(factor) = input.parallelization_factor {
+ record.parallelization_factor = Some(factor);
+ }
+ if let Some(ref types) = input.function_response_types {
+ record.function_response_types.clone_from(types);
+ }
+ record.last_modified = now;
+ "User action".clone_into(&mut record.state_transition_reason);
+ Self::record_to_configuration(record)
+ })?;
+
+ info!(uuid = %uuid, "Updated event source mapping");
+
+ Ok(updated)
+ }
+
+ /// Delete an event source mapping.
+ ///
+ /// Returns the final configuration with state set to `Deleting`.
+ ///
+ /// # Errors
+ ///
+ /// Returns `EventSourceMappingNotFound` if the UUID does not exist.
+ pub fn delete_event_source_mapping(
+ &self,
+ uuid: &str,
+ ) -> Result {
+ let record = self.esm_store.delete(uuid).ok_or_else(|| {
+ LambdaServiceError::EventSourceMappingNotFound {
+ uuid: uuid.to_owned(),
+ }
+ })?;
+
+ info!(uuid = %uuid, "Deleted event source mapping");
+
+ let mut config = Self::record_to_configuration(&record);
+ config.state = Some("Deleting".to_owned());
+ Ok(config)
+ }
+
+ /// List event source mappings with optional filters and pagination.
+ ///
+ /// Supports filtering by `function_name` and `event_source_arn`.
+ #[must_use]
+ pub fn list_event_source_mappings(
+ &self,
+ function_name: Option<&str>,
+ event_source_arn: Option<&str>,
+ marker: Option<&str>,
+ max_items: Option,
+ ) -> ListEventSourceMappingsOutput {
+ let all = self.esm_store.list(function_name, event_source_arn);
+ let max = max_items.unwrap_or(100);
+
+ // Find start index from marker.
+ let start = marker
+ .and_then(|m| all.iter().position(|r| r.uuid == m))
+ .map_or(0, |pos| pos + 1);
+
+ let page: Vec = all
+ .iter()
+ .skip(start)
+ .take(max)
+ .map(Self::record_to_configuration)
+ .collect();
+
+ let next_marker = if start + max < all.len() {
+ all.get(start + max - 1).map(|r| r.uuid.clone())
+ } else {
+ None
+ };
+
+ ListEventSourceMappingsOutput {
+ event_source_mappings: Some(page),
+ next_marker,
+ }
+ }
+
+ /// Convert an `EventSourceMappingRecord` to an `EventSourceMappingConfiguration`.
+ fn record_to_configuration(
+ record: &EventSourceMappingRecord,
+ ) -> EventSourceMappingConfiguration {
+ #[allow(clippy::cast_precision_loss)]
+ let last_modified_f64 = record.last_modified as f64;
+
+ EventSourceMappingConfiguration {
+ uuid: Some(record.uuid.clone()),
+ event_source_arn: Some(record.event_source_arn.clone()),
+ function_arn: Some(record.function_arn.clone()),
+ state: Some(record.state.clone()),
+ state_transition_reason: Some(record.state_transition_reason.clone()),
+ last_modified: Some(last_modified_f64),
+ last_processing_result: Some(record.last_processing_result.clone()),
+ batch_size: Some(record.batch_size),
+ maximum_batching_window_in_seconds: Some(record.maximum_batching_window_in_seconds),
+ starting_position: record.starting_position.clone(),
+ starting_position_timestamp: record.starting_position_timestamp.clone(),
+ maximum_record_age_in_seconds: record.maximum_record_age_in_seconds,
+ bisect_batch_on_function_error: record.bisect_batch_on_function_error,
+ maximum_retry_attempts: record.maximum_retry_attempts,
+ parallelization_factor: record.parallelization_factor,
+ function_response_types: if record.function_response_types.is_empty() {
+ None
+ } else {
+ Some(record.function_response_types.clone())
+ },
+ }
+ }
+
+ // ---------------------------------------------------------------
+ // Internal helpers
+ // ---------------------------------------------------------------
+
+ /// Build a `PublishLayerVersionOutput` from a `LayerVersionRecord`.
+ #[allow(clippy::cast_possible_wrap)]
+ fn build_layer_version_output(ver: &LayerVersionRecord) -> PublishLayerVersionOutput {
+ PublishLayerVersionOutput {
+ content: Some(LayerVersionContentOutput {
+ code_sha256: Some(ver.code_sha256.clone()),
+ code_size: Some(ver.code_size as i64),
+ ..Default::default()
+ }),
+ layer_arn: Some(ver.layer_arn.clone()),
+ layer_version_arn: Some(ver.layer_version_arn.clone()),
+ description: if ver.description.is_empty() {
+ None
+ } else {
+ Some(ver.description.clone())
+ },
+ created_date: Some(ver.created_date.clone()),
+ version: Some(ver.version as i64),
+ compatible_runtimes: if ver.compatible_runtimes.is_empty() {
+ None
+ } else {
+ Some(ver.compatible_runtimes.clone())
+ },
+ license_info: ver.license_info.clone(),
+ compatible_architectures: if ver.compatible_architectures.is_empty() {
+ None
+ } else {
+ Some(ver.compatible_architectures.clone())
+ },
+ }
+ }
+
+ // -----------------------------------------------------------------
+ // Phase 6: Concurrency
+ // -----------------------------------------------------------------
+
+ /// Put (set) reserved concurrency for a function.
+ pub fn put_function_concurrency(
+ &self,
+ function_ref: &str,
+ reserved: i32,
+ ) -> Result {
+ let (name, _) = resolve_function_ref(function_ref)?;
+ let _ = self.get_record(&name)?;
+
+ self.store.update(&name, |rec| {
+ rec.reserved_concurrent_executions = Some(reserved);
+ })?;
+
+ Ok(Concurrency {
+ reserved_concurrent_executions: Some(reserved),
+ })
+ }
+
+ /// Get reserved concurrency for a function.
+ pub fn get_function_concurrency(
+ &self,
+ function_ref: &str,
+ ) -> Result {
+ let (name, _) = resolve_function_ref(function_ref)?;
+ let record = self.get_record(&name)?;
+ Ok(Concurrency {
+ reserved_concurrent_executions: record.reserved_concurrent_executions,
+ })
+ }
+
+ /// Delete reserved concurrency for a function.
+ pub fn delete_function_concurrency(
+ &self,
+ function_ref: &str,
+ ) -> Result<(), LambdaServiceError> {
+ let (name, _) = resolve_function_ref(function_ref)?;
+ let _ = self.get_record(&name)?;
+ self.store.update(&name, |rec| {
+ rec.reserved_concurrent_executions = None;
+ })?;
+ Ok(())
+ }
+
+ // -----------------------------------------------------------------
+ // Phase 6: Event Invoke Config
+ // -----------------------------------------------------------------
+
+ /// Put (create/replace) an event invoke config for a function qualifier.
+ pub fn put_function_event_invoke_config(
+ &self,
+ function_ref: &str,
+ qualifier: Option<&str>,
+ input: &EventInvokeConfigInput,
+ ) -> Result {
+ let (name, ref_qualifier) = resolve_function_ref(function_ref)?;
+ let qualifier = qualifier.or(ref_qualifier.as_deref()).unwrap_or("$LATEST");
+ let record = self.get_record(&name)?;
+ let fn_arn = self.build_qualified_arn(&name, qualifier);
+ let now = chrono::Utc::now();
+ let now_iso = now.format("%Y-%m-%dT%H:%M:%S%.3f%z").to_string();
+ let epoch_millis = millis_to_f64(now.timestamp_millis());
+
+ let config_record = EventInvokeConfigRecord {
+ function_arn: fn_arn.clone(),
+ qualifier: qualifier.to_owned(),
+ maximum_retry_attempts: input.maximum_retry_attempts,
+ maximum_event_age_in_seconds: input.maximum_event_age_in_seconds,
+ last_modified: now_iso,
+ destination_config: input.destination_config.clone(),
+ };
+
+ drop(record);
+ self.store.update(&name, |rec| {
+ rec.event_invoke_configs
+ .insert(qualifier.to_owned(), config_record.clone());
+ })?;
+
+ Ok(build_event_invoke_config(&config_record, epoch_millis))
+ }
+
+ /// Get an event invoke config for a function qualifier.
+ pub fn get_function_event_invoke_config(
+ &self,
+ function_ref: &str,
+ qualifier: Option<&str>,
+ ) -> Result {
+ let (name, ref_qualifier) = resolve_function_ref(function_ref)?;
+ let qualifier = qualifier.or(ref_qualifier.as_deref()).unwrap_or("$LATEST");
+ let record = self.get_record(&name)?;
+
+ let config_record = record.event_invoke_configs.get(qualifier).ok_or_else(|| {
+ LambdaServiceError::EventInvokeConfigNotFound {
+ function_name: name.clone(),
+ qualifier: qualifier.to_owned(),
+ }
+ })?;
+
+ let epoch_millis = parse_epoch_millis(&config_record.last_modified);
+
+ Ok(build_event_invoke_config(config_record, epoch_millis))
+ }
+
+ /// Update (merge) an event invoke config for a function qualifier.
