Merge branch 'develop' into develop

aws · Oct 11, 2024 · 7341594 · 7341594
2 parents d66aa22 + 8de1ca9
commit 7341594
Show file tree

Hide file tree

Showing 14 changed files with 581 additions and 302 deletions.
diff --git a/integration/resources/templates/combination/api_with_authorizers_max.yaml b/integration/resources/templates/combination/api_with_authorizers_max.yaml
@@ -125,8 +125,8 @@ Resources:
     Type: AWS::IAM::Role
     Properties:
       ManagedPolicyArns:
-      - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-      - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaRole
       AssumeRolePolicyDocument:
         Version: '2012-10-17'
         Statement:

diff --git a/integration/resources/templates/combination/api_with_authorizers_max_openapi.yaml b/integration/resources/templates/combination/api_with_authorizers_max_openapi.yaml
@@ -138,8 +138,8 @@ Resources:
     Type: AWS::IAM::Role
     Properties:
       ManagedPolicyArns:
-      - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-      - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaRole
       AssumeRolePolicyDocument:
         Version: '2012-10-17'
         Statement:

diff --git a/integration/resources/templates/combination/function_with_mq.yaml b/integration/resources/templates/combination/function_with_mq.yaml
@@ -101,7 +101,8 @@ Resources:
               secretsmanager:GetSecretValue]
             Effect: Allow
             Resource: '*'
-      ManagedPolicyArns: [arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole]
+      ManagedPolicyArns:
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
       Tags:
       - {Value: SAM, Key: lambda:createdBy}
 

diff --git a/integration/resources/templates/combination/function_with_msk.yaml b/integration/resources/templates/combination/function_with_msk.yaml
@@ -27,7 +27,8 @@ Resources:
               logs:CreateLogStream, logs:PutLogEvents]
             Effect: Allow
             Resource: '*'
-      ManagedPolicyArns: [arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole]
+      ManagedPolicyArns:
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
       Tags:
       - {Value: SAM, Key: lambda:createdBy}
 

diff --git a/...templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml b/...templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml
@@ -27,7 +27,8 @@ Resources:
               logs:CreateLogStream, logs:PutLogEvents, s3:ListBucket]
             Effect: Allow
             Resource: '*'
-      ManagedPolicyArns: [arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole]
+      ManagedPolicyArns:
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
       Tags:
       - {Value: SAM, Key: lambda:createdBy}
 

diff --git a/integration/resources/templates/single/state_machine_with_api.yaml b/integration/resources/templates/single/state_machine_with_api.yaml
@@ -19,7 +19,7 @@ Resources:
     Type: AWS::Serverless::StateMachine
     Properties:
       Policies:
-      - arn:aws:iam::aws:policy/AWSLambda_FullAccess
+      - !Sub arn:${AWS::Partition}:iam::aws:policy/AWSLambda_FullAccess
       Definition:
         StartAt: One
         States:

diff --git a/samtranslator/model/api/api_generator.py b/samtranslator/model/api/api_generator.py
@@ -750,8 +750,9 @@ def _add_cors(self) -> None:
             properties = CorsProperties(AllowOrigin=self.cors)  # type: ignore[call-arg]
         elif isinstance(self.cors, dict):
             # Make sure keys in the dict are recognized
-            if not all(key in CorsProperties._fields for key in self.cors):
-                raise InvalidResourceException(self.logical_id, INVALID_ERROR)
+            for key in self.cors:
+                if key not in CorsProperties._fields:
+                    raise InvalidResourceException(self.logical_id, f"Invalid key '{key}' for 'Cors' property.")
 
             properties = CorsProperties(**self.cors)
 

diff --git a/samtranslator/model/api/http_api_generator.py b/samtranslator/model/api/http_api_generator.py
@@ -187,8 +187,9 @@ def _add_cors(self) -> None:
 
         elif isinstance(self.cors_configuration, dict):
             # Make sure keys in the dict are recognized
-            if not all(key in CorsProperties._fields for key in self.cors_configuration):
-                raise InvalidResourceException(self.logical_id, "Invalid value for 'Cors' property.")
+            for key in self.cors_configuration:
+                if key not in CorsProperties._fields:
+                    raise InvalidResourceException(self.logical_id, f"Invalid key '{key}' for 'Cors' property.")
 
             properties = CorsProperties(**self.cors_configuration)
 

diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json
diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json
diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json
diff --git a/tests/translator/input/error_invalid_httpapi_cors_property.yaml b/tests/translator/input/error_invalid_httpapi_cors_property.yaml
@@ -0,0 +1,22 @@
+Resources:
+  HttpApi:
+    Type: AWS::Serverless::HttpApi
+    Properties:
+      StageName: stagename
+      DefaultRouteSettings:
+        ThrottlingBurstLimit: 200
+      RouteSettings:
+        GET /path:
+          ThrottlingBurstLimit: 500 # overridden in HttpApi Event
+      StageVariables:
+        StageVar: Value
+      FailOnWarnings: true
+      CorsConfiguration:
+        AllowOrigin:
+        - https://example.com
+        AllowHeaders:
+        - x-apigateway-header
+        AllowMethods:
+        - GET
+        MaxAge: 600
+        AllowCredentials: true
diff --git a/tests/translator/output/error_invalid_cors_dict.json b/tests/translator/output/error_invalid_cors_dict.json
@@ -3,12 +3,12 @@
     "Invalid Serverless Application Specification document. ",
     "Number of errors found: 1. ",
     "Resource with id [ServerlessRestApi] is invalid. ",
-    "Invalid value for 'Cors' property"
+    "Invalid key 'Foo' for 'Cors' property."
   ],
-  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ServerlessRestApi] is invalid. Invalid value for 'Cors' property",
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [ServerlessRestApi] is invalid. Invalid key 'Foo' for 'Cors' property.",
   "errors": [
     {
-      "errorMessage": "Resource with id [ServerlessRestApi] is invalid. Invalid value for 'Cors' property"
+      "errorMessage": "Resource with id [ServerlessRestApi] is invalid. Invalid key 'Foo' for 'Cors' property."
     }
   ]
 }
diff --git a/tests/translator/output/error_invalid_httpapi_cors_property.json b/tests/translator/output/error_invalid_httpapi_cors_property.json
@@ -0,0 +1,14 @@
+{
+  "_autoGeneratedBreakdownErrorMessage": [
+    "Invalid Serverless Application Specification document. ",
+    "Number of errors found: 1. ",
+    "Resource with id [HttpApi] is invalid. ",
+    "Invalid key 'AllowOrigin' for 'Cors' property."
+  ],
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [HttpApi] is invalid. Invalid key 'AllowOrigin' for 'Cors' property.",
+  "errors": [
+    {
+      "errorMessage": "Resource with id [HttpApi] is invalid. Invalid key 'AllowOrigin' for 'Cors' property."
+    }
+  ]
+}