From 5844286b2f6b11742cc4ac90ba251910a8233b06 Mon Sep 17 00:00:00 2001 From: Praneeta Prakash Date: Mon, 7 Oct 2019 16:33:03 -0700 Subject: [PATCH 1/2] fix: resource policies fix for v1.15.1 (#1181) --- .../api_resource_policy/template.yaml | 4 +- samtranslator/__init__.py | 2 +- samtranslator/swagger/swagger.py | 13 +-- tests/swagger/test_swagger.py | 104 ++++++++---------- .../api_with_aws_account_blacklist.json | 25 ++--- .../api_with_aws_account_whitelist.json | 16 ++- .../output/api_with_ip_range_blacklist.json | 35 +++--- .../output/api_with_ip_range_whitelist.json | 37 +++---- .../api_with_resource_policy_global.json | 16 ++- .../output/api_with_source_vpc_blacklist.json | 16 ++- .../output/api_with_source_vpc_whitelist.json | 52 ++++----- .../api_with_aws_account_blacklist.json | 27 +++-- .../api_with_aws_account_whitelist.json | 66 ++++++----- .../aws-cn/api_with_ip_range_blacklist.json | 71 ++++++------ .../aws-cn/api_with_ip_range_whitelist.json | 21 ++-- .../api_with_resource_policy_global.json | 34 +++--- .../aws-cn/api_with_source_vpc_blacklist.json | 32 +++--- .../aws-cn/api_with_source_vpc_whitelist.json | 52 ++++----- .../api_with_aws_account_blacklist.json | 11 +- .../api_with_aws_account_whitelist.json | 16 ++- .../api_with_ip_range_blacklist.json | 35 +++--- .../api_with_ip_range_whitelist.json | 21 ++-- .../api_with_resource_policy_global.json | 16 ++- .../api_with_source_vpc_blacklist.json | 16 ++- .../api_with_source_vpc_whitelist.json | 36 +++--- 25 files changed, 352 insertions(+), 422 deletions(-) diff --git a/examples/2016-10-31/api_resource_policy/template.yaml b/examples/2016-10-31/api_resource_policy/template.yaml index ae8361477..e81cb3715 100644 --- a/examples/2016-10-31/api_resource_policy/template.yaml +++ b/examples/2016-10-31/api_resource_policy/template.yaml @@ -8,13 +8,15 @@ Globals: "Effect": "Allow", "Principal": "*", "Action": "execute-api:Invoke", - "Resource": "execute-api:*/*/*", + "Resource": "execute-api:/Prod/PUT/get", "Condition": { "IpAddress": { "aws:SourceIp": "1.2.3.4" } } }] + # OR you can use the following, they both do the same thing + IpRangeBlacklist: ['1.2.3.4'] Resources: MyFunction: Type: AWS::Serverless::Function diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 1c19d78b1..2ed81080a 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = '1.15.0' +__version__ = '1.15.1' diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index ad9b881aa..b0f299c37 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -6,7 +6,6 @@ from samtranslator.model.intrinsics import ref from samtranslator.model.intrinsics import make_conditional, fnSub from samtranslator.model.exceptions import InvalidDocumentException, InvalidTemplateException -from samtranslator.translator.arn_generator import ArnGenerator class SwaggerEditor(object): @@ -891,15 +890,9 @@ def _get_method_path_uri_list(self, path, api_id, stage): for m in methods: method = '*' if (m.lower() == self._X_ANY_METHOD or m.lower() == 'any') else m.upper() - - # RestApiId can be a simple string or intrinsic function like !Ref. Using Fn::Sub will handle both cases - resource = '${__ApiId__}/' + '${__Stage__}/' + method + path - partition = ArnGenerator.get_partition_name(None) - if partition is None: - partition = "aws" - source_arn = fnSub(ArnGenerator.generate_arn(partition=partition, service='execute-api', resource=resource), - {"__ApiId__": api_id, "__Stage__": stage}) - uri_list.extend([source_arn]) + resource = "execute-api:/${__Stage__}/" + method + path + resource = fnSub(resource, {"__Stage__": stage}) + uri_list.extend([resource]) return uri_list def _add_ip_resource_policy_for_method(self, ip_list, conditional, resource_list): diff --git a/tests/swagger/test_swagger.py b/tests/swagger/test_swagger.py index 5afbe2888..86fe65b51 100644 --- a/tests/swagger/test_swagger.py +++ b/tests/swagger/test_swagger.py @@ -1421,7 +1421,6 @@ def test_must_add_custom_statements(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_iam_allow(self): ## fails resourcePolicy = { @@ -1438,14 +1437,14 @@ def test_must_add_iam_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', @@ -1457,7 +1456,6 @@ def test_must_add_iam_allow(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_iam_deny(self): resourcePolicy = { @@ -1474,14 +1472,14 @@ def test_must_add_iam_deny(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1493,7 +1491,6 @@ def