+ pub fn update_function_event_invoke_config(
+ &self,
+ function_ref: &str,
+ qualifier: Option<&str>,
+ input: &EventInvokeConfigInput,
+ ) -> Result {
+ let (name, ref_qualifier) = resolve_function_ref(function_ref)?;
+ let qualifier = qualifier.or(ref_qualifier.as_deref()).unwrap_or("$LATEST");
+ let _ = self.get_record(&name)?;
+ let fn_arn = self.build_qualified_arn(&name, qualifier);
+ let now = chrono::Utc::now();
+ let now_iso = now.format("%Y-%m-%dT%H:%M:%S%.3f%z").to_string();
+ let epoch_millis = millis_to_f64(now.timestamp_millis());
+
+ let result = self.store.update(&name, |rec| {
+ let entry = rec
+ .event_invoke_configs
+ .entry(qualifier.to_owned())
+ .or_insert_with(|| EventInvokeConfigRecord {
+ function_arn: fn_arn.clone(),
+ qualifier: qualifier.to_owned(),
+ maximum_retry_attempts: None,
+ maximum_event_age_in_seconds: None,
+ last_modified: now_iso.clone(),
+ destination_config: None,
+ });
+
+ if let Some(v) = input.maximum_retry_attempts {
+ entry.maximum_retry_attempts = Some(v);
+ }
+ if let Some(v) = input.maximum_event_age_in_seconds {
+ entry.maximum_event_age_in_seconds = Some(v);
+ }
+ if let Some(ref dc) = input.destination_config {
+ entry.destination_config = Some(dc.clone());
+ }
+ entry.last_modified.clone_from(&now_iso);
+ entry.clone()
+ })?;
+
+ Ok(build_event_invoke_config(&result, epoch_millis))
+ }
+
+ /// Delete an event invoke config for a function qualifier.
+ pub fn delete_function_event_invoke_config(
+ &self,
+ function_ref: &str,
+ qualifier: Option<&str>,
+ ) -> Result<(), LambdaServiceError> {
+ let (name, ref_qualifier) = resolve_function_ref(function_ref)?;
+ let qualifier = qualifier.or(ref_qualifier.as_deref()).unwrap_or("$LATEST");
+ let _ = self.get_record(&name)?;
+
+ self.store.update(&name, |rec| {
+ rec.event_invoke_configs.remove(qualifier);
+ })?;
+ Ok(())
+ }
+
+ /// List all event invoke configs for a function.
+ pub fn list_function_event_invoke_configs(
+ &self,
+ function_ref: &str,
+ ) -> Result, LambdaServiceError> {
+ let (name, _) = resolve_function_ref(function_ref)?;
+ let record = self.get_record(&name)?;
+
+ let configs: Vec = record
+ .event_invoke_configs
+ .values()
+ .map(|cr| {
+ let epoch_millis = parse_epoch_millis(&cr.last_modified);
+ build_event_invoke_config(cr, epoch_millis)
+ })
+ .collect();
+
+ Ok(configs)
+ }
+
+ /// Build a qualified ARN for a function + qualifier.
+ fn build_qualified_arn(&self, function_name: &str, qualifier: &str) -> String {
+ function_version_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ function_name,
+ qualifier,
+ )
+ }
+
+ /// Get a function record by name, returning `FunctionNotFound` if absent.
+ fn get_record(&self, name: &str) -> Result {
+ self.store
+ .get(name)
+ .ok_or(LambdaServiceError::FunctionNotFound {
+ name: name.to_owned(),
+ })
+ }
+
+ /// Process code input (zip or image URI), returning code metadata.
+ async fn process_code(
+ &self,
+ function_name: &str,
+ version: &str,
+ zip_file_b64: Option<&str>,
+ image_uri: Option<&str>,
+ ) -> Result<
+ (
+ String,
+ u64,
+ Option,
+ Option,
+ Option,
+ ),
+ LambdaServiceError,
+ > {
+ if let Some(b64) = zip_file_b64 {
+ use base64::Engine;
+ let zip_bytes = base64::engine::general_purpose::STANDARD
+ .decode(b64)
+ .map_err(|e| LambdaServiceError::InvalidZipFile {
+ message: format!("Invalid base64 encoding: {e}"),
+ })?;
+
+ let (code_path, sha256, size) = self
+ .store
+ .store_zip_code(function_name, version, &zip_bytes)
+ .await?;
+
+ Ok((
+ sha256,
+ size,
+ Some(Bytes::from(zip_bytes)),
+ Some(code_path),
+ None,
+ ))
+ } else if let Some(uri) = image_uri {
+ let sha256 = compute_sha256(uri.as_bytes());
+ Ok((sha256, 0, None, None, Some(uri.to_owned())))
+ } else {
+ // No code provided - use empty hash.
+ let sha256 = compute_sha256(b"");
+ Ok((sha256, 0, None, None, None))
+ }
+ }
+
+ /// Build a `FunctionConfiguration` from internal records.
+ fn build_function_configuration(
+ &self,
+ record: &FunctionRecord,
+ version: &VersionRecord,
+ ) -> FunctionConfiguration {
+ let arn = if version.version == "$LATEST" {
+ record.arn.clone()
+ } else {
+ function_version_arn(
+ &self.config.default_region,
+ &self.config.account_id,
+ &record.name,
+ &version.version,
+ )
+ };
+
+ let env_response = if version.environment.is_empty() {
+ None
+ } else {
+ Some(EnvironmentResponse {
+ variables: Some(version.environment.clone()),
+ error: None,
+ })
+ };
+
+ let vpc_response = version.vpc_config.as_ref().map(|vpc| VpcConfigResponse {
+ subnet_ids: vpc.subnet_ids.clone(),
+ security_group_ids: vpc.security_group_ids.clone(),
+ vpc_id: None,
+ });
+
+ let tracing_response = version
+ .tracing_config
+ .as_ref()
+ .map(|tc| TracingConfigResponse {
+ mode: tc.mode.clone(),
+ });
+
+ let layers = if version.layers.is_empty() {
+ None
+ } else {
+ Some(
+ version
+ .layers
+ .iter()
+ .map(|l| Layer {
+ arn: Some(l.clone()),
+ code_size: None,
+ signing_profile_version_arn: None,
+ signing_job_arn: None,
+ })
+ .collect(),
+ )
+ };
+
+ let image_config_response = version.image_config.as_ref().map(|ic| ImageConfigResponse {
+ image_config: Some(ic.clone()),
+ error: None,
+ });
+
+ let snap_start_response = version.snap_start.as_ref().map(|ss| SnapStartResponse {
+ apply_on: ss.apply_on.clone(),
+ optimization_status: Some("Off".to_owned()),
+ });
+
+ FunctionConfiguration {
+ function_name: Some(record.name.clone()),
+ function_arn: Some(arn),
+ runtime: version.runtime.clone(),
+ role: Some(version.role.clone()),
+ handler: version.handler.clone(),
+ #[allow(clippy::cast_possible_wrap)]
+ code_size: Some(version.code_size as i64),
+ description: if version.description.is_empty() {
+ None
+ } else {
+ Some(version.description.clone())
+ },
+ timeout: Some(version.timeout),
+ memory_size: Some(version.memory_size),
+ last_modified: Some(version.last_modified.clone()),
+ code_sha256: Some(version.code_sha256.clone()),
+ version: Some(version.version.clone()),
+ environment: env_response,
+ vpc_config: vpc_response,
+ dead_letter_config: version.dead_letter_config.clone(),
+ tracing_config: tracing_response,
+ revision_id: Some(version.revision_id.clone()),
+ layers,
+ state: Some(version.state.clone()),
+ state_reason: None,
+ state_reason_code: None,
+ package_type: Some(version.package_type.clone()),
+ architectures: Some(version.architectures.clone()),
+ ephemeral_storage: Some(EphemeralStorage {
+ size: version.ephemeral_storage_size,
+ }),
+ logging_config: version.logging_config.clone(),
+ snap_start: snap_start_response,
+ image_config_response,
+ last_update_status: Some("Successful".to_owned()),
+ last_update_status_reason: None,
+ last_update_status_reason_code: None,
+ }
+ }
+
+ /// Extract function name from a Lambda function ARN.
+ fn extract_function_name_from_arn(arn: &str) -> Result {
+ // Try ARN parsing first.
