Test Resolver in AWS AppSync w/ API Key? - graphql

Currently AWS AppSync provides an option to add test context to test your resolver to make sure everything is correct. However, because I am using API Key for authentication, I'm not sure of a way to set this in the request mapping template so that the test context can run and I can test the validity of my API (especially since this is the only auth that doesn't have an identity section in the test context)? Can anyone help?

You are correct in the fact that API Key Authorization mode does not populate the identity, even when you are calling your API from a client.
However, you can still add an identity object in your test context. To do this, you need to:
Get the authorization mode you will be using in the future (IAM, Cognito, OIDC).
Find the fields that authorization mode provides in the ctx.identity. You can find that here: Resolver Context Reference
Add those fields to your test context. For example, IAM test context might look like this:
{
"identity": {
"accountId": "my aws account",
"cognitoIdentityPoolId": "string",
"cognitoIdentityId": "string",
"sourceIp": ["string"],
"username": "string",
"userArn": "string"
},
"arguments": {},
"source": {
"lambda": "Hello, world!",
"testCtx": "Hello, world!"
},
"result": "Hello, world!"
}
The request mapping template could look like this:
{
"account: "$ctx.identity.accountId"
}
and the evaluated request mapping template would look like this when your test context is run:
{
"account: "my aws account"
}
Note: You may also just want to switch your API to the authorization mode you plan on using, and then try queries as a logged-in user.

Related

CORS error with AWS api gateway and java lambda function

Today I created one api gateway on aws and one java lambda function. Then finally integrated api gateway with lambda function.
So when I hit the api using postman then it returns the result which is basically a list of customer. Till now everything looks fine. Following is the
#Override
public TestResponse handleRequest(Request input, Context context) {
TestService testService = SingletonServiceManager.getInstance().getTestService();
TestListResponse response = (TestListResponse)productListService.executeRequest(input);
return response;
}
After executing it returns following output.
{
"status": 200,
"products": [
{
"name": "test1",
"code": "test1",
"status": true
},
{
"name": "test2",
"code": "test2",
"status": true
}
]
}
but when I started integrating this with api call with Angular from local machine it start throwing CORS issue. Angular client using it CORS setting to connect.
Can someone help me on this. Do I need to enable something special from lambda function.
You need to enable CORS in your API Gateway configuration.

Slack API: Unable to get Chat:Write:Bot to send message as custom username

I'm trying to integrate Slack with our application using their web API. I need to use the chat.postMessage endpoint with a custom username and setting as_user = false. I'm able to post messages but when I set as_user=false it doesn't work.
Example:
{
"channel" : "1234689",
"text" : "Hello, It's me.",
"username": "DJDEPOLO",
"as_user" : false
}
Every time I make that call I'm getting back an error saying I'm missing chat:write:bot. But I can not figure out how to get that scope. I've tried everything I could think of and went over their documentation several times.
I tried requesting the scope using the OAuth route and when I add chat:write:bot to the scopes I get an error saying
Invalid permissions requested
Example:
https://slack.com/oauth/v2/authorize?scope=chat:write:bot&client_id=1234&redire....
It appears that I need to use the user token to perform this action but when I request my access token I'm getting back a bot token.
Has anyone ever had to work with chat:write:bot or any scope that ends with :bot? Or am I missing something here?
First, select your app at your apps for slack and navigate to 'OAuth & Permissions' page.
Then, click 'Update Scopes' in 'Scopes' section, scroll down, press 'Continue' and add chat:write to User Token Scopes. Then scroll down again and finish the process.
In order to get a user token, add user_scope param to your query instead of scope so that it looks like this https://slack.com/oauth/v2/authorize?user_scope=chat:write&redirect_uri=.... When you exchange the code for access token, you will receive something like this:
{
"ok": true,
"app_id": "A0KRD7HC3",
"team": {
"name": "Slack Softball Team",
"id": "T9TK3CUKW"
},
"authed_user": {
"id": "U1234",
"scope": "chat:write",
"access_token": "xoxp-1234",
"token_type": "user"
}
}
Pay attention to authed_user.access_token, as this is the token you need to send in your Authorization header.
Here is an example of POST body:
{
"channel": "Your channel id",
"as_user": true,
"text": "hi there",
"attachments": []
}
Hope it helps you.