test_must_add_iam_deny(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_ip_allow(self): resourcePolicy = { @@ -1510,14 +1507,14 @@ def test_must_add_ip_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', @@ -1527,14 +1524,14 @@ def test_must_add_ip_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1549,7 +1546,6 @@ def test_must_add_ip_allow(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_ip_deny(self): resourcePolicy = { @@ -1566,14 +1562,14 @@ def test_must_add_ip_deny(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', @@ -1583,14 +1579,14 @@ def test_must_add_ip_deny(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1605,7 +1601,6 @@ def test_must_add_ip_deny(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_vpc_allow(self): resourcePolicy = { @@ -1624,14 +1619,14 @@ def test_must_add_vpc_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', @@ -1641,14 +1636,14 @@ def test_must_add_vpc_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1663,14 +1658,14 @@ def test_must_add_vpc_allow(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1686,7 +1681,6 @@ def test_must_add_vpc_allow(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_vpc_deny(self): resourcePolicy = { @@ -1704,14 +1698,14 @@ def test_must_add_vpc_deny(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', @@ -1721,14 +1715,14 @@ def test_must_add_vpc_deny(self): 'Action': 'execute-api:Invoke', 'Resource': [ { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Deny', @@ -1744,9 +1738,7 @@ def test_must_add_vpc_deny(self): self.assertEqual(deep_sort_lists(expected), deep_sort_lists(self.editor.swagger[_X_POLICY])) - @patch("boto3.session.Session.region_name", "eu-west-2") def test_must_add_iam_allow_and_custom(self): -## fails resourcePolicy = { 'AwsAccountWhitelist': [ '123456' @@ -1769,14 +1761,14 @@ def test_must_add_iam_allow_and_custom(self): 'Action': 'execute-api:Invoke', 'Resource': [{ 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/PUT/foo', + {'__Stage__': 'prod'} ] }, { 'Fn::Sub': [ - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/foo', - {'__Stage__': 'prod', '__ApiId__': '123'} + 'execute-api:/${__Stage__}/GET/foo', + {'__Stage__': 'prod'} ] }], 'Effect': 'Allow', diff --git a/tests/translator/output/api_with_aws_account_blacklist.json b/tests/translator/output/api_with_aws_account_blacklist.json index 1202e8818..551897548 100644 --- a/tests/translator/output/api_with_aws_account_blacklist.json +++ b/tests/translator/output/api_with_aws_account_blacklist.json @@ -22,26 +22,26 @@ ] } }, - "ServerlessRestApiDeploymentaf499b09d8": { - "Type": "AWS::ApiGateway::Deployment", + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment58caafe4ca" + }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: af499b09d83319b6e1cf6d2f1611824b4c0bd7a9", - "StageName": "Stage" + "StageName": "Prod" } }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ServerlessRestApiDeployment58caafe4ca": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentaf499b09d8" - }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "StageName": "Prod" + "Description": "RestApi deployment id: 58caafe4ca843d2d259f522ee6c408cfd9523ea1", + "StageName": "Stage" } }, "MyFunctionRole": { @@ -100,10 +100,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/api_with_aws_account_whitelist.json b/tests/translator/output/api_with_aws_account_whitelist.json index 4cb4209e2..06cd2a790 100644 --- a/tests/translator/output/api_with_aws_account_whitelist.json +++ b/tests/translator/output/api_with_aws_account_whitelist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeployment9acce0f54c": { + "ServerlessRestApiDeployment3727797069": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 9acce0f54c733a8145c44997c6c46301b3c7225a", + "Description": "RestApi deployment id: 3727797069c39cb2513220baab9ed7c4bb74d882", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment9acce0f54c" + "Ref": "ServerlessRestApiDeployment3727797069" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +120,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/api_with_ip_range_blacklist.json b/tests/translator/output/api_with_ip_range_blacklist.json index 062ca60ea..20125defa 100644 --- a/tests/translator/output/api_with_ip_range_blacklist.json +++ b/tests/translator/output/api_with_ip_range_blacklist.json @@ -22,26 +22,26 @@ ] } }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ServerlessRestApiDeploymentd123ec976c": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeployment58bae06e3f" - }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "StageName": "Prod" + "Description": "RestApi deployment id: d123ec976c2dab1f9d5da42c13d0960b0c7af65e", + "StageName": "Stage" } }, - "ServerlessRestApiDeployment58bae06e3f": { - "Type": "AWS::ApiGateway::Deployment", + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeploymentd123ec976c" + }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 58bae06e3fc57cd27e4edfbb81d1d5af271892f0", - "StageName": "Stage" + "StageName": "Prod" } }, "MyFunctionRole": { @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +120,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -137,10 +135,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/api_with_ip_range_whitelist.json b/tests/translator/output/api_with_ip_range_whitelist.json index 375edb5df..45bdde997 100644 --- a/tests/translator/output/api_with_ip_range_whitelist.json +++ b/tests/translator/output/api_with_ip_range_whitelist.json @@ -22,21 +22,11 @@ ] } }, - "ServerlessRestApiDeployment76920744dd": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 76920744dddba46eab650de0dea51e352ce7709f", - "StageName": "Stage" - } - }, "ServerlessRestApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment76920744dd" + "Ref": "ServerlessRestApiDeployment864f081ed8" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +91,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +106,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -140,10 +128,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -163,6 +150,16 @@ } } }, + "ServerlessRestApiDeployment864f081ed8": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: 864f081ed8e2c158aa653c724bfc879fb3f4a78b", + "StageName": "Stage" + } + }, "MyFunctionApiPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { diff --git a/tests/translator/output/api_with_resource_policy_global.json b/tests/translator/output/api_with_resource_policy_global.json index fa907c1b2..b939ec041 100644 --- a/tests/translator/output/api_with_resource_policy_global.json +++ b/tests/translator/output/api_with_resource_policy_global.json @@ -6,13 +6,13 @@ } }, "Resources": { - "ExplicitApiDeploymenta4feb3869b": { + "ExplicitApiDeploymente173c8c5c6": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: a4feb3869b7e479e2b721afa915ab7b14833920e", + "Description": "RestApi deployment id: e173c8c5c6055492b897fc85a73484cfdba2742f", "StageName": "Stage" } }, @@ -41,7 +41,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymenta4feb3869b" + "Ref": "ExplicitApiDeploymente173c8c5c6" }, "RestApiId": { "Ref": "ExplicitApi" @@ -138,12 +138,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } @@ -156,12 +155,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } diff --git a/tests/translator/output/api_with_source_vpc_blacklist.json b/tests/translator/output/api_with_source_vpc_blacklist.json index 643e87fc0..7015da984 100644 --- a/tests/translator/output/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/api_with_source_vpc_blacklist.json @@ -26,7 +26,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment9f51cca2cf" + "Ref": "ServerlessRestApiDeployment68fcd6e127" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -34,13 +34,13 @@ "StageName": "Prod" } }, - "ServerlessRestApiDeployment9f51cca2cf": { + "ServerlessRestApiDeployment68fcd6e127": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 9f51cca2cf4e454c3ac200133f21bcd80341c24f", + "Description": "RestApi deployment id: 68fcd6e127ad767b7bafd3b7a4552a56cb5ea19d", "StageName": "Stage" } }, @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +116,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/api_with_source_vpc_whitelist.json b/tests/translator/output/api_with_source_vpc_whitelist.json index a71b0a401..50ce72a75 100644 --- a/tests/translator/output/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/api_with_source_vpc_whitelist.json @@ -43,16 +43,6 @@ } } }, - "ServerlessRestApiDeployment1df013b4bb": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 1df013b4bb69de8da845b9fe47a5010017e4959d", - "StageName": "Stage" - } - }, "MyApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { @@ -65,6 +55,16 @@ "StageName": "Prod" } }, + "ServerlessRestApiDeploymente137534328": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: e1375343284100b701b94f5b3d70cde0563eca05", + "StageName": "Stage" + } + }, "MyApiDeployment5332c373d4": { "Type": "AWS::ApiGateway::Deployment", "Properties": { @@ -79,7 +79,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment1df013b4bb" + "Ref": "ServerlessRestApiDeploymente137534328" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -171,10 +171,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -187,10 +186,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -208,10 +206,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -229,10 +226,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -245,10 +241,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -266,10 +261,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json b/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json index bd01c1e50..b348dce51 100644 --- a/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json +++ b/tests/translator/output/aws-cn/api_with_aws_account_blacklist.json @@ -26,7 +26,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymente835d837b3" + "Ref": "ServerlessRestApiDeploymentc4450d906c" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -34,6 +34,16 @@ "StageName": "Prod" } }, + "ServerlessRestApiDeploymentc4450d906c": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: c4450d906c6986feebcc880fb891417511ce0106", + "StageName": "Stage" + } + }, "MyFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -58,16 +68,6 @@ } } }, - "ServerlessRestApiDeploymente835d837b3": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: e835d837b3cbc015baae54fd8ca8090f8eaa723c", - "StageName": "Stage" - } - }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -100,10 +100,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json b/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json index 9cec5b40f..8b086957a 100644 --- a/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json +++ b/tests/translator/output/aws-cn/api_with_aws_account_whitelist.json @@ -22,21 +22,11 @@ ] } }, - "ServerlessRestApiDeploymente7905dda60": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: e7905dda60d3286884e79a9e83c1d8c21cabb8b5", - "StageName": "Stage" - } - }, "ServerlessRestApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymente7905dda60" + "Ref": "ServerlessRestApiDeployment441a70783b" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -44,6 +34,27 @@ "StageName": "Prod" } }, + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessRestApi" + } + } + ] + } + } + }, "MyFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -101,10 +112,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +131,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -149,25 +158,14 @@ } } }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", + "ServerlessRestApiDeployment441a70783b": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" + "RestApiId": { + "Ref": "ServerlessRestApi" }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } + "Description": "RestApi deployment id: 441a70783b8bddfd09ec6cd4033f27e5094e7511", + "StageName": "Stage" } } } diff --git a/tests/translator/output/aws-cn/api_with_ip_range_blacklist.json b/tests/translator/output/aws-cn/api_with_ip_range_blacklist.json index 64c3cbada..bb034cb81 100644 --- a/tests/translator/output/aws-cn/api_with_ip_range_blacklist.json +++ b/tests/translator/output/aws-cn/api_with_ip_range_blacklist.json @@ -26,7 +26,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentad2e86883f" + "Ref": "ServerlessRestApiDeployment5e467ed97e" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -34,14 +34,25 @@ "StageName": "Prod" } }, - "ServerlessRestApiDeploymentad2e86883f": { - "Type": "AWS::ApiGateway::Deployment", + "MyFunctionApiPermissionProd": { + "Type": "AWS::Lambda::Permission", "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "MyFunction" }, - "Description": "RestApi deployment id: ad2e86883ff0677d26b8cba85e4675fd2dbe134e", - "StageName": "Stage" + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ServerlessRestApi" + } + } + ] + } } }, "MyFunctionRole": { @@ -68,6 +79,16 @@ } } }, + "ServerlessRestApiDeployment5e467ed97e": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: 5e467ed97e429eadbf1e8e5a36ac9738d37bb79f", + "StageName": "Stage" + } + }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -101,10 +122,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +141,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -137,10 +156,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -167,27 +185,6 @@ "endpointConfigurationTypes": "REGIONAL" } } - }, - "MyFunctionApiPermissionProd": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "Action": "lambda:invokeFunction", - "Principal": "apigateway.amazonaws.com", - "FunctionName": { - "Ref": "MyFunction" - }, - "SourceArn": { - "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", - { - "__Stage__": "*", - "__ApiId__": { - "Ref": "ServerlessRestApi" - } - } - ] - } - } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-cn/api_with_ip_range_whitelist.json b/tests/translator/output/aws-cn/api_with_ip_range_whitelist.json index 38fee31e5..f5a0093d3 100644 --- a/tests/translator/output/aws-cn/api_with_ip_range_whitelist.json +++ b/tests/translator/output/aws-cn/api_with_ip_range_whitelist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeployment0fb94d038c": { + "ServerlessRestApiDeployment4dbd43b8e2": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 0fb94d038c93899077114cddb8f2950d988d8980", + "Description": "RestApi deployment id: 4dbd43b8e229c09245208ff5a44c9a083227a560", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment0fb94d038c" + "Ref": "ServerlessRestApiDeployment4dbd43b8e2" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +116,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -140,10 +138,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-cn/api_with_resource_policy_global.json b/tests/translator/output/aws-cn/api_with_resource_policy_global.json index 2f756e0c4..4a55c1689 100644 --- a/tests/translator/output/aws-cn/api_with_resource_policy_global.json +++ b/tests/translator/output/aws-cn/api_with_resource_policy_global.json @@ -6,18 +6,14 @@ } }, "Resources": { - "ExplicitApiStage": { - "Type": "AWS::ApiGateway::Stage", + "ExplicitApiDeploymente173c8c5c6": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ExplicitApiDeployment2fa8a93a1f" - }, "RestApiId": { "Ref": "ExplicitApi" }, - "StageName": { - "Ref": "StageName" - } + "Description": "RestApi deployment id: e173c8c5c6055492b897fc85a73484cfdba2742f", + "StageName": "Stage" } }, "ExplicitApiFunctionGetHtmlPermissionStage": { @@ -41,14 +37,18 @@ } } }, - "ExplicitApiDeployment2fa8a93a1f": { - "Type": "AWS::ApiGateway::Deployment", + "ExplicitApiStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ExplicitApiDeploymente173c8c5c6" + }, "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: 2fa8a93a1f0177bfd94304dfc620cc8f6930af28", - "StageName": "Stage" + "StageName": { + "Ref": "StageName" + } } }, "ExplicitApiFunction": { @@ -138,12 +138,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } @@ -156,12 +155,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } diff --git a/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json b/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json index eb6b17b7e..1c725e6e2 100644 --- a/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/aws-cn/api_with_source_vpc_blacklist.json @@ -22,21 +22,11 @@ ] } }, - "ServerlessRestApiDeployment2adabda9e0": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 2adabda9e0f4f56199a98530d73b978c7a986276", - "StageName": "Stage" - } - }, "ServerlessRestApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment2adabda9e0" + "Ref": "ServerlessRestApiDeployment9042dce526" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -68,6 +58,16 @@ } } }, + "ServerlessRestApiDeployment9042dce526": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: 9042dce526aaebf4138c89cce3779fd4ec217cf5", + "StageName": "Stage" + } + }, "ServerlessRestApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +116,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json b/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json index 9637ff9fc..8b66a9b61 100644 --- a/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/aws-cn/api_with_source_vpc_whitelist.json @@ -55,16 +55,6 @@ "StageName": "Prod" } }, - "ServerlessRestApiDeployment56cfaf2d3e": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ServerlessRestApi" - }, - "Description": "RestApi deployment id: 56cfaf2d3ea9a7a371e9fd593a49554e8914a1aa", - "StageName": "Stage" - } - }, "MyApiDeployment5332c373d4": { "Type": "AWS::ApiGateway::Deployment", "Properties": { @@ -79,7 +69,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment56cfaf2d3e" + "Ref": "ServerlessRestApiDeployment4076852abe" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -179,10 +169,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -195,10 +184,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -216,10 +204,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -237,10 +224,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -253,10 +239,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -274,10 +259,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -303,6 +287,16 @@ } } }, + "ServerlessRestApiDeployment4076852abe": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "Description": "RestApi deployment id: 4076852abe795c70d8c28e5881f135018039f144", + "StageName": "Stage" + } + }, "MyFunctionApiPermissionProd": { "Type": "AWS::Lambda::Permission", "Properties": { diff --git a/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json b/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json index bd70a3966..4ce517bdf 100644 --- a/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json +++ b/tests/translator/output/aws-us-gov/api_with_aws_account_blacklist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeploymentcd2fa40e47": { + "ServerlessRestApiDeployment589bc02957": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: cd2fa40e471867b0757992eddb5c1351785cf367", + "Description": "RestApi deployment id: 589bc02957d5c0cd37766f5b4ad15db34e339c67", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentcd2fa40e47" + "Ref": "ServerlessRestApiDeployment589bc02957" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -100,10 +100,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json b/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json index 24d6b9af0..c1d828510 100644 --- a/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json +++ b/tests/translator/output/aws-us-gov/api_with_aws_account_whitelist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeploymentd028bd9355": { + "ServerlessRestApiDeployment1455f86734": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: d028bd935587bcc8cc07ae2c47a491a0475540a0", + "Description": "RestApi deployment id: 1455f86734ed594d0b04ccd0bfb035c00f838cca", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentd028bd9355" + "Ref": "ServerlessRestApiDeployment1455f86734" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +120,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_ip_range_blacklist.json b/tests/translator/output/aws-us-gov/api_with_ip_range_blacklist.json index 7834b03fe..84de52e1c 100644 --- a/tests/translator/output/aws-us-gov/api_with_ip_range_blacklist.json +++ b/tests/translator/output/aws-us-gov/api_with_ip_range_blacklist.json @@ -22,26 +22,26 @@ ] } }, - "ServerlessRestApiDeploymentc3603b681f": { - "Type": "AWS::ApiGateway::Deployment", + "ServerlessRestApiProdStage": { + "Type": "AWS::ApiGateway::Stage", "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment7a90608509" + }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: c3603b681fb1519de63ec993c5c34950423ffa82", - "StageName": "Stage" + "StageName": "Prod" } }, - "ServerlessRestApiProdStage": { - "Type": "AWS::ApiGateway::Stage", + "ServerlessRestApiDeployment7a90608509": { + "Type": "AWS::ApiGateway::Deployment", "Properties": { - "DeploymentId": { - "Ref": "ServerlessRestApiDeploymentc3603b681f" - }, "RestApiId": { "Ref": "ServerlessRestApi" }, - "StageName": "Prod" + "Description": "RestApi deployment id: 7a906085093a57bc5b444a0158449c6725a507cc", + "StageName": "Stage" } }, "MyFunctionRole": { @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -121,10 +120,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -137,10 +135,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_ip_range_whitelist.json b/tests/translator/output/aws-us-gov/api_with_ip_range_whitelist.json index 111af1426..8a9628f6b 100644 --- a/tests/translator/output/aws-us-gov/api_with_ip_range_whitelist.json +++ b/tests/translator/output/aws-us-gov/api_with_ip_range_whitelist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeployment33b7a8bd6f": { + "ServerlessRestApiDeployment05e180d91b": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 33b7a8bd6f35b44ef3dcfb319c3ce64cf03a9937", + "Description": "RestApi deployment id: 05e180d91bfb84481403ba5b028afe1db84437dc", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment33b7a8bd6f" + "Ref": "ServerlessRestApiDeployment05e180d91b" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +116,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -140,10 +138,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_resource_policy_global.json b/tests/translator/output/aws-us-gov/api_with_resource_policy_global.json index ee863bb51..334d8b0fc 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_policy_global.