From de140b02ae66812d5eba634db6ebfeba69979f09 Mon Sep 17 00:00:00 2001 From: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Date: Mon, 25 Apr 2022 05:01:42 -0700 Subject: [PATCH] (fix) pass the condition attribute to the generated function url resources for the conditional functions --- samtranslator/model/sam_resources.py | 6 +- ...n_with_function_url_config_conditions.yaml | 35 ++++++ ...n_with_function_url_config_conditions.json | 113 ++++++++++++++++++ ...n_with_function_url_config_conditions.json | 113 ++++++++++++++++++ ...n_with_function_url_config_conditions.json | 113 ++++++++++++++++++ tests/translator/test_translator.py | 1 + 6 files changed, 379 insertions(+), 2 deletions(-) create mode 100644 tests/translator/input/function_with_function_url_config_conditions.yaml create mode 100644 tests/translator/output/aws-cn/function_with_function_url_config_conditions.json create mode 100644 tests/translator/output/aws-us-gov/function_with_function_url_config_conditions.json create mode 100644 tests/translator/output/function_with_function_url_config_conditions.json diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index c614c56d3..8ae71e8f5 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -879,7 +879,8 @@ def _construct_function_url(self, lambda_function, lambda_alias): self._validate_function_url_params(lambda_function) logical_id = f"{lambda_function.logical_id}Url" - lambda_url = LambdaUrl(logical_id=logical_id) + lambda_url_attributes = self.get_passthrough_resource_attributes() + lambda_url = LambdaUrl(logical_id=logical_id, attributes=lambda_url_attributes) cors = self.FunctionUrlConfig.get("Cors") if cors: @@ -963,7 +964,8 @@ def _construct_url_permission(self, lambda_function): return None logical_id = f"{lambda_function.logical_id}UrlPublicPermissions" - lambda_permission = LambdaPermission(logical_id=logical_id) + lambda_permission_attributes = self.get_passthrough_resource_attributes() + lambda_permission = LambdaPermission(logical_id=logical_id, attributes=lambda_permission_attributes) lambda_permission.Action = "lambda:InvokeFunctionUrl" lambda_permission.FunctionName = lambda_function.get_runtime_attr("name") lambda_permission.Principal = "*" diff --git a/tests/translator/input/function_with_function_url_config_conditions.yaml b/tests/translator/input/function_with_function_url_config_conditions.yaml new file mode 100644 index 000000000..40c2bce95 --- /dev/null +++ b/tests/translator/input/function_with_function_url_config_conditions.yaml @@ -0,0 +1,35 @@ +AWSTemplateFormatVersion: '2010-09-09' +Conditions: + MyCondition: + Fn::Equals: + - true + - true +Parameters: {} +Resources: + MyFunction: + Condition: MyCondition + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/hello.zip + Description: Created by SAM + Handler: index.handler + MemorySize: 1024 + Runtime: nodejs12.x + Timeout: 3 + FunctionUrlConfig: + AuthType: NONE + Cors: + AllowOrigins: + - "https://example.com" + - "example1.com" + - "example2.com" + - "example2.com" + AllowMethods: + - "GET" + AllowCredentials: true + AllowHeaders: + - "x-Custom-Header" + ExposeHeaders: + - "x-amzn-header" + MaxAge: 10 + diff --git a/tests/translator/output/aws-cn/function_with_function_url_config_conditions.json b/tests/translator/output/aws-cn/function_with_function_url_config_conditions.json new file mode 100644 index 000000000..64d3346dd --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_function_url_config_conditions.json @@ -0,0 +1,113 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Conditions": { + "MyCondition": { + "Fn::Equals": [ + true, + true + ] + } + }, + "Parameters": {}, + "Resources": { + "MyFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Description": "Created by SAM", + "Handler": "index.handler", + "MemorySize": 1024, + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Timeout": 3, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionUrl": { + "Type": "AWS::Lambda::Url", + "Condition": "MyCondition", + "Properties": { + "TargetFunctionArn": { + "Ref": "MyFunction" + }, + "AuthType": "NONE", + "Cors": { + "AllowOrigins": [ + "https://example.com", + "example1.com", + "example2.com", + "example2.com" + ], + "AllowMethods": [ + "GET" + ], + "AllowCredentials": true, + "AllowHeaders": [ + "x-Custom-Header" + ], + "ExposeHeaders": [ + "x-amzn-header" + ], + "MaxAge": 10 + } + } + }, + "MyFunctionUrlPublicPermissions": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunctionUrl", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "*", + "FunctionUrlAuthType": "NONE" + } + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/function_with_function_url_config_conditions.json b/tests/translator/output/aws-us-gov/function_with_function_url_config_conditions.json new file mode 100644 index 000000000..503d8d4f7 --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_function_url_config_conditions.json @@ -0,0 +1,113 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Conditions": { + "MyCondition": { + "Fn::Equals": [ + true, + true + ] + } + }, + "Parameters": {}, + "Resources": { + "MyFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Description": "Created by SAM", + "Handler": "index.handler", + "MemorySize": 1024, + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Timeout": 3, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionUrl": { + "Type": "AWS::Lambda::Url", + "Condition": "MyCondition", + "Properties": { + "TargetFunctionArn": { + "Ref": "MyFunction" + }, + "AuthType": "NONE", + "Cors": { + "AllowOrigins": [ + "https://example.com", + "example1.com", + "example2.com", + "example2.com" + ], + "AllowMethods": [ + "GET" + ], + "AllowCredentials": true, + "AllowHeaders": [ + "x-Custom-Header" + ], + "ExposeHeaders": [ + "x-amzn-header" + ], + "MaxAge": 10 + } + } + }, + "MyFunctionUrlPublicPermissions": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunctionUrl", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "*", + "FunctionUrlAuthType": "NONE" + } + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/function_with_function_url_config_conditions.json b/tests/translator/output/function_with_function_url_config_conditions.json new file mode 100644 index 000000000..9fa4a6b0b --- /dev/null +++ b/tests/translator/output/function_with_function_url_config_conditions.json @@ -0,0 +1,113 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Conditions": { + "MyCondition": { + "Fn::Equals": [ + true, + true + ] + } + }, + "Parameters": {}, + "Resources": { + "MyFunction": { + "Type": "AWS::Lambda::Function", + "Condition": "MyCondition", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Description": "Created by SAM", + "Handler": "index.handler", + "MemorySize": 1024, + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x", + "Timeout": 3, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MyFunctionUrl": { + "Type": "AWS::Lambda::Url", + "Condition": "MyCondition", + "Properties": { + "TargetFunctionArn": { + "Ref": "MyFunction" + }, + "AuthType": "NONE", + "Cors": { + "AllowOrigins": [ + "https://example.com", + "example1.com", + "example2.com", + "example2.com" + ], + "AllowMethods": [ + "GET" + ], + "AllowCredentials": true, + "AllowHeaders": [ + "x-Custom-Header" + ], + "ExposeHeaders": [ + "x-amzn-header" + ], + "MaxAge": 10 + } + } + }, + "MyFunctionUrlPublicPermissions": { + "Type": "AWS::Lambda::Permission", + "Condition": "MyCondition", + "Properties": { + "Action": "lambda:InvokeFunctionUrl", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "*", + "FunctionUrlAuthType": "NONE" + } + }, + "MyFunctionRole": { + "Type": "AWS::IAM::Role", + "Condition": "MyCondition", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 80bdd456f..6e1368288 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -473,6 +473,7 @@ class TestTranslatorEndToEnd(AbstractTestTranslator): "api_rest_paths_with_if_condition_openapi_no_value_then_case", "api_rest_paths_with_if_condition_openapi_no_value_else_case", "function_with_function_url_config", + "function_with_function_url_config_conditions", "function_with_function_url_config_with_intrinsics", "function_with_function_url_config_with_iam_authorization_type", "function_with_function_url_config_without_cors_config",