From 5a7cf106479690976d4141f604ca43a6b4cd2d3b Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Fri, 25 Nov 2022 14:54:27 -0800 Subject: [PATCH 1/5] fix: schema state machine Policies --- bin/add_transform_test.py | 6 ++++-- .../schema/aws_serverless_statemachine.py | 4 ++-- samtranslator/schema/common.py | 2 ++ samtranslator/schema/schema.json | 19 ++++++++++--------- 4 files changed, 18 insertions(+), 13 deletions(-) mode change 100644 => 100755 bin/add_transform_test.py diff --git a/bin/add_transform_test.py b/bin/add_transform_test.py old mode 100644 new mode 100755 index bb1457955a..0a79d90379 --- a/bin/add_transform_test.py +++ b/bin/add_transform_test.py @@ -105,8 +105,10 @@ def copy_input_file_to_transform_test_dir(input_file_path: str, transform_test_i def verify_input_template(input_file_path: str): # type: ignore[no-untyped-def] if "arn:aws:" in Path(input_file_path).read_text(encoding="utf-8"): - print("ERROR: hardcoded partition name detected. Consider replace it with pseudo parameter {AWS::Partition}") - sys.exit(1) + print( + "WARNING: hardcoded partition name detected. Consider replace it with pseudo parameter {AWS::Partition}", + file=sys.stderr, + ) def main() -> None: diff --git a/samtranslator/schema/aws_serverless_statemachine.py b/samtranslator/schema/aws_serverless_statemachine.py index ba856142d9..308d77f193 100644 --- a/samtranslator/schema/aws_serverless_statemachine.py +++ b/samtranslator/schema/aws_serverless_statemachine.py @@ -4,7 +4,7 @@ from typing_extensions import Literal -from samtranslator.schema.common import PassThrough, BaseModel, SamIntrinsicable, get_prop +from samtranslator.schema.common import PassThrough, BaseModel, SamIntrinsicable, DictStrAny, get_prop properties = get_prop("sam-resource-statemachine") deadletterconfig = get_prop("sam-property-statemachine-statemachinedeadletterconfig") @@ -143,7 +143,7 @@ class Properties(BaseModel): Logging: Optional[PassThrough] = properties("Logging") Name: Optional[PassThrough] = properties("Name") PermissionsBoundary: Optional[PassThrough] = properties("PermissionsBoundary") - Policies: Optional[Union[str, List[str], Dict[str, Any], List[Dict[str, Any]]]] = properties("Policies") + Policies: Optional[Union[str, DictStrAny, List[Union[str, DictStrAny]]]] = properties("Policies") Role: Optional[PassThrough] = properties("Role") Tags: Optional[Dict[str, Any]] = properties("Tags") Tracing: Optional[PassThrough] = properties("Tracing") diff --git a/samtranslator/schema/common.py b/samtranslator/schema/common.py index 9b8d455eef..e947603aba 100644 --- a/samtranslator/schema/common.py +++ b/samtranslator/schema/common.py @@ -17,6 +17,8 @@ # TODO: Get rid of this in favor of proper types Unknown = Optional[Any] +DictStrAny = Dict[str, Any] + LenientBaseModel = pydantic.BaseModel _DOCS = json.loads(Path("samtranslator", "schema", "docs.json").read_bytes()) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index e6caff3f10..b21a71db36 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -4851,21 +4851,22 @@ "markdownDescription": "One or more policies that this state machine's execution role needs\\. \nThis property accepts a single string or a list of strings\\. The property can be the name of AWS managed AWS Identity and Access Management \\(IAM\\) policies, AWS SAM policy templates, or one or more inline policy documents formatted as a map\\. \nYou provide either a `Role` or `Policies`\\. \nIf the `Role` property is set, this property is ignored\\. \n*Type*: String \\| List \\| Map \n*Required*: Conditional \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.", "anyOf": [ { - "type": "string" - }, - { - "type": "array", - "items": { - "type": "string" - } + "type": "object" }, { - "type": "object" + "type": "string" }, { "type": "array", "items": { - "type": "object" + "anyOf": [ + { + "type": "string" + }, + { + "type": "object" + } + ] } } ] From aa9f3d5706b21aeb2c9c398fbfc3b36b7b360678 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Fri, 25 Nov 2022 14:58:25 -0800 Subject: [PATCH 2/5] Add tests --- .../translator/input/schema_validation_1.yaml | 68 ++++++ .../translator/input/schema_validation_2.yaml | 72 ++++++ .../output/aws-cn/schema_validation_1.json | 230 ++++++++++++++++++ .../output/aws-cn/schema_validation_2.json | 129 ++++++++++ .../aws-us-gov/schema_validation_1.json | 230 ++++++++++++++++++ .../aws-us-gov/schema_validation_2.json | 129 ++++++++++ .../output/schema_validation_1.json | 230 ++++++++++++++++++ .../output/schema_validation_2.json | 129 ++++++++++ 8 files changed, 1217 insertions(+) create mode 100644 tests/translator/input/schema_validation_1.yaml create mode 100644 tests/translator/input/schema_validation_2.yaml create mode 100644 tests/translator/output/aws-cn/schema_validation_1.json create mode 100644 tests/translator/output/aws-cn/schema_validation_2.json create mode 100644 tests/translator/output/aws-us-gov/schema_validation_1.json create mode 100644 tests/translator/output/aws-us-gov/schema_validation_2.json create mode 100644 tests/translator/output/schema_validation_1.json create mode 100644 tests/translator/output/schema_validation_2.json diff --git a/tests/translator/input/schema_validation_1.yaml b/tests/translator/input/schema_validation_1.yaml new file mode 100644 index 0000000000..be317cef19 --- /dev/null +++ b/tests/translator/input/schema_validation_1.yaml @@ -0,0 +1,68 @@ + +AWSTemplateFormatVersion: '2010-09-09' +Description: lambda-dynamodb +Transform: AWS::Serverless-2016-10-31 +Resources: + StateMachine: + Type: AWS::Serverless::StateMachine + Properties: + Name: !Sub ${AWS::StackName}-StateMachine + Definition: + StartAt: Start + States: + Start: + Type: Pass + Next: TaskState + TaskState: + Comment: Stackery creates an attachment point for each 'Task' state + Type: Task + Next: Done + Resource: arn:aws:states:::lambda:invoke + Parameters: + FunctionName: ${FunctionArn} + Payload.$: $ + Done: + Type: Pass + End: true + Logging: + Level: ALL + IncludeExecutionData: true + Destinations: + - CloudWatchLogsLogGroup: + LogGroupArn: !GetAtt StateMachineLogGroup.Arn + Policies: + - AWSXrayWriteOnlyAccess + - Statement: + - Effect: Allow + Action: + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + Resource: '*' + - LambdaInvokePolicy: + FunctionName: !Ref Function + Tracing: + Enabled: true + Type: STANDARD + DefinitionSubstitutions: + FunctionArn: !GetAtt Function.Arn + Function: + Type: AWS::Serverless::Function + Properties: + FunctionName: !Sub ${AWS::StackName}-Function + Description: !Sub + - Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName} + - ResourceName: Function + CodeUri: s3://src/Function + Handler: index.handler + Runtime: nodejs14.x + MemorySize: 3008 + Timeout: 30 + Tracing: Active + Policies: + - AWSXrayWriteOnlyAccess \ No newline at end of file diff --git a/tests/translator/input/schema_validation_2.yaml b/tests/translator/input/schema_validation_2.yaml new file mode 100644 index 0000000000..03115bb694 --- /dev/null +++ b/tests/translator/input/schema_validation_2.yaml @@ -0,0 +1,72 @@ +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 +Description: > + A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback + from SQS + +Resources: + +########################################################################## +# SQS # +########################################################################## + MyQueue: + Type: AWS::SQS::Queue + +########################################################################## +# STEP FUNCTION # +########################################################################## + + StateMachinetoSQS: + Type: AWS::Serverless::StateMachine + Properties: + Definition: + StartAt: SendToMyQueue + States: + SendToMyQueue: + Type: Task + Resource: "arn:aws:states:::sqs:sendMessage" + Parameters: + QueueUrl: !Ref MyQueue + MessageBody.