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_policy_global.json @@ -6,13 +6,13 @@ } }, "Resources": { - "ExplicitApiDeployment81b55110cd": { + "ExplicitApiDeploymente173c8c5c6": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: 81b55110cd180d9befc82fb98c8959611ef5976f", + "Description": "RestApi deployment id: e173c8c5c6055492b897fc85a73484cfdba2742f", "StageName": "Stage" } }, @@ -41,7 +41,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment81b55110cd" + "Ref": "ExplicitApiDeploymente173c8c5c6" }, "RestApiId": { "Ref": "ExplicitApi" @@ -138,12 +138,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } @@ -156,12 +155,11 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "execute-api:/${__Stage__}/GET/", { "__Stage__": { "Ref": "StageName" - }, - "__ApiId__": "ExplicitApi" + } } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json b/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json index 62edf8feb..fc78606c3 100644 --- a/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json +++ b/tests/translator/output/aws-us-gov/api_with_source_vpc_blacklist.json @@ -22,13 +22,13 @@ ] } }, - "ServerlessRestApiDeployment829e07383e": { + "ServerlessRestApiDeployment023bd5bca7": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 829e07383e1a1c0c161c27d399dcd32537399916", + "Description": "RestApi deployment id: 023bd5bca761c7eb2832fb8a1a5dfa344af40f78", "StageName": "Stage" } }, @@ -36,7 +36,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment829e07383e" + "Ref": "ServerlessRestApiDeployment023bd5bca7" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -101,10 +101,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -117,10 +116,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } diff --git a/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json b/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json index 0f16c0ac6..d5934bdc4 100644 --- a/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json +++ b/tests/translator/output/aws-us-gov/api_with_source_vpc_whitelist.json @@ -43,13 +43,13 @@ } } }, - "ServerlessRestApiDeployment0a8bd2c3d5": { + "ServerlessRestApiDeployment48156fe851": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ServerlessRestApi" }, - "Description": "RestApi deployment id: 0a8bd2c3d5ab8e89dd4dc451acfb2bfb0f42667c", + "Description": "RestApi deployment id: 48156fe85100710f74059d13d889812a9defa259", "StageName": "Stage" } }, @@ -79,7 +79,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ServerlessRestApiDeployment0a8bd2c3d5" + "Ref": "ServerlessRestApiDeployment48156fe851" }, "RestApiId": { "Ref": "ServerlessRestApi" @@ -179,10 +179,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -195,10 +194,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -216,10 +214,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/get", + "execute-api:/${__Stage__}/PUT/get", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -237,10 +234,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -253,10 +249,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } @@ -274,10 +269,9 @@ "Resource": [ { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/fetch", + "execute-api:/${__Stage__}/POST/fetch", { - "__Stage__": "Prod", - "__ApiId__": "ServerlessRestApi" + "__Stage__": "Prod" } ] } From 68f1a8ad0e943d2fce0adc7b9a71ea6f66215fd2 Mon Sep 17 00:00:00 2001 From: Praneeta Prakash Date: Mon, 7 Oct 2019 20:44:08 -0700 Subject: [PATCH 2/2] fix: custom statements regression bug (#1183) --- samtranslator/swagger/swagger.py | 4 +- .../input/api_with_resource_policy.yaml | 16 +++- .../output/api_with_resource_policy.json | 92 ++++++++++++++++--- .../aws-cn/api_with_resource_policy.json | 92 ++++++++++++++++--- .../aws-us-gov/api_with_resource_policy.json | 76 ++++++++++++++- 5 files changed, 247 insertions(+), 33 deletions(-) diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index b0f299c37..8db2cf7ef 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -994,7 +994,9 @@ def _add_custom_statement(self, custom_statements): statement = self.resource_policy['Statement'] if