agent-claw: automated task changes

cdk/node_modules/aws-cdk-lib/aws-appsync/lib/auth-config.d.ts

@@ -0,0 +1,175 @@
+import type { Construct } from 'constructs';
+import { CfnApiKey } from './appsync.generated';
+import type { IUserPool } from '../../aws-cognito';
+import type { IFunction } from '../../aws-lambda';
+import type { Expiration } from '../../core';
+import { Duration } from '../../core';
+/**
+ * Auth provider settings for AppSync Event APIs
+ *
+ * @see https://docs.aws.amazon.com/appsync/latest/eventapi/configure-event-api-auth.html
+ */
+export interface AppSyncAuthProvider {
+    /**
+     * One of possible authorization types AppSync supports
+     *
+     * @default - `AuthorizationType.API_KEY`
+     */
+    readonly authorizationType: AppSyncAuthorizationType;
+    /**
+     * If authorizationType is `AuthorizationType.USER_POOL`, this option is required.
+     * @default - none
+     */
+    readonly cognitoConfig?: AppSyncCognitoConfig;
+    /**
+     * If authorizationType is `AuthorizationType.API_KEY`, this option can be configured.
+     * @default - name: 'DefaultAPIKey'
+     */
+    readonly apiKeyConfig?: AppSyncApiKeyConfig;
+    /**
+     * If authorizationType is `AuthorizationType.OIDC`, this option is required.
+     * @default - none
+     */
+    readonly openIdConnectConfig?: AppSyncOpenIdConnectConfig;
+    /**
+     * If authorizationType is `AuthorizationType.LAMBDA`, this option is required.
+     * @default - none
+     */
+    readonly lambdaAuthorizerConfig?: AppSyncLambdaAuthorizerConfig;
+}
+/**
+ * enum with all possible values for AppSync authorization type
+ */
+export declare enum AppSyncAuthorizationType {
+    /**
+     * API Key authorization type
+     */
+    API_KEY = "API_KEY",
+    /**
+     * AWS IAM authorization type. Can be used with Cognito Identity Pool federated credentials
+     */
+    IAM = "AWS_IAM",
+    /**
+     * Cognito User Pool authorization type
+     */
+    USER_POOL = "AMAZON_COGNITO_USER_POOLS",
+    /**
+     * OpenID Connect authorization type
+     */
+    OIDC = "OPENID_CONNECT",
+    /**
+     * Lambda authorization type
+     */
+    LAMBDA = "AWS_LAMBDA"
+}
+/**
+ * Configuration for Cognito user-pools in AppSync for Api
+ */
+export interface AppSyncCognitoConfig {
+    /**
+     * The Cognito user pool to use as identity source
+     */
+    readonly userPool: IUserPool;
+    /**
+     * the optional app id regex
+     *
+     * @default -  None
+     */
+    readonly appIdClientRegex?: string;
+}
+/**
+ * Configuration for API Key authorization in AppSync
+ */
+export interface AppSyncApiKeyConfig {
+    /**
+     * Unique name of the API Key
+     * @default - 'DefaultAPIKey'
+     */
+    readonly name?: string;
+    /**
+     * Description of API key
+     * @default - 'Default API Key created by CDK'
+     */
+    readonly description?: string;
+    /**
+     * The time from creation time after which the API key expires.
+     * It must be a minimum of 1 day and a maximum of 365 days from date of creation.
+     * Rounded down to the nearest hour.
+     *
+     * @default - 7 days rounded down to nearest hour
+     */
+    readonly expires?: Expiration;
+}
+/**
+ * Configuration for OpenID Connect authorization in AppSync
+ */
+export interface AppSyncOpenIdConnectConfig {
+    /**
+     * The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.
+     * `auth_time` claim in OIDC token is required for this validation to work.
+     * @default - no validation
+     */
+    readonly tokenExpiryFromAuth?: number;
+    /**
+     * The number of milliseconds an OIDC token is valid after being issued to a user.
+     * This validation uses `iat` claim of OIDC token.
+     * @default - no validation
+     */
+    readonly tokenExpiryFromIssue?: number;
+    /**
+     * The client identifier of the Relying party at the OpenID identity provider.
+     * A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.
+     * @example - 'ABCD|CDEF' // where ABCD and CDEF are two different clientId
+     * @default - * (All)
+     */
+    readonly clientId?: string;
+    /**
+     * The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of `iss` in the OIDC token.
+     */
+    readonly oidcProvider: string;
+}
+/**
+ * Configuration for Lambda authorization in AppSync. Note that you can only have a single AWS Lambda function configured to authorize your API.
+ */
+export interface AppSyncLambdaAuthorizerConfig {
+    /**
+     * The authorizer lambda function.
+     *
+     * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html
+     */
+    readonly handler: IFunction;
+    /**
+     * How long the results are cached.
+     * Disable caching by setting this to 0.
+     *
+     * @default Duration.minutes(5)
+     */
+    readonly resultsCacheTtl?: Duration;
+    /**
+     * A regular expression for validation of tokens before the Lambda function is called.
+     *
+     * @default - no regex filter will be applied.
+     */
+    readonly validationRegex?: string;
+}
+/**
+ * Exposes methods for defining authorization config for AppSync APIs
+ */
+export interface IAppSyncAuthConfig {
+    /**
+     * Set up OIDC Authorization configuration for AppSync APIs
+     */
+    setupOpenIdConnectConfig(config?: AppSyncOpenIdConnectConfig): any;
+    /**
+     * Set up Cognito Authorization configuration for AppSync APIs
+     */
+    setupCognitoConfig(config?: AppSyncCognitoConfig): any;
+    /**
+     * Set up Lambda Authorization configuration AppSync APIs
+     */
+    setupLambdaAuthorizerConfig(config?: AppSyncLambdaAuthorizerConfig): any;
+}
+/**
+ * Create an API Key for GraphQL APIs and Event APIs
+ */
+export declare function createAPIKey(scope: Construct, apiId: string, config?: AppSyncApiKeyConfig): CfnApiKey;