From b46409d00e4974e80cd7494906adc96cd1c51b6e Mon Sep 17 00:00:00 2001
From: windmgc <windmgc@gmail.com>
Date: Wed, 16 Aug 2023 12:07:19 +0800
Subject: [PATCH 1/4] tests(aws-lambda): add response content type for multiple
 tests, add proxy integration test for sam

---
 .../27-aws-lambda/08-sam-integration_spec.lua | 33 +++++++++++++++++++
 spec/fixtures/aws-lambda.lua                  |  3 ++
 spec/fixtures/sam-app/hello_world/app.py      |  2 +-
 3 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua b/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
index 22be2a4c0c91..fe40a382561b 100644
--- a/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
+++ b/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
@@ -57,6 +57,26 @@ if sam.get_os_architecture() ~= "aarch64" then
             log_type      = "None",
           },
         }
+
+        local route2 = bp.routes:insert {
+          hosts = { "lambda2.com" },
+        }
+
+        bp.plugins:insert {
+          name     = "aws-lambda",
+          route    = { id = route2.id },
+          config   = {
+            host          = "localhost",
+            port          = sam_port,
+            disable_https = true,
+            aws_key       = "mock-key",
+            aws_secret    = "mock-secret",
+            aws_region    = "us-east-1",
+            function_name = "HelloWorldFunction",
+            log_type      = "None",
+            is_proxy_integration = true,
+          },
+        }
       end)
 
       lazy_teardown(function()
@@ -96,6 +116,19 @@ if sam.get_os_architecture() ~= "aarch64" then
           })
           assert.res_status(200, res)
         end)
+
+        it("can extract proxy response correctly", function ()
+          local res = assert(proxy_client:send {
+            method  = "GET",
+            path    = "/",
+            headers = {
+              host = "lambda2com"
+            }
+          })
+          assert.res_status(201, res)
+          local body = assert.response(res).has.jsonbody()
+          assert.equal("hello world", body.message)
+        end)
       end)
     end)
   end
diff --git a/spec/fixtures/aws-lambda.lua b/spec/fixtures/aws-lambda.lua
index d2d83b733f2b..0fa0dec80964 100644
--- a/spec/fixtures/aws-lambda.lua
+++ b/spec/fixtures/aws-lambda.lua
@@ -40,15 +40,18 @@ local fixtures = {
                       ngx.header["Content-Length"] = 0
 
                     elseif string.match(ngx.var.uri, "functionWithBase64EncodedResponse") then
+                      ngx.header["Content-Type"] = "application/json"
                       ngx.say("{\"statusCode\": 200, \"body\": \"dGVzdA==\", \"isBase64Encoded\": true}")
 
                     elseif string.match(ngx.var.uri, "functionWithNotBase64EncodedResponse") then
+                      ngx.header["Content-Type"] = "application/json"
                       ngx.say("{\"statusCode\": 200, \"body\": \"dGVzdA=\", \"isBase64Encoded\": false}")
 
                     elseif string.match(ngx.var.uri, "functionWithIllegalBase64EncodedResponse") then
                       ngx.say("{\"statusCode\": 200, \"body\": \"dGVzdA=\", \"isBase64Encoded\": \"abc\"}")
 
                     elseif string.match(ngx.var.uri, "functionWithMultiValueHeadersResponse") then
+                      ngx.header["Content-Type"] = "application/json"
                       ngx.say("{\"statusCode\": 200, \"headers\": { \"Age\": \"3600\"}, \"multiValueHeaders\": {\"Access-Control-Allow-Origin\": [\"site1.com\", \"site2.com\"]}}")
 
                     elseif string.match(ngx.var.uri, "functionEcho") then
diff --git a/spec/fixtures/sam-app/hello_world/app.py b/spec/fixtures/sam-app/hello_world/app.py
index 093062037aa5..f416e2d964a4 100644
--- a/spec/fixtures/sam-app/hello_world/app.py
+++ b/spec/fixtures/sam-app/hello_world/app.py
@@ -34,7 +34,7 @@ def lambda_handler(event, context):
     #     raise e
 
     return {
-        "statusCode": 200,
+        "statusCode": 201,
         "body": json.dumps({
             "message": "hello world",
             # "location": ip.text.replace("\n", "")