not isinstance(statement, list): statement = [statement] - statement.extend(custom_statements) + for s in custom_statements: + if s not in statement: + statement.append(s) self.resource_policy['Statement'] = statement def add_request_parameters_to_method(self, path, method_name, request_parameters): diff --git a/tests/translator/input/api_with_resource_policy.yaml b/tests/translator/input/api_with_resource_policy.yaml index b58a18c97..becb35be9 100644 --- a/tests/translator/input/api_with_resource_policy.yaml +++ b/tests/translator/input/api_with_resource_policy.yaml @@ -21,7 +21,21 @@ Resources: Properties: RestApiId: Ref: ExplicitApi - Path: / + Path: /one Method: get + PostHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /two + Method: post + PutHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /three + Method: put \ No newline at end of file diff --git a/tests/translator/output/api_with_resource_policy.json b/tests/translator/output/api_with_resource_policy.json index bc747d621..a99a27cf1 100644 --- a/tests/translator/output/api_with_resource_policy.json +++ b/tests/translator/output/api_with_resource_policy.json @@ -23,6 +23,37 @@ ] } }, + "ExplicitApiDeploymentd2036decb3": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ExplicitApi" + }, + "Description": "RestApi deployment id: d2036decb36ce147b7738a97c419737ea7e02555", + "StageName": "Stage" + } + }, + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -34,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -45,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -62,21 +117,11 @@ } } }, - "ExplicitApiDeploymentcdee3f2ed1": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: cdee3f2ed1733103d54a04f635e1acc120e714c1", - "StageName": "Stage" - } - }, "ExplicitApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymentcdee3f2ed1" + "Ref": "ExplicitApiDeploymentd2036decb3" }, "RestApiId": { "Ref": "ExplicitApi" @@ -84,6 +129,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -118,7 +184,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": { diff --git a/tests/translator/output/aws-cn/api_with_resource_policy.json b/tests/translator/output/aws-cn/api_with_resource_policy.json index 79effdaf5..5a4dcf5b5 100644 --- a/tests/translator/output/aws-cn/api_with_resource_policy.json +++ b/tests/translator/output/aws-cn/api_with_resource_policy.json @@ -23,6 +23,37 @@ ] } }, + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, + "ExplicitApiDeployment09f793ab58": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ExplicitApi" + }, + "Description": "RestApi deployment id: 09f793ab583fe684660829cf209f0e28340df577", + "StageName": "Stage" + } + }, "ExplicitApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -34,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -45,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -74,7 +129,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment3f65c799d9" + "Ref": "ExplicitApiDeployment09f793ab58" }, "RestApiId": { "Ref": "ExplicitApi" @@ -82,6 +137,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -116,7 +192,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": { @@ -126,16 +202,6 @@ ] } } - }, - "ExplicitApiDeployment3f65c799d9": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 3f65c799d9b1cd1ec9957134eb76169e7d79d54b", - "StageName": "Stage" - } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_resource_policy.json b/tests/translator/output/aws-us-gov/api_with_resource_policy.json index 5a25e8153..b590e93d5 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_policy.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_policy.json @@ -23,13 +23,34 @@ ] } }, - "ExplicitApiDeployment05ad8508ea": { + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, + "ExplicitApiDeployment07fc5ee8d3": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: 05ad8508ea2fba75e3e1695154b7c3b455c6d5c9", + "Description": "RestApi deployment id: 07fc5ee8d3073a50b2164fe22c3e49e5abb343ec", "StageName": "Stage" } }, @@ -44,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -55,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -84,7 +129,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment05ad8508ea" + "Ref": "ExplicitApiDeployment07fc5ee8d3" }, "RestApiId": { "Ref": "ExplicitApi" @@ -92,6 +137,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -126,7 +192,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": {