$: "$.message" + End: True + Role: !GetAtt [ MyStateMachineExecutionRole, Arn ] + +########################################################################## +# Roles # +########################################################################## + + MyStateMachineExecutionRole: + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Principal: + Service: + - !Sub states.${AWS::Region}.amazonaws.com + Action: "sts:AssumeRole" + Path: "/" + + + SFNToSQS: + Type: AWS::Serverless::Connector + Properties: + Source: + Id: StateMachinetoSQS + Destination: + Id: MyQueue + Permissions: + - Write + +########################################################################## +# Outputs # +########################################################################## +Outputs: + StateMachinetoSQSArn: + Value: !Ref StateMachinetoSQS + Description: StateMachinetoSQS Arn + MyQueueURL: + Value: !Ref MyQueue + Description: MyQueue URL + diff --git a/tests/translator/output/aws-cn/schema_validation_1.json b/tests/translator/output/aws-cn/schema_validation_1.json new file mode 100644 index 0000000000..f38f0ad1de --- /dev/null +++ b/tests/translator/output/aws-cn/schema_validation_1.json @@ -0,0 +1,230 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "lambda-dynamodb", + "Resources": { + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "src", + "S3Key": "Function" + }, + "Description": { + "Fn::Sub": [ + "Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}", + { + "ResourceName": "Function" + } + ] + }, + "FunctionName": { + "Fn::Sub": "${AWS::StackName}-Function" + }, + "Handler": "index.handler", + "MemorySize": 3008, + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs14.x", + "Timeout": 30, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TracingConfig": { + "Mode": "Active" + } + } + }, + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "aws:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "aws:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "StateMachine": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Start\",", + " \"States\": {", + " \"Done\": {", + " \"End\": true,", + " \"Type\": \"Pass\"", + " },", + " \"Start\": {", + " \"Next\": \"TaskState\",", + " \"Type\": \"Pass\"", + " },", + " \"TaskState\": {", + " \"Comment\": \"Stackery creates an attachment point for each 'Task' state\",", + " \"Next\": \"Done\",", + " \"Parameters\": {", + " \"FunctionName\": \"${FunctionArn}\",", + " \"Payload.$\": \"$\"", + " },", + " \"Resource\": \"aws:aws-cn:states:::lambda:invoke\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "LoggingConfiguration": { + "Level": "ALL", + "IncludeExecutionData": true, + "Destinations": [ + { + "CloudWatchLogsLogGroup": { + "LogGroupArn": { + "Fn::GetAtt": [ + "StateMachineLogGroup", + "Arn" + ] + } + } + } + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": { + "Fn::Sub": "${AWS::StackName}-StateMachine" + }, + "StateMachineType": "STANDARD", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, + "TracingConfiguration": { + "Enabled": true + } + } + }, + "StateMachineRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "aws:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Policies": [ + { + "PolicyName": "StateMachineRolePolicy1", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Resource": "*" + } + ] + } + }, + { + "PolicyName": "StateMachineRolePolicy2", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "lambda:InvokeFunction" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", + { + "functionName": { + "Ref": "Function" + } + } + ] + } + } + ] + } + } + ], + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-cn/schema_validation_2.json b/tests/translator/output/aws-cn/schema_validation_2.json new file mode 100644 index 0000000000..f717918910 --- /dev/null +++ b/tests/translator/output/aws-cn/schema_validation_2.json @@ -0,0 +1,129 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Resources": { + "MyQueue": { + "Type": "AWS::SQS::Queue" + }, + "MyStateMachineExecutionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + { + "Fn::Sub": "states.${AWS::Region}.amazonaws.com" + } + ] + }, + "Action": "sts:AssumeRole" + } + ] + }, + "Path": "/" + } + }, + "StateMachinetoSQS": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"SendToMyQueue\",", + " \"States\": {", + " \"SendToMyQueue\": {", + " \"End\": true,", + " \"Parameters\": {", + " \"MessageBody.$\": \"$.message\",", + " \"QueueUrl\": \"${definition_substitution_1}\"", + " },", + " \"Resource\": \"aws:aws-cn:states:::sqs:sendMessage\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "MyStateMachineExecutionRole", + "Arn" + ] + }, + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + } + } + }, + "SFNToSQSPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Source": { + "Type": "AWS::Serverless::StateMachine" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sqs:SendMessage" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + } + } + }, + "Outputs": { + "StateMachinetoSQSArn": { + "Value": { + "Ref": "StateMachinetoSQS" + }, + "Description": "StateMachinetoSQS Arn" + }, + "MyQueueURL": { + "Value": { + "Ref": "MyQueue" + }, + "Description": "MyQueue URL" + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/schema_validation_1.json b/tests/translator/output/aws-us-gov/schema_validation_1.json new file mode 100644 index 0000000000..e9a110cad9 --- /dev/null +++ b/tests/translator/output/aws-us-gov/schema_validation_1.json @@ -0,0 +1,230 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "lambda-dynamodb", + "Resources": { + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "src", + "S3Key": "Function" + }, + "Description": { + "Fn::Sub": [ + "Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}", + { + "ResourceName": "Function" + } + ] + }, + "FunctionName": { + "Fn::Sub": "${AWS::StackName}-Function" + }, + "Handler": "index.handler", + "MemorySize": 3008, + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs14.x", + "Timeout": 30, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TracingConfig": { + "Mode": "Active" + } + } + }, + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "aws:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "aws:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "StateMachine": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Start\",", + " \"States\": {", + " \"Done\": {", + " \"End\": true,", + " \"Type\": \"Pass\"", + " },", + " \"Start\": {", + " \"Next\": \"TaskState\",", + " \"Type\": \"Pass\"", + " },", + " \"TaskState\": {", + " \"Comment\": \"Stackery creates an attachment point for each 'Task' state\",", + " \"Next\": \"Done\",", + " \"Parameters\": {", + " \"FunctionName\": \"${FunctionArn}\",", + " \"Payload.