From 4e5625a9396300637dee97f7550be9bb3d4d0138 Mon Sep 17 00:00:00 2001
From: Keeton Hodgson <keeton.hodgson@gmail.com>
Date: Tue, 4 Feb 2020 15:46:24 -0800
Subject: [PATCH 1/5] fix: fix usage plan SHARED bug (#1434)

---
 samtranslator/model/api/api_generator.py      |  9 ++-
 .../output/aws-cn/api_with_usageplans.json    | 34 ----------
 .../aws-us-gov/api_with_usageplans.json       | 68 -------------------
 3 files changed, 6 insertions(+), 105 deletions(-)

diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py
index fe6d139b63..204f180c7a 100644
--- a/samtranslator/model/api/api_generator.py
+++ b/samtranslator/model/api/api_generator.py
@@ -591,14 +591,16 @@ def _construct_usage_plan(self, rest_api_stage=None):
         # create a usage plan for all the Apis
         elif create_usage_plan == "SHARED":
             usage_plan_logical_id = "ServerlessUsagePlan"
-            ApiGenerator.depends_on_shared.append(self.logical_id)
+            if self.logical_id not in ApiGenerator.depends_on_shared:
+                ApiGenerator.depends_on_shared.append(self.logical_id)
             usage_plan = ApiGatewayUsagePlan(
                 logical_id=usage_plan_logical_id, depends_on=ApiGenerator.depends_on_shared
             )
             api_stage = dict()
             api_stage["ApiId"] = ref(self.logical_id)
             api_stage["Stage"] = ref(rest_api_stage.logical_id)
-            ApiGenerator.api_stages_shared.append(api_stage)
+            if api_stage not in ApiGenerator.api_stages_shared:
+                ApiGenerator.api_stages_shared.append(api_stage)
             usage_plan.ApiStages = ApiGenerator.api_stages_shared
 
             api_key = self._construct_api_key(usage_plan_logical_id, create_usage_plan, rest_api_stage)
@@ -631,7 +633,8 @@ def _construct_api_key(self, usage_plan_logical_id, create_usage_plan, rest_api_
             stage_key = dict()
             stage_key["RestApiId"] = ref(self.logical_id)
             stage_key["StageName"] = ref(rest_api_stage.logical_id)
-            ApiGenerator.stage_keys_shared.append(stage_key)
+            if stage_key not in ApiGenerator.stage_keys_shared:
+                ApiGenerator.stage_keys_shared.append(stage_key)
             api_key.StageKeys = ApiGenerator.stage_keys_shared
         # for create_usage_plan = "PER_API"
         else:
diff --git a/tests/translator/output/aws-cn/api_with_usageplans.json b/tests/translator/output/aws-cn/api_with_usageplans.json
index 3f38b0ce5e..7f3fe62693 100644
--- a/tests/translator/output/aws-cn/api_with_usageplans.json
+++ b/tests/translator/output/aws-cn/api_with_usageplans.json
@@ -364,22 +364,6 @@
       "Type": "AWS::ApiGateway::UsagePlan",
       "Properties": {
         "ApiStages": [
-          {
-            "ApiId": {
-              "Ref": "MyApiThree"
-            },
-            "Stage": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "ApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "Stage": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
           {
             "ApiId": {
               "Ref": "MyApiThree"
@@ -399,8 +383,6 @@
         ]
       },
       "DependsOn": [
-        "MyApiThree",
-        "ServerlessRestApi",
         "MyApiThree",
         "ServerlessRestApi"
       ]
@@ -601,22 +583,6 @@
       "Properties": {
         "Enabled": true,
         "StageKeys": [
-          {
-            "RestApiId": {
-              "Ref": "MyApiThree"
-            },
-            "StageName": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "RestApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "StageName": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
           {
             "RestApiId": {
               "Ref": "MyApiThree"
diff --git a/tests/translator/output/aws-us-gov/api_with_usageplans.json b/tests/translator/output/aws-us-gov/api_with_usageplans.json
index 7c0d0eaad3..8309958bab 100644
--- a/tests/translator/output/aws-us-gov/api_with_usageplans.json
+++ b/tests/translator/output/aws-us-gov/api_with_usageplans.json
@@ -363,38 +363,6 @@
       "Type": "AWS::ApiGateway::UsagePlan",
       "Properties": {
         "ApiStages": [
-          {
-            "ApiId": {
-              "Ref": "MyApiThree"
-            },
-            "Stage": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "ApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "Stage": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
-          {
-            "ApiId": {
-              "Ref": "MyApiThree"
-            },
-            "Stage": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "ApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "Stage": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
           {
             "ApiId": {
               "Ref": "MyApiThree"
@@ -414,10 +382,6 @@
         ]
       },
       "DependsOn": [
-        "MyApiThree",
-        "ServerlessRestApi",
-        "MyApiThree",
-        "ServerlessRestApi",
         "MyApiThree",
         "ServerlessRestApi"
       ]
@@ -427,38 +391,6 @@
       "Properties": {
         "Enabled": true,
         "StageKeys": [
-          {
-            "RestApiId": {
-              "Ref": "MyApiThree"
-            },
-            "StageName": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "RestApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "StageName": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
-          {
-            "RestApiId": {
-              "Ref": "MyApiThree"
-            },
-            "StageName": {
-              "Ref": "MyApiThreeProdStage"
-            }
-          },
-          {
-            "RestApiId": {
-              "Ref": "ServerlessRestApi"
-            },
-            "StageName": {
-              "Ref": "ServerlessRestApiProdStage"
-            }
-          },
           {
             "RestApiId": {
               "Ref": "MyApiThree"