+ if arn.starts_with("arn:") {
+ let (name, _) = resolve_function_ref(arn)?;
+ return Ok(name);
+ }
+ // If it's not an ARN, treat it as a function name.
+ Ok(arn.to_owned())
+ }
+}
+
+/// Get current time in ISO 8601 format matching AWS Lambda conventions.
+fn now_iso8601() -> String {
+ chrono::Utc::now()
+ .format("%Y-%m-%dT%H:%M:%S%.3f+0000")
+ .to_string()
+}
+
+/// Convert an `i64` millis timestamp to `f64` for the API response.
+///
+/// The AWS Lambda API returns `LastModified` as epoch milliseconds in a float.
+/// Precision loss is acceptable since timestamps fit well within f64 mantissa range
+/// for any reasonable date (up to year ~285,000).
+#[allow(clippy::cast_precision_loss)]
+fn millis_to_f64(millis: i64) -> f64 {
+ millis as f64
+}
+
+/// Parse an ISO 8601 timestamp string into epoch millis as `f64`.
+fn parse_epoch_millis(iso: &str) -> f64 {
+ chrono::DateTime::parse_from_str(iso, "%Y-%m-%dT%H:%M:%S%.3f%z")
+ .map(|dt| millis_to_f64(dt.timestamp_millis()))
+ .unwrap_or(0.0)
+}
+
+/// Convert an `EventInvokeConfigRecord` to the output type.
+fn build_event_invoke_config(
+ record: &EventInvokeConfigRecord,
+ epoch_millis: f64,
+) -> FunctionEventInvokeConfig {
+ FunctionEventInvokeConfig {
+ function_arn: Some(record.function_arn.clone()),
+ maximum_retry_attempts: record.maximum_retry_attempts,
+ maximum_event_age_in_seconds: record.maximum_event_age_in_seconds,
+ last_modified: Some(epoch_millis),
+ destination_config: record.destination_config.clone(),
+ }
+}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ fn test_provider() -> RustStackLambda {
+ let tmp = tempfile::tempdir().unwrap();
+ let store = FunctionStore::new(tmp.path());
+ let config = LambdaConfig::default();
+ RustStackLambda::with_store(store, config)
+ }
+
+ fn sample_create_input(name: &str) -> CreateFunctionInput {
+ use base64::Engine;
+ let zip_data = base64::engine::general_purpose::STANDARD.encode(b"PK\x03\x04fake");
+ CreateFunctionInput {
+ function_name: name.to_owned(),
+ runtime: Some("python3.12".to_owned()),
+ role: "arn:aws:iam::000000000000:role/test-role".to_owned(),
+ handler: Some("index.handler".to_owned()),
+ code: ruststack_lambda_model::types::FunctionCode {
+ zip_file: Some(zip_data),
+ ..Default::default()
+ },
+ ..Default::default()
+ }
+ }
+
+ #[tokio::test]
+ async fn test_should_create_and_get_function() {
+ let provider = test_provider();
+
+ let config = provider
+ .create_function(sample_create_input("my-func"))
+ .await
+ .unwrap();
+ assert_eq!(config.function_name, Some("my-func".to_owned()));
+ assert_eq!(config.runtime, Some("python3.12".to_owned()));
assert_eq!(config.state, Some("Active".to_owned()));
let output = provider.get_function("my-func", None).unwrap();
@@ -1886,6 +2827,206 @@ mod tests {
assert!(matches!(err, LambdaServiceError::ResourceConflict { .. }));
}
+ // ---- Layer operation tests ----
+
+ #[test]
+ fn test_should_publish_and_get_layer_version() {
+ use base64::Engine;
+ let provider = test_provider();
+ let zip_data = base64::engine::general_purpose::STANDARD.encode(b"PK\x03\x04layer");
+ let input = PublishLayerVersionInput {
+ description: Some("Test layer".to_owned()),
+ content: Some(ruststack_lambda_model::types::LayerVersionContentInput {
+ zip_file: Some(zip_data),
+ ..Default::default()
+ }),
+ compatible_runtimes: Some(vec!["python3.12".to_owned()]),
+ ..Default::default()
+ };
+
+ let output = provider.publish_layer_version("my-layer", &input).unwrap();
+ assert_eq!(output.version, Some(1));
+ assert_eq!(output.description, Some("Test layer".to_owned()));
+ assert!(
+ output
+ .layer_arn
+ .as_ref()
+ .unwrap()
+ .contains("layer:my-layer")
+ );
+ assert!(
+ output
+ .layer_version_arn
+ .as_ref()
+ .unwrap()
+ .contains("layer:my-layer:1")
+ );
+
+ // Get the layer version.
+ let get_output = provider.get_layer_version("my-layer", 1).unwrap();
+ assert_eq!(get_output.version, Some(1));
+ assert_eq!(get_output.description, Some("Test layer".to_owned()));
+ }
+
+ #[test]
+ fn test_should_publish_multiple_layer_versions() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+
+ let v1 = provider.publish_layer_version("my-layer", &input).unwrap();
+ let v2 = provider.publish_layer_version("my-layer", &input).unwrap();
+
+ assert_eq!(v1.version, Some(1));
+ assert_eq!(v2.version, Some(2));
+ }
+
+ #[test]
+ fn test_should_list_layer_versions() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+
+ provider.publish_layer_version("my-layer", &input).unwrap();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ let output = provider
+ .list_layer_versions("my-layer", None, None)
+ .unwrap();
+ assert_eq!(output.layer_versions.as_ref().unwrap().len(), 3);
+ }
+
+ #[test]
+ fn test_should_list_layers() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+
+ provider
+ .publish_layer_version("alpha-layer", &input)
+ .unwrap();
+ provider
+ .publish_layer_version("bravo-layer", &input)
+ .unwrap();
+
+ let output = provider.list_layers(None, None);
+ let layers = output.layers.as_ref().unwrap();
+ assert_eq!(layers.len(), 2);
+ assert_eq!(layers[0].layer_name, Some("alpha-layer".to_owned()),);
+ assert_eq!(layers[1].layer_name, Some("bravo-layer".to_owned()),);
+ }
+
+ #[test]
+ fn test_should_delete_layer_version() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+
+ provider.publish_layer_version("my-layer", &input).unwrap();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ provider.delete_layer_version("my-layer", 1).unwrap();
+
+ // Version 1 should be gone.
+ let err = provider.get_layer_version("my-layer", 1);
+ assert!(err.is_err());
+
+ // Version 2 should still exist.
+ let output = provider.get_layer_version("my-layer", 2).unwrap();
+ assert_eq!(output.version, Some(2));
+ }
+
+ #[test]
+ fn test_should_delete_nonexistent_layer_version_silently() {
+ let provider = test_provider();
+ // Should not error even if layer doesn't exist.
+ provider.delete_layer_version("nonexistent", 99).unwrap();
+ }
+
+ #[test]
+ fn test_should_add_and_get_layer_version_policy() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ let perm_input = AddLayerVersionPermissionInput {
+ statement_id: Some("stmt-1".to_owned()),
+ action: Some("lambda:GetLayerVersion".to_owned()),
+ principal: Some("*".to_owned()),
+ ..Default::default()
+ };
+ let output = provider
+ .add_layer_version_permission("my-layer", 1, &perm_input)
+ .unwrap();
+ assert!(output.statement.is_some());
+
+ let policy = provider.get_layer_version_policy("my-layer", 1).unwrap();
+ assert!(policy.policy.as_ref().unwrap().contains("stmt-1"));
+ }
+
+ #[test]
+ fn test_should_reject_duplicate_layer_permission_sid() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ let perm_input = AddLayerVersionPermissionInput {
+ statement_id: Some("stmt-1".to_owned()),
+ action: Some("lambda:GetLayerVersion".to_owned()),
+ principal: Some("*".to_owned()),
+ ..Default::default()
+ };
+ provider
+ .add_layer_version_permission("my-layer", 1, &perm_input)
+ .unwrap();
+
+ let err = provider
+ .add_layer_version_permission("my-layer", 1, &perm_input)
+ .unwrap_err();
+ assert!(matches!(err, LambdaServiceError::ResourceConflict { .. }));
+ }
+
+ #[test]
+ fn test_should_remove_layer_version_permission() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ let perm_input = AddLayerVersionPermissionInput {
+ statement_id: Some("stmt-1".to_owned()),
+ action: Some("lambda:GetLayerVersion".to_owned()),
+ principal: Some("*".to_owned()),
+ ..Default::default()
+ };
+ provider
+ .add_layer_version_permission("my-layer", 1, &perm_input)
+ .unwrap();
+
+ provider
+ .remove_layer_version_permission("my-layer", 1, "stmt-1")
+ .unwrap();
+
+ // Policy should now be empty.
