fix: multiple mq source event policy name (add DynamicPolicyName)
#2953
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hoffa
reviewed
Feb 27, 2023
hoffa
reviewed
Feb 27, 2023
samtranslator/internal/schema_source/aws_serverless_function.py
Outdated
Show resolved
Hide resolved
hoffa
changed the title
DynamicPolicyName)
Co-authored-by: Christoffer Rehn <1280602+hoffa@users.noreply.github.com>
hoffa
approved these changes
Feb 27, 2023
aahung
approved these changes
Feb 27, 2023
awood45
requested changes
Feb 27, 2023
awood45
approved these changes
Feb 27, 2023
GavinZZ
pushed a commit
to GavinZZ/serverless-application-model
that referenced
this pull request
Mar 2, 2023
…ws#2953) Co-authored-by: Christoffer Rehn <1280602+hoffa@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available
#2927
Description of changes
Historically, policy name was hardcoded as
SamAutoGeneratedAMQPolicybut it led to a policy name clash and failure to deploy, if a Function had at least 2 MQ event sources. Since policy is attached to the Lambda execution role, policy name should be based on MQ logical ID not to clash with policy names of other MQ event sources. However, to support backwards compatibility, we need to keep policySamAutoGeneratedAMQPolicyby default, because customers might have code which relies on that policy name consistance.To support both old policy name and ability to have more than one MQ event source, we introduce new
DynamicPolicyNamewhich when set to true will use MQ logical ID to genertae policy name.Q: Why to introduce a new field and not to make policy name dynamic by default if there are multiple MQ event sources?
A: Since a customer could have a single MQ source and rely on it's policy name in their code. If that customer decides to add a new MQ source, they don't want to change the policy name for the first MQ all over their code base. But they can opt in using a dynamic policy name for all other MQ sources they add.
Q: Why not use dynamic policy names automatically for all MQ event sources but first?
A: SAM-T doesn't have state and doesn't know what was the CFN resource attribute in a previous transformation. Hence, trying to "use dynamic policy names automatically for all MQ event sources but first" can rely only on event source order. If a customer added a new MQ source before an old one, an old one would receive a dynamic name and would break (potentially) customer's code.
Description of how you validated changes
Checklist
Examples?
Please reach out in the comments if you want to add an example. Examples will be
added to
sam initthrough aws/aws-sam-cli-app-templates.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.