fix: propagate condition to sqs queue policy for sqssubscription

hawflau · hawflau · commit df914bd0c7de · 2020-11-14T10:58:44.000-08:00
diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py
@@ -407,7 +407,7 @@ def to_cloudformation(self, **kwargs):
             queue_arn = queue.get_runtime_attr("arn")
             queue_url = queue.get_runtime_attr("queue_url")
 
-            queue_policy = self._inject_sqs_queue_policy(self.Topic, queue_arn, queue_url)
+            queue_policy = self._inject_sqs_queue_policy(self.Topic, queue_arn, queue_url, function.resource_attributes)
             subscription = self._inject_subscription(
                 "sqs", queue_arn, self.Topic, self.Region, self.FilterPolicy, function.resource_attributes
             )
@@ -430,7 +430,9 @@ def to_cloudformation(self, **kwargs):
         batch_size = self.SqsSubscription.get("BatchSize", None)
         enabled = self.SqsSubscription.get("Enabled", None)
 
-        queue_policy = self._inject_sqs_queue_policy(self.Topic, queue_arn, queue_url, queue_policy_logical_id)
+        queue_policy = self._inject_sqs_queue_policy(
+            self.Topic, queue_arn, queue_url, function.resource_attributes, queue_policy_logical_id
+        )
         subscription = self._inject_subscription(
             "sqs", queue_arn, self.Topic, self.Region, self.FilterPolicy, function.resource_attributes
         )
@@ -466,8 +468,11 @@ def _inject_sqs_event_source_mapping(self, function, role, queue_arn, batch_size
         event_source.Enabled = enabled or True
         return event_source.to_cloudformation(function=function, role=role)
 
-    def _inject_sqs_queue_policy(self, topic_arn, queue_arn, queue_url, logical_id=None):
+    def _inject_sqs_queue_policy(self, topic_arn, queue_arn, queue_url, resource_attributes, logical_id=None):
         policy = SQSQueuePolicy(logical_id or self.logical_id + "QueuePolicy")
+        if CONDITION in resource_attributes:
+            policy.set_resource_attribute(CONDITION, resource_attributes[CONDITION])
+
         policy.PolicyDocument = SQSQueuePolicies.sns_topic_send_message_role_policy(topic_arn, queue_arn)
         policy.Queues = [queue_url]
         return policy