+ let err = provider.get_layer_version_policy("my-layer", 1);
+ assert!(err.is_err());
+ }
+
+ #[test]
+ fn test_should_get_layer_version_by_arn() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+ provider.publish_layer_version("my-layer", &input).unwrap();
+
+ let arn = "arn:aws:lambda:us-east-1:000000000000:layer:my-layer:1";
+ let output = provider.get_layer_version_by_arn(arn).unwrap();
+ assert_eq!(output.version, Some(1));
+ }
+
+ #[test]
+ fn test_should_error_on_empty_layer_name() {
+ let provider = test_provider();
+ let input = PublishLayerVersionInput::default();
+ let err = provider.publish_layer_version("", &input).unwrap_err();
+ assert!(matches!(err, LambdaServiceError::InvalidParameter { .. }));
+ }
+
#[tokio::test]
async fn test_should_generate_local_function_url() {
let provider = test_provider();
@@ -1936,4 +3077,235 @@ mod tests {
.unwrap();
assert_eq!(output2.versions.as_ref().unwrap().len(), 2);
}
+
+ // ---- Event Source Mapping tests ----
+
+ fn sample_esm_input() -> CreateEventSourceMappingInput {
+ CreateEventSourceMappingInput {
+ event_source_arn: "arn:aws:sqs:us-east-1:000000000000:my-queue".to_owned(),
+ function_name: "my-func".to_owned(),
+ ..Default::default()
+ }
+ }
+
+ #[tokio::test]
+ async fn test_should_create_event_source_mapping() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ let config = provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+
+ assert!(config.uuid.is_some());
+ assert_eq!(
+ config.event_source_arn.as_deref(),
+ Some("arn:aws:sqs:us-east-1:000000000000:my-queue")
+ );
+ assert!(config.function_arn.is_some());
+ assert_eq!(config.state.as_deref(), Some("Enabled"));
+ assert_eq!(config.batch_size, Some(10));
+ assert_eq!(config.maximum_batching_window_in_seconds, Some(0));
+ }
+
+ #[tokio::test]
+ async fn test_should_create_esm_disabled() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ let mut input = sample_esm_input();
+ input.enabled = Some(false);
+ input.batch_size = Some(50);
+
+ let config = provider.create_event_source_mapping(&input).unwrap();
+ assert_eq!(config.state.as_deref(), Some("Disabled"));
+ assert_eq!(config.batch_size, Some(50));
+ }
+
+ #[tokio::test]
+ async fn test_should_reject_esm_for_nonexistent_function() {
+ let provider = test_provider();
+ let err = provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap_err();
+ assert!(matches!(err, LambdaServiceError::FunctionNotFound { .. }));
+ }
+
+ #[test]
+ fn test_should_reject_esm_with_empty_event_source_arn() {
+ let provider = test_provider();
+ let input = CreateEventSourceMappingInput {
+ event_source_arn: String::new(),
+ function_name: "my-func".to_owned(),
+ ..Default::default()
+ };
+ let err = provider.create_event_source_mapping(&input).unwrap_err();
+ assert!(matches!(err, LambdaServiceError::InvalidParameter { .. }));
+ }
+
+ #[tokio::test]
+ async fn test_should_get_event_source_mapping() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ let created = provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+ let uuid = created.uuid.as_ref().unwrap();
+
+ let retrieved = provider.get_event_source_mapping(uuid).unwrap();
+ assert_eq!(retrieved.uuid.as_deref(), Some(uuid.as_str()));
+ assert_eq!(retrieved.batch_size, Some(10));
+ }
+
+ #[test]
+ fn test_should_error_on_get_nonexistent_esm() {
+ let provider = test_provider();
+ let err = provider
+ .get_event_source_mapping("no-such-uuid")
+ .unwrap_err();
+ assert!(matches!(
+ err,
+ LambdaServiceError::EventSourceMappingNotFound { .. }
+ ));
+ }
+
+ #[tokio::test]
+ async fn test_should_update_event_source_mapping() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ let created = provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+ let uuid = created.uuid.as_ref().unwrap();
+
+ let update_input = UpdateEventSourceMappingInput {
+ batch_size: Some(100),
+ enabled: Some(false),
+ maximum_retry_attempts: Some(3),
+ ..Default::default()
+ };
+
+ let updated = provider
+ .update_event_source_mapping(uuid, &update_input)
+ .unwrap();
+ assert_eq!(updated.batch_size, Some(100));
+ assert_eq!(updated.state.as_deref(), Some("Disabled"));
+ assert_eq!(updated.maximum_retry_attempts, Some(3));
+ }
+
+ #[test]
+ fn test_should_error_on_update_nonexistent_esm() {
+ let provider = test_provider();
+ let input = UpdateEventSourceMappingInput::default();
+ let err = provider
+ .update_event_source_mapping("no-such-uuid", &input)
+ .unwrap_err();
+ assert!(matches!(
+ err,
+ LambdaServiceError::EventSourceMappingNotFound { .. }
+ ));
+ }
+
+ #[tokio::test]
+ async fn test_should_delete_event_source_mapping() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ let created = provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+ let uuid = created.uuid.as_ref().unwrap();
+
+ let deleted = provider.delete_event_source_mapping(uuid).unwrap();
+ assert_eq!(deleted.state.as_deref(), Some("Deleting"));
+
+ // Should no longer be findable.
+ let err = provider.get_event_source_mapping(uuid).unwrap_err();
+ assert!(matches!(
+ err,
+ LambdaServiceError::EventSourceMappingNotFound { .. }
+ ));
+ }
+
+ #[test]
+ fn test_should_error_on_delete_nonexistent_esm() {
+ let provider = test_provider();
+ let err = provider
+ .delete_event_source_mapping("no-such-uuid")
+ .unwrap_err();
+ assert!(matches!(
+ err,
+ LambdaServiceError::EventSourceMappingNotFound { .. }
+ ));
+ }
+
+ #[tokio::test]
+ async fn test_should_list_event_source_mappings() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ // Create 3 mappings.
+ for _ in 0..3 {
+ provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+ }
+
+ let output = provider.list_event_source_mappings(None, None, None, None);
+ assert_eq!(output.event_source_mappings.as_ref().unwrap().len(), 3);
+ }
+
+ #[tokio::test]
+ async fn test_should_list_esm_with_function_filter() {
+ let provider = test_provider();
+ create_test_function(&provider, "func-a").await;
+ create_test_function(&provider, "func-b").await;
+
+ let input_a = CreateEventSourceMappingInput {
+ event_source_arn: "arn:aws:sqs:us-east-1:000000000000:queue".to_owned(),
+ function_name: "func-a".to_owned(),
+ ..Default::default()
+ };
+ let input_b = CreateEventSourceMappingInput {
+ event_source_arn: "arn:aws:sqs:us-east-1:000000000000:queue".to_owned(),
+ function_name: "func-b".to_owned(),
+ ..Default::default()
+ };
+
+ provider.create_event_source_mapping(&input_a).unwrap();
+ provider.create_event_source_mapping(&input_b).unwrap();
+
+ let output = provider.list_event_source_mappings(Some("func-a"), None, None, None);
+ assert_eq!(output.event_source_mappings.as_ref().unwrap().len(), 1);
+ }
+
+ #[tokio::test]
+ async fn test_should_list_esm_with_pagination() {
+ let provider = test_provider();
+ create_test_function(&provider, "my-func").await;
+
+ for _ in 0..5 {
+ provider
+ .create_event_source_mapping(&sample_esm_input())
+ .unwrap();
+ }
+
+ let page1 = provider.list_event_source_mappings(None, None, None, Some(2));
+ assert_eq!(page1.event_source_mappings.as_ref().unwrap().len(), 2);
+ assert!(page1.next_marker.is_some());
+
+ let page2 =
+ provider.list_event_source_mappings(None, None, page1.next_marker.as_deref(), Some(2));
+ assert_eq!(page2.event_source_mappings.as_ref().unwrap().len(), 2);
+ }
+
+ /// Helper to create a test function for ESM tests.
+ async fn create_test_function(provider: &RustStackLambda, name: &str) {
+ provider
+ .create_function(sample_create_input(name))
+ .await
+ .unwrap();
+ }
}
diff --git a/crates/ruststack-lambda-core/src/resolver.rs b/crates/ruststack-lambda-core/src/resolver.rs
index 321814b..fa60815 100644
--- a/crates/ruststack-lambda-core/src/resolver.rs
+++ b/crates/ruststack-lambda-core/src/resolver.rs
@@ -6,8 +6,10 @@
//! - Full ARN: `arn:aws:lambda:us-east-1:123456789012:function:my-function`
//! - Qualified ARN: `arn:aws:lambda:us-east-1:123456789012:function:my-function:qualifier`
-use crate::error::LambdaServiceError;
-use crate::storage::{FunctionRecord, VersionRecord};
+use crate::{
+ error::LambdaServiceError,
+ storage::{FunctionRecord, VersionRecord},
+};
/// Parse a function reference into `(function_name, optional_qualifier)`.