From b9d68ca2f29a434242f26d22e9c5ee0869240ac6 Mon Sep 17 00:00:00 2001
From: Keeton Hodgson <keeton.hodgson@gmail.com>
Date: Tue, 4 Feb 2020 15:58:23 -0800
Subject: [PATCH 2/5] chore: bump version to v1.21.0 (#1433)

---
 samtranslator/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py
index 3e49871f98..6df86cae31 100644
--- a/samtranslator/__init__.py
+++ b/samtranslator/__init__.py
@@ -1 +1 @@
-__version__ = "1.20.1"
+__version__ = "1.21.0"

From 2e55672de97ea747b79ca4af54b79f08151dec8e Mon Sep 17 00:00:00 2001
From: Praneeta Prakash <praneeta.prakash@gmail.com>
Date: Thu, 6 Feb 2020 16:04:23 -0800
Subject: [PATCH 3/5] fix: customstatements in function events (#1436)

---
 .../api_resource_policy/template.yaml         |  2 ++
 samtranslator/model/eventsources/push.py      |  2 ++
 ..._with_resource_policy_global_implicit.yaml | 23 ++++++++-----------
 .../api_with_resource_policy_global.json      |  2 +-
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/examples/2016-10-31/api_resource_policy/template.yaml b/examples/2016-10-31/api_resource_policy/template.yaml
index 8086034149..6194a9b563 100644
--- a/examples/2016-10-31/api_resource_policy/template.yaml
+++ b/examples/2016-10-31/api_resource_policy/template.yaml
@@ -13,6 +13,7 @@ Globals:
           Fn::If:
             - C1
             - Principal: '*'
+              Effect: Allow
               Action: execute-api:Invoke
               Resource: 
                 - execute-api:/Prod/PUT/get
@@ -20,6 +21,7 @@ Globals:
                 IpAddress:
                   aws:SourceIp: 1.2.3.4
             - Principal: '*'
+              Effect: Allow
               Action: execute-api:Invoke
               Resource: 
                 - execute-api:/Prod/PUT/get
diff --git a/samtranslator/model/eventsources/push.py b/samtranslator/model/eventsources/push.py
index 0c841f2238..378241a38d 100644
--- a/samtranslator/model/eventsources/push.py
+++ b/samtranslator/model/eventsources/push.py
@@ -700,6 +700,8 @@ def _add_swagger_integration(self, api, function, intrinsics_resolver):
                 editor.add_resource_policy(
                     resource_policy=resource_policy, path=self.Path, api_id=self.RestApiId.get("Ref"), stage=self.Stage
                 )
+                if resource_policy.get("CustomStatements"):
+                    editor.add_custom_statements(resource_policy.get("CustomStatements"))
 
