Skip to content

Commit

Permalink
feat: Support VIRTUAL_HOST as Type for SourceAccessConfiguration for …
Browse files Browse the repository at this point in the history
…MQ events (aws#76) (aws#2078)

Co-authored-by: Renato Valenzuela <[email protected]>
  • Loading branch information
2 people authored and mndeveci committed Jul 6, 2021
1 parent 09677fc commit fc7b0fa
Show file tree
Hide file tree
Showing 20 changed files with 522 additions and 18 deletions.
39 changes: 27 additions & 12 deletions samtranslator/model/eventsources/pull.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
class PullEventSource(ResourceMacro):
"""Base class for pull event sources for SAM Functions.
The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, ActiveMQ Queues and SQS Queues. All of these correspond to an
The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, Amazon MQ Queues and SQS Queues. All of these correspond to an
EventSourceMapping in Lambda, and require that the execution role be given to Kinesis Streams, DynamoDB
Streams, or SQS Queues, respectively.
Expand Down Expand Up @@ -74,7 +74,7 @@ def to_cloudformation(self, **kwargs):
if not self.Stream and not self.Queue and not self.Broker:
raise InvalidEventException(
self.relative_id,
"No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided.",
"No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided.",
)

if self.Stream and not self.StartingPosition:
Expand Down Expand Up @@ -218,23 +218,38 @@ def get_policy_statements(self):
if not self.SourceAccessConfigurations:
raise InvalidEventException(
self.relative_id,
"No SourceAccessConfigurations for ActiveMQ provided.",
"No SourceAccessConfigurations for Amazon MQ event provided.",
)
if not type(self.SourceAccessConfigurations) is list:
raise InvalidEventException(
self.relative_id,
"Provided SourceAccessConfigurations cannot be parsed into a list.",
)
# MQ only supports SourceAccessConfigurations with list size of 1
if not (len(self.SourceAccessConfigurations) == 1):
raise InvalidEventException(
self.relative_id,
"SourceAccessConfigurations for ActiveMQ only supports single configuration entry.",
)
if not self.SourceAccessConfigurations[0].get("URI"):
basic_auth_uri = None
for conf in self.SourceAccessConfigurations:
event_type = conf.get("Type")
if event_type not in ("BASIC_AUTH", "VIRTUAL_HOST"):
raise InvalidEventException(
self.relative_id,
"Invalid property specified in SourceAccessConfigurations for Amazon MQ event.",
)
if event_type == "BASIC_AUTH":
if basic_auth_uri:
raise InvalidEventException(
self.relative_id,
"Multiple BASIC_AUTH properties specified in SourceAccessConfigurations for Amazon MQ event.",
)
basic_auth_uri = conf.get("URI")
if not basic_auth_uri:
raise InvalidEventException(
self.relative_id,
"No BASIC_AUTH URI property specified in SourceAccessConfigurations for Amazon MQ event.",
)

if not basic_auth_uri:
raise InvalidEventException(
self.relative_id,
"No URI property specified in SourceAccessConfigurations for ActiveMQ.",
"No BASIC_AUTH property specified in SourceAccessConfigurations for Amazon MQ event.",
)
document = {
"PolicyName": "SamAutoGeneratedAMQPolicy",
Expand All @@ -245,7 +260,7 @@ def get_policy_statements(self):
"secretsmanager:GetSecretValue",
],
"Effect": "Allow",
"Resource": self.SourceAccessConfigurations[0].get("URI"),
"Resource": basic_auth_uri,
},
{
"Action": [
Expand Down
42 changes: 42 additions & 0 deletions tests/model/eventsources/test_mq_event_source.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
from unittest import TestCase
from samtranslator.model.eventsources.pull import MQ


class MQEventSource(TestCase):
def setUp(self):
self.logical_id = "MQEvent"
self.mq_event_source = MQ(self.logical_id)

def test_get_policy_arn(self):
source_arn = self.mq_event_source.get_policy_arn()
expected_source_arn = None
self.assertEqual(source_arn, expected_source_arn)

def test_get_policy_statements(self):
self.mq_event_source.SourceAccessConfigurations = [{"Type": "BASIC_AUTH", "URI": "SECRET_URI"}]
self.mq_event_source.Broker = "BROKER_ARN"
policy_statements = self.mq_event_source.get_policy_statements()
expected_policy_document = [
{
"PolicyName": "SamAutoGeneratedAMQPolicy",
"PolicyDocument": {
"Statement": [
{
"Action": [
"secretsmanager:GetSecretValue",
],
"Effect": "Allow",
"Resource": "SECRET_URI",
},
{
"Action": [
"mq:DescribeBroker",
],
"Effect": "Allow",
"Resource": "BROKER_ARN",
},
]
},
}
]
self.assertEqual(policy_statements, expected_policy_document)
19 changes: 19 additions & 0 deletions tests/translator/input/error_invalid_config_mq.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations:
- Type: BASIC_AUTH
URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
- Type: VPC_SUBNET
URI: invalidforMQtriggers
17 changes: 17 additions & 0 deletions tests/translator/input/error_missing_basic_auth_in_mq.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations:
- Type: VIRTUAL_HOST
URI: vhost_name
16 changes: 16 additions & 0 deletions tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations:
- Type: BASIC_AUTH
15 changes: 15 additions & 0 deletions tests/translator/input/error_missing_sac_in_mq.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations: []
19 changes: 19 additions & 0 deletions tests/translator/input/error_multiple_basic_auth_in_mq.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations:
- Type: BASIC_AUTH
URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
- Type: BASIC_AUTH
URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-second-secret-1a2b3c
19 changes: 19 additions & 0 deletions tests/translator/input/function_with_mq_virtual_host.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
Resources:
MQFunction:
Type: 'AWS::Serverless::Function'
Properties:
CodeUri: s3://sam-demo-bucket/queues.zip
Handler: queue.mq_handler
Runtime: python2.7
Events:
MyMQQueue:
Type: MQ
Properties:
Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
Queues:
- "Queue1"
SourceAccessConfigurations:
- Type: BASIC_AUTH
URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
- Type: VIRTUAL_HOST
URI: vhost_name
102 changes: 102 additions & 0 deletions tests/translator/output/aws-cn/function_with_mq_virtual_host.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
{
"Resources": {
"MQFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "sam-demo-bucket",
"S3Key": "queues.zip"
},
"Handler": "queue.mq_handler",
"Role": {
"Fn::GetAtt": [
"MQFunctionRole",
"Arn"
]
},
"Runtime": "python2.7",
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"MQFunctionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
}
}
]
},
"ManagedPolicyArns": [
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
],
"Policies": [
{
"PolicyName": "SamAutoGeneratedAMQPolicy",
"PolicyDocument": {
"Statement": [
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c"
},
{
"Action": [
"mq:DescribeBroker"
],
"Effect": "Allow",
"Resource": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9"
}
]
}
}
],
"Tags": [
{
"Key": "lambda:createdBy",
"Value": "SAM"
}
]
}
},
"MQFunctionMyMQQueue": {
"Type": "AWS::Lambda::EventSourceMapping",
"Properties": {
"EventSourceArn": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9",
"FunctionName": {
"Ref": "MQFunction"
},
"Queues": [
"Queue1"
],
"SourceAccessConfigurations": [
{
"Type": "BASIC_AUTH",
"URI": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c"
},
{
"Type": "VIRTUAL_HOST",
"URI": "vhost_name"
}
]
}
}
}
}
Loading

0 comments on commit fc7b0fa

Please sign in to comment.