///
@@ -146,6 +148,48 @@ pub fn alias_arn(region: &str, account_id: &str, function_name: &str, alias: &st
format!("arn:aws:lambda:{region}:{account_id}:function:{function_name}:{alias}")
}
+/// Construct a layer ARN (without version).
+///
+/// Format: `arn:aws:lambda:{region}:{account_id}:layer:{layer_name}`
+#[must_use]
+pub fn layer_arn(region: &str, account_id: &str, layer_name: &str) -> String {
+ format!("arn:aws:lambda:{region}:{account_id}:layer:{layer_name}")
+}
+
+/// Construct a layer version ARN.
+///
+/// Format: `arn:aws:lambda:{region}:{account_id}:layer:{layer_name}:{version}`
+#[must_use]
+pub fn layer_version_arn(region: &str, account_id: &str, layer_name: &str, version: u64) -> String {
+ format!("arn:aws:lambda:{region}:{account_id}:layer:{layer_name}:{version}")
+}
+
+/// Parse a layer version ARN into `(layer_name, version)`.
+///
+/// Format: `arn:aws:lambda:{region}:{account}:layer:{name}:{version}`
+///
+/// # Errors
+///
+/// Returns `InvalidArn` if the ARN cannot be parsed.
+pub fn parse_layer_version_arn(arn: &str) -> Result<(String, u64), LambdaServiceError> {
+ let parts: Vec<&str> = arn.split(':').collect();
+ // Expected: arn:aws:lambda:region:account:layer:name:version = 8 parts
+ if parts.len() < 8 || parts[0] != "arn" || parts[2] != "lambda" || parts[5] != "layer" {
+ return Err(LambdaServiceError::InvalidArn {
+ arn: arn.to_owned(),
+ });
+ }
+
+ let name = parts[6].to_owned();
+ let version: u64 = parts[7]
+ .parse()
+ .map_err(|_| LambdaServiceError::InvalidArn {
+ arn: arn.to_owned(),
+ })?;
+
+ Ok((name, version))
+}
+
#[cfg(test)]
mod tests {
use std::collections::{BTreeMap, HashMap};
@@ -210,6 +254,8 @@ mod tests {
policy: PolicyDocument::default(),
tags: HashMap::new(),
url_config: None,
+ reserved_concurrent_executions: None,
+ event_invoke_configs: HashMap::new(),
created_at: "2024-01-01T00:00:00.000+0000".to_owned(),
}
}
@@ -336,4 +382,45 @@ mod tests {
"arn:aws:lambda:us-east-1:123456789012:function:my-func:prod"
);
}
+
+ // ---- Layer ARN tests ----
+
+ #[test]
+ fn test_should_build_layer_arn() {
+ assert_eq!(
+ layer_arn("us-east-1", "123456789012", "my-layer"),
+ "arn:aws:lambda:us-east-1:123456789012:layer:my-layer"
+ );
+ }
+
+ #[test]
+ fn test_should_build_layer_version_arn() {
+ assert_eq!(
+ layer_version_arn("us-east-1", "123456789012", "my-layer", 3),
+ "arn:aws:lambda:us-east-1:123456789012:layer:my-layer:3"
+ );
+ }
+
+ #[test]
+ fn test_should_parse_layer_version_arn_valid() {
+ let (name, version) =
+ parse_layer_version_arn("arn:aws:lambda:us-east-1:123456789012:layer:my-layer:5")
+ .unwrap();
+ assert_eq!(name, "my-layer");
+ assert_eq!(version, 5);
+ }
+
+ #[test]
+ fn test_should_error_on_invalid_layer_arn() {
+ let err = parse_layer_version_arn("arn:invalid:stuff").unwrap_err();
+ assert!(matches!(err, LambdaServiceError::InvalidArn { .. }));
+ }
+
+ #[test]
+ fn test_should_error_on_non_numeric_layer_version() {
+ let err =
+ parse_layer_version_arn("arn:aws:lambda:us-east-1:123456789012:layer:my-layer:abc")
+ .unwrap_err();
+ assert!(matches!(err, LambdaServiceError::InvalidArn { .. }));
+ }
}
diff --git a/crates/ruststack-lambda-core/src/storage.rs b/crates/ruststack-lambda-core/src/storage.rs
index 23b524c..6f7bafb 100644
--- a/crates/ruststack-lambda-core/src/storage.rs
+++ b/crates/ruststack-lambda-core/src/storage.rs
@@ -4,16 +4,18 @@
//! and function URL configurations. Code is stored as raw bytes with
//! SHA-256 hashes computed on ingestion.
-use std::collections::{BTreeMap, HashMap};
-use std::path::{Path, PathBuf};
+use std::{
+ collections::{BTreeMap, HashMap},
+ path::{Path, PathBuf},
+};
use bytes::Bytes;
use dashmap::DashMap;
-use sha2::{Digest, Sha256};
-
use ruststack_lambda_model::types::{
- Cors, DeadLetterConfig, ImageConfig, LoggingConfig, SnapStart, TracingConfig, VpcConfig,
+ Cors, DeadLetterConfig, DestinationConfig, ImageConfig, LoggingConfig, SnapStart,
+ TracingConfig, VpcConfig,
};
+use sha2::{Digest, Sha256};
use crate::error::LambdaServiceError;
@@ -47,10 +49,31 @@ pub struct FunctionRecord {
pub tags: HashMap,
/// Function URL configuration.
pub url_config: Option,
+ /// Reserved concurrent executions.
+ pub reserved_concurrent_executions: Option,
+ /// Event invoke configurations keyed by qualifier.
+ pub event_invoke_configs: HashMap,
/// ISO 8601 creation timestamp.
pub created_at: String,
}
+/// Stored event invoke configuration for a function qualifier.
+#[derive(Debug, Clone)]
+pub struct EventInvokeConfigRecord {
+ /// The qualified function ARN.
+ pub function_arn: String,
+ /// The qualifier (version or alias, defaults to `$LATEST`).
+ pub qualifier: String,
+ /// Maximum retry attempts (0-2).
+ pub maximum_retry_attempts: Option,
+ /// Maximum event age in seconds (60-21600).
+ pub maximum_event_age_in_seconds: Option,
+ /// ISO 8601 last-modified timestamp.
+ pub last_modified: String,
+ /// Destination configuration.
+ pub destination_config: Option,
+}
+
/// A snapshot of function configuration at a specific version.
#[derive(Debug, Clone)]
pub struct VersionRecord {
@@ -164,6 +187,314 @@ pub struct FunctionUrlConfigRecord {
pub last_modified_time: String,
}
+/// Complete record for a Lambda layer.
+#[derive(Debug, Clone)]
+pub struct LayerRecord {
+ /// Layer name.
+ pub name: String,
+ /// Layer ARN (without version).
+ pub layer_arn: String,
+ /// Published layer versions keyed by version number.
+ pub versions: BTreeMap,
+ /// Next version number to assign.
+ pub next_version: u64,
+}
+
+/// A snapshot of a layer at a specific version.
+#[derive(Debug, Clone)]
+pub struct LayerVersionRecord {
+ /// Version number.
+ pub version: u64,
+ /// Description.
+ pub description: String,
+ /// Compatible runtimes.
+ pub compatible_runtimes: Vec,
+ /// Compatible architectures.
+ pub compatible_architectures: Vec,
+ /// License info.
+ pub license_info: Option,
+ /// Base64-encoded SHA-256 of the layer code.
+ pub code_sha256: String,
+ /// Code size in bytes.
+ pub code_size: u64,
+ /// ISO 8601 creation date.
+ pub created_date: String,
+ /// Layer ARN (without version).
+ pub layer_arn: String,
+ /// Layer version ARN.
+ pub layer_version_arn: String,
+ /// Resource-based policy document for this layer version.
+ pub policy: PolicyDocument,
+}
+
+/// In-memory store for Lambda layers.
+#[derive(Debug)]
+pub struct LayerStore {
+ /// All layers keyed by layer name.
+ layers: DashMap,
+}
+
+impl LayerStore {
+ /// Create a new empty layer store.
+ #[must_use]
+ pub fn new() -> Self {
+ Self {
+ layers: DashMap::new(),
+ }
+ }
+
+ /// Get a clone of a layer record by name.
+ #[must_use]
+ pub fn get(&self, name: &str) -> Option {
+ self.layers.get(name).map(|r| r.value().clone())
+ }
+
+ /// Publish a new version of a layer.
+ ///
+ /// Creates the layer record if it does not exist, then inserts a new version.
