1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package apigatewayv2 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/apigatewayv2/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates an Authorizer for an API. 15func (c *Client) CreateAuthorizer(ctx context.Context, params *CreateAuthorizerInput, optFns ...func(*Options)) (*CreateAuthorizerOutput, error) { 16 if params == nil { 17 params = &CreateAuthorizerInput{} 18 } 19 20 result, metadata, err := c.invokeOperation(ctx, "CreateAuthorizer", params, optFns, addOperationCreateAuthorizerMiddlewares) 21 if err != nil { 22 return nil, err 23 } 24 25 out := result.(*CreateAuthorizerOutput) 26 out.ResultMetadata = metadata 27 return out, nil 28} 29 30// Creates a new Authorizer resource to represent an authorizer. 31type CreateAuthorizerInput struct { 32 33 // The API identifier. 34 // 35 // This member is required. 36 ApiId *string 37 38 // The authorizer type. Specify REQUEST for a Lambda function using incoming 39 // request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP 40 // APIs). 41 // 42 // This member is required. 43 AuthorizerType types.AuthorizerType 44 45 // The identity source for which authorization is requested. For a REQUEST 46 // authorizer, this is optional. The value is a set of one or more mapping 47 // expressions of the specified request parameters. The identity source can be 48 // headers, query string parameters, stage variables, and context parameters. For 49 // example, if an Auth header and a Name query string parameter are defined as 50 // identity sources, this value is route.request.header.Auth, 51 // route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection 52 // expressions prefixed with $, for example, $request.header.Auth, 53 // $request.querystring.Name. These parameters are used to perform runtime 54 // validation for Lambda-based authorizers by verifying all of the identity-related 55 // request parameters are present in the request, not null, and non-empty. Only 56 // when this is true does the authorizer invoke the authorizer Lambda function. 57 // Otherwise, it returns a 401 Unauthorized response without calling the Lambda 58 // function. For HTTP APIs, identity sources are also used as the cache key when 59 // caching is enabled. To learn more, see Working with AWS Lambda authorizers for 60 // HTTP APIs 61 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). 62 // For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) 63 // from inbound requests. Currently only header-based and query parameter-based 64 // selections are supported, for example $request.header.Authorization. 65 // 66 // This member is required. 67 IdentitySource []string 68 69 // The name of the authorizer. 70 // 71 // This member is required. 72 Name *string 73 74 // Specifies the required credentials as an IAM role for API Gateway to invoke the 75 // authorizer. To specify an IAM role for API Gateway to assume, use the role's 76 // Amazon Resource Name (ARN). To use resource-based permissions on the Lambda 77 // function, don't specify this parameter. Supported only for REQUEST authorizers. 78 AuthorizerCredentialsArn *string 79 80 // Specifies the format of the payload sent to an HTTP API Lambda authorizer. 81 // Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To 82 // learn more, see Working with AWS Lambda authorizers for HTTP APIs 83 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). 84 AuthorizerPayloadFormatVersion *string 85 86 // The time to live (TTL) for cached authorizer results, in seconds. If it equals 87 // 0, authorization caching is disabled. If it is greater than 0, API Gateway 88 // caches authorizer responses. The maximum value is 3600, or 1 hour. Supported 89 // only for HTTP API Lambda authorizers. 90 AuthorizerResultTtlInSeconds int32 91 92 // The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, 93 // this must be a well-formed Lambda function URI, for example, 94 // arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. 95 // In general, the URI has this form: 96 // arn:aws:apigateway:{region}:lambda:path/{service_api} , where {region} is the 97 // same as the region hosting the Lambda function, path indicates that the 98 // remaining substring in the URI should be treated as the path to the resource, 99 // including the initial /. For Lambda functions, this is usually of the form 100 // /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST 101 // authorizers. 102 AuthorizerUri *string 103 104 // Specifies whether a Lambda authorizer returns a response in a simple format. By 105 // default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda 106 // authorizer can return a boolean value instead of an IAM policy. Supported only 107 // for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP 108 // APIs 109 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html) 110 EnableSimpleResponses bool 111 112 // This parameter is not used. 113 IdentityValidationExpression *string 114 115 // Represents the configuration of a JWT authorizer. Required for the JWT 116 // authorizer type. Supported only for HTTP APIs. 117 JwtConfiguration *types.JWTConfiguration 118} 119 120type CreateAuthorizerOutput struct { 121 122 // Specifies the required credentials as an IAM role for API Gateway to invoke the 123 // authorizer. To specify an IAM role for API Gateway to assume, use the role's 124 // Amazon Resource Name (ARN). To use resource-based permissions on the Lambda 125 // function, don't specify this parameter. Supported only for REQUEST authorizers. 126 AuthorizerCredentialsArn *string 127 128 // The authorizer identifier. 129 AuthorizerId *string 130 131 // Specifies the format of the payload sent to an HTTP API Lambda authorizer. 132 // Required for HTTP API Lambda authorizers. Supported values are 1.0 and 2.0. To 133 // learn more, see Working with AWS Lambda authorizers for HTTP APIs 134 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). 