diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index d51eb04d8..2469e5cad 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -157,6 +157,11 @@ def to_cloudformation(self, **kwargs): code_sha256 = None if self.AutoPublishCodeSha256: code_sha256 = intrinsics_resolver.resolve_parameter_refs(self.AutoPublishCodeSha256) + if not isinstance(code_sha256, string_types): + raise InvalidResourceException( + self.logical_id, + "AutoPublishCodeSha256 must be a string", + ) lambda_version = self._construct_version( lambda_function, intrinsics_resolver=intrinsics_resolver, code_sha256=code_sha256 ) diff --git a/samtranslator/translator/logical_id_generator.py b/samtranslator/translator/logical_id_generator.py index 1a2a4b409..e87fc42c3 100644 --- a/samtranslator/translator/logical_id_generator.py +++ b/samtranslator/translator/logical_id_generator.py @@ -16,6 +16,7 @@ def __init__(self, prefix, data_obj=None, data_hash=None): :param prefix: Prefix for the logicalId :param data_obj: Data object to trigger new changes on. If set to None, this is ignored + :param data_hash: Pre-computed hash, must be a string """ data_str = "" diff --git a/tests/model/test_sam_resources.py b/tests/model/test_sam_resources.py index af70901c3..2b2fd808c 100644 --- a/tests/model/test_sam_resources.py +++ b/tests/model/test_sam_resources.py @@ -235,6 +235,34 @@ def test_with_version_description(self): generateFunctionVersion = [x for x in cfnResources if isinstance(x, LambdaVersion)] self.assertEqual(generateFunctionVersion[0].Description, test_description) + @patch("boto3.session.Session.region_name", "ap-southeast-1") + def test_with_autopublish_bad_hash(self): + function = SamFunction("foo") + test_description = "foobar" + + function.Runtime = "foo" + function.Handler = "bar" + function.CodeUri = "s3://foobar/foo.zip" + function.AutoPublishAlias = "live" + function.AutoPublishCodeSha256 = {"Fn::Sub": "${parameter1}"} + + with pytest.raises(InvalidResourceException): + function.to_cloudformation(**self.kwargs) + + @patch("boto3.session.Session.region_name", "ap-southeast-1") + def test_with_autopublish_good_hash(self): + function = SamFunction("foo") + test_description = "foobar" + + function.Runtime = "foo" + function.Handler = "bar" + function.CodeUri = "s3://foobar/foo.zip" + function.AutoPublishAlias = "live" + function.AutoPublishCodeSha256 = "08240bdc52933ca4f88d5f75fc88cd3228a48feffa9920c735602433b94767ad" + + # confirm no exception thrown + function.to_cloudformation(**self.kwargs) + class TestOpenApi(TestCase): kwargs = { diff --git a/tests/translator/input/error_function_fnsub_in_auto_publish_hash.yaml b/tests/translator/input/error_function_fnsub_in_auto_publish_hash.yaml new file mode 100644 index 000000000..86bb200c9 --- /dev/null +++ b/tests/translator/input/error_function_fnsub_in_auto_publish_hash.yaml @@ -0,0 +1,24 @@ +Description: Dip Investigation +Parameters: + GitCommitInfo: + Type: String + Default: hashhash + GitDirtInfo: + Type: String + Default: dirtyyy +AWSTemplateFormatVersion: '2010-09-09' +Resources: + Function: + Type: AWS::Serverless::Function + Properties: + VersionDescription: + Fn::Sub: ${GitCommitInfo}-${GitDirtyInfo} + MemorySize: 128 + Handler: loader + Role: + Ref: IamRole + CodeUri: s3://some-bucket/somekey + AutoPublishCodeSha256: + Fn::Sub: ${GitCommitInfo}-${GitDirtInfo}-1 + Runtime: go1.x + AutoPublishAlias: Alias1 diff --git a/tests/translator/output/error_function_fnsub_in_auto_publish_hash.json b/tests/translator/output/error_function_fnsub_in_auto_publish_hash.json new file mode 100644 index 000000000..9d26004b6 --- /dev/null +++ b/tests/translator/output/error_function_fnsub_in_auto_publish_hash.json @@ -0,0 +1,8 @@ +{ + "errors": [ + { + "errorMessage": "[Function] is invalid. AutoPublishCodeSha256 must be a string" + } + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [Function] is invalid. AutoPublishCodeSha256 must be a string" +}