+ /// Returns the assigned version number.
+ #[must_use]
+ pub fn publish_version(
+ &self,
+ name: &str,
+ layer_arn: &str,
+ version_record: LayerVersionRecord,
+ ) -> u64 {
+ use dashmap::mapref::entry::Entry;
+ match self.layers.entry(name.to_owned()) {
+ Entry::Occupied(mut entry) => {
+ let record = entry.get_mut();
+ let version_num = record.next_version;
+ record.next_version += 1;
+ record.versions.insert(version_num, version_record);
+ version_num
+ }
+ Entry::Vacant(entry) => {
+ let version_num = 1;
+ let mut versions = BTreeMap::new();
+ versions.insert(version_num, version_record);
+ entry.insert(LayerRecord {
+ name: name.to_owned(),
+ layer_arn: layer_arn.to_owned(),
+ versions,
+ next_version: 2,
+ });
+ version_num
+ }
+ }
+ }
+
+ /// Get a specific layer version.
+ #[must_use]
+ pub fn get_version(&self, name: &str, version: u64) -> Option {
+ self.layers
+ .get(name)
+ .and_then(|r| r.versions.get(&version).cloned())
+ }
+
+ /// List all versions of a layer, sorted by version number.
+ #[must_use]
+ pub fn list_versions(&self, name: &str) -> Vec {
+ self.layers
+ .get(name)
+ .map(|r| r.versions.values().cloned().collect())
+ .unwrap_or_default()
+ }
+
+ /// List all layers with their latest version.
+ ///
+ /// Returns cloned records sorted by layer name.
+ #[must_use]
+ pub fn list_layers(&self) -> Vec {
+ let mut records: Vec = self.layers.iter().map(|r| r.value().clone()).collect();
+ records.sort_by(|a, b| a.name.cmp(&b.name));
+ records
+ }
+
+ /// Delete a specific layer version.
+ ///
+ /// Returns `true` if the version existed and was removed.
+ #[must_use]
+ pub fn delete_version(&self, name: &str, version: u64) -> bool {
+ if let Some(mut entry) = self.layers.get_mut(name) {
+ let removed = entry.versions.remove(&version).is_some();
+ // If no versions remain, remove the entire layer record.
+ if entry.versions.is_empty() {
+ drop(entry);
+ self.layers.remove(name);
+ }
+ removed
+ } else {
+ false
+ }
+ }
+
+ /// Mutate a layer version record in place.
+ ///
+ /// # Errors
+ ///
+ /// Returns an error if the layer or version does not exist.
+ pub fn update_version(
+ &self,
+ name: &str,
+ version: u64,
+ f: F,
+ ) -> Result
+ where
+ F: FnOnce(&mut LayerVersionRecord) -> R,
+ {
+ match self.layers.get_mut(name) {
+ Some(mut entry) => match entry.versions.get_mut(&version) {
+ Some(ver) => Ok(f(ver)),
+ None => Err(LambdaServiceError::InvalidParameter {
+ message: format!("Layer version not found: {name}:{version}"),
+ }),
+ },
+ None => Err(LambdaServiceError::InvalidParameter {
+ message: format!("Layer not found: {name}"),
+ }),
+ }
+ }
+}
+
+impl Default for LayerStore {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+/// Complete record for a Lambda event source mapping.
+#[derive(Debug, Clone)]
+pub struct EventSourceMappingRecord {
+ /// Unique identifier for the mapping.
+ pub uuid: String,
+ /// ARN of the event source (e.g., SQS queue, DynamoDB stream).
+ pub event_source_arn: String,
+ /// ARN of the target Lambda function.
+ pub function_arn: String,
+ /// Whether the mapping is enabled.
+ pub enabled: bool,
+ /// Maximum number of records per batch.
+ pub batch_size: i32,
+ /// Maximum batching window in seconds.
+ pub maximum_batching_window_in_seconds: i32,
+ /// Starting position for stream-based sources.
+ pub starting_position: Option,
+ /// Timestamp for `AT_TIMESTAMP` starting position.
+ pub starting_position_timestamp: Option,
+ /// Maximum age of a record in seconds before discarding.
+ pub maximum_record_age_in_seconds: Option,
+ /// Whether to split a batch on function error.
+ pub bisect_batch_on_function_error: Option,
+ /// Maximum number of retry attempts.
+ pub maximum_retry_attempts: Option,
+ /// Parallelization factor (1-10).
+ pub parallelization_factor: Option,
+ /// Function response types (e.g., `ReportBatchItemFailures`).
+ pub function_response_types: Vec,
+ /// State of the mapping (`Enabled` or `Disabled`).
+ pub state: String,
+ /// Reason for the current state transition.
+ pub state_transition_reason: String,
+ /// Last modified time as epoch seconds.
+ pub last_modified: i64,
+ /// Result of the last processing attempt.
+ pub last_processing_result: String,
+}
+
+/// In-memory store for Lambda event source mappings.
+#[derive(Debug)]
+pub struct EventSourceMappingStore {
+ /// All mappings keyed by UUID.
+ mappings: DashMap,
+}
+
+impl EventSourceMappingStore {
+ /// Create a new empty event source mapping store.
+ #[must_use]
+ pub fn new() -> Self {
+ Self {
+ mappings: DashMap::new(),
+ }
+ }
+
+ /// Insert a new event source mapping record.
+ pub fn create(&self, record: EventSourceMappingRecord) {
+ self.mappings.insert(record.uuid.clone(), record);
+ }
+
+ /// Get a clone of an event source mapping by UUID.
+ #[must_use]
+ pub fn get(&self, uuid: &str) -> Option {
+ self.mappings.get(uuid).map(|r| r.value().clone())
+ }
+
+ /// Update an event source mapping in place.
+ ///
+ /// # Errors
+ ///
+ /// Returns an error if the mapping does not exist.
+ pub fn update(&self, uuid: &str, f: F) -> Result
+ where
+ F: FnOnce(&mut EventSourceMappingRecord) -> R,
+ {
+ match self.mappings.get_mut(uuid) {
+ Some(mut entry) => Ok(f(entry.value_mut())),
+ None => Err(LambdaServiceError::EventSourceMappingNotFound {
+ uuid: uuid.to_owned(),
+ }),
+ }
+ }
+
+ /// Delete an event source mapping by UUID.
+ ///
+ /// Returns the removed record, or `None` if it did not exist.
+ #[must_use]
+ pub fn delete(&self, uuid: &str) -> Option {
+ self.mappings.remove(uuid).map(|(_, v)| v)
+ }
+
+ /// List all event source mappings, optionally filtering by function name and/or event source
+ /// ARN.
+ ///
+ /// Results are sorted by UUID for deterministic ordering.
+ #[must_use]
+ pub fn list(
+ &self,
+ function_name_filter: Option<&str>,
+ event_source_arn_filter: Option<&str>,
+ ) -> Vec {
+ let mut records: Vec = self
+ .mappings
+ .iter()
+ .filter(|entry| {
+ let record = entry.value();
+ if let Some(fn_filter) = function_name_filter {
+ // Match against function ARN (contains function name or full ARN match).
+ if !record.function_arn.contains(fn_filter) {
+ return false;
+ }
+ }
+ if let Some(arn_filter) = event_source_arn_filter {
+ if record.event_source_arn != arn_filter {
+ return false;
+ }
+ }
+ true
+ })
+ .map(|entry| entry.value().clone())
+ .collect();
+ records.sort_by(|a, b| a.uuid.cmp(&b.uuid));
+ records
+ }
+}
+
+impl Default for EventSourceMappingStore {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
impl FunctionStore {
/// Create a new function store with the given code storage directory.
