From 25fa8a8dad8db28fd058fcd0173c73945cacc77c Mon Sep 17 00:00:00 2001 From: Mathieu Grandis <73313235+mgrandis@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:39:24 -0700 Subject: [PATCH] Release/v1.37.0 (#2079) * Release/v1.37.0 (#2069) * chore: bump version to 1.37.0 (#2068) * fix: Increase PageSize of ListPolicies Paginator (#2033) Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss * feat: Support VIRTUAL_HOST as Type for SourceAccessConfiguration for MQ events (#76) (#2078) Co-authored-by: Renato Valenzuela <37676028+valerena@users.noreply.github.com> --- samtranslator/__init__.py | 2 +- samtranslator/model/eventsources/pull.py | 39 ++++--- .../translator/managed_policy_translator.py | 6 +- .../eventsources/test_mq_event_source.py | 42 ++++++++ .../input/error_invalid_config_mq.yaml | 19 ++++ .../input/error_missing_basic_auth_in_mq.yaml | 17 +++ .../error_missing_basic_auth_uri_in_mq.yaml | 16 +++ .../input/error_missing_sac_in_mq.yaml | 15 +++ .../error_multiple_basic_auth_in_mq.yaml | 19 ++++ .../input/function_with_mq_virtual_host.yaml | 19 ++++ .../aws-cn/function_with_mq_virtual_host.json | 102 ++++++++++++++++++ .../function_with_mq_virtual_host.json | 102 ++++++++++++++++++ .../output/error_invalid_config_mq.json | 6 ++ .../error_missing_basic_auth_in_mq.json | 6 ++ .../error_missing_basic_auth_uri_in_mq.json | 6 ++ .../output/error_missing_broker.json | 4 +- .../output/error_missing_queue.json | 4 +- .../output/error_missing_sac_in_mq.json | 6 ++ .../output/error_missing_stream.json | 4 +- .../error_multiple_basic_auth_in_mq.json | 6 ++ .../output/function_with_mq_virtual_host.json | 102 ++++++++++++++++++ .../test_managed_policies_translator.py | 2 +- tests/translator/test_translator.py | 6 ++ 23 files changed, 529 insertions(+), 21 deletions(-) create mode 100644 tests/model/eventsources/test_mq_event_source.py create mode 100644 tests/translator/input/error_invalid_config_mq.yaml create mode 100644 tests/translator/input/error_missing_basic_auth_in_mq.yaml create mode 100644 tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml create mode 100644 tests/translator/input/error_missing_sac_in_mq.yaml create mode 100644 tests/translator/input/error_multiple_basic_auth_in_mq.yaml create mode 100644 tests/translator/input/function_with_mq_virtual_host.yaml create mode 100644 tests/translator/output/aws-cn/function_with_mq_virtual_host.json create mode 100644 tests/translator/output/aws-us-gov/function_with_mq_virtual_host.json create mode 100644 tests/translator/output/error_invalid_config_mq.json create mode 100644 tests/translator/output/error_missing_basic_auth_in_mq.json create mode 100644 tests/translator/output/error_missing_basic_auth_uri_in_mq.json create mode 100644 tests/translator/output/error_missing_sac_in_mq.json create mode 100644 tests/translator/output/error_multiple_basic_auth_in_mq.json create mode 100644 tests/translator/output/function_with_mq_virtual_host.json diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 4a1dc255b..9483ec486 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = "1.36.0" +__version__ = "1.37.0" diff --git a/samtranslator/model/eventsources/pull.py b/samtranslator/model/eventsources/pull.py index 106700d63..40b5afada 100644 --- a/samtranslator/model/eventsources/pull.py +++ b/samtranslator/model/eventsources/pull.py @@ -10,7 +10,7 @@ class PullEventSource(ResourceMacro): """Base class for pull event sources for SAM Functions. - The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, ActiveMQ Queues and SQS Queues. All of these correspond to an + The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, Amazon MQ Queues and SQS Queues. All of these correspond to an EventSourceMapping in Lambda, and require that the execution role be given to Kinesis Streams, DynamoDB Streams, or SQS Queues, respectively. @@ -74,7 +74,7 @@ def to_cloudformation(self, **kwargs): if not self.Stream and not self.Queue and not self.Broker: raise InvalidEventException( self.relative_id, - "No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided.", + "No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided.", ) if self.Stream and not self.StartingPosition: @@ -218,23 +218,38 @@ def get_policy_statements(self): if not self.SourceAccessConfigurations: raise InvalidEventException( self.relative_id, - "No SourceAccessConfigurations for ActiveMQ provided.", + "No SourceAccessConfigurations