From e28c29838bb7d814c9f809334fd111483bd3689e Mon Sep 17 00:00:00 2001 From: Sam Liu Date: Thu, 15 Dec 2022 16:51:52 -0800 Subject: [PATCH] fix: Raise correct exception when bucket tags are not list --- samtranslator/model/eventsources/push.py | 7 ++-- .../error_s3_bucket_invalid_properties.yaml | 32 +++++++++++++++++++ .../error_s3_bucket_invalid_properties.json | 2 +- 3 files changed, 38 insertions(+), 3 deletions(-) diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py index b73f161ee7..a44e8e3c3f 100644 --- a/samtranslator/model/eventsources/push.py +++ b/samtranslator/model/eventsources/push.py @@ -318,7 +318,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] source_account = ref("AWS::AccountId") permission = self._construct_permission(function, source_account=source_account) # type: ignore[no-untyped-call] if CONDITION in permission.resource_attributes: - self._depend_on_lambda_permissions_using_tag(bucket, permission) # type: ignore[no-untyped-call] + self._depend_on_lambda_permissions_using_tag(bucket, bucket_id, permission) else: self._depend_on_lambda_permissions(bucket, permission) # type: ignore[no-untyped-call] resources.append(permission) @@ -370,7 +370,9 @@ def _depend_on_lambda_permissions(self, bucket, permission): # type: ignore[no- return bucket - def _depend_on_lambda_permissions_using_tag(self, bucket, permission): # type: ignore[no-untyped-def] + def _depend_on_lambda_permissions_using_tag( + self, bucket: Dict[str, Any], bucket_id: str, permission: LambdaPermission + ) -> Dict[str, Any]: """ Since conditional DependsOn is not supported this undocumented way of implicitely making dependency through tags is used. @@ -389,6 +391,7 @@ def _depend_on_lambda_permissions_using_tag(self, bucket, permission): # type: if tags is None: tags = [] properties["Tags"] = tags + sam_expect(tags, bucket_id, "Tags").to_be_a_list() dep_tag = { "sam:ConditionalDependsOn:" + permission.logical_id: { diff --git a/tests/translator/input/error_s3_bucket_invalid_properties.yaml b/tests/translator/input/error_s3_bucket_invalid_properties.yaml index 784b44ceee..eab6970e41 100644 --- a/tests/translator/input/error_s3_bucket_invalid_properties.yaml +++ b/tests/translator/input/error_s3_bucket_invalid_properties.yaml @@ -1,3 +1,10 @@ +Conditions: + Condition: + Fn::Equals: + - 1 + - 1 + + Resources: Function: Type: AWS::Serverless::Function @@ -15,3 +22,28 @@ Resources: Bucket: Type: AWS::S3::Bucket Properties: This should be a dict + + + Function2: + Condition: Condition + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/thumbnails.zip + Handler: index.generate_thumbails + Runtime: nodejs12.x + Events: + ImageBucket: + Type: S3 + Properties: + Bucket: !Ref Bucket2 + Events: s3:ObjectCreated:* + Tags: + Key: Value + + Bucket2: + Condition: Condition + Type: AWS::S3::Bucket + Properties: + Tags: + # This validation is triggered when the function has tags and condition + This: should be a list diff --git a/tests/translator/output/error_s3_bucket_invalid_properties.json b/tests/translator/output/error_s3_bucket_invalid_properties.json index 40ecf833e7..347d58c280 100644 --- a/tests/translator/output/error_s3_bucket_invalid_properties.json +++ b/tests/translator/output/error_s3_bucket_invalid_properties.json @@ -1,3 +1,3 @@ { - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [Bucket] is invalid. Properties should be a map." + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 2. Resource with id [Bucket] is invalid. Properties should be a map. Resource with id [Bucket2] is invalid. Property 'Tags' should be a list." }