feat: Support for Lambda URL (#86)

Author: jonife

samtranslator/model/lambda_.py

@@ -121,3 +121,12 @@ class LambdaLayerVersion(Resource):
     }
 
     runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")}
+
+
+class LambdaUrl(Resource):
+    resource_type = "AWS::Lambda::Url"
+    property_types = {
+        "TargetFunctionArn": PropertyType(True, one_of(is_str(), is_type(dict))),
+        "AuthorizationType": PropertyType(True, is_str()),
+        "CorsConfig": PropertyType(False, is_type(dict)),
+    }

samtranslator/model/sam_resources.py

@@ -34,6 +34,7 @@
     LambdaAlias,
     LambdaLayerVersion,
     LambdaEventInvokeConfig,
+    LambdaUrl,
 )
 from samtranslator.model.types import dict_of, is_str, is_type, list_of, one_of, any_type
 from samtranslator.translator import logical_id_generator
@@ -93,6 +94,7 @@ class SamFunction(SamResourceMacro):
         "ImageConfig": PropertyType(False, is_type(dict)),
         "CodeSigningConfigArn": PropertyType(False, is_str()),
         "Architectures": PropertyType(False, list_of(one_of(is_str(), is_type(dict)))),
+        "FunctionUrlConfig": PropertyType(False, is_type(dict)),
     }
     event_resolver = ResourceTypeResolver(
         samtranslator.model.eventsources,
@@ -169,6 +171,10 @@ def to_cloudformation(self, **kwargs):
             resources.append(lambda_version)
             resources.append(lambda_alias)
 
+        if self.FunctionUrlConfig:
+            lambda_url = self._construct_lambda_url(lambda_function, lambda_alias)
+            resources.append(lambda_url)
+
         if self.DeploymentPreference:
             self._validate_deployment_preference_and_add_update_policy(
                 kwargs.get("deployment_preference_collection", None),
@@ -843,6 +849,84 @@ def _validate_deployment_preference_and_add_update_policy(
                 "UpdatePolicy", deployment_preference_collection.update_policy(self.logical_id).to_dict()
             )
 
+    def _construct_lambda_url(self, lambda_function, lambda_alias):
+        """
+        This method is used to construct a lambda url resource
+
+        Parameters
+        ----------
+        lambda_function : LambdaFunction
+            Lambda Function resource
+        lambda_alias : LambdaAlias
+            Lambda Alias resource
+
+        Returns
+        -------
+        LambdaUrl
+            Lambda Url resource
+        """
+        self._validate_function_url_params(lambda_function)
+
+        logical_id = "{id}Url".format(id=lambda_function.logical_id)
+        lambda_url = LambdaUrl(logical_id=logical_id)
+
+        cors = self.FunctionUrlConfig.get("CorsConfig")
+        if cors:
+            lambda_url.CorsConfig = cors
+        lambda_url.AuthorizationType = self.FunctionUrlConfig.get("AuthorizationType")
+        lambda_url.TargetFunctionArn = (
+            lambda_alias.get_runtime_attr("arn") if lambda_alias else lambda_function.get_runtime_attr("name")
+        )
+        return lambda_url
+
+    def _validate_function_url_params(self, lambda_function):
+        """
+        Validate parameters provided to configure Lambda Urls
+        """
+        self._validate_url_auth_type(lambda_function)
+        self._validate_cors_config_parameter(lambda_function)
+
+    def _validate_url_auth_type(self, lambda_function):
+        if is_intrinsic(self.FunctionUrlConfig):
+            return
+
+        if not self.FunctionUrlConfig.get("AuthorizationType"):
+            raise InvalidResourceException(
+                lambda_function.logical_id,
+                "AuthorizationType is required to configure function property `FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+            )
+
+    def _validate_cors_config_parameter(self, lambda_function):
+        if is_intrinsic(self.FunctionUrlConfig):
+            return
+
+        cors_property_data_type = {
+            "AllowOrigins": list,
+            "AllowMethods": list,
+            "AllowCredentials": bool,
+            "AllowHeaders": list,
+            "ExposeHeaders": list,
+            "MaxAge": int,
+        }
+
+        cors = self.FunctionUrlConfig.get("CorsConfig")
+
+        if not cors or is_intrinsic(cors):
+            return
+
+        for prop_name, prop_value in cors.items():
+            if prop_name not in cors_property_data_type:
+                raise InvalidResourceException(
+                    lambda_function.logical_id,
+                    "{} is not a valid property for configuring CorsConfig.".format(prop_name),
+                )
+            prop_type = cors_property_data_type.get(prop_name)
+            if not is_intrinsic(prop_value) and not isinstance(prop_value, prop_type):
+                raise InvalidResourceException(
+                    lambda_function.logical_id,
+                    "{} must be of type {}.".format(prop_name, str(prop_type).split("'")[1]),
+                )
+
 
 class SamApi(SamResourceMacro):
     """SAM rest API macro."""