pub fn new(code_dir: impl Into) -> Self {
@@ -363,6 +694,8 @@ mod tests {
policy: PolicyDocument::default(),
tags: HashMap::new(),
url_config: None,
+ reserved_concurrent_executions: None,
+ event_invoke_configs: HashMap::new(),
created_at: "2024-01-01T00:00:00.000+0000".to_owned(),
}
}
@@ -455,6 +788,106 @@ mod tests {
assert_eq!(decoded.unwrap().len(), 32);
}
+ // ---- Layer store tests ----
+
+ #[test]
+ fn test_should_publish_and_get_layer_version() {
+ let store = LayerStore::new();
+ let ver = LayerVersionRecord {
+ version: 0,
+ description: "test".to_owned(),
+ compatible_runtimes: vec!["python3.12".to_owned()],
+ compatible_architectures: Vec::new(),
+ license_info: None,
+ code_sha256: "abc".to_owned(),
+ code_size: 100,
+ created_date: "2024-01-01".to_owned(),
+ layer_arn: "arn:layer".to_owned(),
+ layer_version_arn: "arn:layer:1".to_owned(),
+ policy: PolicyDocument::default(),
+ };
+
+ let num = store.publish_version("my-layer", "arn:layer", ver);
+ assert_eq!(num, 1);
+
+ let retrieved = store.get_version("my-layer", 1);
+ assert!(retrieved.is_some());
+ assert_eq!(retrieved.unwrap().description, "test");
+ }
+
+ #[test]
+ fn test_should_list_layer_versions() {
+ let store = LayerStore::new();
+ for i in 0..3 {
+ let ver = LayerVersionRecord {
+ version: 0,
+ description: format!("v{i}"),
+ compatible_runtimes: Vec::new(),
+ compatible_architectures: Vec::new(),
+ license_info: None,
+ code_sha256: "abc".to_owned(),
+ code_size: 100,
+ created_date: "2024-01-01".to_owned(),
+ layer_arn: "arn:layer".to_owned(),
+ layer_version_arn: format!("arn:layer:{}", i + 1),
+ policy: PolicyDocument::default(),
+ };
+ let _ = store.publish_version("my-layer", "arn:layer", ver);
+ }
+
+ let versions = store.list_versions("my-layer");
+ assert_eq!(versions.len(), 3);
+ }
+
+ #[test]
+ fn test_should_delete_layer_version_and_cleanup() {
+ let store = LayerStore::new();
+ let ver = LayerVersionRecord {
+ version: 0,
+ description: String::new(),
+ compatible_runtimes: Vec::new(),
+ compatible_architectures: Vec::new(),
+ license_info: None,
+ code_sha256: "abc".to_owned(),
+ code_size: 0,
+ created_date: "2024-01-01".to_owned(),
+ layer_arn: "arn:layer".to_owned(),
+ layer_version_arn: "arn:layer:1".to_owned(),
+ policy: PolicyDocument::default(),
+ };
+ let _ = store.publish_version("my-layer", "arn:layer", ver);
+
+ assert!(store.delete_version("my-layer", 1));
+ // Layer record should be removed since no versions remain.
+ assert!(store.get("my-layer").is_none());
+ }
+
+ #[test]
+ fn test_should_list_layers_sorted() {
+ let store = LayerStore::new();
+ let make_ver = || LayerVersionRecord {
+ version: 0,
+ description: String::new(),
+ compatible_runtimes: Vec::new(),
+ compatible_architectures: Vec::new(),
+ license_info: None,
+ code_sha256: "abc".to_owned(),
+ code_size: 0,
+ created_date: "2024-01-01".to_owned(),
+ layer_arn: String::new(),
+ layer_version_arn: String::new(),
+ policy: PolicyDocument::default(),
+ };
+
+ let _ = store.publish_version("charlie", "arn:charlie", make_ver());
+ let _ = store.publish_version("alpha", "arn:alpha", make_ver());
+ let _ = store.publish_version("bravo", "arn:bravo", make_ver());
+
+ let layers = store.list_layers();
+ let names: Vec<&str> = layers.iter().map(|l| l.name.as_str()).collect();
+ assert_eq!(names, ["alpha", "bravo", "charlie"]);
+ }
+
#[tokio::test]
async fn test_should_store_and_cleanup_zip_code() {
let tmp = tempfile::tempdir().unwrap();
@@ -474,4 +907,138 @@ mod tests {
store.cleanup_code("test-func").await;
assert!(!dir.exists());
}
+
+ // ---- Event source mapping store tests ----
+
+ fn sample_esm_record(uuid: &str, function_arn: &str) -> EventSourceMappingRecord {
+ EventSourceMappingRecord {
+ uuid: uuid.to_owned(),
+ event_source_arn: "arn:aws:sqs:us-east-1:000000000000:my-queue".to_owned(),
+ function_arn: function_arn.to_owned(),
+ enabled: true,
+ batch_size: 10,
+ maximum_batching_window_in_seconds: 0,
+ starting_position: None,
+ starting_position_timestamp: None,
+ maximum_record_age_in_seconds: None,
+ bisect_batch_on_function_error: None,
+ maximum_retry_attempts: None,
+ parallelization_factor: None,
+ function_response_types: Vec::new(),
+ state: "Enabled".to_owned(),
+ state_transition_reason: "User action".to_owned(),
+ last_modified: 1_700_000_000,
+ last_processing_result: "No records processed".to_owned(),
+ }
+ }
+
+ #[test]
+ fn test_should_create_and_get_esm() {
+ let store = EventSourceMappingStore::new();
+ let record = sample_esm_record(
+ "uuid-1",
+ "arn:aws:lambda:us-east-1:000000000000:function:my-func",
+ );
+ store.create(record);
+
+ let retrieved = store.get("uuid-1");
+ assert!(retrieved.is_some());
+ assert_eq!(retrieved.as_ref().map(|r| r.uuid.as_str()), Some("uuid-1"));
+ assert_eq!(retrieved.as_ref().map(|r| r.batch_size), Some(10));
+ }
+
+ #[test]
+ fn test_should_return_none_for_missing_esm() {
+ let store = EventSourceMappingStore::new();
+ assert!(store.get("no-such-uuid").is_none());
+ }
+
+ #[test]
+ fn test_should_update_esm() {
+ let store = EventSourceMappingStore::new();
+ store.create(sample_esm_record("uuid-1", "arn:func"));
+
+ store
+ .update("uuid-1", |record| {
+ record.batch_size = 50;
+ record.enabled = false;
+ "Disabled".clone_into(&mut record.state);
+ })
+ .unwrap();
+
+ let retrieved = store.get("uuid-1").unwrap();
+ assert_eq!(retrieved.batch_size, 50);
+ assert!(!retrieved.enabled);
+ assert_eq!(retrieved.state, "Disabled");
+ }
+
+ #[test]
+ fn test_should_error_on_update_nonexistent_esm() {
+ let store = EventSourceMappingStore::new();
+ let err = store.update("no-such", |_| {}).unwrap_err();
+ assert!(matches!(
+ err,
+ LambdaServiceError::EventSourceMappingNotFound { .. }
+ ));
+ }
+
+ #[test]
+ fn test_should_delete_esm() {
+ let store = EventSourceMappingStore::new();
+ store.create(sample_esm_record("uuid-1", "arn:func"));
+
+ let removed = store.delete("uuid-1");
+ assert!(removed.is_some());
+ assert!(store.get("uuid-1").is_none());
+ }
+
+ #[test]
+ fn test_should_return_none_on_delete_nonexistent_esm() {
+ let store = EventSourceMappingStore::new();
+ assert!(store.delete("no-such").is_none());
+ }
+
+ #[test]
+ fn test_should_list_esm_sorted_by_uuid() {
+ let store = EventSourceMappingStore::new();
+ store.create(sample_esm_record("charlie", "arn:func-a"));
+ store.create(sample_esm_record("alpha", "arn:func-b"));
+ store.create(sample_esm_record("bravo", "arn:func-a"));
+
+ let all = store.list(None, None);
+ let uuids: Vec<&str> = all.iter().map(|r| r.uuid.as_str()).collect();
+ assert_eq!(uuids, ["alpha", "bravo", "charlie"]);
+ }
+
+ #[test]
+ fn test_should_filter_esm_by_function_name() {
+ let store = EventSourceMappingStore::new();
+ store.create(sample_esm_record(
+ "uuid-1",
+ "arn:aws:lambda:us-east-1:000000000000:function:func-a",
+ ));
+ store.create(sample_esm_record(
+ "uuid-2",
+ "arn:aws:lambda:us-east-1:000000000000:function:func-b",
+ ));
+
+ let filtered = store.list(Some("func-a"), None);
+ assert_eq!(filtered.len(), 1);
+ assert_eq!(filtered[0].uuid, "uuid-1");
+ }
+
+ #[test]
+ fn test_should_filter_esm_by_event_source_arn() {
+ let store = EventSourceMappingStore::new();
+ let mut record1 = sample_esm_record("uuid-1", "arn:func");
+ record1.event_source_arn = "arn:aws:sqs:us-east-1:000000000000:queue-a".to_owned();
+ let mut record2 = sample_esm_record("uuid-2", "arn:func");
+ record2.event_source_arn = "arn:aws:sqs:us-east-1:000000000000:queue-b".to_owned();
+ store.create(record1);
+ store.create(record2);
+
+ let filtered = store.list(None, Some("arn:aws:sqs:us-east-1:000000000000:queue-a"));
+ assert_eq!(filtered.len(), 1);
+ assert_eq!(filtered[0].uuid, "uuid-1");
+ }
}
diff --git a/crates/ruststack-lambda-http/src/body.rs b/crates/ruststack-lambda-http/src/body.rs
index b89a4fe..fb61db4 100644
--- a/crates/ruststack-lambda-http/src/body.rs
+++ b/crates/ruststack-lambda-http/src/body.rs
@@ -1,7 +1,9 @@
//! Lambda HTTP response body type.