$\": \"$\"", + " },", + " \"Resource\": \"aws:aws-us-gov:states:::lambda:invoke\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "LoggingConfiguration": { + "Level": "ALL", + "IncludeExecutionData": true, + "Destinations": [ + { + "CloudWatchLogsLogGroup": { + "LogGroupArn": { + "Fn::GetAtt": [ + "StateMachineLogGroup", + "Arn" + ] + } + } + } + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": { + "Fn::Sub": "${AWS::StackName}-StateMachine" + }, + "StateMachineType": "STANDARD", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, + "TracingConfiguration": { + "Enabled": true + } + } + }, + "StateMachineRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "aws:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Policies": [ + { + "PolicyName": "StateMachineRolePolicy1", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Resource": "*" + } + ] + } + }, + { + "PolicyName": "StateMachineRolePolicy2", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "lambda:InvokeFunction" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", + { + "functionName": { + "Ref": "Function" + } + } + ] + } + } + ] + } + } + ], + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/schema_validation_2.json b/tests/translator/output/aws-us-gov/schema_validation_2.json new file mode 100644 index 0000000000..d1a3ba09c7 --- /dev/null +++ b/tests/translator/output/aws-us-gov/schema_validation_2.json @@ -0,0 +1,129 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Resources": { + "MyQueue": { + "Type": "AWS::SQS::Queue" + }, + "MyStateMachineExecutionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + { + "Fn::Sub": "states.${AWS::Region}.amazonaws.com" + } + ] + }, + "Action": "sts:AssumeRole" + } + ] + }, + "Path": "/" + } + }, + "StateMachinetoSQS": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"SendToMyQueue\",", + " \"States\": {", + " \"SendToMyQueue\": {", + " \"End\": true,", + " \"Parameters\": {", + " \"MessageBody.$\": \"$.message\",", + " \"QueueUrl\": \"${definition_substitution_1}\"", + " },", + " \"Resource\": \"aws:aws-us-gov:states:::sqs:sendMessage\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "MyStateMachineExecutionRole", + "Arn" + ] + }, + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + } + } + }, + "SFNToSQSPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Source": { + "Type": "AWS::Serverless::StateMachine" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sqs:SendMessage" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + } + } + }, + "Outputs": { + "StateMachinetoSQSArn": { + "Value": { + "Ref": "StateMachinetoSQS" + }, + "Description": "StateMachinetoSQS Arn" + }, + "MyQueueURL": { + "Value": { + "Ref": "MyQueue" + }, + "Description": "MyQueue URL" + } + } +} \ No newline at end of file diff --git a/tests/translator/output/schema_validation_1.json b/tests/translator/output/schema_validation_1.json new file mode 100644 index 0000000000..e1237080e0 --- /dev/null +++ b/tests/translator/output/schema_validation_1.json @@ -0,0 +1,230 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "lambda-dynamodb", + "Resources": { + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "src", + "S3Key": "Function" + }, + "Description": { + "Fn::Sub": [ + "Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}", + { + "ResourceName": "Function" + } + ] + }, + "FunctionName": { + "Fn::Sub": "${AWS::StackName}-Function" + }, + "Handler": "index.handler", + "MemorySize": 3008, + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs14.x", + "Timeout": 30, + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TracingConfig": { + "Mode": "Active" + } + } + }, + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "StateMachine": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Start\",", + " \"States\": {", + " \"Done\": {", + " \"End\": true,", + " \"Type\": \"Pass\"", + " },", + " \"Start\": {", + " \"Next\": \"TaskState\",", + " \"Type\": \"Pass\"", + " },", + " \"TaskState\": {", + " \"Comment\": \"Stackery creates an attachment point for each 'Task' state\",", + " \"Next\": \"Done\",", + " \"Parameters\": {", + " \"FunctionName\": \"${FunctionArn}\",", + " \"Payload.$\": \"$\"", + " },", + " \"Resource\": \"arn:aws:states:::lambda:invoke\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "LoggingConfiguration": { + "Level": "ALL", + "IncludeExecutionData": true, + "Destinations": [ + { + "CloudWatchLogsLogGroup": { + "LogGroupArn": { + "Fn::GetAtt": [ + "StateMachineLogGroup", + "Arn" + ] + } + } + } + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" + ] + }, + "StateMachineName": { + "Fn::Sub": "${AWS::StackName}-StateMachine" + }, + "StateMachineType": "STANDARD", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, + "TracingConfiguration": { + "Enabled": true + } + } + }, + "StateMachineRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Policies": [ + { + "PolicyName": "StateMachineRolePolicy1", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Resource": "*" + } + ] + } + }, + { + "PolicyName": "StateMachineRolePolicy2", + "PolicyDocument": { + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "lambda:InvokeFunction" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", + { + "functionName": { + "Ref": "Function" + } + } + ] + } + } + ] + } + } + ], + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/schema_validation_2.json b/tests/translator/output/schema_validation_2.json new file mode 100644 index 0000000000..3100c2b502 --- /dev/null +++ b/tests/translator/output/schema_validation_2.json @@ -0,0 +1,129 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Resources": { + "MyQueue": { + "Type": "AWS::SQS::Queue" + }, + "MyStateMachineExecutionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + { + "Fn::Sub": "states.${AWS::Region}.amazonaws.com" + } + ] + }, + "Action": "sts:AssumeRole" + } + ] + }, + "Path": "/" + } + }, + "StateMachinetoSQS": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"SendToMyQueue\",", + " \"States\": {", + " \"SendToMyQueue\": {", + " \"End\": true,", + " \"Parameters\": {", + " \"MessageBody.