feat: Support for Lambda URLs (#92)

* feat: Support for Lambda URL (#86)
* feat: changed CorsConfig property to Cors (#89)

Co-authored-by: jonife <[email protected]>
Co-authored-by: Renato Valenzuela <[email protected]>

Author: 3 people

samtranslator/model/lambda_.py

@@ -121,3 +121,12 @@ class LambdaLayerVersion(Resource):
     }
 
     runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")}
+
+
+class LambdaUrl(Resource):
+    resource_type = "AWS::Lambda::Url"
+    property_types = {
+        "TargetFunctionArn": PropertyType(True, one_of(is_str(), is_type(dict))),
+        "AuthorizationType": PropertyType(True, is_str()),
+        "Cors": PropertyType(False, is_type(dict)),
+    }

samtranslator/model/sam_resources.py

@@ -34,6 +34,7 @@
     LambdaAlias,
     LambdaLayerVersion,
     LambdaEventInvokeConfig,
+    LambdaUrl,
 )
 from samtranslator.model.types import dict_of, is_str, is_type, list_of, one_of, any_type
 from samtranslator.translator import logical_id_generator
@@ -93,6 +94,7 @@ class SamFunction(SamResourceMacro):
         "ImageConfig": PropertyType(False, is_type(dict)),
         "CodeSigningConfigArn": PropertyType(False, is_str()),
         "Architectures": PropertyType(False, list_of(one_of(is_str(), is_type(dict)))),
+        "FunctionUrlConfig": PropertyType(False, is_type(dict)),
     }
     event_resolver = ResourceTypeResolver(
         samtranslator.model.eventsources,
@@ -169,6 +171,10 @@ def to_cloudformation(self, **kwargs):
             resources.append(lambda_version)
             resources.append(lambda_alias)
 
+        if self.FunctionUrlConfig:
+            lambda_url = self._construct_lambda_url(lambda_function, lambda_alias)
+            resources.append(lambda_url)
+
         if self.DeploymentPreference:
             self._validate_deployment_preference_and_add_update_policy(
                 kwargs.get("deployment_preference_collection", None),
@@ -843,6 +849,84 @@ def _validate_deployment_preference_and_add_update_policy(
                 "UpdatePolicy", deployment_preference_collection.update_policy(self.logical_id).to_dict()
             )
 
+    def _construct_lambda_url(self, lambda_function, lambda_alias):
+        """
+        This method is used to construct a lambda url resource
+
+        Parameters
+        ----------
+        lambda_function : LambdaFunction
+            Lambda Function resource
+        lambda_alias : LambdaAlias
+            Lambda Alias resource
+
+        Returns
+        -------
+        LambdaUrl
+            Lambda Url resource
+        """
+        self._validate_function_url_params(lambda_function)
+
+        logical_id = "{id}Url".format(id=lambda_function.logical_id)
+        lambda_url = LambdaUrl(logical_id=logical_id)
+
+        cors = self.FunctionUrlConfig.get("Cors")
+        if cors:
+            lambda_url.Cors = cors
+        lambda_url.AuthorizationType = self.FunctionUrlConfig.get("AuthorizationType")
+        lambda_url.TargetFunctionArn = (
+            lambda_alias.get_runtime_attr("arn") if lambda_alias else lambda_function.get_runtime_attr("name")
+        )
+        return lambda_url
+
+    def _validate_function_url_params(self, lambda_function):
+        """
+        Validate parameters provided to configure Lambda Urls
+        """
+        self._validate_url_auth_type(lambda_function)
+        self._validate_cors_config_parameter(lambda_function)
+
+    def _validate_url_auth_type(self, lambda_function):
+        if is_intrinsic(self.FunctionUrlConfig):
+            return
+
+        if not self.FunctionUrlConfig.get("AuthorizationType"):
+            raise InvalidResourceException(
+                lambda_function.logical_id,
+                "AuthorizationType is required to configure function property `FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+            )
+
+    def _validate_cors_config_parameter(self, lambda_function):
+        if is_intrinsic(self.FunctionUrlConfig):
+            return
+
+        cors_property_data_type = {
+            "AllowOrigins": list,
+            "AllowMethods": list,
+            "AllowCredentials": bool,
+            "AllowHeaders": list,
+            "ExposeHeaders": list,
+            "MaxAge": int,
+        }
+
+        cors = self.FunctionUrlConfig.get("Cors")
+
+        if not cors or is_intrinsic(cors):
+            return
+
+        for prop_name, prop_value in cors.items():
+            if prop_name not in cors_property_data_type:
+                raise InvalidResourceException(
+                    lambda_function.logical_id,
+                    "{} is not a valid property for configuring Cors.".format(prop_name),
+                )
+            prop_type = cors_property_data_type.get(prop_name)
+            if not is_intrinsic(prop_value) and not isinstance(prop_value, prop_type):
+                raise InvalidResourceException(
+                    lambda_function.logical_id,
+                    "{} must be of type {}.".format(prop_name, str(prop_type).split("'")[1]),
+                )
+
 
 class SamApi(SamResourceMacro):
     """SAM rest API macro."""

