From a39c96ed52ecd16f7a56e3013c5f556eb880da26 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 12 Oct 2022 13:03:38 -0700 Subject: [PATCH 01/10] Replace DependsOn to connector by its generated logical IDs --- samtranslator/model/connector/connector.py | 21 ++++++++++------ samtranslator/model/sam_resources.py | 4 +++ samtranslator/utils/__init__.py | 25 +++++++++++++++++++ .../input/connector_bucket_to_function.yaml | 2 +- 4 files changed, 43 insertions(+), 9 deletions(-) diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index 2eedf43830..9188271f15 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -3,6 +3,7 @@ from samtranslator.model import ResourceResolver from samtranslator.model.intrinsics import get_logical_id_from_intrinsic, ref, fnGetAtt +from samtranslator.utils import as_array, insert_unique # TODO: Switch to dataclass @@ -31,10 +32,6 @@ def _is_nonblank_str(s: Any) -> bool: return s and isinstance(s, str) -def _as_array(x: Any): - return x if isinstance(x, list) else [x] - - def add_depends_on(logical_id: str, depends_on: str, resource_resolver: ResourceResolver): """ Add DependsOn attribute to resource. @@ -43,11 +40,19 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource if not resource: return - deps = _as_array(resource.get("DependsOn", [])) - if depends_on not in deps: - deps.append(depends_on) + deps = resource.get("DependsOn", []) + resource["DependsOn"] = insert_unique(deps, depends_on) + - resource["DependsOn"] = deps +def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: ResourceResolver): + """ + For every resource's `DependsOn`, replace `logical_id` by `replacement`. + """ + for resource in resource_resolver.get_all_resources().values(): + depends_on = as_array(resource.get("DependsOn", [])) + if logical_id in depends_on: + depends_on.remove(logical_id) + resource["DependsOn"] = insert_unique(depends_on, replacement) def get_event_source_mappings(event_source_id: str, function_id: str, resource_resolver: ResourceResolver): diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index c6864ad539..6baa82dda5 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -6,6 +6,7 @@ ConnectorResourceReference, ConnectorResourceError, add_depends_on, + replace_depends_on, get_event_source_mappings, get_resource_reference, ) @@ -1711,6 +1712,9 @@ def to_cloudformation(self, **kwargs) -> List: self._construct_lambda_permission_policy(source, destination, profile_properties) ) + generated_logical_ids = [resource.logical_id for resource in generated_resources] + replace_depends_on(self.logical_id, generated_logical_ids, resource_resolver) + self._add_connector_metadata(generated_resources, original_template, source, destination) if generated_resources: return generated_resources diff --git a/samtranslator/utils/__init__.py b/samtranslator/utils/__init__.py index e69de29bb2..3cb258153e 100644 --- a/samtranslator/utils/__init__.py +++ b/samtranslator/utils/__init__.py @@ -0,0 +1,25 @@ +import copy +from typing import Any, List + + +def as_array(x: Any) -> List[Any]: + """Convert value to list if it already isn't.""" + return x if isinstance(x, list) else [x] + + +def insert_unique(xs: Any, vs: Any): + """ + Return list of values from `xs` extended with values from `vs` that do not + exist in `vs`. + + Inputs are converted to lists if they already aren't. + Does not mutate original values. + """ + xs = as_array(copy.deepcopy(xs)) + vs = as_array(copy.deepcopy(vs)) + + for v in vs: + if v not in xs: + xs.append(v) + + return xs diff --git a/tests/translator/input/connector_bucket_to_function.yaml b/tests/translator/input/connector_bucket_to_function.yaml index 7853b8b49a..15d0a6cd4e 100644 --- a/tests/translator/input/connector_bucket_to_function.yaml +++ b/tests/translator/input/connector_bucket_to_function.yaml @@ -12,7 +12,7 @@ Resources: Bucket: # See also https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html - DependsOn: [MyConnectorWriteLambdaPermission] + DependsOn: MyConnector Type: AWS::S3::Bucket Properties: BucketName: 'random-bucket-name' From 21772d64c457537dcbfd99e0384ea8edce7911fd Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 12:29:53 -0700 Subject: [PATCH 02/10] Refactor --- samtranslator/model/connector/connector.py | 4 ++-- samtranslator/utils/__init__.py | 25 ---------------------- samtranslator/utils/utils.py | 23 ++++++++++++++++++++ 3 files changed, 25 insertions(+), 27 deletions(-) create mode 100644 samtranslator/utils/utils.py diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index ce92241926..245f7b6fb3 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -3,7 +3,7 @@ from samtranslator.model import ResourceResolver from samtranslator.model.intrinsics import get_logical_id_from_intrinsic, ref, fnGetAtt -from samtranslator.utils import as_array, insert_unique +from samtranslator.utils.utils import as_array, insert_unique # TODO: Switch to dataclass @@ -49,7 +49,7 @@ def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: Res For every resource's `DependsOn`, replace `logical_id` by `replacement`. """ for resource in resource_resolver.get_all_resources().values(): - depends_on = as_array(resource.get("DependsOn", [])) + depends_on = as_array(resource.get("DependsOn")) if logical_id in depends_on: depends_on.remove(logical_id) resource["DependsOn"] = insert_unique(depends_on, replacement) diff --git a/samtranslator/utils/__init__.py b/samtranslator/utils/__init__.py index 3cb258153e..e69de29bb2 100644 --- a/samtranslator/utils/__init__.py +++ b/samtranslator/utils/__init__.py @@ -1,25 +0,0 @@ -import copy -from typing import Any, List - - -def as_array(x: Any) -> List[Any]: - """Convert value to list if it already isn't.""" - return x if isinstance(x, list) else [x] - - -def insert_unique(xs: Any, vs: Any): - """ - Return list of values from `xs` extended with values from `vs` that do not - exist in `vs`. - - Inputs are converted to lists if they already aren't. - Does not mutate original values. - """ - xs = as_array(copy.deepcopy(xs)) - vs = as_array(copy.deepcopy(vs)) - - for v in vs: - if v not in xs: - xs.append(v) - - return xs diff --git a/samtranslator/utils/utils.py b/samtranslator/utils/utils.py new file mode 100644 index 0000000000..89f2036b53 --- /dev/null +++ b/samtranslator/utils/utils.py @@ -0,0 +1,23 @@ +import copy +from typing import Any, List + + +def as_array(x: Any) -> List[Any]: + """Convert value to list if it already isn't.""" + return x if isinstance(x, list) else [x] + + +def insert_unique(xs: Any, vs: Any) -> List[Any]: + """ + Return copy of `xs` extended with values of `vs` that do not exist in `xs`. + + Inputs are converted to lists if they already aren't. + """ + xs = as_array(copy.deepcopy(xs)) + vs = as_array(copy.deepcopy(vs)) + + for v in vs: + if v not in xs: + xs.append(v) + + return xs From 32aa855196850efd22e59fa0d028a2ae493a666c Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:04:31 -0700 Subject: [PATCH 03/10] Add tests --- samtranslator/model/connector/connector.py | 1 + samtranslator/utils/utils.py | 4 ++-- tests/utils/test_utils.py | 28 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 tests/utils/test_utils.py diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index 245f7b6fb3..ec22cba137 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -50,6 +50,7 @@ def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: Res """ for resource in resource_resolver.get_all_resources().values(): depends_on = as_array(resource.get("DependsOn")) + # TODO: What if DependsOn to connector on same connector? if logical_id in depends_on: depends_on.remove(logical_id) resource["DependsOn"] = insert_unique(depends_on, replacement) diff --git a/samtranslator/utils/utils.py b/samtranslator/utils/utils.py index 89f2036b53..925d33b0ee 100644 --- a/samtranslator/utils/utils.py +++ b/samtranslator/utils/utils.py @@ -1,5 +1,5 @@ import copy -from typing import Any, List +from typing import cast, Any, List def as_array(x: Any) -> List[Any]: @@ -20,4 +20,4 @@ def insert_unique(xs: Any, vs: Any) -> List[Any]: if v not in xs: xs.append(v) - return xs + return cast(List[Any], xs) # mypy doesn't recognize it diff --git a/tests/utils/test_utils.py b/tests/utils/test_utils.py new file mode 100644 index 0000000000..e7d16e49dd --- /dev/null +++ b/tests/utils/test_utils.py @@ -0,0 +1,28 @@ +from unittest import TestCase + +from samtranslator.utils.utils import as_array, insert_unique + + +class TestUtils(TestCase): + def test_as_array(self): + self.assertEqual(as_array("foo"), ["foo"]) + self.assertEqual(as_array(None), [None]) + self.assertEqual(as_array([None]), [None]) + self.assertEqual(as_array([[None]]), [[None]]) + self.assertEqual(as_array(["foo", None]), ["foo", None]) + self.assertEqual(as_array([]), []) + + def test_insert_unique(self): + self.assertEqual(insert_unique(None, None), [None]) + self.assertEqual(insert_unique(None, 42), [None, 42]) + self.assertEqual(insert_unique(["z", "y", "x", "z"], ["a", "y", "a"]), ["z", "y", "x", "z", "a"]) + self.assertEqual(insert_unique("z", "a"), ["z", "a"]) + self.assertEqual(insert_unique("z", ["a", "b"]), ["z", "a", "b"]) + self.assertEqual(insert_unique(["z", "y"], "a"), ["z", "y", "a"]) + + # Check non-mutating + xs = ["a"] + vs = ["b"] + ret = insert_unique(xs, vs) + self.assertFalse(ret is xs) + self.assertFalse(ret is vs) From 356b2d2217836f77dc578a682575b8ea666be8d5 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:06:26 -0700 Subject: [PATCH 04/10] Refactor --- samtranslator/model/connector/connector.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index ec22cba137..2c581e604e 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -40,8 +40,9 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource if not resource: return - deps = resource.get("DependsOn", []) - resource["DependsOn"] = insert_unique(deps, depends_on) + current_deps = resource.get("DependsOn", []) + deps = insert_unique(deps, depends_on) + resource["DependsOn"] = deps def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: ResourceResolver): @@ -49,7 +50,7 @@ def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: Res For every resource's `DependsOn`, replace `logical_id` by `replacement`. """ for resource in resource_resolver.get_all_resources().values(): - depends_on = as_array(resource.get("DependsOn")) + depends_on = as_array(resource.get("DependsOn", [])) # TODO: What if DependsOn to connector on same connector? if logical_id in depends_on: depends_on.remove(logical_id) From 7904afa9c1fe365de92f92622a9cd97250dc087f Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:13:50 -0700 Subject: [PATCH 05/10] Clearer name --- samtranslator/model/connector/connector.py | 5 +++-- samtranslator/model/sam_resources.py | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index 2c581e604e..a9c755454a 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -41,11 +41,12 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource return current_deps = resource.get("DependsOn", []) - deps = insert_unique(deps, depends_on) + deps = insert_unique(current_deps, depends_on) + resource["DependsOn"] = deps -def replace_depends_on(logical_id: str, replacement: Any, resource_resolver: ResourceResolver): +def replace_depends_on_logical_id(logical_id: str, replacement: Any, resource_resolver: ResourceResolver): """ For every resource's `DependsOn`, replace `logical_id` by `replacement`. """ diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index 0d7a136a7b..5c97328e83 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -6,7 +6,7 @@ ConnectorResourceReference, ConnectorResourceError, add_depends_on, - replace_depends_on, + replace_depends_on_logical_id, get_event_source_mappings, get_resource_reference, ) @@ -1711,7 +1711,7 @@ def to_cloudformation(self, **kwargs) -> List: ) generated_logical_ids = [resource.logical_id for resource in generated_resources] - replace_depends_on(self.logical_id, generated_logical_ids, resource_resolver) + replace_depends_on_logical_id(self.logical_id, generated_logical_ids, resource_resolver) self._add_connector_metadata(generated_resources, original_template, source, destination) if generated_resources: From a663f96adcd05e068697aabbc8d98c5c98a734ff Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:43:36 -0700 Subject: [PATCH 06/10] Add tests --- samtranslator/model/connector/connector.py | 4 +- .../input/connector_dependson_replace.yaml | 83 ++++++ .../aws-cn/connector_dependson_replace.json | 260 ++++++++++++++++++ .../connector_dependson_replace.json | 260 ++++++++++++++++++ .../output/connector_dependson_replace.json | 260 ++++++++++++++++++ 5 files changed, 865 insertions(+), 2 deletions(-) create mode 100644 tests/translator/input/connector_dependson_replace.yaml create mode 100644 tests/translator/output/aws-cn/connector_dependson_replace.json create mode 100644 tests/translator/output/aws-us-gov/connector_dependson_replace.json create mode 100644 tests/translator/output/connector_dependson_replace.json diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index a9c755454a..dbfc307ec4 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -40,8 +40,8 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource if not resource: return - current_deps = resource.get("DependsOn", []) - deps = insert_unique(current_deps, depends_on) + old_deps = resource.get("DependsOn", []) + deps = insert_unique(old_deps, depends_on) resource["DependsOn"] = deps diff --git a/tests/translator/input/connector_dependson_replace.yaml b/tests/translator/input/connector_dependson_replace.yaml new file mode 100644 index 0000000000..d3c1255fea --- /dev/null +++ b/tests/translator/input/connector_dependson_replace.yaml @@ -0,0 +1,83 @@ +Transform: AWS::Serverless-2016-10-31 +Resources: + # Stub resources + SomeFunction: + Type: AWS::Lambda::Function + Properties: + Role: !Ref SomeRole + SomeTable: + Type: AWS::DynamoDB::Table + SomeTopic: + Type: AWS::SNS::Topic + SomeQueue: + Type: AWS::SQS::Queue + SomeRule: + Type: AWS::Events::Rule + + # Test AWS_IAM_ROLE_MANAGED_POLICY + IamRolePolicyConnector: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: SomeFunction + Destination: + Id: SomeTable + Permissions: + - Write + TestIamRolePolicyConnector: + DependsOn: IamRolePolicyConnector + Type: AWS::Foo::Bar + TestIamRolePolicyConnectorMulti: + DependsOn: [Foo, Egg, IamRolePolicyConnector] + Type: AWS::Foo::Bar + + # Test AWS_SNS_TOPIC_POLICY + SnsTopicPolicyConnector: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: SomeRule + Destination: + Id: SomeTopic + Permissions: + - Write + TestSnsTopicPolicyConnector: + DependsOn: SnsTopicPolicyConnector + Type: AWS::Foo::Bar + TestSnsTopicPolicyConnectorMulti: + DependsOn: [Foo, SnsTopicPolicyConnector] + Type: AWS::Foo::Bar + + # Test AWS_LAMBDA_PERMISSION + LambdaPermissionConnector: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: SomeTopic + Destination: + Id: SomeFunction + Permissions: + - Write + TestLambdaPermissionConnector: + DependsOn: LambdaPermissionConnector + Type: AWS::Foo::Bar + TestLambdaPermissionConnectorMulti: + DependsOn: [Foo, LambdaPermissionConnector, Bar] + Type: AWS::Foo::Bar + + # Test AWS_SQS_QUEUE_POLICY + SqsQueuePolicyConnector: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: SomeTopic + Destination: + Id: SomeQueue + Permissions: + - Write + TestSqsQueuePolicyConnector: + DependsOn: SqsQueuePolicyConnector + Type: AWS::Foo::Bar + TestSqsQueuePolicyConnectorMulti: + DependsOn: [SqsQueuePolicyConnector, Foo] + Type: AWS::Foo::Bar diff --git a/tests/translator/output/aws-cn/connector_dependson_replace.json b/tests/translator/output/aws-cn/connector_dependson_replace.json new file mode 100644 index 0000000000..1e5dbbe223 --- /dev/null +++ b/tests/translator/output/aws-cn/connector_dependson_replace.json @@ -0,0 +1,260 @@ +{ + "Resources": { + "SomeFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Role": { + "Ref": "SomeRole" + } + } + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "IamRolePolicyConnectorPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "IamRolePolicyConnector": { + "Source": { + "Type": "AWS::Lambda::Function" + }, + "Destination": { + "Type": "AWS::DynamoDB::Table" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "dynamodb:PartiQLDelete", + "dynamodb:PartiQLInsert", + "dynamodb:PartiQLUpdate" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "SomeRole" + } + ] + } + }, + "SnsTopicPolicyConnectorTopicPolicy": { + "Type": "AWS::SNS::TopicPolicy", + "Metadata": { + "aws:sam:connectors": { + "SnsTopicPolicyConnector": { + "Source": { + "Type": "AWS::Events::Rule" + }, + "Destination": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" + }, + "Action": "sns:Publish", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "SomeRule", + "Arn" + ] + } + } + } + } + ] + }, + "Topics": [ + { + "Ref": "SomeTopic" + } + ] + } + }, + "LambdaPermissionConnectorWriteLambdaPermission": { + "Type": "AWS::Lambda::Permission", + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::Lambda::Function" + } + } + } + }, + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SomeFunction", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" + } + } + }, + "SqsQueuePolicyConnectorQueuePolicy": { + "Type": "AWS::SQS::QueuePolicy", + "Metadata": { + "aws:sam:connectors": { + "SqsQueuePolicyConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "SomeQueue", + "Arn" + ] + }, + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + } + } + ] + }, + "Queues": [ + { + "Ref": "SomeQueue" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/connector_dependson_replace.json b/tests/translator/output/aws-us-gov/connector_dependson_replace.json new file mode 100644 index 0000000000..1e5dbbe223 --- /dev/null +++ b/tests/translator/output/aws-us-gov/connector_dependson_replace.json @@ -0,0 +1,260 @@ +{ + "Resources": { + "SomeFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Role": { + "Ref": "SomeRole" + } + } + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "IamRolePolicyConnectorPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "IamRolePolicyConnector": { + "Source": { + "Type": "AWS::Lambda::Function" + }, + "Destination": { + "Type": "AWS::DynamoDB::Table" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "dynamodb:PartiQLDelete", + "dynamodb:PartiQLInsert", + "dynamodb:PartiQLUpdate" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "SomeRole" + } + ] + } + }, + "SnsTopicPolicyConnectorTopicPolicy": { + "Type": "AWS::SNS::TopicPolicy", + "Metadata": { + "aws:sam:connectors": { + "SnsTopicPolicyConnector": { + "Source": { + "Type": "AWS::Events::Rule" + }, + "Destination": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" + }, + "Action": "sns:Publish", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "SomeRule", + "Arn" + ] + } + } + } + } + ] + }, + "Topics": [ + { + "Ref": "SomeTopic" + } + ] + } + }, + "LambdaPermissionConnectorWriteLambdaPermission": { + "Type": "AWS::Lambda::Permission", + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::Lambda::Function" + } + } + } + }, + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SomeFunction", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" + } + } + }, + "SqsQueuePolicyConnectorQueuePolicy": { + "Type": "AWS::SQS::QueuePolicy", + "Metadata": { + "aws:sam:connectors": { + "SqsQueuePolicyConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "SomeQueue", + "Arn" + ] + }, + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + } + } + ] + }, + "Queues": [ + { + "Ref": "SomeQueue" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/connector_dependson_replace.json b/tests/translator/output/connector_dependson_replace.json new file mode 100644 index 0000000000..6021efdfa8 --- /dev/null +++ b/tests/translator/output/connector_dependson_replace.json @@ -0,0 +1,260 @@ +{ + "Resources": { + "SomeFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Role": { + "Ref": "SomeRole" + } + } + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "IamRolePolicyConnectorPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "IamRolePolicyConnector": { + "Source": { + "Type": "AWS::Lambda::Function" + }, + "Destination": { + "Type": "AWS::DynamoDB::Table" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "dynamodb:PartiQLDelete", + "dynamodb:PartiQLInsert", + "dynamodb:PartiQLUpdate" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "SomeRole" + } + ] + } + }, + "SnsTopicPolicyConnectorTopicPolicy": { + "Type": "AWS::SNS::TopicPolicy", + "Metadata": { + "aws:sam:connectors": { + "SnsTopicPolicyConnector": { + "Source": { + "Type": "AWS::Events::Rule" + }, + "Destination": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" + }, + "Action": "sns:Publish", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "SomeRule", + "Arn" + ] + } + } + } + } + ] + }, + "Topics": [ + { + "Ref": "SomeTopic" + } + ] + } + }, + "LambdaPermissionConnectorWriteLambdaPermission": { + "Type": "AWS::Lambda::Permission", + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::Lambda::Function" + } + } + } + }, + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SomeFunction", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" + } + } + }, + "SqsQueuePolicyConnectorQueuePolicy": { + "Type": "AWS::SQS::QueuePolicy", + "Metadata": { + "aws:sam:connectors": { + "SqsQueuePolicyConnector": { + "Source": { + "Type": "AWS::SNS::Topic" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "SomeQueue", + "Arn" + ] + }, + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + } + } + ] + }, + "Queues": [ + { + "Ref": "SomeQueue" + } + ] + } + } + } +} \ No newline at end of file From 37a79b89e00d405f48f71435127bd3703b0186cf Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:44:39 -0700 Subject: [PATCH 07/10] Add multiple ACs in tests --- .../input/connector_dependson_replace.yaml | 1 + .../aws-cn/connector_dependson_replace.json | 32 +++++++++++++++++++ .../connector_dependson_replace.json | 32 +++++++++++++++++++ .../output/connector_dependson_replace.json | 32 +++++++++++++++++++ 4 files changed, 97 insertions(+) diff --git a/tests/translator/input/connector_dependson_replace.yaml b/tests/translator/input/connector_dependson_replace.yaml index d3c1255fea..70ed95dce7 100644 --- a/tests/translator/input/connector_dependson_replace.yaml +++ b/tests/translator/input/connector_dependson_replace.yaml @@ -23,6 +23,7 @@ Resources: Destination: Id: SomeTable Permissions: + - Read - Write TestIamRolePolicyConnector: DependsOn: IamRolePolicyConnector diff --git a/tests/translator/output/aws-cn/connector_dependson_replace.json b/tests/translator/output/aws-cn/connector_dependson_replace.json index 1e5dbbe223..4b0369e103 100644 --- a/tests/translator/output/aws-cn/connector_dependson_replace.json +++ b/tests/translator/output/aws-cn/connector_dependson_replace.json @@ -92,6 +92,38 @@ "PolicyDocument": { "Version": "2012-10-17", "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:PartiQLSelect" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + }, { "Effect": "Allow", "Action": [ diff --git a/tests/translator/output/aws-us-gov/connector_dependson_replace.json b/tests/translator/output/aws-us-gov/connector_dependson_replace.json index 1e5dbbe223..4b0369e103 100644 --- a/tests/translator/output/aws-us-gov/connector_dependson_replace.json +++ b/tests/translator/output/aws-us-gov/connector_dependson_replace.json @@ -92,6 +92,38 @@ "PolicyDocument": { "Version": "2012-10-17", "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:PartiQLSelect" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + }, { "Effect": "Allow", "Action": [ diff --git a/tests/translator/output/connector_dependson_replace.json b/tests/translator/output/connector_dependson_replace.json index 6021efdfa8..0fa91f250b 100644 --- a/tests/translator/output/connector_dependson_replace.json +++ b/tests/translator/output/connector_dependson_replace.json @@ -92,6 +92,38 @@ "PolicyDocument": { "Version": "2012-10-17", "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:PartiQLSelect" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + }, { "Effect": "Allow", "Action": [ From af216c2f084a89d06e109311a1448c58920c187b Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:46:20 -0700 Subject: [PATCH 08/10] Refactor --- samtranslator/model/connector/connector.py | 1 - 1 file changed, 1 deletion(-) diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index dbfc307ec4..474a8c3f75 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -52,7 +52,6 @@ def replace_depends_on_logical_id(logical_id: str, replacement: Any, resource_re """ for resource in resource_resolver.get_all_resources().values(): depends_on = as_array(resource.get("DependsOn", [])) - # TODO: What if DependsOn to connector on same connector? if logical_id in depends_on: depends_on.remove(logical_id) resource["DependsOn"] = insert_unique(depends_on, replacement) From fb0a98ac4d3794d78b90745dcdd416abe87405c4 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:46:46 -0700 Subject: [PATCH 09/10] make black --- .../aws-cn/connector_dependson_replace.json | 276 ++++----- .../connector_dependson_replace.json | 276 ++++----- .../output/connector_dependson_replace.json | 546 +++++++++--------- 3 files changed, 549 insertions(+), 549 deletions(-) diff --git a/tests/translator/output/aws-cn/connector_dependson_replace.json b/tests/translator/output/aws-cn/connector_dependson_replace.json index 4b0369e103..c7f9b9766f 100644 --- a/tests/translator/output/aws-cn/connector_dependson_replace.json +++ b/tests/translator/output/aws-cn/connector_dependson_replace.json @@ -1,99 +1,22 @@ { "Resources": { - "SomeFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Role": { - "Ref": "SomeRole" - } - } - }, - "SomeTable": { - "Type": "AWS::DynamoDB::Table" - }, - "SomeTopic": { - "Type": "AWS::SNS::Topic" - }, - "SomeQueue": { - "Type": "AWS::SQS::Queue" - }, - "SomeRule": { - "Type": "AWS::Events::Rule" - }, - "TestIamRolePolicyConnector": { - "DependsOn": [ - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestIamRolePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "Egg", - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnector": { - "DependsOn": [ - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnector": { - "DependsOn": [ - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnectorMulti": { - "DependsOn": [ - "Foo", - "Bar", - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnector": { - "DependsOn": [ - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, "IamRolePolicyConnectorPolicy": { - "Type": "AWS::IAM::ManagedPolicy", "Metadata": { "aws:sam:connectors": { "IamRolePolicyConnector": { - "Source": { - "Type": "AWS::Lambda::Function" - }, "Destination": { "Type": "AWS::DynamoDB::Table" + }, + "Source": { + "Type": "AWS::Lambda::Function" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { - "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", @@ -102,6 +25,7 @@ "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], + "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ @@ -125,7 +49,6 @@ ] }, { - "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", @@ -135,6 +58,7 @@ "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], + "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ @@ -157,41 +81,62 @@ } ] } - ] + ], + "Version": "2012-10-17" }, "Roles": [ { "Ref": "SomeRole" } ] - } + }, + "Type": "AWS::IAM::ManagedPolicy" + }, + "LambdaPermissionConnectorWriteLambdaPermission": { + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Destination": { + "Type": "AWS::Lambda::Function" + }, + "Source": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SomeFunction", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" + } + }, + "Type": "AWS::Lambda::Permission" }, "SnsTopicPolicyConnectorTopicPolicy": { - "Type": "AWS::SNS::TopicPolicy", "Metadata": { "aws:sam:connectors": { "SnsTopicPolicyConnector": { - "Source": { - "Type": "AWS::Events::Rule" - }, "Destination": { "Type": "AWS::SNS::Topic" + }, + "Source": { + "Type": "AWS::Events::Rule" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { - "Effect": "Allow", - "Principal": { - "Service": "events.amazonaws.com" - }, - "Resource": { - "Ref": "SomeTopic" - }, "Action": "sns:Publish", "Condition": { "ArnEquals": { @@ -202,64 +147,71 @@ ] } } + }, + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" } } - ] + ], + "Version": "2012-10-17" }, "Topics": [ { "Ref": "SomeTopic" } ] - } - }, - "LambdaPermissionConnectorWriteLambdaPermission": { - "Type": "AWS::Lambda::Permission", - "Metadata": { - "aws:sam:connectors": { - "LambdaPermissionConnector": { - "Source": { - "Type": "AWS::SNS::Topic" - }, - "Destination": { - "Type": "AWS::Lambda::Function" - } - } - } }, + "Type": "AWS::SNS::TopicPolicy" + }, + "SomeFunction": { "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "SomeFunction", - "Arn" - ] - }, - "Principal": "sns.amazonaws.com", - "SourceArn": { - "Ref": "SomeTopic" + "Role": { + "Ref": "SomeRole" } - } + }, + "Type": "AWS::Lambda::Function" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" }, "SqsQueuePolicyConnectorQueuePolicy": { - "Type": "AWS::SQS::QueuePolicy", "Metadata": { "aws:sam:connectors": { "SqsQueuePolicyConnector": { - "Source": { - "Type": "AWS::SNS::Topic" - }, "Destination": { "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::SNS::Topic" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + }, "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" @@ -269,24 +221,72 @@ "SomeQueue", "Arn" ] - }, - "Action": "sqs:SendMessage", - "Condition": { - "ArnEquals": { - "aws:SourceArn": { - "Ref": "SomeTopic" - } - } } } - ] + ], + "Version": "2012-10-17" }, "Queues": [ { "Ref": "SomeQueue" } ] - } + }, + "Type": "AWS::SQS::QueuePolicy" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/aws-us-gov/connector_dependson_replace.json b/tests/translator/output/aws-us-gov/connector_dependson_replace.json index 4b0369e103..c7f9b9766f 100644 --- a/tests/translator/output/aws-us-gov/connector_dependson_replace.json +++ b/tests/translator/output/aws-us-gov/connector_dependson_replace.json @@ -1,99 +1,22 @@ { "Resources": { - "SomeFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Role": { - "Ref": "SomeRole" - } - } - }, - "SomeTable": { - "Type": "AWS::DynamoDB::Table" - }, - "SomeTopic": { - "Type": "AWS::SNS::Topic" - }, - "SomeQueue": { - "Type": "AWS::SQS::Queue" - }, - "SomeRule": { - "Type": "AWS::Events::Rule" - }, - "TestIamRolePolicyConnector": { - "DependsOn": [ - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestIamRolePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "Egg", - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnector": { - "DependsOn": [ - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnector": { - "DependsOn": [ - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnectorMulti": { - "DependsOn": [ - "Foo", - "Bar", - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnector": { - "DependsOn": [ - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, "IamRolePolicyConnectorPolicy": { - "Type": "AWS::IAM::ManagedPolicy", "Metadata": { "aws:sam:connectors": { "IamRolePolicyConnector": { - "Source": { - "Type": "AWS::Lambda::Function" - }, "Destination": { "Type": "AWS::DynamoDB::Table" + }, + "Source": { + "Type": "AWS::Lambda::Function" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { - "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Query", @@ -102,6 +25,7 @@ "dynamodb:ConditionCheckItem", "dynamodb:PartiQLSelect" ], + "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ @@ -125,7 +49,6 @@ ] }, { - "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", @@ -135,6 +58,7 @@ "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate" ], + "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ @@ -157,41 +81,62 @@ } ] } - ] + ], + "Version": "2012-10-17" }, "Roles": [ { "Ref": "SomeRole" } ] - } + }, + "Type": "AWS::IAM::ManagedPolicy" + }, + "LambdaPermissionConnectorWriteLambdaPermission": { + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Destination": { + "Type": "AWS::Lambda::Function" + }, + "Source": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Fn::GetAtt": [ + "SomeFunction", + "Arn" + ] + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" + } + }, + "Type": "AWS::Lambda::Permission" }, "SnsTopicPolicyConnectorTopicPolicy": { - "Type": "AWS::SNS::TopicPolicy", "Metadata": { "aws:sam:connectors": { "SnsTopicPolicyConnector": { - "Source": { - "Type": "AWS::Events::Rule" - }, "Destination": { "Type": "AWS::SNS::Topic" + }, + "Source": { + "Type": "AWS::Events::Rule" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { - "Effect": "Allow", - "Principal": { - "Service": "events.amazonaws.com" - }, - "Resource": { - "Ref": "SomeTopic" - }, "Action": "sns:Publish", "Condition": { "ArnEquals": { @@ -202,64 +147,71 @@ ] } } + }, + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" } } - ] + ], + "Version": "2012-10-17" }, "Topics": [ { "Ref": "SomeTopic" } ] - } - }, - "LambdaPermissionConnectorWriteLambdaPermission": { - "Type": "AWS::Lambda::Permission", - "Metadata": { - "aws:sam:connectors": { - "LambdaPermissionConnector": { - "Source": { - "Type": "AWS::SNS::Topic" - }, - "Destination": { - "Type": "AWS::Lambda::Function" - } - } - } }, + "Type": "AWS::SNS::TopicPolicy" + }, + "SomeFunction": { "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "SomeFunction", - "Arn" - ] - }, - "Principal": "sns.amazonaws.com", - "SourceArn": { - "Ref": "SomeTopic" + "Role": { + "Ref": "SomeRole" } - } + }, + "Type": "AWS::Lambda::Function" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" }, "SqsQueuePolicyConnectorQueuePolicy": { - "Type": "AWS::SQS::QueuePolicy", "Metadata": { "aws:sam:connectors": { "SqsQueuePolicyConnector": { - "Source": { - "Type": "AWS::SNS::Topic" - }, "Destination": { "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::SNS::Topic" } } } }, "Properties": { "PolicyDocument": { - "Version": "2012-10-17", "Statement": [ { + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + }, "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" @@ -269,24 +221,72 @@ "SomeQueue", "Arn" ] - }, - "Action": "sqs:SendMessage", - "Condition": { - "ArnEquals": { - "aws:SourceArn": { - "Ref": "SomeTopic" - } - } } } - ] + ], + "Version": "2012-10-17" }, "Queues": [ { "Ref": "SomeQueue" } ] - } + }, + "Type": "AWS::SQS::QueuePolicy" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/connector_dependson_replace.json b/tests/translator/output/connector_dependson_replace.json index 0fa91f250b..c7f9b9766f 100644 --- a/tests/translator/output/connector_dependson_replace.json +++ b/tests/translator/output/connector_dependson_replace.json @@ -1,292 +1,292 @@ { - "Resources": { - "SomeFunction": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Role": { - "Ref": "SomeRole" - } - } - }, - "SomeTable": { - "Type": "AWS::DynamoDB::Table" - }, - "SomeTopic": { - "Type": "AWS::SNS::Topic" - }, - "SomeQueue": { - "Type": "AWS::SQS::Queue" - }, - "SomeRule": { - "Type": "AWS::Events::Rule" - }, - "TestIamRolePolicyConnector": { - "DependsOn": [ - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestIamRolePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "Egg", - "IamRolePolicyConnectorPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnector": { - "DependsOn": [ - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSnsTopicPolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SnsTopicPolicyConnectorTopicPolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnector": { - "DependsOn": [ - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestLambdaPermissionConnectorMulti": { - "DependsOn": [ - "Foo", - "Bar", - "LambdaPermissionConnectorWriteLambdaPermission" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnector": { - "DependsOn": [ - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "TestSqsQueuePolicyConnectorMulti": { - "DependsOn": [ - "Foo", - "SqsQueuePolicyConnectorQueuePolicy" - ], - "Type": "AWS::Foo::Bar" - }, - "IamRolePolicyConnectorPolicy": { - "Type": "AWS::IAM::ManagedPolicy", - "Metadata": { - "aws:sam:connectors": { - "IamRolePolicyConnector": { - "Source": { - "Type": "AWS::Lambda::Function" - }, - "Destination": { - "Type": "AWS::DynamoDB::Table" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "dynamodb:GetItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:BatchGetItem", - "dynamodb:ConditionCheckItem", - "dynamodb:PartiQLSelect" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "SomeTable", - "Arn" - ] - }, - { - "Fn::Sub": [ - "${DestinationArn}/index/*", - { - "DestinationArn": { - "Fn::GetAtt": [ - "SomeTable", - "Arn" - ] - } + "Resources": { + "IamRolePolicyConnectorPolicy": { + "Metadata": { + "aws:sam:connectors": { + "IamRolePolicyConnector": { + "Destination": { + "Type": "AWS::DynamoDB::Table" + }, + "Source": { + "Type": "AWS::Lambda::Function" + } } - ] } - ] }, - { - "Effect": "Allow", - "Action": [ - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:BatchWriteItem", - "dynamodb:PartiQLDelete", - "dynamodb:PartiQLInsert", - "dynamodb:PartiQLUpdate" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "SomeTable", - "Arn" - ] + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:PartiQLSelect" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + }, + { + "Action": [ + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "dynamodb:PartiQLDelete", + "dynamodb:PartiQLInsert", + "dynamodb:PartiQLUpdate" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + }, + { + "Fn::Sub": [ + "${DestinationArn}/index/*", + { + "DestinationArn": { + "Fn::GetAtt": [ + "SomeTable", + "Arn" + ] + } + } + ] + } + ] + } + ], + "Version": "2012-10-17" }, - { - "Fn::Sub": [ - "${DestinationArn}/index/*", + "Roles": [ { - "DestinationArn": { - "Fn::GetAtt": [ - "SomeTable", - "Arn" - ] - } + "Ref": "SomeRole" } - ] - } - ] - } - ] + ] + }, + "Type": "AWS::IAM::ManagedPolicy" }, - "Roles": [ - { - "Ref": "SomeRole" - } - ] - } - }, - "SnsTopicPolicyConnectorTopicPolicy": { - "Type": "AWS::SNS::TopicPolicy", - "Metadata": { - "aws:sam:connectors": { - "SnsTopicPolicyConnector": { - "Source": { - "Type": "AWS::Events::Rule" + "LambdaPermissionConnectorWriteLambdaPermission": { + "Metadata": { + "aws:sam:connectors": { + "LambdaPermissionConnector": { + "Destination": { + "Type": "AWS::Lambda::Function" + }, + "Source": { + "Type": "AWS::SNS::Topic" + } + } + } }, - "Destination": { - "Type": "AWS::SNS::Topic" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "events.amazonaws.com" - }, - "Resource": { - "Ref": "SomeTopic" - }, - "Action": "sns:Publish", - "Condition": { - "ArnEquals": { - "aws:SourceArn": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt": [ - "SomeRule", - "Arn" + "SomeFunction", + "Arn" ] - } + }, + "Principal": "sns.amazonaws.com", + "SourceArn": { + "Ref": "SomeTopic" } - } - } - ] - }, - "Topics": [ - { - "Ref": "SomeTopic" - } - ] - } - }, - "LambdaPermissionConnectorWriteLambdaPermission": { - "Type": "AWS::Lambda::Permission", - "Metadata": { - "aws:sam:connectors": { - "LambdaPermissionConnector": { - "Source": { - "Type": "AWS::SNS::Topic" }, - "Destination": { - "Type": "AWS::Lambda::Function" - } - } - } - }, - "Properties": { - "Action": "lambda:InvokeFunction", - "FunctionName": { - "Fn::GetAtt": [ - "SomeFunction", - "Arn" - ] + "Type": "AWS::Lambda::Permission" }, - "Principal": "sns.amazonaws.com", - "SourceArn": { - "Ref": "SomeTopic" - } - } - }, - "SqsQueuePolicyConnectorQueuePolicy": { - "Type": "AWS::SQS::QueuePolicy", - "Metadata": { - "aws:sam:connectors": { - "SqsQueuePolicyConnector": { - "Source": { - "Type": "AWS::SNS::Topic" + "SnsTopicPolicyConnectorTopicPolicy": { + "Metadata": { + "aws:sam:connectors": { + "SnsTopicPolicyConnector": { + "Destination": { + "Type": "AWS::SNS::Topic" + }, + "Source": { + "Type": "AWS::Events::Rule" + } + } + } }, - "Destination": { - "Type": "AWS::SQS::Queue" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "sns.amazonaws.com" - }, - "Resource": { - "Fn::GetAtt": [ - "SomeQueue", - "Arn" + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sns:Publish", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Fn::GetAtt": [ + "SomeRule", + "Arn" + ] + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + }, + "Resource": { + "Ref": "SomeTopic" + } + } + ], + "Version": "2012-10-17" + }, + "Topics": [ + { + "Ref": "SomeTopic" + } ] - }, - "Action": "sqs:SendMessage", - "Condition": { - "ArnEquals": { - "aws:SourceArn": { - "Ref": "SomeTopic" - } + }, + "Type": "AWS::SNS::TopicPolicy" + }, + "SomeFunction": { + "Properties": { + "Role": { + "Ref": "SomeRole" } - } - } - ] + }, + "Type": "AWS::Lambda::Function" + }, + "SomeQueue": { + "Type": "AWS::SQS::Queue" + }, + "SomeRule": { + "Type": "AWS::Events::Rule" + }, + "SomeTable": { + "Type": "AWS::DynamoDB::Table" + }, + "SomeTopic": { + "Type": "AWS::SNS::Topic" }, - "Queues": [ - { - "Ref": "SomeQueue" - } - ] - } + "SqsQueuePolicyConnectorQueuePolicy": { + "Metadata": { + "aws:sam:connectors": { + "SqsQueuePolicyConnector": { + "Destination": { + "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::SNS::Topic" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sqs:SendMessage", + "Condition": { + "ArnEquals": { + "aws:SourceArn": { + "Ref": "SomeTopic" + } + } + }, + "Effect": "Allow", + "Principal": { + "Service": "sns.amazonaws.com" + }, + "Resource": { + "Fn::GetAtt": [ + "SomeQueue", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "Queues": [ + { + "Ref": "SomeQueue" + } + ] + }, + "Type": "AWS::SQS::QueuePolicy" + }, + "TestIamRolePolicyConnector": { + "DependsOn": [ + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestIamRolePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "Egg", + "IamRolePolicyConnectorPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnector": { + "DependsOn": [ + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestLambdaPermissionConnectorMulti": { + "DependsOn": [ + "Foo", + "Bar", + "LambdaPermissionConnectorWriteLambdaPermission" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnector": { + "DependsOn": [ + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSnsTopicPolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SnsTopicPolicyConnectorTopicPolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnector": { + "DependsOn": [ + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + }, + "TestSqsQueuePolicyConnectorMulti": { + "DependsOn": [ + "Foo", + "SqsQueuePolicyConnectorQueuePolicy" + ], + "Type": "AWS::Foo::Bar" + } } - } -} \ No newline at end of file +} From 868bfa2404f4d93618cf3d9f839b2bcc6583b287 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Wed, 19 Oct 2022 13:59:15 -0700 Subject: [PATCH 10/10] Stricter type --- samtranslator/model/connector/connector.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/samtranslator/model/connector/connector.py b/samtranslator/model/connector/connector.py index 474a8c3f75..d4a7ee8075 100644 --- a/samtranslator/model/connector/connector.py +++ b/samtranslator/model/connector/connector.py @@ -1,5 +1,5 @@ from collections import namedtuple -from typing import Any, Dict, Optional +from typing import Any, Dict, List, Optional from samtranslator.model import ResourceResolver from samtranslator.model.intrinsics import get_logical_id_from_intrinsic, ref, fnGetAtt @@ -46,7 +46,7 @@ def add_depends_on(logical_id: str, depends_on: str, resource_resolver: Resource resource["DependsOn"] = deps -def replace_depends_on_logical_id(logical_id: str, replacement: Any, resource_resolver: ResourceResolver): +def replace_depends_on_logical_id(logical_id: str, replacement: List[str], resource_resolver: ResourceResolver) -> None: """ For every resource's `DependsOn`, replace `logical_id` by `replacement`. """