runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config module

CFNgin prehook responsible for creation of Lambda@Edge functions.

class runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.HookArgs[source]

Bases: runway.cfngin.hooks.base.HookArgsBaseModel

Hook arguments.

bucket: str: S3 bucket name.

client_id: str: The ID of the Cognito User Pool Client.

cookie_settings: Dict[str, Any]: The settings for our customized cookies.

http_headers: Dict[str, Any]: The additional headers added to our requests.

nonce_signing_secret_param_name: str: SSM param name to store nonce signing secret.

oauth_scopes: List[str]: The validation scopes for our OAuth requests.

__contains__(name: object) → bool

Implement evaluation of ‘in’ conditional.

Parameters: name – The name to check for existence in the model.

__getitem__(name: str) → Any

Implement evaluation of self[name].

Parameters: name – Attribute name to return the value for.
Returns: The value associated with the provided name/attribute name.
Raises: AttributeError – If attribute does not exist on this object.

__init__(**data: Any) → None

Create a new model by parsing and validating input data from keyword arguments.

Raises ValidationError if the input data cannot be parsed to form a valid model.

__iter__() → TupleGenerator: so dict(model) works

__new__(**kwargs)

__pretty__(fmt: Callable[[Any], Any], **kwargs: Any) → Generator[Any, None, None]: Used by devtools (https://python-devtools.helpmanual.io/) to provide a human readable representations of objects

__repr_name__() → unicode: Name of the instance’s class, used in __repr__.

__rich_repr__() → RichReprResult: Get fields for Rich library

__setitem__(name: str, value: Any) → None

Implement item assignment (e.g. self[name] = value).

Parameters

name – Attribute name to set.
value – Value to assign to the attribute.

classmethod __try_update_forward_refs__(**localns: Any) → None: Same as update_forward_refs but will not raise exception when forward references are not defined.

classmethod construct(_fields_set: Optional[SetStr] = None, **values: Any) → Model: Creates a new model setting __dict__ and __fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed. Behaves as if Config.extra = ‘allow’ was set since it adds all passed values

copy(*, include: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, exclude: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, update: Optional[DictStrAny] = None, deep: bool = False) → Model

Duplicate a model, optionally choose which fields to include, exclude and change.

Parameters

include – fields to include in new model
exclude – fields to exclude from new model, as with values this takes precedence over include
update – values to change/add in the new model. Note: the data is not validated before creating the new model: you should trust this data
deep – set to True to make a deep copy of the model

Returns

new model instance

dict(*, include: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, exclude: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, by_alias: bool = False, skip_defaults: Optional[bool] = None, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False) → DictStrAny: Generate a dictionary representation of the model, optionally specifying which fields to include or exclude.

get(name: str, default: Optional[Any] = None) → Any

Safely get the value of an attribute.

Parameters

name – Attribute name to return the value for.
default – Value to return if attribute is not found.

json(*, include: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, exclude: Optional[Union[AbstractSetIntStr, MappingIntStrAny]] = None, by_alias: bool = False, skip_defaults: Optional[bool] = None, exclude_unset: bool = False, exclude_defaults: bool = False, exclude_none: bool = False, encoder: Optional[Callable[[Any], Any]] = None, models_as_dict: bool = True, **dumps_kwargs: Any) → unicode

Generate a JSON representation of the model, include and exclude arguments as per dict().

encoder is an optional function to supply as default to json.dumps(), other arguments as per json.dumps().

classmethod update_forward_refs(**localns: Any) → None: Try to update ForwardRefs on fields based on this Model, globalns and localns.

redirect_path_refresh: str: The URL path for authorization refresh redirect (Correlates to the refresh auth lambda).

redirect_path_sign_in: str: The URL path to be redirected to after sign in (Correlates to the parse auth lambda).

redirect_path_sign_out: str: The URL path to be redirected to after sign out (Correlates to the root to be asked to resigning).

required_group: Optional[str]: Optional User Pool group to which access should be restricted.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.write(context: CfnginContext, provider: Provider, *__args: Any, **kwargs: Any) → Dict[str, Any][source]

Writes/Uploads the configured lambdas for Auth@Edge.

Lambda@Edge does not have the ability to allow Environment variables at the time of this writing. In order to configure our lambdas with dynamic variables we first will go through and update a “shared” template with all of the configuration elements and add that to a temporary folder along with each of the individual Lambda@Edge functions. This temporary folder is then used with the CFNgin awsLambda hook to build the functions.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.get_nonce_signing_secret(param_name: str, context: runway.context.CfnginContext) → str[source]: Retrieve signing secret, generating & storing it first if not present.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.random_key(length: int = 16) → str[source]

Generate a random key of specified length from the allowed secret characters.

Parameters: length – The length of the random key.