         if self.RequestModel:
             method_model = self.RequestModel.get("Model")
diff --git a/tests/translator/input/api_with_resource_policy_global_implicit.yaml b/tests/translator/input/api_with_resource_policy_global_implicit.yaml
index 5ec9536e4b..d3599c73c4 100644
--- a/tests/translator/input/api_with_resource_policy_global_implicit.yaml
+++ b/tests/translator/input/api_with_resource_policy_global_implicit.yaml
@@ -1,15 +1,3 @@
-Globals:
-  Api:
-    Auth:
-      ResourcePolicy:
-        CustomStatements: [{
-            Action: 'execute-api:Invoke', 
-            Resource: ['execute-api:/*/*/*']
-          },
-          {
-            Action: 'execute-api:blah', 
-            Resource: ['execute-api:/*/*/*']
-          }]
 Resources:
   MinimalFunction:
     Type: 'AWS::Serverless::Function'
@@ -23,4 +11,13 @@ Resources:
           Properties:
             Path: /add
             Method: post
-
+            Auth:
+              ResourcePolicy:
+                CustomStatements: [{
+                    Action: 'execute-api:Invoke', 
+                    Resource: ['execute-api:/*/*/*']
+                  },
+                  {
+                    Action: 'execute-api:blah', 
+                    Resource: ['execute-api:/*/*/*']
+                  }]
diff --git a/tests/translator/output/api_with_resource_policy_global.json b/tests/translator/output/api_with_resource_policy_global.json
index f226bb7a5e..15b8d99106 100644
--- a/tests/translator/output/api_with_resource_policy_global.json
+++ b/tests/translator/output/api_with_resource_policy_global.json
@@ -229,4 +229,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file

From 95bdd621cb768ba4e9226a6e4e9a006a3326c7db Mon Sep 17 00:00:00 2001
From: James Hood <james@jlhood.com>
Date: Wed, 12 Feb 2020 17:06:30 -0800
Subject: [PATCH 4/5] fix: use isinstance check instead of type (#1411)

---
 samtranslator/translator/translator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samtranslator/translator/translator.py b/samtranslator/translator/translator.py
index 4204d9fa4a..9547e42027 100644
--- a/samtranslator/translator/translator.py
+++ b/samtranslator/translator/translator.py
@@ -51,7 +51,7 @@ def _get_function_names(self, resource_dict, intrinsics_resolver):
                     # adds to the function_names dict with key as the api_name and value as the function_name
                     if item.get("Type") == "Api" and item.get("Properties") and item.get("Properties").get("RestApiId"):
                         rest_api = item.get("Properties").get("RestApiId")
-                        if type(rest_api) == dict or isinstance(rest_api, dict):
+                        if isinstance(rest_api, dict):
                             api_name = item.get("Properties").get("RestApiId").get("Ref")
                         else:
                             api_name = item.get("Properties").get("RestApiId")

From 4535debfb35c4dee58cce77a37a7ed3603b9e239 Mon Sep 17 00:00:00 2001
From: Keeton Hodgson <keeton.hodgson@gmail.com>
Date: Fri, 14 Feb 2020 11:32:00 -0800
Subject: [PATCH 5/5] revert: "fix: update policy used for xray tracing
 (#1405)" (#1452)