for Amazon MQ event provided.", ) if not type(self.SourceAccessConfigurations) is list: raise InvalidEventException( self.relative_id, "Provided SourceAccessConfigurations cannot be parsed into a list.", ) - # MQ only supports SourceAccessConfigurations with list size of 1 - if not (len(self.SourceAccessConfigurations) == 1): - raise InvalidEventException( - self.relative_id, - "SourceAccessConfigurations for ActiveMQ only supports single configuration entry.", - ) - if not self.SourceAccessConfigurations[0].get("URI"): + basic_auth_uri = None + for conf in self.SourceAccessConfigurations: + event_type = conf.get("Type") + if event_type not in ("BASIC_AUTH", "VIRTUAL_HOST"): + raise InvalidEventException( + self.relative_id, + "Invalid property specified in SourceAccessConfigurations for Amazon MQ event.", + ) + if event_type == "BASIC_AUTH": + if basic_auth_uri: + raise InvalidEventException( + self.relative_id, + "Multiple BASIC_AUTH properties specified in SourceAccessConfigurations for Amazon MQ event.", + ) + basic_auth_uri = conf.get("URI") + if not basic_auth_uri: + raise InvalidEventException( + self.relative_id, + "No BASIC_AUTH URI property specified in SourceAccessConfigurations for Amazon MQ event.", + ) + + if not basic_auth_uri: raise InvalidEventException( self.relative_id, - "No URI property specified in SourceAccessConfigurations for ActiveMQ.", + "No BASIC_AUTH property specified in SourceAccessConfigurations for Amazon MQ event.", ) document = { "PolicyName": "SamAutoGeneratedAMQPolicy", @@ -245,7 +260,7 @@ def get_policy_statements(self): "secretsmanager:GetSecretValue", ], "Effect": "Allow", - "Resource": self.SourceAccessConfigurations[0].get("URI"), + "Resource": basic_auth_uri, }, { "Action": [ diff --git a/samtranslator/translator/managed_policy_translator.py b/samtranslator/translator/managed_policy_translator.py index 0b5d1f78f..a4020084a 100644 --- a/samtranslator/translator/managed_policy_translator.py +++ b/samtranslator/translator/managed_policy_translator.py @@ -7,15 +7,19 @@ class ManagedPolicyLoader(object): def __init__(self, iam_client): self._iam_client = iam_client self._policy_map = None + self.max_items = 1000 def load(self): if self._policy_map is None: LOG.info("Loading policies from IAM...") + paginator = self._iam_client.get_paginator("list_policies") # Setting the scope to AWS limits the returned values to only AWS Managed Policies and will # not returned policies owned by any specific account. # http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html#API_ListPolicies_RequestParameters - page_iterator = paginator.paginate(Scope="AWS") + # Note(jfuss): boto3 PaginationConfig MaxItems does not control the number of items returned from the API + # call. This is actually controlled by PageSize. + page_iterator = paginator.paginate(Scope="AWS", PaginationConfig={"PageSize": self.max_items}) name_to_arn_map = {} for page in page_iterator: diff --git a/tests/model/eventsources/test_mq_event_source.py b/tests/model/eventsources/test_mq_event_source.py new file mode 100644 index 000000000..c6062a7d3 --- /dev/null +++ b/tests/model/eventsources/test_mq_event_source.py @@ -0,0 +1,42 @@ +from unittest import TestCase +from samtranslator.model.eventsources.pull import MQ + + +class MQEventSource(TestCase): + def setUp(self): + self.logical_id = "MQEvent" + self.mq_event_source = MQ(self.logical_id) + + def test_get_policy_arn(self): + source_arn = self.mq_event_source.get_policy_arn() + expected_source_arn = None + self.assertEqual(source_arn, expected_source_arn) + + def test_get_policy_statements(self): + self.mq_event_source.SourceAccessConfigurations = [{"Type": "BASIC_AUTH", "URI": "SECRET_URI"}] + self.mq_event_source.Broker = "BROKER_ARN" + policy_statements = self.mq_event_source.get_policy_statements() + expected_policy_document = [ + { + "PolicyName": "SamAutoGeneratedAMQPolicy", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue", + ], + "Effect": "Allow", + "Resource": "SECRET_URI", + }, + { + "Action": [ + "mq:DescribeBroker", + ], + "Effect": "Allow", + "Resource": "BROKER_ARN", + }, + ] + }, + } + ] + self.assertEqual(policy_statements, expected_policy_document) diff --git a/tests/translator/input/error_invalid_config_mq.yaml b/tests/translator/input/error_invalid_config_mq.yaml new file mode 100644 index 000000000..f07c8c0f9 --- /dev/null +++ b/tests/translator/input/error_invalid_config_mq.yaml @@ -0,0 +1,19 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: + - Type: BASIC_AUTH + URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c + - Type: VPC_SUBNET + URI: invalidforMQtriggers \ No newline at end of file diff --git a/tests/translator/input/error_missing_basic_auth_in_mq.yaml b/tests/translator/input/error_missing_basic_auth_in_mq.yaml new file mode 100644 index 000000000..2e57456f8 --- /dev/null +++ b/tests/translator/input/error_missing_basic_auth_in_mq.yaml @@ -0,0 +1,17 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: + - Type: VIRTUAL_HOST + URI: vhost_name diff --git a/tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml b/tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml new file mode 100644 index 000000000..802f6348d --- /dev/null +++ b/tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml @@ -0,0 +1,16 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: + - Type: BASIC_AUTH \ No newline at end of file diff --git a/tests/translator/input/error_missing_sac_in_mq.yaml b/tests/translator/input/error_missing_sac_in_mq.yaml new file mode 100644 index 000000000..a164d5a43 --- /dev/null +++ b/tests/translator/input/error_missing_sac_in_mq.yaml @@ -0,0 +1,15 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: [] \ No newline at end of file diff --git a/tests/translator/input/error_multiple_basic_auth_in_mq.yaml b/tests/translator/input/error_multiple_basic_auth_in_mq.yaml new file mode 100644 index 000000000..fcb298eb3 --- /dev/null +++ b/tests/translator/input/error_multiple_basic_auth_in_mq.yaml @@ -0,0 +1,19 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: + - Type: BASIC_AUTH + URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c + - Type: BASIC_AUTH + URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-second-secret-1a2b3c \ No newline at end of file diff --git a/tests/translator/input/function_with_mq_virtual_host.yaml b/tests/translator/input/function_with_mq_virtual_host.yaml new file mode 100644 index 000000000..b5d2c6208 --- /dev/null +++ b/tests/translator/input/function_with_mq_virtual_host.yaml @@ -0,0 +1,19 @@ +Resources: + MQFunction: + Type: 'AWS::Serverless::Function' + Properties: + CodeUri: s3://sam-demo-bucket/queues.zip + Handler: queue.mq_handler + Runtime: python2.7 + Events: + MyMQQueue: + Type: MQ + Properties: + Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 + Queues: + - "Queue1" + SourceAccessConfigurations: + - Type: BASIC_AUTH + URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c + - Type: VIRTUAL_HOST + URI: vhost_name \ No newline at end of file diff --git a/tests/translator/output/aws-cn/function_with_mq_virtual_host.json b/tests/translator/output/aws-cn/function_with_mq_virtual_host.json new file mode 100644 index 000000000..3f19f99cd --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_mq_virtual_host.json @@ -0,0 +1,102 @@ +{ + "Resources": { + "MQFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "queues.zip" + }, + "Handler": "queue.mq_handler", + "Role": { + "Fn::GetAtt": [ + "MQFunctionRole", + "Arn" + ] + }, + "Runtime": "python2.7", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Policies": [ + { + "PolicyName": "SamAutoGeneratedAMQPolicy", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Action": [ + "mq:DescribeBroker" + ], + "Effect": "Allow", + "Resource": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9" + } + ] + } + } + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionMyMQQueue": { + "Type": "AWS::Lambda::EventSourceMapping", + "Properties": { + "EventSourceArn": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9", + "FunctionName": { + "Ref": "MQFunction" + }, + "Queues": [ + "Queue1" + ], + "SourceAccessConfigurations": [ + { + "Type": "BASIC_AUTH", + "URI": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Type": "VIRTUAL_HOST", + "URI": "vhost_name" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/function_with_mq_virtual_host.json b/tests/translator/output/aws-us-gov/function_with_mq_virtual_host.json new file mode 100644 index 000000000..8602b168f --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_mq_virtual_host.json @@ -0,0 +1,102 @@ +{ + "Resources": { + "MQFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "queues.zip" + }, + "Handler": "queue.mq_handler", + "Role": { + "Fn::GetAtt": [ + "MQFunctionRole", + "Arn" + ] + }, + "Runtime": "python2.7", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Policies": [ + { + "PolicyName": "SamAutoGeneratedAMQPolicy", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Action": [ + "mq:DescribeBroker" + ], + "Effect": "Allow", + "Resource": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9" + } + ] + } + } + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionMyMQQueue": { + "Type": "AWS::Lambda::EventSourceMapping", + "Properties": { + "EventSourceArn": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9", + "FunctionName": { + "Ref": "MQFunction" + }, + "Queues": [ + "Queue1" + ], + "SourceAccessConfigurations": [ + { + "Type": "BASIC_AUTH", + "URI": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Type": "VIRTUAL_HOST", + "URI": "vhost_name" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/output/error_invalid_config_mq.json b/tests/translator/output/error_invalid_config_mq.json new file mode 100644 index 000000000..cebd93837 --- /dev/null +++ b/tests/translator/output/error_invalid_config_mq.json @@ -0,0 +1,6 @@ +{ + "errors": [{ + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. Invalid property specified in SourceAccessConfigurations for Amazon MQ event." + }], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. Invalid property specified in SourceAccessConfigurations for Amazon MQ event." +} \ No newline at end of file diff --git a/tests/translator/output/error_missing_basic_auth_in_mq.json b/tests/translator/output/error_missing_basic_auth_in_mq.json new file mode 100644 index 000000000..5d55f84fe --- /dev/null +++ b/tests/translator/output/error_missing_basic_auth_in_mq.json @@ -0,0 +1,6 @@ +{ + "errors": [{ + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No BASIC_AUTH property specified in SourceAccessConfigurations for Amazon MQ event." + }], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No BASIC_AUTH property specified in SourceAccessConfigurations for Amazon MQ event." +} diff --git a/tests/translator/output/error_missing_basic_auth_uri_in_mq.json b/tests/translator/output/error_missing_basic_auth_uri_in_mq.json new file mode 100644 index 000000000..7a7805202 --- /dev/null +++ b/tests/translator/output/error_missing_basic_auth_uri_in_mq.json @@ -0,0 +1,6 @@ +{ + "errors": [{ + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No BASIC_AUTH URI property specified in SourceAccessConfigurations for Amazon MQ event." + }], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No BASIC_AUTH URI property specified in SourceAccessConfigurations for Amazon MQ event." +} \ No newline at end of file diff --git a/tests/translator/output/error_missing_broker.json b/tests/translator/output/error_missing_broker.json index 136ac3800..8aae6d420 100644 --- a/tests/translator/output/error_missing_broker.json +++ b/tests/translator/output/error_missing_broker.json @@ -1,6 +1,6 @@ { "errors": [{ - "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." }], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." } \ No newline at end of file diff --git a/tests/translator/output/error_missing_queue.json b/tests/translator/output/error_missing_queue.json index 4a7ba1f7a..90d9696fe 100644 --- a/tests/translator/output/error_missing_queue.json +++ b/tests/translator/output/error_missing_queue.json @@ -1,6 +1,6 @@ { "errors": [{ - "errorMessage": "Resource with id [SQSFunction] is invalid. Event with id [MySqsQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Resource with id [SQSFunction] is invalid. Event with id [MySqsQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." }], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [SQSFunction] is invalid. Event with id [MySqsQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [SQSFunction] is invalid. Event with id [MySqsQueue] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." } \ No newline at end of file diff --git a/tests/translator/output/error_missing_sac_in_mq.json b/tests/translator/output/error_missing_sac_in_mq.json new file mode 100644 index 000000000..30a1ce660 --- /dev/null +++ b/tests/translator/output/error_missing_sac_in_mq.json @@ -0,0 +1,6 @@ +{ + "errors": [{ + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No SourceAccessConfigurations for Amazon MQ event provided." + }], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. No SourceAccessConfigurations for Amazon MQ event provided." +} \ No newline at end of file diff --git