-use std::pin::Pin;
-use std::task::{Context, Poll};
+use std::{
+ pin::Pin,
+ task::{Context, Poll},
+};
use bytes::Bytes;
use http_body_util::Full;
diff --git a/crates/ruststack-lambda-http/src/dispatch.rs b/crates/ruststack-lambda-http/src/dispatch.rs
index 1d4b9c3..9a1133c 100644
--- a/crates/ruststack-lambda-http/src/dispatch.rs
+++ b/crates/ruststack-lambda-http/src/dispatch.rs
@@ -3,16 +3,12 @@
//! Uses `async_trait` because `LambdaHandler` requires object safety for
//! dynamic dispatch (`Arc`).
-use std::future::Future;
-use std::pin::Pin;
+use std::{future::Future, pin::Pin};
use bytes::Bytes;
+use ruststack_lambda_model::{error::LambdaError, operations::LambdaOperation};
-use ruststack_lambda_model::error::LambdaError;
-use ruststack_lambda_model::operations::LambdaOperation;
-
-use crate::body::LambdaResponseBody;
-use crate::router::PathParams;
+use crate::{body::LambdaResponseBody, router::PathParams};
/// The boundary between HTTP and business logic for Lambda.
///
diff --git a/crates/ruststack-lambda-http/src/response.rs b/crates/ruststack-lambda-http/src/response.rs
index f420116..7737cd6 100644
--- a/crates/ruststack-lambda-http/src/response.rs
+++ b/crates/ruststack-lambda-http/src/response.rs
@@ -6,9 +6,8 @@
//! - Content type: `application/json`
use bytes::Bytes;
-use serde::Serialize;
-
use ruststack_lambda_model::error::LambdaError;
+use serde::Serialize;
/// Content type for Lambda JSON responses.
pub const CONTENT_TYPE: &str = "application/json";
@@ -82,9 +81,10 @@ pub fn empty_response(status: u16) -> Result, LambdaError>
#[cfg(test)]
mod tests {
- use super::*;
use ruststack_lambda_model::error::LambdaErrorCode;
+ use super::*;
+
#[test]
fn test_should_format_error_with_x_amzn_errortype_header() {
let err = LambdaError::resource_not_found("Function not found: my-func");
diff --git a/crates/ruststack-lambda-http/src/router.rs b/crates/ruststack-lambda-http/src/router.rs
index d8c8194..2a81786 100644
--- a/crates/ruststack-lambda-http/src/router.rs
+++ b/crates/ruststack-lambda-http/src/router.rs
@@ -10,9 +10,10 @@
//! ```
use http::Method;
-
-use ruststack_lambda_model::error::LambdaError;
-use ruststack_lambda_model::operations::{LAMBDA_ROUTES, LambdaOperation};
+use ruststack_lambda_model::{
+ error::LambdaError,
+ operations::{LAMBDA_ROUTES, LambdaOperation},
+};
/// Extracted path parameters from a matched route.
///
@@ -119,28 +120,31 @@ fn normalize_date_prefix(path: &str) -> Option {
}
// Map resource prefix to canonical date.
+ // The AWS SDK may use different date versions in the path prefix. We
+ // normalize everything to the date used in LAMBDA_ROUTES so that the
+ // route matcher can find the operation.
let canonical_date = if rest.starts_with("functions") {
- // Function URLs use 2021-10-31, function CRUD uses 2015-03-31.
- // Detect URL-related paths: /functions/{name}/url or /functions/{name}/urls
+ // Function URLs use 2021-10-31, everything else uses 2015-03-31.
let is_url_path = rest.contains("/url") || rest.ends_with("/urls");
- let target_date = if is_url_path {
+ if is_url_path {
"2021-10-31"
} else {
"2015-03-31"
- };
- if date_part == target_date {
- return None; // Already canonical.
}
- target_date
} else if rest.starts_with("tags") || rest == "account-settings" {
- if date_part == "2015-03-31" {
- return None; // Already canonical.
- }
+ "2015-03-31"
+ } else if rest.starts_with("layers") {
+ "2018-10-31"
+ } else if rest.starts_with("event-source-mappings") {
"2015-03-31"
} else {
return None;
};
+ if date_part == canonical_date {
+ return None; // Already canonical.
+ }
+
Some(format!("/{canonical_date}/{rest}"))
}
@@ -253,7 +257,8 @@ mod tests {
#[test]
fn test_should_percent_decode_path_param() {
let params = match_path(
- "/2015-03-31/functions/arn%3Aaws%3Alambda%3Aus-east-1%3A123456789012%3Afunction%3Amy-func",
+ "/2015-03-31/functions/arn%3Aaws%3Alambda%3Aus-east-1%3A123456789012%3Afunction%\
+ 3Amy-func",
"/2015-03-31/functions/{FunctionName}",
)
.expect("should match");
diff --git a/crates/ruststack-lambda-http/src/service.rs b/crates/ruststack-lambda-http/src/service.rs
index 14b3209..645e597 100644
--- a/crates/ruststack-lambda-http/src/service.rs
+++ b/crates/ruststack-lambda-http/src/service.rs
@@ -1,20 +1,18 @@
//! Lambda HTTP service implementing the hyper `Service` trait.
-use std::convert::Infallible;
-use std::future::Future;
-use std::pin::Pin;
-use std::sync::Arc;
+use std::{convert::Infallible, future::Future, pin::Pin, sync::Arc};
use bytes::Bytes;
use http_body_util::BodyExt;
use hyper::body::Incoming;
-
use ruststack_lambda_model::error::LambdaError;
-use crate::body::LambdaResponseBody;
-use crate::dispatch::{LambdaHandler, dispatch_operation};
-use crate::response::{CONTENT_TYPE, error_to_response};
-use crate::router::resolve_operation;
+use crate::{
+ body::LambdaResponseBody,
+ dispatch::{LambdaHandler, dispatch_operation},
+ response::{CONTENT_TYPE, error_to_response},
+ router::resolve_operation,
+};
/// Configuration for the Lambda HTTP service.
#[derive(Clone)]
diff --git a/crates/ruststack-lambda-model/src/error.rs b/crates/ruststack-lambda-model/src/error.rs
index 336681e..0076828 100644
--- a/crates/ruststack-lambda-model/src/error.rs
+++ b/crates/ruststack-lambda-model/src/error.rs
@@ -1,7 +1,6 @@
//! Lambda error types.
-use std::error::Error;
-use std::fmt;
+use std::{error::Error, fmt};
/// Lambda error codes matching AWS Lambda API error types.
#[derive(Debug, Clone, PartialEq, Eq)]
diff --git a/crates/ruststack-lambda-model/src/input.rs b/crates/ruststack-lambda-model/src/input.rs
index 80f6f63..dbf6ff1 100644
--- a/crates/ruststack-lambda-model/src/input.rs
+++ b/crates/ruststack-lambda-model/src/input.rs
@@ -5,8 +5,9 @@ use std::collections::HashMap;
use serde::{Deserialize, Serialize};
use crate::types::{
- AliasRoutingConfiguration, Cors, DeadLetterConfig, Environment, EphemeralStorage, FunctionCode,
- ImageConfig, LoggingConfig, SnapStart, TracingConfig, VpcConfig,
+ AliasRoutingConfiguration, Cors, DeadLetterConfig, DestinationConfig, Environment,
+ EphemeralStorage, FunctionCode, ImageConfig, LayerVersionContentInput, LoggingConfig,
+ SnapStart, TracingConfig, VpcConfig,
};
/// Input for `CreateFunction`.
@@ -274,3 +275,152 @@ pub struct UpdateFunctionUrlConfigInput {
#[serde(skip_serializing_if = "Option::is_none")]
pub invoke_mode: Option,
}
+
+/// Input for `PublishLayerVersion`.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct PublishLayerVersionInput {
+ /// Layer name.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub layer_name: Option,
+ /// Description.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub description: Option,
+ /// Layer code content.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub content: Option,
+ /// Compatible runtimes.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub compatible_runtimes: Option>,
+ /// License info (max 512 characters).
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub license_info: Option,
+ /// Compatible architectures.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub compatible_architectures: Option>,
+}
+
+/// Input for `CreateEventSourceMapping`.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct CreateEventSourceMappingInput {
+ /// ARN of the event source (e.g., SQS queue, DynamoDB stream, Kinesis stream).
+ pub event_source_arn: String,
+ /// Function name or ARN.
+ pub function_name: String,
+ /// Whether the mapping is enabled.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub enabled: Option,
+ /// Maximum number of records per batch.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub batch_size: Option