$\": \"$.message\",", + " \"QueueUrl\": \"${definition_substitution_1}\"", + " },", + " \"Resource\": \"arn:aws:states:::sqs:sendMessage\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "MyStateMachineExecutionRole", + "Arn" + ] + }, + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + } + } + }, + "SFNToSQSPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Source": { + "Type": "AWS::Serverless::StateMachine" + }, + "Destination": { + "Type": "AWS::SQS::Queue" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sqs:SendMessage" + ], + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ] + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + } + } + }, + "Outputs": { + "StateMachinetoSQSArn": { + "Value": { + "Ref": "StateMachinetoSQS" + }, + "Description": "StateMachinetoSQS Arn" + }, + "MyQueueURL": { + "Value": { + "Ref": "MyQueue" + }, + "Description": "MyQueue URL" + } + } +} \ No newline at end of file From a3ee31aada49f64823b2cf75e43563ab1d910a86 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Fri, 25 Nov 2022 14:59:10 -0800 Subject: [PATCH 3/5] Make black --- .../translator/input/schema_validation_1.yaml | 41 +- .../translator/input/schema_validation_2.yaml | 44 +- .../output/aws-cn/schema_validation_1.json | 62 +-- .../output/aws-cn/schema_validation_2.json | 136 +++--- .../aws-us-gov/schema_validation_1.json | 62 +-- .../aws-us-gov/schema_validation_2.json | 136 +++--- .../output/schema_validation_1.json | 442 +++++++++--------- .../output/schema_validation_2.json | 240 +++++----- 8 files changed, 581 insertions(+), 582 deletions(-) diff --git a/tests/translator/input/schema_validation_1.yaml b/tests/translator/input/schema_validation_1.yaml index be317cef19..c357e94d7a 100644 --- a/tests/translator/input/schema_validation_1.yaml +++ b/tests/translator/input/schema_validation_1.yaml @@ -1,4 +1,3 @@ - AWSTemplateFormatVersion: '2010-09-09' Description: lambda-dynamodb Transform: AWS::Serverless-2016-10-31 @@ -28,24 +27,24 @@ Resources: Level: ALL IncludeExecutionData: true Destinations: - - CloudWatchLogsLogGroup: - LogGroupArn: !GetAtt StateMachineLogGroup.Arn + - CloudWatchLogsLogGroup: + LogGroupArn: !GetAtt StateMachineLogGroup.Arn Policies: - - AWSXrayWriteOnlyAccess - - Statement: - - Effect: Allow - Action: - - logs:CreateLogDelivery - - logs:GetLogDelivery - - logs:UpdateLogDelivery - - logs:DeleteLogDelivery - - logs:ListLogDeliveries - - logs:PutResourcePolicy - - logs:DescribeResourcePolicies - - logs:DescribeLogGroups - Resource: '*' - - LambdaInvokePolicy: - FunctionName: !Ref Function + - AWSXrayWriteOnlyAccess + - Statement: + - Effect: Allow + Action: + - logs:CreateLogDelivery + - logs:GetLogDelivery + - logs:UpdateLogDelivery + - logs:DeleteLogDelivery + - logs:ListLogDeliveries + - logs:PutResourcePolicy + - logs:DescribeResourcePolicies + - logs:DescribeLogGroups + Resource: '*' + - LambdaInvokePolicy: + FunctionName: !Ref Function Tracing: Enabled: true Type: STANDARD @@ -56,8 +55,8 @@ Resources: Properties: FunctionName: !Sub ${AWS::StackName}-Function Description: !Sub - - Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName} - - ResourceName: Function + - Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName} + - ResourceName: Function CodeUri: s3://src/Function Handler: index.handler Runtime: nodejs14.x @@ -65,4 +64,4 @@ Resources: Timeout: 30 Tracing: Active Policies: - - AWSXrayWriteOnlyAccess \ No newline at end of file + - AWSXrayWriteOnlyAccess diff --git a/tests/translator/input/schema_validation_2.yaml b/tests/translator/input/schema_validation_2.yaml index 03115bb694..b3e103528b 100644 --- a/tests/translator/input/schema_validation_2.yaml +++ b/tests/translator/input/schema_validation_2.yaml @@ -1,7 +1,8 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > - A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback + A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern + will not wait for a callback from SQS Resources: @@ -24,40 +25,40 @@ Resources: States: SendToMyQueue: Type: Task - Resource: "arn:aws:states:::sqs:sendMessage" + Resource: arn:aws:states:::sqs:sendMessage Parameters: QueueUrl: !Ref MyQueue - MessageBody.$: "$.message" - End: True - Role: !GetAtt [ MyStateMachineExecutionRole, Arn ] + MessageBody.$: $.message + End: true + Role: !GetAtt [MyStateMachineExecutionRole, Arn] ########################################################################## # Roles # ########################################################################## MyStateMachineExecutionRole: - Type: "AWS::IAM::Role" + Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: "2012-10-17" + Version: '2012-10-17' Statement: - - Effect: "Allow" - Principal: - Service: - - !Sub states.${AWS::Region}.amazonaws.com - Action: "sts:AssumeRole" - Path: "/" + - Effect: Allow + Principal: + Service: + - !Sub states.${AWS::Region}.amazonaws.com + Action: sts:AssumeRole + Path: / SFNToSQS: - Type: AWS::Serverless::Connector - Properties: - Source: - Id: StateMachinetoSQS - Destination: - Id: MyQueue - Permissions: - - Write + Type: AWS::Serverless::Connector + Properties: + Source: + Id: StateMachinetoSQS + Destination: + Id: MyQueue + Permissions: + - Write ########################################################################## # Outputs # @@ -69,4 +70,3 @@ Outputs: MyQueueURL: Value: !Ref MyQueue Description: MyQueue URL - diff --git a/tests/translator/output/aws-cn/schema_validation_1.json b/tests/translator/output/aws-cn/schema_validation_1.json index f38f0ad1de..01287b6547 100644 --- a/tests/translator/output/aws-cn/schema_validation_1.json +++ b/tests/translator/output/aws-cn/schema_validation_1.json @@ -3,7 +3,6 @@ "Description": "lambda-dynamodb", "Resources": { "Function": { - "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "src", @@ -29,23 +28,22 @@ ] }, "Runtime": "nodejs14.x", - "Timeout": 30, "Tags": [ { "Key": "lambda:createdBy", "Value": "SAM" } ], + "Timeout": 30, "TracingConfig": { "Mode": "Active" } - } + }, + "Type": "AWS::Lambda::Function" }, "FunctionRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { "Action": [ @@ -58,7 +56,8 @@ ] } } - ] + ], + "Version": "2012-10-17" }, "ManagedPolicyArns": [ "aws:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", @@ -70,10 +69,10 @@ "Value": "SAM" } ] - } + }, + "Type": "AWS::IAM::Role" }, "StateMachine": { - "Type": "AWS::StepFunctions::StateMachine", "Properties": { "DefinitionString": { "Fn::Join": [ @@ -105,9 +104,15 @@ ] ] }, + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, "LoggingConfiguration": { - "Level": "ALL", - "IncludeExecutionData": true, "Destinations": [ { "CloudWatchLogsLogGroup": { @@ -119,7 +124,9 @@ } } } - ] + ], + "IncludeExecutionData": true, + "Level": "ALL" }, "RoleArn": { "Fn::GetAtt": [ @@ -137,24 +144,15 @@ "Value": "SAM" } ], - "DefinitionSubstitutions": { - "FunctionArn": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - } - }, "TracingConfiguration": { "Enabled": true } - } + }, + "Type": "AWS::StepFunctions::StateMachine" }, "StateMachineRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { "Action": [ @@ -167,18 +165,17 @@ ] } } - ] + ], + "Version": "2012-10-17" }, "ManagedPolicyArns": [ "aws:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Policies": [ { - "PolicyName": "StateMachineRolePolicy1", "PolicyDocument": { "Statement": [ { - "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", @@ -189,20 +186,21 @@ "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], + "Effect": "Allow", "Resource": "*" } ] - } + }, + "PolicyName": "StateMachineRolePolicy1" }, { - "PolicyName": "StateMachineRolePolicy2", "PolicyDocument": { "Statement": [ { - "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], + "Effect": "Allow", "Resource": { "Fn::Sub": [ "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", @@ -215,7 +213,8 @@ } } ] - } + }, + "PolicyName": "StateMachineRolePolicy2" } ], "Tags": [ @@ -224,7 +223,8 @@ "Value": "SAM" } ] - } + }, + "Type": "AWS::IAM::Role" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/aws-cn/schema_validation_2.json b/tests/translator/output/aws-cn/schema_validation_2.json index f717918910..df43e5bd2c 100644 --- a/tests/translator/output/aws-cn/schema_validation_2.json +++ b/tests/translator/output/aws-cn/schema_validation_2.json @@ -1,17 +1,30 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Outputs": { + "MyQueueURL": { + "Description": "MyQueue URL", + "Value": { + "Ref": "MyQueue" + } + }, + "StateMachinetoSQSArn": { + "Description": "StateMachinetoSQS Arn", + "Value": { + "Ref": "StateMachinetoSQS" + } + } + }, "Resources": { "MyQueue": { "Type": "AWS::SQS::Queue" }, "MyStateMachineExecutionRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { + "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ @@ -19,16 +32,57 @@ "Fn::Sub": "states.${AWS::Region}.amazonaws.com" } ] - }, - "Action": "sts:AssumeRole" + } } - ] + ], + "Version": "2012-10-17" }, "Path": "/" - } + }, + "Type": "AWS::IAM::Role" + }, + "SFNToSQSPolicy": { + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Destination": { + "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:SendMessage" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" }, "StateMachinetoSQS": { - "Type": "AWS::StepFunctions::StateMachine", "Properties": { "DefinitionString": { "Fn::Join": [ @@ -51,6 +105,11 @@ ] ] }, + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + }, "RoleArn": { "Fn::GetAtt": [ "MyStateMachineExecutionRole", @@ -62,68 +121,9 @@ "Key": "stateMachine:createdBy", "Value": "SAM" } - ], - "DefinitionSubstitutions": { - "definition_substitution_1": { - "Ref": "MyQueue" - } - } - } - }, - "SFNToSQSPolicy": { - "Type": "AWS::IAM::ManagedPolicy", - "Metadata": { - "aws:sam:connectors": { - "SFNToSQS": { - "Source": { - "Type": "AWS::Serverless::StateMachine" - }, - "Destination": { - "Type": "AWS::SQS::Queue" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sqs:SendMessage" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "MyQueue", - "Arn" - ] - } - ] - } - ] - }, - "Roles": [ - { - "Ref": "MyStateMachineExecutionRole" - } ] - } - } - }, - "Outputs": { - "StateMachinetoSQSArn": { - "Value": { - "Ref": "StateMachinetoSQS" - }, - "Description": "StateMachinetoSQS Arn" - }, - "MyQueueURL": { - "Value": { - "Ref": "MyQueue" }, - "Description": "MyQueue URL" + "Type": "AWS::StepFunctions::StateMachine" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/aws-us-gov/schema_validation_1.json b/tests/translator/output/aws-us-gov/schema_validation_1.json index e9a110cad9..173ceae467 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_1.json +++ b/tests/translator/output/aws-us-gov/schema_validation_1.json @@ -3,7 +3,6 @@ "Description": "lambda-dynamodb", "Resources": { "Function": { - "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": "src", @@ -29,23 +28,22 @@ ] }, "Runtime": "nodejs14.x", - "Timeout": 30, "Tags": [ { "Key": "lambda:createdBy", "Value": "SAM" } ], + "Timeout": 30, "TracingConfig": { "Mode": "Active" } - } + }, + "Type": "AWS::Lambda::Function" }, "FunctionRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { "Action": [ @@ -58,7 +56,8 @@ ] } } - ] + ], + "Version": "2012-10-17" }, "ManagedPolicyArns": [ "aws:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", @@ -70,10 +69,10 @@ "Value": "SAM" } ] - } + }, + "Type": "AWS::IAM::Role" }, "StateMachine": { - "Type": "AWS::StepFunctions::StateMachine", "Properties": { "DefinitionString": { "Fn::Join": [ @@ -105,9 +104,15 @@ ] ] }, + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, "LoggingConfiguration": { - "Level": "ALL", - "IncludeExecutionData": true, "Destinations": [ { "CloudWatchLogsLogGroup": { @@ -119,7 +124,9 @@ } } } - ] + ], + "IncludeExecutionData": true, + "Level": "ALL" }, "RoleArn": { "Fn::GetAtt": [ @@ -137,24 +144,15 @@ "Value": "SAM" } ], - "DefinitionSubstitutions": { - "FunctionArn": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - } - }, "TracingConfiguration": { "Enabled": true } - } + }, + "Type": "AWS::StepFunctions::StateMachine" }, "StateMachineRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { "Action": [ @@ -167,18 +165,17 @@ ] } } - ] + ], + "Version": "2012-10-17" }, "ManagedPolicyArns": [ "aws:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Policies": [ { - "PolicyName": "StateMachineRolePolicy1", "PolicyDocument": { "Statement": [ { - "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", @@ -189,20 +186,21 @@ "logs:DescribeResourcePolicies", "logs:DescribeLogGroups" ], + "Effect": "Allow", "Resource": "*" } ] - } + }, + "PolicyName": "StateMachineRolePolicy1" }, { - "PolicyName": "StateMachineRolePolicy2", "PolicyDocument": { "Statement": [ { - "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], + "Effect": "Allow", "Resource": { "Fn::Sub": [ "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", @@ -215,7 +213,8 @@ } } ] - } + }, + "PolicyName": "StateMachineRolePolicy2" } ], "Tags": [ @@ -224,7 +223,8 @@ "Value": "SAM" } ] - } + }, + "Type": "AWS::IAM::Role" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/aws-us-gov/schema_validation_2.json b/tests/translator/output/aws-us-gov/schema_validation_2.json index d1a3ba09c7..d000e67e9f 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_2.json +++ b/tests/translator/output/aws-us-gov/schema_validation_2.json @@ -1,17 +1,30 @@ { "AWSTemplateFormatVersion": "2010-09-09", "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Outputs": { + "MyQueueURL": { + "Description": "MyQueue URL", + "Value": { + "Ref": "MyQueue" + } + }, + "StateMachinetoSQSArn": { + "Description": "StateMachinetoSQS Arn", + "Value": { + "Ref": "StateMachinetoSQS" + } + } + }, "Resources": { "MyQueue": { "Type": "AWS::SQS::Queue" }, "MyStateMachineExecutionRole": { - "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { - "Version": "2012-10-17", "Statement": [ { + "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": [ @@ -19,16 +32,57 @@ "Fn::Sub": "states.