samtranslator/plugins/globals/globals.py

@@ -43,6 +43,7 @@ class Globals(object):
             "FileSystemConfigs",
             "CodeSigningConfigArn",
             "Architectures",
+            "FunctionUrlConfig",
         ],
         # Everything except
         #   DefinitionBody: because its hard to reason about merge of Swagger dictionaries

tests/model/test_sam_resources.py

@@ -5,7 +5,7 @@
 from samtranslator.intrinsics.resolver import IntrinsicsResolver
 from samtranslator.model import InvalidResourceException
 from samtranslator.model.apigatewayv2 import ApiGatewayV2HttpApi
-from samtranslator.model.lambda_ import LambdaFunction, LambdaLayerVersion, LambdaVersion
+from samtranslator.model.lambda_ import LambdaFunction, LambdaLayerVersion, LambdaVersion, LambdaUrl
 from samtranslator.model.apigateway import ApiGatewayDeployment, ApiGatewayRestApi
 from samtranslator.model.apigateway import ApiGatewayStage
 from samtranslator.model.iam import IAMRole
@@ -461,3 +461,162 @@ def test_invalid_compatible_architectures(self):
             layer.CompatibleArchitectures = architecturea
             with pytest.raises(InvalidResourceException):
                 layer.to_cloudformation(**self.kwargs)
+
+
+class TestFunctionUrlConfig(TestCase):
+    kwargs = {
+        "intrinsics_resolver": IntrinsicsResolver({}),
+        "event_resources": [],
+        "managed_policy_map": {"foo": "bar"},
+    }
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_no_authorization_type(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"CorsConfig": {"AllowOrigins": ["example1.com"]}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AuthorizationType is required to configure"
+            + " function property `FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_no_cors_config(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "sample_IAM_role"}
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, "sample_IAM_role")
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_validate_function_url_config_properties_with_intrinsic(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": {"Ref": "MyIAMRef"}, "CorsConfig": {"Ref": "MyCorConfigRef"}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, {"Ref": "MyIAMRef"})
+        self.assertEqual(generatedUrlList[0].CorsConfig, {"Ref": "MyCorConfigRef"})
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config(self):
+        corsConfig = {
+            "AllowOrigins": ["example1.com", "example2.com", "example2.com"],
+            "AllowMethods": ["GET"],
+            "AllowCredentials": True,
+            "AllowHeaders": ["X-Custom-Header"],
+            "ExposeHeaders": ["x-amzn-header"],
+            "MaxAge": 10,
+        }
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "CorsConfig": corsConfig}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, "NONE")
+        self.assertEqual(generatedUrlList[0].CorsConfig, corsConfig)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_Intrinsics(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"Ref": "MyFunctionUrlConfig"}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_invalid_cors_parameter(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "CorsConfig": {"AllowOrigin": ["example1.com"]}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AllowOrigin is not a valid property for configuring CorsConfig.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_invalid_cors_parameter_data_type(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "CorsConfig": {"AllowOrigins": "example1.com"}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AllowOrigins must be of type list.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_without_auto_publish_alias(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "CorsConfig": {"AllowOrigins": ["example1.com"]}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        expected_url_logicalid = {"Ref": "foo"}
+        self.assertEqual(generatedUrlList[0].TargetFunctionArn, expected_url_logicalid)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_auto_publish_alias(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.AutoPublishAlias = "live"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "CorsConfig": {"AllowOrigins": ["example1.com"]}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        expected_url_logicalid = {"Ref": "fooAliaslive"}
+        self.assertEqual(generatedUrlList[0].TargetFunctionArn, expected_url_logicalid)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_authorization_type_value_as_None(self):
+
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": None}
+
+        with pytest.raises(InvalidResourceException) as e:
+            cfnResources = function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AuthorizationType is required to configure function property "
+            + "`FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+        )

tests/translator/input/error_function_with_function_url_config_with_invalid_cors_parameter.yaml

@@ -0,0 +1,17 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters: {}
+Resources:
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Description: Created by SAM
+      Handler: index.handler
+      MemorySize: 1024
+      Runtime: nodejs12.x
+      Timeout: 3
+      FunctionUrlConfig:
+        AuthorizationType: NONE
+        CorsConfig:
+          AllowOrigin: 
+            - "https://example.com"

tests/translator/input/error_function_with_function_url_config_with_invalid_cors_parameter_data_type.yaml

@@ -0,0 +1,16 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters: {}
+Resources:
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Description: Created by SAM
+      Handler: index.handler
+      MemorySize: 1024
+      Runtime: nodejs12.x
+      Timeout: 3
+      FunctionUrlConfig:
+        AuthorizationType: NONE
+        CorsConfig:
+          MaxAge: "10"

tests/translator/input/error_function_with_function_url_config_with_no_authorization_type.yaml

@@ -0,0 +1,28 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters: {}
+Resources:
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Description: Created by SAM
+      Handler: index.handler
+      MemorySize: 1024
+      Runtime: nodejs12.x
+      Timeout: 3
+      FunctionUrlConfig:
+        CorsConfig:
+            AllowOrigins: 
+              - "https://example.com"
+              - "example1.com"
+              - "example2.com"
+              - "example2.com"
+            AllowMethods: 
+              - "GET"
+            AllowCredentials: true
+            AllowHeaders: 
+              - "x-Custom-Header"
+            ExposeHeaders: 
+              - "x-amzn-header"
+            MaxAge: 10
+

tests/translator/input/function_with_function_url_config.yaml

@@ -0,0 +1,29 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters: {}
+Resources:
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Description: Created by SAM
+      Handler: index.handler
+      MemorySize: 1024
+      Runtime: nodejs12.x
+      Timeout: 3
+      FunctionUrlConfig:
+        AuthorizationType: NONE
+        CorsConfig:
+            AllowOrigins: 
+              - "https://example.com"
+              - "example1.com"
+              - "example2.com"
+              - "example2.com"
+            AllowMethods: 
+              - "GET"
+            AllowCredentials: true
+            AllowHeaders: 
+              - "x-Custom-Header"
+            ExposeHeaders: 
+              - "x-amzn-header"
+            MaxAge: 10
+