samtranslator/plugins/globals/globals.py

@@ -43,6 +43,7 @@ class Globals(object):
             "FileSystemConfigs",
             "CodeSigningConfigArn",
             "Architectures",
+            "FunctionUrlConfig",
         ],
         # Everything except
         #   DefinitionBody: because its hard to reason about merge of Swagger dictionaries
@@ -80,6 +81,12 @@ class Globals(object):
         ],
         SamResourceType.SimpleTable.value: ["SSESpecification"],
     }
+    # unreleased_properties *must be* part of supported_properties too
+    unreleased_properties = {
+        SamResourceType.Function.value: [
+            "FunctionUrlConfig",
+        ]
+    }
 
     def __init__(self, template):
         """
@@ -195,14 +202,17 @@ def _parse(self, globals_dict):
             if not isinstance(properties, dict):
                 raise InvalidGlobalsSectionException(self._KEYWORD, "Value of ${section} must be a dictionary")
 
+            supported = self.supported_properties[resource_type]
+            supported_displayed = [
+                prop for prop in supported if prop not in self.unreleased_properties.get(resource_type, [])
+            ]
             for key, value in properties.items():
-                supported = self.supported_properties[resource_type]
                 if key not in supported:
                     raise InvalidGlobalsSectionException(
                         self._KEYWORD,
                         "'{key}' is not a supported property of '{section}'. "
                         "Must be one of the following values - {supported}".format(
-                            key=key, section=section_name, supported=supported
+                            key=key, section=section_name, supported=supported_displayed
                         ),
                     )
 

tests/model/test_sam_resources.py

@@ -5,7 +5,7 @@
 from samtranslator.intrinsics.resolver import IntrinsicsResolver
 from samtranslator.model import InvalidResourceException
 from samtranslator.model.apigatewayv2 import ApiGatewayV2HttpApi
-from samtranslator.model.lambda_ import LambdaFunction, LambdaLayerVersion, LambdaVersion
+from samtranslator.model.lambda_ import LambdaFunction, LambdaLayerVersion, LambdaVersion, LambdaUrl
 from samtranslator.model.apigateway import ApiGatewayDeployment, ApiGatewayRestApi
 from samtranslator.model.apigateway import ApiGatewayStage
 from samtranslator.model.iam import IAMRole
@@ -461,3 +461,162 @@ def test_invalid_compatible_architectures(self):
             layer.CompatibleArchitectures = architecturea
             with pytest.raises(InvalidResourceException):
                 layer.to_cloudformation(**self.kwargs)
+
+
+class TestFunctionUrlConfig(TestCase):
+    kwargs = {
+        "intrinsics_resolver": IntrinsicsResolver({}),
+        "event_resources": [],
+        "managed_policy_map": {"foo": "bar"},
+    }
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_no_authorization_type(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"Cors": {"AllowOrigins": ["example1.com"]}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AuthorizationType is required to configure"
+            + " function property `FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_no_cors_config(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "sample_IAM_role"}
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, "sample_IAM_role")
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_validate_function_url_config_properties_with_intrinsic(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": {"Ref": "MyIAMRef"}, "Cors": {"Ref": "MyCorConfigRef"}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, {"Ref": "MyIAMRef"})
+        self.assertEqual(generatedUrlList[0].Cors, {"Ref": "MyCorConfigRef"})
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config(self):
+        cors = {
+            "AllowOrigins": ["example1.com", "example2.com", "example2.com"],
+            "AllowMethods": ["GET"],
+            "AllowCredentials": True,
+            "AllowHeaders": ["X-Custom-Header"],
+            "ExposeHeaders": ["x-amzn-header"],
+            "MaxAge": 10,
+        }
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "Cors": cors}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        self.assertEqual(generatedUrlList[0].AuthorizationType, "NONE")
+        self.assertEqual(generatedUrlList[0].Cors, cors)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_Intrinsics(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"Ref": "MyFunctionUrlConfig"}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_invalid_cors_parameter(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "Cors": {"AllowOrigin": ["example1.com"]}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AllowOrigin is not a valid property for configuring Cors.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_function_url_config_with_invalid_cors_parameter_data_type(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "Cors": {"AllowOrigins": "example1.com"}}
+        with pytest.raises(InvalidResourceException) as e:
+            function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AllowOrigins must be of type list.",
+        )
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_without_auto_publish_alias(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "Cors": {"AllowOrigins": ["example1.com"]}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        expected_url_logicalid = {"Ref": "foo"}
+        self.assertEqual(generatedUrlList[0].TargetFunctionArn, expected_url_logicalid)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_auto_publish_alias(self):
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.AutoPublishAlias = "live"
+        function.FunctionUrlConfig = {"AuthorizationType": "NONE", "Cors": {"AllowOrigins": ["example1.com"]}}
+
+        cfnResources = function.to_cloudformation(**self.kwargs)
+        generatedUrlList = [x for x in cfnResources if isinstance(x, LambdaUrl)]
+        self.assertEqual(generatedUrlList.__len__(), 1)
+        expected_url_logicalid = {"Ref": "fooAliaslive"}
+        self.assertEqual(generatedUrlList[0].TargetFunctionArn, expected_url_logicalid)
+
+    @patch("boto3.session.Session.region_name", "ap-southeast-1")
+    def test_with_valid_function_url_config_with_authorization_type_value_as_None(self):
+
+        function = SamFunction("foo")
+        function.CodeUri = "s3://foobar/foo.zip"
+        function.Runtime = "foo"
+        function.Handler = "bar"
+        function.FunctionUrlConfig = {"AuthorizationType": None}
+
+        with pytest.raises(InvalidResourceException) as e:
+            cfnResources = function.to_cloudformation(**self.kwargs)
+        self.assertEqual(
+            str(e.value.message),
+            "Resource with id [foo] is invalid. AuthorizationType is required to configure function property "
+            + "`FunctionUrlConfig`. Please provide either an IAM role name or NONE.",
+        )