${AWS::Region}.amazonaws.com" } ] - }, - "Action": "sts:AssumeRole" + } } - ] + ], + "Version": "2012-10-17" }, "Path": "/" - } + }, + "Type": "AWS::IAM::Role" + }, + "SFNToSQSPolicy": { + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Destination": { + "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } + } + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:SendMessage" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" }, "StateMachinetoSQS": { - "Type": "AWS::StepFunctions::StateMachine", "Properties": { "DefinitionString": { "Fn::Join": [ @@ -51,6 +105,11 @@ ] ] }, + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + }, "RoleArn": { "Fn::GetAtt": [ "MyStateMachineExecutionRole", @@ -62,68 +121,9 @@ "Key": "stateMachine:createdBy", "Value": "SAM" } - ], - "DefinitionSubstitutions": { - "definition_substitution_1": { - "Ref": "MyQueue" - } - } - } - }, - "SFNToSQSPolicy": { - "Type": "AWS::IAM::ManagedPolicy", - "Metadata": { - "aws:sam:connectors": { - "SFNToSQS": { - "Source": { - "Type": "AWS::Serverless::StateMachine" - }, - "Destination": { - "Type": "AWS::SQS::Queue" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sqs:SendMessage" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "MyQueue", - "Arn" - ] - } - ] - } - ] - }, - "Roles": [ - { - "Ref": "MyStateMachineExecutionRole" - } ] - } - } - }, - "Outputs": { - "StateMachinetoSQSArn": { - "Value": { - "Ref": "StateMachinetoSQS" - }, - "Description": "StateMachinetoSQS Arn" - }, - "MyQueueURL": { - "Value": { - "Ref": "MyQueue" }, - "Description": "MyQueue URL" + "Type": "AWS::StepFunctions::StateMachine" } } -} \ No newline at end of file +} diff --git a/tests/translator/output/schema_validation_1.json b/tests/translator/output/schema_validation_1.json index e1237080e0..a002c40ed5 100644 --- a/tests/translator/output/schema_validation_1.json +++ b/tests/translator/output/schema_validation_1.json @@ -1,230 +1,230 @@ { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "lambda-dynamodb", - "Resources": { - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": "src", - "S3Key": "Function" - }, - "Description": { - "Fn::Sub": [ - "Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}", - { - "ResourceName": "Function" - } - ] - }, - "FunctionName": { - "Fn::Sub": "${AWS::StackName}-Function" - }, - "Handler": "index.handler", - "MemorySize": 3008, - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs14.x", - "Timeout": 30, - "Tags": [ - { - "Key": "lambda:createdBy", - "Value": "SAM" - } - ], - "TracingConfig": { - "Mode": "Active" - } - } - }, - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "lambda.amazonaws.com" - ] - } - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" - ], - "Tags": [ - { - "Key": "lambda:createdBy", - "Value": "SAM" - } - ] - } - }, - "StateMachine": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "DefinitionString": { - "Fn::Join": [ - "\n", - [ - "{", - " \"StartAt\": \"Start\",", - " \"States\": {", - " \"Done\": {", - " \"End\": true,", - " \"Type\": \"Pass\"", - " },", - " \"Start\": {", - " \"Next\": \"TaskState\",", - " \"Type\": \"Pass\"", - " },", - " \"TaskState\": {", - " \"Comment\": \"Stackery creates an attachment point for each 'Task' state\",", - " \"Next\": \"Done\",", - " \"Parameters\": {", - " \"FunctionName\": \"${FunctionArn}\",", - " \"Payload.$\": \"$\"", - " },", - " \"Resource\": \"arn:aws:states:::lambda:invoke\",", - " \"Type\": \"Task\"", - " }", - " }", - "}" - ] - ] - }, - "LoggingConfiguration": { - "Level": "ALL", - "IncludeExecutionData": true, - "Destinations": [ - { - "CloudWatchLogsLogGroup": { - "LogGroupArn": { - "Fn::GetAtt": [ - "StateMachineLogGroup", - "Arn" - ] + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "lambda-dynamodb", + "Resources": { + "Function": { + "Properties": { + "Code": { + "S3Bucket": "src", + "S3Key": "Function" + }, + "Description": { + "Fn::Sub": [ + "Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}", + { + "ResourceName": "Function" + } + ] + }, + "FunctionName": { + "Fn::Sub": "${AWS::StackName}-Function" + }, + "Handler": "index.handler", + "MemorySize": 3008, + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs14.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "Timeout": 30, + "TracingConfig": { + "Mode": "Active" } - } - } - ] + }, + "Type": "AWS::Lambda::Function" }, - "RoleArn": { - "Fn::GetAtt": [ - "StateMachineRole", - "Arn" - ] - }, - "StateMachineName": { - "Fn::Sub": "${AWS::StackName}-StateMachine" - }, - "StateMachineType": "STANDARD", - "Tags": [ - { - "Key": "stateMachine:createdBy", - "Value": "SAM" - } - ], - "DefinitionSubstitutions": { - "FunctionArn": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - } - }, - "TracingConfiguration": { - "Enabled": true - } - } - }, - "StateMachineRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Principal": { - "Service": [ - "states.amazonaws.com" + "FunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } ] - } - } - ] + }, + "Type": "AWS::IAM::Role" }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" - ], - "Policies": [ - { - "PolicyName": "StateMachineRolePolicy1", - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" - ], - "Resource": "*" - } - ] - } - }, - { - "PolicyName": "StateMachineRolePolicy2", - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "lambda:InvokeFunction" - ], - "Resource": { - "Fn::Sub": [ - "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", - { - "functionName": { - "Ref": "Function" + "StateMachine": { + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"Start\",", + " \"States\": {", + " \"Done\": {", + " \"End\": true,", + " \"Type\": \"Pass\"", + " },", + " \"Start\": {", + " \"Next\": \"TaskState\",", + " \"Type\": \"Pass\"", + " },", + " \"TaskState\": {", + " \"Comment\": \"Stackery creates an attachment point for each 'Task' state\",", + " \"Next\": \"Done\",", + " \"Parameters\": {", + " \"FunctionName\": \"${FunctionArn}\",", + " \"Payload.$\": \"$\"", + " },", + " \"Resource\": \"arn:aws:states:::lambda:invoke\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "DefinitionSubstitutions": { + "FunctionArn": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + } + }, + "LoggingConfiguration": { + "Destinations": [ + { + "CloudWatchLogsLogGroup": { + "LogGroupArn": { + "Fn::GetAtt": [ + "StateMachineLogGroup", + "Arn" + ] + } + } } - } + ], + "IncludeExecutionData": true, + "Level": "ALL" + }, + "RoleArn": { + "Fn::GetAtt": [ + "StateMachineRole", + "Arn" ] - } + }, + "StateMachineName": { + "Fn::Sub": "${AWS::StackName}-StateMachine" + }, + "StateMachineType": "STANDARD", + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ], + "TracingConfiguration": { + "Enabled": true } - ] - } - } - ], - "Tags": [ - { - "Key": "stateMachine:createdBy", - "Value": "SAM" - } - ] - } + }, + "Type": "AWS::StepFunctions::StateMachine" + }, + "StateMachineRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "states.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + ], + "Policies": [ + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "*" + } + ] + }, + "PolicyName": "StateMachineRolePolicy1" + }, + { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${functionName}*", + { + "functionName": { + "Ref": "Function" + } + } + ] + } + } + ] + }, + "PolicyName": "StateMachineRolePolicy2" + } + ], + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } } - } -} \ No newline at end of file +} diff --git a/tests/translator/output/schema_validation_2.json b/tests/translator/output/schema_validation_2.json index 3100c2b502..8ea506955b 100644 --- a/tests/translator/output/schema_validation_2.json +++ b/tests/translator/output/schema_validation_2.json @@ -1,129 +1,129 @@ { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", - "Resources": { - "MyQueue": { - "Type": "AWS::SQS::Queue" - }, - "MyStateMachineExecutionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - { - "Fn::Sub": "states.