This reverts commit 2d5d7a0cd76b02a80fea3c0d8c99867036189abe.
---
 samtranslator/model/sam_resources.py                         | 2 +-
 tests/translator/output/aws-cn/basic_function.json           | 4 ++--
 tests/translator/output/aws-cn/globals_for_function.json     | 4 ++--
 tests/translator/output/aws-us-gov/basic_function.json       | 4 ++--
 tests/translator/output/aws-us-gov/globals_for_function.json | 4 ++--
 tests/translator/output/basic_function.json                  | 4 ++--
 tests/translator/output/globals_for_function.json            | 4 ++--
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py
index 3d1af1af83..dd6cc10b80 100644
--- a/samtranslator/model/sam_resources.py
+++ b/samtranslator/model/sam_resources.py
@@ -431,7 +431,7 @@ def _construct_role(self, managed_policy_map, event_invoke_policies):
 
         managed_policy_arns = [ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaBasicExecutionRole")]
         if self.Tracing:
-            managed_policy_arns.append(ArnGenerator.generate_aws_managed_policy_arn("AWSXRayDaemonWriteAccess"))
+            managed_policy_arns.append(ArnGenerator.generate_aws_managed_policy_arn("AWSXrayWriteOnlyAccess"))
         if self.VpcConfig:
             managed_policy_arns.append(
                 ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaVPCAccessExecutionRole")
diff --git a/tests/translator/output/aws-cn/basic_function.json b/tests/translator/output/aws-cn/basic_function.json
index f3d2b18916..33857a45d8 100644
--- a/tests/translator/output/aws-cn/basic_function.json
+++ b/tests/translator/output/aws-cn/basic_function.json
@@ -303,7 +303,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
-          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
@@ -334,7 +334,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
-          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
diff --git a/tests/translator/output/aws-cn/globals_for_function.json b/tests/translator/output/aws-cn/globals_for_function.json
index 1559424a9f..0724bd4e87 100644
--- a/tests/translator/output/aws-cn/globals_for_function.json
+++ b/tests/translator/output/aws-cn/globals_for_function.json
@@ -5,7 +5,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
-          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ],
         "Tags": [
@@ -107,7 +107,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
-          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-cn:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ],
         "Tags": [
diff --git a/tests/translator/output/aws-us-gov/basic_function.json b/tests/translator/output/aws-us-gov/basic_function.json
index ad22b6c2b2..649009382a 100644
--- a/tests/translator/output/aws-us-gov/basic_function.json
+++ b/tests/translator/output/aws-us-gov/basic_function.json
@@ -303,7 +303,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
@@ -334,7 +334,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
diff --git a/tests/translator/output/aws-us-gov/globals_for_function.json b/tests/translator/output/aws-us-gov/globals_for_function.json
index 4170d86bc3..e436c5079c 100644
--- a/tests/translator/output/aws-us-gov/globals_for_function.json
+++ b/tests/translator/output/aws-us-gov/globals_for_function.json
@@ -5,7 +5,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ], 
         "PermissionsBoundary": "arn:aws:1234:iam:boundary/OverridePermissionsBoundary",
@@ -107,7 +107,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws-us-gov:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-us-gov:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ], 
         "PermissionsBoundary": "arn:aws:1234:iam:boundary/CustomerCreatedPermissionsBoundary",
diff --git a/tests/translator/output/basic_function.json b/tests/translator/output/basic_function.json
index f7c2deae6e..8b1e210f44 100644
--- a/tests/translator/output/basic_function.json
+++ b/tests/translator/output/basic_function.json
@@ -303,7 +303,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
@@ -334,7 +334,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+          "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
         ],
         "Tags": [
           {
diff --git a/tests/translator/output/globals_for_function.json b/tests/translator/output/globals_for_function.json
index 4557c0e91f..0ad54729b0 100644
--- a/tests/translator/output/globals_for_function.json
+++ b/tests/translator/output/globals_for_function.json
@@ -5,7 +5,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ], 
         "PermissionsBoundary": "arn:aws:1234:iam:boundary/OverridePermissionsBoundary",
@@ -107,7 +107,7 @@
       "Properties": {
         "ManagedPolicyArns": [
           "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", 
-          "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
           "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
         ], 
         "PermissionsBoundary": "arn:aws:1234:iam:boundary/CustomerCreatedPermissionsBoundary",