tests/plugins/globals/test_globals.py

@@ -206,12 +206,16 @@ def setUp(self):
         self._originals = {
             "resource_prefix": Globals._RESOURCE_PREFIX,
             "supported_properties": Globals.supported_properties,
+            "unreleased_properties": Globals.unreleased_properties,
         }
         Globals._RESOURCE_PREFIX = "prefix_"
         Globals.supported_properties = {
             "prefix_type1": ["prop1", "prop2"],
             "prefix_type2": ["otherprop1", "otherprop2"],
         }
+        Globals.unreleased_properties = {
+            "prefix_type1": ["prop2"],
+        }
 
         self.template = {
             "Globals": {
@@ -223,6 +227,7 @@ def setUp(self):
     def tearDown(self):
         Globals._RESOURCE_PREFIX = self._originals["resource_prefix"]
         Globals.supported_properties = self._originals["supported_properties"]
+        Globals.unreleased_properties = self._originals["unreleased_properties"]
 
     def test_parse_should_parse_all_known_resource_types(self):
         globals = Globals(self.template)
@@ -387,6 +392,17 @@ def test_merge_end_to_end_unknown_type(self):
 
         self.assertEqual(expected, result)
 
+    def test_should_not_include_unreleased_properties_in_error_message(self):
+        template = {"Globals": {"type1": {"unsupported_property": "value"}}}
+
+        with self.assertRaises(InvalidGlobalsSectionException) as exc:
+            Globals(template)
+        expected_message = (
+            "'Globals' section is invalid. 'unsupported_property' is not a supported property of 'type1'. "
+            + "Must be one of the following values - ['prop1']"
+        )
+        self.assertEqual(exc.exception.message, expected_message)
+
 
 class TestGlobalsOpenApi(TestCase):
     template = {"Globals": {"Api": {"OpenApiVersion": "3.0"}}}

tests/translator/input/error_function_with_function_url_config_with_invalid_cors_parameter.yaml

@@ -0,0 +1,17 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters: {}
+Resources:
+  MyFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Description: Created by SAM
+      Handler: index.handler
+      MemorySize: 1024
+      Runtime: nodejs12.x
+      Timeout: 3
+      FunctionUrlConfig:
+        AuthorizationType: NONE
+        Cors:
+          AllowOrigin: 
+            - "https://example.com"