${AWS::Region}.amazonaws.com" - } - ] - }, - "Action": "sts:AssumeRole" + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "A Step Functions Standard Workflow sending payloads to an SQS queue. This pattern will not wait for a callback from SQS\n", + "Outputs": { + "MyQueueURL": { + "Description": "MyQueue URL", + "Value": { + "Ref": "MyQueue" } - ] - }, - "Path": "/" - } - }, - "StateMachinetoSQS": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "DefinitionString": { - "Fn::Join": [ - "\n", - [ - "{", - " \"StartAt\": \"SendToMyQueue\",", - " \"States\": {", - " \"SendToMyQueue\": {", - " \"End\": true,", - " \"Parameters\": {", - " \"MessageBody.$\": \"$.message\",", - " \"QueueUrl\": \"${definition_substitution_1}\"", - " },", - " \"Resource\": \"arn:aws:states:::sqs:sendMessage\",", - " \"Type\": \"Task\"", - " }", - " }", - "}" - ] - ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "MyStateMachineExecutionRole", - "Arn" - ] }, - "Tags": [ - { - "Key": "stateMachine:createdBy", - "Value": "SAM" - } - ], - "DefinitionSubstitutions": { - "definition_substitution_1": { - "Ref": "MyQueue" - } + "StateMachinetoSQSArn": { + "Description": "StateMachinetoSQS Arn", + "Value": { + "Ref": "StateMachinetoSQS" + } } - } }, - "SFNToSQSPolicy": { - "Type": "AWS::IAM::ManagedPolicy", - "Metadata": { - "aws:sam:connectors": { - "SFNToSQS": { - "Source": { - "Type": "AWS::Serverless::StateMachine" + "Resources": { + "MyQueue": { + "Type": "AWS::SQS::Queue" + }, + "MyStateMachineExecutionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": [ + { + "Fn::Sub": "states.${AWS::Region}.amazonaws.com" + } + ] + } + } + ], + "Version": "2012-10-17" + }, + "Path": "/" }, - "Destination": { - "Type": "AWS::SQS::Queue" - } - } - } - }, - "Properties": { - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sqs:SendMessage" - ], - "Resource": [ - { - "Fn::GetAtt": [ - "MyQueue", - "Arn" - ] + "Type": "AWS::IAM::Role" + }, + "SFNToSQSPolicy": { + "Metadata": { + "aws:sam:connectors": { + "SFNToSQS": { + "Destination": { + "Type": "AWS::SQS::Queue" + }, + "Source": { + "Type": "AWS::Serverless::StateMachine" + } + } } - ] - } - ] + }, + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "sqs:SendMessage" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyQueue", + "Arn" + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "Roles": [ + { + "Ref": "MyStateMachineExecutionRole" + } + ] + }, + "Type": "AWS::IAM::ManagedPolicy" }, - "Roles": [ - { - "Ref": "MyStateMachineExecutionRole" - } - ] - } - } - }, - "Outputs": { - "StateMachinetoSQSArn": { - "Value": { - "Ref": "StateMachinetoSQS" - }, - "Description": "StateMachinetoSQS Arn" - }, - "MyQueueURL": { - "Value": { - "Ref": "MyQueue" - }, - "Description": "MyQueue URL" + "StateMachinetoSQS": { + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "\n", + [ + "{", + " \"StartAt\": \"SendToMyQueue\",", + " \"States\": {", + " \"SendToMyQueue\": {", + " \"End\": true,", + " \"Parameters\": {", + " \"MessageBody.$\": \"$.message\",", + " \"QueueUrl\": \"${definition_substitution_1}\"", + " },", + " \"Resource\": \"arn:aws:states:::sqs:sendMessage\",", + " \"Type\": \"Task\"", + " }", + " }", + "}" + ] + ] + }, + "DefinitionSubstitutions": { + "definition_substitution_1": { + "Ref": "MyQueue" + } + }, + "RoleArn": { + "Fn::GetAtt": [ + "MyStateMachineExecutionRole", + "Arn" + ] + }, + "Tags": [ + { + "Key": "stateMachine:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::StepFunctions::StateMachine" + } } - } -} \ No newline at end of file +} From fc3c7026fdf64f2e6b3eab6be60ad2b640842f03 Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Fri, 25 Nov 2022 16:06:07 -0800 Subject: [PATCH 4/5] Fix transform script --- bin/add_transform_test.py | 2 +- tests/translator/output/aws-cn/schema_validation_1.json | 8 ++++---- tests/translator/output/aws-cn/schema_validation_2.json | 2 +- .../translator/output/aws-us-gov/schema_validation_1.json | 8 ++++---- .../translator/output/aws-us-gov/schema_validation_2.json | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bin/add_transform_test.py b/bin/add_transform_test.py index 0a79d90379..2f77901d9b 100755 --- a/bin/add_transform_test.py +++ b/bin/add_transform_test.py @@ -51,7 +51,7 @@ def add_regional_endpoint_configuration_if_needed(template: Dict[str, Any]) -> D def replace_aws_partition(partition: str, file_path: str) -> None: template = read_json_file(file_path) with open(file_path, "w") as file: - updated_template = json.loads(json.dumps(template).replace("arn:aws", f"aws:{partition}")) + updated_template = json.loads(json.dumps(template).replace("arn:aws:", f"arn:{partition}:")) file.write(json.dumps(updated_template, indent=2)) print(f"Transform Test output files generated {file_path}") diff --git a/tests/translator/output/aws-cn/schema_validation_1.json b/tests/translator/output/aws-cn/schema_validation_1.json index 01287b6547..66ad9b8cc9 100644 --- a/tests/translator/output/aws-cn/schema_validation_1.json +++ b/tests/translator/output/aws-cn/schema_validation_1.json @@ -60,8 +60,8 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "aws:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "aws:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Tags": [ { @@ -96,7 +96,7 @@ " \"FunctionName\": \"${FunctionArn}\",", " \"Payload.$\": \"$\"", " },", - " \"Resource\": \"aws:aws-cn:states:::lambda:invoke\",", + " \"Resource\": \"arn:aws-cn:states:::lambda:invoke\",", " \"Type\": \"Task\"", " }", " }", @@ -169,7 +169,7 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "aws:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Policies": [ { diff --git a/tests/translator/output/aws-cn/schema_validation_2.json b/tests/translator/output/aws-cn/schema_validation_2.json index df43e5bd2c..731146093d 100644 --- a/tests/translator/output/aws-cn/schema_validation_2.json +++ b/tests/translator/output/aws-cn/schema_validation_2.json @@ -97,7 +97,7 @@ " \"MessageBody.$\": \"$.message\",", " \"QueueUrl\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"aws:aws-cn:states:::sqs:sendMessage\",", + " \"Resource\": \"arn:aws-cn:states:::sqs:sendMessage\",", " \"Type\": \"Task\"", " }", " }", diff --git a/tests/translator/output/aws-us-gov/schema_validation_1.json b/tests/translator/output/aws-us-gov/schema_validation_1.json index 173ceae467..440e17f693 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_1.json +++ b/tests/translator/output/aws-us-gov/schema_validation_1.json @@ -60,8 +60,8 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "aws:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "aws:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Tags": [ { @@ -96,7 +96,7 @@ " \"FunctionName\": \"${FunctionArn}\",", " \"Payload.