a/tests/translator/output/error_missing_stream.json b/tests/translator/output/error_missing_stream.json index f85ff25e8..40071cc4c 100644 --- a/tests/translator/output/error_missing_stream.json +++ b/tests/translator/output/error_missing_stream.json @@ -1,6 +1,6 @@ { "errors": [{ - "errorMessage": "Resource with id [DynamoDBFunction] is invalid. Event with id [MyDDBStream] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Resource with id [DynamoDBFunction] is invalid. Event with id [MyDDBStream] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." }], - "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [DynamoDBFunction] is invalid. Event with id [MyDDBStream] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided." + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [DynamoDBFunction] is invalid. Event with id [MyDDBStream] is invalid. No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided." } \ No newline at end of file diff --git a/tests/translator/output/error_multiple_basic_auth_in_mq.json b/tests/translator/output/error_multiple_basic_auth_in_mq.json new file mode 100644 index 000000000..ab46b0eba --- /dev/null +++ b/tests/translator/output/error_multiple_basic_auth_in_mq.json @@ -0,0 +1,6 @@ +{ + "errors": [{ + "errorMessage": "Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. Multiple BASIC_AUTH properties specified in SourceAccessConfigurations for Amazon MQ event." + }], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MQFunction] is invalid. Event with id [MyMQQueue] is invalid. Multiple BASIC_AUTH properties specified in SourceAccessConfigurations for Amazon MQ event." +} diff --git a/tests/translator/output/function_with_mq_virtual_host.json b/tests/translator/output/function_with_mq_virtual_host.json new file mode 100644 index 000000000..646218535 --- /dev/null +++ b/tests/translator/output/function_with_mq_virtual_host.json @@ -0,0 +1,102 @@ +{ + "Resources": { + "MQFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "queues.zip" + }, + "Handler": "queue.mq_handler", + "Role": { + "Fn::GetAtt": [ + "MQFunctionRole", + "Arn" + ] + }, + "Runtime": "python2.7", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Policies": [ + { + "PolicyName": "SamAutoGeneratedAMQPolicy", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Action": [ + "mq:DescribeBroker" + ], + "Effect": "Allow", + "Resource": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9" + } + ] + } + } + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + } + }, + "MQFunctionMyMQQueue": { + "Type": "AWS::Lambda::EventSourceMapping", + "Properties": { + "EventSourceArn": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9", + "FunctionName": { + "Ref": "MQFunction" + }, + "Queues": [ + "Queue1" + ], + "SourceAccessConfigurations": [ + { + "Type": "BASIC_AUTH", + "URI": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c" + }, + { + "Type": "VIRTUAL_HOST", + "URI": "vhost_name" + } + ] + } + } + } +} \ No newline at end of file diff --git a/tests/translator/test_managed_policies_translator.py b/tests/translator/test_managed_policies_translator.py index 3337af663..195db3a38 100644 --- a/tests/translator/test_managed_policies_translator.py +++ b/tests/translator/test_managed_policies_translator.py @@ -32,4 +32,4 @@ def test_load(): assert actual == expected iam.get_paginator.assert_called_once_with("list_policies") - paginator.paginate.assert_called_once_with(Scope="AWS") + paginator.paginate.assert_called_once_with(Scope="AWS", PaginationConfig={"PageSize": 1000}) diff --git a/tests/translator/test_translator.py b/tests/translator/test_translator.py index 3d93ab571..c66891ba0 100644 --- a/tests/translator/test_translator.py +++ b/tests/translator/test_translator.py @@ -277,6 +277,7 @@ class TestTranslatorEndToEnd(AbstractTestTranslator): "sqs", "function_with_amq", "function_with_amq_kms", + "function_with_mq_virtual_host", "simpletable", "simpletable_with_sse", "implicit_api", @@ -660,6 +661,11 @@ def test_transform_success_resource_policy(self, testcase, partition_with_region "error_function_with_cwe_missing_dlq_property", "error_invalid_logical_id", "error_layer_invalid_properties", + "error_missing_basic_auth_in_mq", + "error_missing_basic_auth_uri_in_mq", + "error_multiple_basic_auth_in_mq", + "error_missing_sac_in_mq", + "error_invalid_config_mq", "error_missing_broker", "error_missing_queue", "error_missing_startingposition",