135 AuthorizerPayloadFormatVersion *string 136 137 // The time to live (TTL) for cached authorizer results, in seconds. If it equals 138 // 0, authorization caching is disabled. If it is greater than 0, API Gateway 139 // caches authorizer responses. The maximum value is 3600, or 1 hour. Supported 140 // only for HTTP API Lambda authorizers. 141 AuthorizerResultTtlInSeconds int32 142 143 // The authorizer type. Specify REQUEST for a Lambda function using incoming 144 // request parameters. Specify JWT to use JSON Web Tokens (supported only for HTTP 145 // APIs). 146 AuthorizerType types.AuthorizerType 147 148 // The authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers, 149 // this must be a well-formed Lambda function URI, for example, 150 // arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. 151 // In general, the URI has this form: 152 // arn:aws:apigateway:{region}:lambda:path/{service_api} , where {region} is the 153 // same as the region hosting the Lambda function, path indicates that the 154 // remaining substring in the URI should be treated as the path to the resource, 155 // including the initial /. For Lambda functions, this is usually of the form 156 // /2015-03-31/functions/[FunctionARN]/invocations. Supported only for REQUEST 157 // authorizers. 158 AuthorizerUri *string 159 160 // Specifies whether a Lambda authorizer returns a response in a simple format. If 161 // enabled, the Lambda authorizer can return a boolean value instead of an IAM 162 // policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda 163 // authorizers for HTTP APIs 164 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html) 165 EnableSimpleResponses bool 166 167 // The identity source for which authorization is requested. For a REQUEST 168 // authorizer, this is optional. The value is a set of one or more mapping 169 // expressions of the specified request parameters. The identity source can be 170 // headers, query string parameters, stage variables, and context parameters. For 171 // example, if an Auth header and a Name query string parameter are defined as 172 // identity sources, this value is route.request.header.Auth, 173 // route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection 174 // expressions prefixed with $, for example, $request.header.Auth, 175 // $request.querystring.Name. These parameters are used to perform runtime 176 // validation for Lambda-based authorizers by verifying all of the identity-related 177 // request parameters are present in the request, not null, and non-empty. Only 178 // when this is true does the authorizer invoke the authorizer Lambda function. 179 // Otherwise, it returns a 401 Unauthorized response without calling the Lambda 180 // function. For HTTP APIs, identity sources are also used as the cache key when 181 // caching is enabled. To learn more, see Working with AWS Lambda authorizers for 182 // HTTP APIs 183 // (https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html). 184 // For JWT, a single entry that specifies where to extract the JSON Web Token (JWT) 185 // from inbound requests. Currently only header-based and query parameter-based 186 // selections are supported, for example $request.header.Authorization. 187 IdentitySource []string 188 189 // The validation expression does not apply to the REQUEST authorizer. 190 IdentityValidationExpression *string 191 192 // Represents the configuration of a JWT authorizer. Required for the JWT 193 // authorizer type. Supported only for HTTP APIs. 194 JwtConfiguration *types.JWTConfiguration 195 196 // The name of the authorizer. 197 Name *string 198 199 // Metadata pertaining to the operation's result. 200 ResultMetadata middleware.Metadata 201} 202 203func addOperationCreateAuthorizerMiddlewares(stack *middleware.Stack, options Options) (err error) { 204 err = stack.Serialize.Add(&awsRestjson1_serializeOpCreateAuthorizer{}, middleware.After) 205 if err != nil { 206 return err 207 } 208 err = stack.Deserialize.Add(&awsRestjson1_deserializeOpCreateAuthorizer{}, middleware.After) 209 if err != nil { 210 return err 211 } 212 if err = addSetLoggerMiddleware(stack, options); err != nil { 213 return err 214 } 215 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 216 return err 217 } 218 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 219 return err 220 } 221 if err = addResolveEndpointMiddleware(stack, options); err != nil { 222 return err 223 } 224 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 225 return err 226 } 227 if err = addRetryMiddlewares(stack, options); err != nil { 228 return err 229 } 230 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 231 return err 232 } 233 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 234 return err 235 } 236 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 237 return err 238 } 239 if err = addClientUserAgent(stack); err != nil { 240 return err 241 } 242 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 243 return err 244 } 245 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 246 return err 247 } 248 if err = addOpCreateAuthorizerValidationMiddleware(stack); err != nil { 249 return err 250 } 251 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateAuthorizer(options.Region), middleware.Before); err != nil { 252 return err 253 } 254 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 255 return err 256 } 257 if err = addResponseErrorMiddleware(stack); err != nil { 258 return err 259 } 260 if err = addRequestResponseLogging(stack, options); err != nil { 261 return err 262 } 263 return nil 264} 265 266func newServiceMetadataMiddleware_opCreateAuthorizer(region string) *awsmiddleware.RegisterServiceMetadata { 267 return &awsmiddleware.RegisterServiceMetadata{ 268 Region: region, 269 ServiceID: ServiceID, 270 SigningName: "apigateway", 271 OperationName: "CreateAuthorizer", 272 } 273} 274