$\": \"$\"", " },", - " \"Resource\": \"aws:aws-us-gov:states:::lambda:invoke\",", + " \"Resource\": \"arn:aws-us-gov:states:::lambda:invoke\",", " \"Type\": \"Task\"", " }", " }", @@ -169,7 +169,7 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "aws:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" ], "Policies": [ { diff --git a/tests/translator/output/aws-us-gov/schema_validation_2.json b/tests/translator/output/aws-us-gov/schema_validation_2.json index d000e67e9f..b2c7babd5d 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_2.json +++ b/tests/translator/output/aws-us-gov/schema_validation_2.json @@ -97,7 +97,7 @@ " \"MessageBody.$\": \"$.message\",", " \"QueueUrl\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"aws:aws-us-gov:states:::sqs:sendMessage\",", + " \"Resource\": \"arn:aws-us-gov:states:::sqs:sendMessage\",", " \"Type\": \"Task\"", " }", " }", From d6c78100cf3fcfb72ff735de0cd1d6be5d28195a Mon Sep 17 00:00:00 2001 From: Chris Rehn Date: Fri, 25 Nov 2022 16:35:11 -0800 Subject: [PATCH 5/5] Fix tests --- tests/translator/input/schema_validation_1.yaml | 2 +- tests/translator/input/schema_validation_2.yaml | 2 +- .../translator/output/aws-cn/schema_validation_1.json | 10 ++++++---- .../translator/output/aws-cn/schema_validation_2.json | 2 +- .../output/aws-us-gov/schema_validation_1.json | 10 ++++++---- .../output/aws-us-gov/schema_validation_2.json | 2 +- tests/translator/output/schema_validation_1.json | 2 +- tests/translator/output/schema_validation_2.json | 2 +- tests/translator/test_translator.py | 2 ++ 9 files changed, 20 insertions(+), 14 deletions(-) diff --git a/tests/translator/input/schema_validation_1.yaml b/tests/translator/input/schema_validation_1.yaml index c357e94d7a..4652810945 100644 --- a/tests/translator/input/schema_validation_1.yaml +++ b/tests/translator/input/schema_validation_1.yaml @@ -16,7 +16,7 @@ Resources: Comment: Stackery creates an attachment point for each 'Task' state Type: Task Next: Done - Resource: arn:aws:states:::lambda:invoke + Resource: someresource Parameters: FunctionName: ${FunctionArn} Payload.$: $ diff --git a/tests/translator/input/schema_validation_2.yaml b/tests/translator/input/schema_validation_2.yaml index b3e103528b..f8f5241680 100644 --- a/tests/translator/input/schema_validation_2.yaml +++ b/tests/translator/input/schema_validation_2.yaml @@ -25,7 +25,7 @@ Resources: States: SendToMyQueue: Type: Task - Resource: arn:aws:states:::sqs:sendMessage + Resource: someresource Parameters: QueueUrl: !Ref MyQueue MessageBody.$: $.message diff --git a/tests/translator/output/aws-cn/schema_validation_1.json b/tests/translator/output/aws-cn/schema_validation_1.json index 66ad9b8cc9..c3323a90ce 100644 --- a/tests/translator/output/aws-cn/schema_validation_1.json +++ b/tests/translator/output/aws-cn/schema_validation_1.json @@ -60,8 +60,9 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "AWSXrayWriteOnlyAccess", + "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess", + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { @@ -96,7 +97,7 @@ " \"FunctionName\": \"${FunctionArn}\",", " \"Payload.$\": \"$\"", " },", - " \"Resource\": \"arn:aws-cn:states:::lambda:invoke\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", @@ -169,7 +170,8 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess" + "AWSXrayWriteOnlyAccess", + "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess" ], "Policies": [ { diff --git a/tests/translator/output/aws-cn/schema_validation_2.json b/tests/translator/output/aws-cn/schema_validation_2.json index 731146093d..37019cb8e8 100644 --- a/tests/translator/output/aws-cn/schema_validation_2.json +++ b/tests/translator/output/aws-cn/schema_validation_2.json @@ -97,7 +97,7 @@ " \"MessageBody.$\": \"$.message\",", " \"QueueUrl\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws-cn:states:::sqs:sendMessage\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", diff --git a/tests/translator/output/aws-us-gov/schema_validation_1.json b/tests/translator/output/aws-us-gov/schema_validation_1.json index 440e17f693..bdfeb13ad5 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_1.json +++ b/tests/translator/output/aws-us-gov/schema_validation_1.json @@ -60,8 +60,9 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "AWSXrayWriteOnlyAccess", + "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess", + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "Tags": [ { @@ -96,7 +97,7 @@ " \"FunctionName\": \"${FunctionArn}\",", " \"Payload.$\": \"$\"", " },", - " \"Resource\": \"arn:aws-us-gov:states:::lambda:invoke\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", @@ -169,7 +170,8 @@ "Version": "2012-10-17" }, "ManagedPolicyArns": [ - "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess" + "AWSXrayWriteOnlyAccess", + "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess" ], "Policies": [ { diff --git a/tests/translator/output/aws-us-gov/schema_validation_2.json b/tests/translator/output/aws-us-gov/schema_validation_2.json index b2c7babd5d..37019cb8e8 100644 --- a/tests/translator/output/aws-us-gov/schema_validation_2.json +++ b/tests/translator/output/aws-us-gov/schema_validation_2.json @@ -97,7 +97,7 @@ " \"MessageBody.$\": \"$.message\",", " \"QueueUrl\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws-us-gov:states:::sqs:sendMessage\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", diff --git a/tests/translator/output/schema_validation_1.json b/tests/translator/output/schema_validation_1.json index a002c40ed5..de56c4fc8a 100644 --- a/tests/translator/output/schema_validation_1.json +++ b/tests/translator/output/schema_validation_1.json @@ -96,7 +96,7 @@ " \"FunctionName\": \"${FunctionArn}\",", " \"Payload.$\": \"$\"", " },", - " \"Resource\": \"arn:aws:states:::lambda:invoke\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", diff --git a/tests/translator/output/schema_validation_2.json b/tests/translator/output/schema_validation_2.json index 8ea506955b..37019cb8e8 100644 --- a/tests/translator/output/schema_validation_2.json +++ b/tests/translator/output/schema_validation_2.json @@ -97,7 +97,7 @@ " \"MessageBody.$\": \"$.message\",", " \"QueueUrl\": \"${definition_substitution_1}\"", " },", - " \"Resource\": \"arn:aws:states:::sqs:sendMessage\",", + " \"Resource\": \"someresource\",", " \"Type\": \"Task\"", " }", " }", diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 0581b278f3..8e2d87194a 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -146,6 +146,8 @@ def mock_sar_service_call(self, service_call_function, logical_id, *args): class AbstractTestTranslator(TestCase): + maxDiff = None + def _read_input(self, testcase): manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + ".yaml"), "r")) # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict