auth-stub-template.yml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Authentication, IPV and SPOT stubs

#      Tags:
#        Service: Authentication, IPV and SPOT stubs
#        Source: govuk-one-login/orch-stubs
#        Owner: di-orchestration@digital.cabinet-office.gov.uk

Parameters:
  CodeSigningConfigArn:
    Type: String
    Description: The ARN of the Code Signing Config to use, provided by the deployment pipeline
    Default: none
  PermissionsBoundary:
    Type: String
    Description: The ARN of the permissions boundary to apply when creating IAM roles
    Default: none

Conditions:
  UseCodeSigning: !Not [!Equals [none, !Ref CodeSigningConfigArn]]
  UsePermissionsBoundary: !Not [!Equals [none, !Ref PermissionsBoundary]]

Globals:
  Function:
    CodeSigningConfigArn: !If
      - UseCodeSigning
      - !Ref CodeSigningConfigArn
      - !Ref AWS::NoValue
    PermissionsBoundary: !If
      - UsePermissionsBoundary
      - !Ref PermissionsBoundary
      - !Ref AWS::NoValue

Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub ${AWS::StackName}-ApiGateway
      StageName: Live
      AlwaysDeploy: true


  AuthAuthorizeLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: src/main/auth-stub/auth-authorize.handler
      Runtime: nodejs20.x
      Architectures:
        - arm64
      Events:
        Get:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /authorize
            Method: get
        Post:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /authorize
            Method: post
    Metadata:
      BuildMethod: esbuild
      BuildProperties:
        EntryPoints:
          - src/main/auth-stub/auth-authorize.ts
        Minify: true
        Sourcemap: true
        Target: node20

  AuthTokenLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: src/main/auth-stub/auth-token.handler
      Runtime: nodejs20.x
      Architectures:
        - arm64
      Events:
        Get:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /token
            Method: get
        Post:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /token
            Method: post
    Metadata:
      BuildMethod: esbuild
      BuildProperties:
        EntryPoints:
          - src/main/auth-stub/auth-token.ts
        Minify: true
        Sourcemap: true
        Target: node20

  AuthUserInfoLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: src/main/auth-stub/auth-userinfo.handler
      Runtime: nodejs20.x
      Architectures:
        - arm64
      Events:
        Get:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /userinfo
            Method: get
        Post:
          Type: Api
          Properties:
            RestApiId: !Ref ApiGateway
            Path: /userinfo
            Method: post
    Metadata:
      BuildMethod: esbuild
      BuildProperties:
        EntryPoints:
          - src/main/auth-stub/auth-userinfo.ts
        Minify: true
        Sourcemap: true
        Target: node20