From a78596d0b8c44121880a61cdf289d88babb3a242 Mon Sep 17 00:00:00 2001
From: windmgc <windmgc@gmail.com>
Date: Wed, 16 Aug 2023 12:46:28 +0800
Subject: [PATCH 2/4] fix(aws-lambda): better type & error handling when
 extracting proxy response

---
 kong/plugins/aws-lambda/request-util.lua | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/kong/plugins/aws-lambda/request-util.lua b/kong/plugins/aws-lambda/request-util.lua
index 66b6b223d34b..136e48272ecc 100644
--- a/kong/plugins/aws-lambda/request-util.lua
+++ b/kong/plugins/aws-lambda/request-util.lua
@@ -93,9 +93,18 @@ end
 
 
 local function extract_proxy_response(content)
-  local serialized_content, err = cjson.decode(content)
-  if not serialized_content then
-    return nil, err
+  local serialized_content, err
+  if type(content) == "string" then
+    serialized_content, err = cjson.decode(content)
+    if not serialized_content then
+      return nil, err
+    end
+
+  elseif type(content) == "table" then
+    serialized_content = content
+
+  else
+    return nil, "proxy response must be json format"
   end
 
   local ok, err = validate_custom_response(serialized_content)

From 8b9169fa56590ae0d7de0c025657d4c04ee24151 Mon Sep 17 00:00:00 2001
From: windmgc <windmgc@gmail.com>
Date: Wed, 16 Aug 2023 13:13:38 +0800
Subject: [PATCH 3/4] tests(aws-lambda): fix test

---
 spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua b/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
index fe40a382561b..0ddef1868552 100644
--- a/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
+++ b/spec/03-plugins/27-aws-lambda/08-sam-integration_spec.lua
@@ -122,7 +122,7 @@ if sam.get_os_architecture() ~= "aarch64" then
             method  = "GET",
             path    = "/",
             headers = {
-              host = "lambda2com"
+              host = "lambda2.com"
             }
           })
           assert.res_status(201, res)

From 90716d9786b5c0209c0d64a0b08d017840eb3abf Mon Sep 17 00:00:00 2001
From: windmgc <windmgc@gmail.com>
Date: Wed, 16 Aug 2023 13:49:05 +0800
Subject: [PATCH 4/4] docs(changelog): add missing changelog

---
 CHANGELOG.md | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bba607c85fa6..09a22c5c1701 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,18 @@
 
 ## Unreleased
 
-# Fixes
+### Additions
+
+#### Core
+
+#### Plugins
+
+- **AWS-Lambda**: the AWS-Lambda plugin has been refactored by using `lua-resty-aws` as an
+  underlying AWS library. The refactor simplifies the AWS-Lambda plugin code base and
+  adding support for multiple IAM authenticating scenarios.
+  [#11350](https://github.com/Kong/kong/pull/11350)
+
+### Fixes
 
 #### Core
 
@@ -26,8 +37,10 @@
 
 #### Plugins
 
-- For OAuth2 plugin, `scope` has been taken into account as a new criterion of the request validation. When refreshing token with `refresh_token`, the scopes associated with the `refresh_token` provided in the request must be same with or a subset of the scopes configured in the OAuth2 plugin instance hit by the request.
+- **OAuth2**: For OAuth2 plugin, `scope` has been taken into account as a new criterion of the request validation. When refreshing token with `refresh_token`, the scopes associated with the `refresh_token` provided in the request must be same with or a subset of the scopes configured in the OAuth2 plugin instance hit by the request.
   [#11342](https://github.com/Kong/kong/pull/11342)
+- **AWS-Lambda**: fix an issue that the AWS-Lambda plugin cannot extract a json encoded proxy integration response.
+  [#11413](https://github.com/Kong/kong/pull/11413)
 
 ## 3.4.0