From d0a9f6314eb1449a538eaa28ab5c2e6863493e37 Mon Sep 17 00:00:00 2001 From: praneetap Date: Mon, 7 Oct 2019 19:45:06 -0700 Subject: [PATCH 1/2] fix: custom statement fix --- samtranslator/swagger/swagger.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/samtranslator/swagger/swagger.py b/samtranslator/swagger/swagger.py index b0f299c37..8db2cf7ef 100644 --- a/samtranslator/swagger/swagger.py +++ b/samtranslator/swagger/swagger.py @@ -994,7 +994,9 @@ def _add_custom_statement(self, custom_statements): statement = self.resource_policy['Statement'] if not isinstance(statement, list): statement = [statement] - statement.extend(custom_statements) + for s in custom_statements: + if s not in statement: + statement.append(s) self.resource_policy['Statement'] = statement def add_request_parameters_to_method(self, path, method_name, request_parameters): From ebbdd754ae62966462e93d219c78d45a7853ca93 Mon Sep 17 00:00:00 2001 From: praneetap Date: Mon, 7 Oct 2019 19:51:21 -0700 Subject: [PATCH 2/2] fix: custom statements regression --- .../input/api_with_resource_policy.yaml | 16 +++- .../output/api_with_resource_policy.json | 92 ++++++++++++++++--- .../aws-cn/api_with_resource_policy.json | 92 ++++++++++++++++--- .../aws-us-gov/api_with_resource_policy.json | 76 ++++++++++++++- 4 files changed, 244 insertions(+), 32 deletions(-) diff --git a/tests/translator/input/api_with_resource_policy.yaml b/tests/translator/input/api_with_resource_policy.yaml index b58a18c97..becb35be9 100644 --- a/tests/translator/input/api_with_resource_policy.yaml +++ b/tests/translator/input/api_with_resource_policy.yaml @@ -21,7 +21,21 @@ Resources: Properties: RestApiId: Ref: ExplicitApi - Path: / + Path: /one Method: get + PostHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /two + Method: post + PutHtml: + Type: Api + Properties: + RestApiId: + Ref: ExplicitApi + Path: /three + Method: put \ No newline at end of file diff --git a/tests/translator/output/api_with_resource_policy.json b/tests/translator/output/api_with_resource_policy.json index bc747d621..a99a27cf1 100644 --- a/tests/translator/output/api_with_resource_policy.json +++ b/tests/translator/output/api_with_resource_policy.json @@ -23,6 +23,37 @@ ] } }, + "ExplicitApiDeploymentd2036decb3": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ExplicitApi" + }, + "Description": "RestApi deployment id: d2036decb36ce147b7738a97c419737ea7e02555", + "StageName": "Stage" + } + }, + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -34,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -45,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -62,21 +117,11 @@ } } }, - "ExplicitApiDeploymentcdee3f2ed1": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: cdee3f2ed1733103d54a04f635e1acc120e714c1", - "StageName": "Stage" - } - }, "ExplicitApiProdStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeploymentcdee3f2ed1" + "Ref": "ExplicitApiDeploymentd2036decb3" }, "RestApiId": { "Ref": "ExplicitApi" @@ -84,6 +129,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -118,7 +184,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": { diff --git a/tests/translator/output/aws-cn/api_with_resource_policy.json b/tests/translator/output/aws-cn/api_with_resource_policy.json index 79effdaf5..5a4dcf5b5 100644 --- a/tests/translator/output/aws-cn/api_with_resource_policy.json +++ b/tests/translator/output/aws-cn/api_with_resource_policy.json @@ -23,6 +23,37 @@ ] } }, + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, + "ExplicitApiDeployment09f793ab58": { + "Type": "AWS::ApiGateway::Deployment", + "Properties": { + "RestApiId": { + "Ref": "ExplicitApi" + }, + "Description": "RestApi deployment id: 09f793ab583fe684660829cf209f0e28340df577", + "StageName": "Stage" + } + }, "ExplicitApi": { "Type": "AWS::ApiGateway::RestApi", "Properties": { @@ -34,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -45,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -74,7 +129,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment3f65c799d9" + "Ref": "ExplicitApiDeployment09f793ab58" }, "RestApiId": { "Ref": "ExplicitApi" @@ -82,6 +137,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -116,7 +192,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": { @@ -126,16 +202,6 @@ ] } } - }, - "ExplicitApiDeployment3f65c799d9": { - "Type": "AWS::ApiGateway::Deployment", - "Properties": { - "RestApiId": { - "Ref": "ExplicitApi" - }, - "Description": "RestApi deployment id: 3f65c799d9b1cd1ec9957134eb76169e7d79d54b", - "StageName": "Stage" - } } } } \ No newline at end of file diff --git a/tests/translator/output/aws-us-gov/api_with_resource_policy.json b/tests/translator/output/aws-us-gov/api_with_resource_policy.json index 5a25e8153..b590e93d5 100644 --- a/tests/translator/output/aws-us-gov/api_with_resource_policy.json +++ b/tests/translator/output/aws-us-gov/api_with_resource_policy.json @@ -23,13 +23,34 @@ ] } }, - "ExplicitApiDeployment05ad8508ea": { + "ExplicitApiFunctionPutHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/PUT/three", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, + "ExplicitApiDeployment07fc5ee8d3": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "RestApiId": { "Ref": "ExplicitApi" }, - "Description": "RestApi deployment id: 05ad8508ea2fba75e3e1695154b7c3b455c6d5c9", + "Description": "RestApi deployment id: 07fc5ee8d3073a50b2164fe22c3e49e5abb343ec", "StageName": "Stage" } }, @@ -44,7 +65,7 @@ } }, "paths": { - "/": { + "/one": { "get": { "x-amazon-apigateway-integration": { "httpMethod": "POST", @@ -55,6 +76,30 @@ }, "responses": {} } + }, + "/three": { + "put": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } + }, + "/two": { + "post": { + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ExplicitApiFunction.Arn}/invocations" + } + }, + "responses": {} + } } }, "swagger": "2.0", @@ -84,7 +129,7 @@ "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { - "Ref": "ExplicitApiDeployment05ad8508ea" + "Ref": "ExplicitApiDeployment07fc5ee8d3" }, "RestApiId": { "Ref": "ExplicitApi" @@ -92,6 +137,27 @@ "StageName": "Prod" } }, + "ExplicitApiFunctionPostHtmlPermissionProd": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:invokeFunction", + "Principal": "apigateway.amazonaws.com", + "FunctionName": { + "Ref": "ExplicitApiFunction" + }, + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/POST/two", + { + "__Stage__": "*", + "__ApiId__": { + "Ref": "ExplicitApi" + } + } + ] + } + } + }, "ExplicitApiFunctionRole": { "Type": "AWS::IAM::Role", "Properties": { @@ -126,7 +192,7 @@ }, "SourceArn": { "Fn::Sub": [ - "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/", + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/one", { "__Stage__": "*", "__ApiId__": {