How to update postgres uri value in cf vcaps env

I have a bound Postgres service to my spring application in CF (Cloud foundry)
The VCAPS env available are as following:
"postgresql": [
{
"binding_name": null,
"credentials": {
"dbname": "JDusZ6EpE1ixbTKS",
"end_points": [
{
"host": "10.11.241.2",
"network_id": "SF",
"port": "46371"
}
],
"hostname": "10.11.241.2",
"password": "SuVzOf2m5L5oNYSG",
"port": "46371",
"ports": {
"5432/tcp": "46371"
},
"uri": "postgres://eyv6avf27X9Z55Gx:SuVzOf2m5L5oNYSG#10.11.241.2:46371/JDusZ6EpE1ixbTKS",
"username": "eyv6avf27X9Z55Gx"
},
"instance_name": "mypostgres",
"label": "postgresql",
"name": "mypostgres",
"plan": "v9.6-dev",
"provider": null,
"syslog_drain_url": null,
"tags": [
"postgresql",
"relational"
],
"volume_mounts": []
}
],
I need to modefy the value of the uri to include also the current schema, I guess it needs to be as:
"uri": "postgres://eyv6avf27X9Z55Gx:SuVzOf2m5L5oNYSG#10.11.241.2:46371/JDusZ6EpE1ixbTKS?currentSchema=mycurrentschema"
Is this something possible to do? and If not what is the best practice to assign current schema for a spring app?
Thanks in advance
You have a few options.
You can talk to your service provider, the operator of the service broker from which you are obtaining your service. The service broker is the one that sets the credentials, so you could ask them to include the schema by default.
You can create a service key with cf create-service-key. The service key is like a service binding, but free floating so it's not attached to your app. It just exists as long as the service key exists. You can then create a user provided service, with cf cups and manually set whatever credentials or uri you require for your app. The downside of this approach is that you have to do a little more work to manage the service information.
You can read the current uri into your application and modify it before creating your DataSource. This is not particularly easy if you are using Spring Cloud Connectors because it handles creating the DataSource for you. I would not recommend using SCC.
Instead you can do this with the Spring Boot CloudFoundryVcapEnvironmentPostProcessor and property place holders. See the referenced Javadoc for how that works.
The other option is to use java-cvenv. That provides you with an easy way to obtain credentials information, like the URL and use that to create your own DataSource, which allows you to make slight modifications to things like the URL, if necessary.
Hope that helps!

Microsoft Graph - Can't read/write the calendar of other users

I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.
However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:
Endpoint
https://graph.microsoft.com/v1.0/users/${requester}/calendar/events
HTTP Header
Content-Type application/json
Request Body
{
"subject": "${subject}",
"body": {
"contentType": "HTML",
"content": "${remarks}"
},
"start": {
"dateTime": "${startTime}",
"timeZone": "${timezone}"
},
"end": {
"dateTime": "${endTime}",
"timeZone": "${timezone}"
},
"location": {
"displayName": "${spaceName}",
"locationEmailAddress": "${spaceEmail}"
},
"attendees": [
{
"emailAddress": {
"address": "${spaceEmail}",
"name": "${spaceName}"
},
"type": "resource"
}
]
}
Error message
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "XXXXXXXXXXXXXXXX",
"date": "2018-07-11T09:16:19"
}
}
}
Is there something I'm missing? Thanks in advance for any help!
Solution update
I managed to solve the problem by following the steps described in this link:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):
Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.
You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.
Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.

Google Logging API - What service name to use when writing entries from non-Google application?

I am trying to use Google Cloud Logging API to write log entries from a web application I'm developing (happens to be .net).
To do this, I must use the logging.projects.logs.entries.write request. This request dictates that I provide a serviceName argument:
{
"entries": [
{
"textPayload": "test",
"metadata":
{
"serviceName": "compute.googleapis.com"
"projectId": "...",
"region": "us-central1",
"zone": "us-central1-a",
"severity": "DEFAULT",
"timestamp": "2015-01-13T19:17:01Z",
"userId": "",
}
}]
}
Unless I specify "compute.googleapis.com" as the serviceName I get an error 400 response:
{
"error":
{
"code": 400,
"message": "Unsupported service specified",
"status": "INVALID_ARGUMENT"
}
}
For now using "compute.googleapis.com" seems to work but I'm asking - what service name should I give, given that I'm not using Google Compute Engine or Google App Engine here?
The Cloud Logging API currently only officially supports Google resources, so the best course of action is to continue to use "compute.googleapis.com" as the service and supply the labels "compute.googleapis.com/resource_type" and "compute.googleapis.com/resource_id", which are used for indexing and visible in the UI drop-downs.
We also currently permit the service name "custom.googleapis.com" with index labels "custom.googleapis.com/primary_key" and "custom.googleapis.com/secondary_key" but that is not officially supported and subject to change in a future release.

Resources