Release/v1.37.0 (#2079)

* Release/v1.37.0 (#2069) * chore: bump version to 1.37.0 (#2068) * fix: Increase PageSize of ListPolicies Paginator (#2033) Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> * feat: Support VIRTUAL_HOST as Type for SourceAccessConfiguration for MQ events (#76) (#2078) Co-authored-by: Renato Valenzuela <37676028+valerena@users.noreply.github.com>
aws · Jul 6, 2021 · 25fa8a8 · 25fa8a8
1 parent a3a99d3
commit 25fa8a8
Show file tree

Hide file tree

Showing 23 changed files with 529 additions and 21 deletions.
diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py
@@ -1 +1 @@
-__version__ = "1.36.0"
+__version__ = "1.37.0"
diff --git a/samtranslator/model/eventsources/pull.py b/samtranslator/model/eventsources/pull.py
@@ -10,7 +10,7 @@
 class PullEventSource(ResourceMacro):
     """Base class for pull event sources for SAM Functions.
 
-    The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, ActiveMQ Queues and SQS Queues. All of these correspond to an
+    The pull events are Kinesis Streams, DynamoDB Streams, Kafka Topics, Amazon MQ Queues and SQS Queues. All of these correspond to an
     EventSourceMapping in Lambda, and require that the execution role be given to Kinesis Streams, DynamoDB
     Streams, or SQS Queues, respectively.
 
@@ -74,7 +74,7 @@ def to_cloudformation(self, **kwargs):
         if not self.Stream and not self.Queue and not self.Broker:
             raise InvalidEventException(
                 self.relative_id,
-                "No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for ActiveMQ) provided.",
+                "No Queue (for SQS) or Stream (for Kinesis, DynamoDB or MSK) or Broker (for Amazon MQ) provided.",
             )
 
         if self.Stream and not self.StartingPosition:
@@ -218,23 +218,38 @@ def get_policy_statements(self):
         if not self.SourceAccessConfigurations:
             raise InvalidEventException(
                 self.relative_id,
-                "No SourceAccessConfigurations for ActiveMQ provided.",
+                "No SourceAccessConfigurations for Amazon MQ event provided.",
             )
         if not type(self.SourceAccessConfigurations) is list:
             raise InvalidEventException(
                 self.relative_id,
                 "Provided SourceAccessConfigurations cannot be parsed into a list.",
             )
-        # MQ only supports SourceAccessConfigurations with list size of 1
-        if not (len(self.SourceAccessConfigurations) == 1):
-            raise InvalidEventException(
-                self.relative_id,
-                "SourceAccessConfigurations for ActiveMQ only supports single configuration entry.",
-            )
-        if not self.SourceAccessConfigurations[0].get("URI"):
+        basic_auth_uri = None
+        for conf in self.SourceAccessConfigurations:
+            event_type = conf.get("Type")
+            if event_type not in ("BASIC_AUTH", "VIRTUAL_HOST"):
+                raise InvalidEventException(
+                    self.relative_id,
+                    "Invalid property specified in SourceAccessConfigurations for Amazon MQ event.",
+                )
+            if event_type == "BASIC_AUTH":
+                if basic_auth_uri:
+                    raise InvalidEventException(
+                        self.relative_id,
+                        "Multiple BASIC_AUTH properties specified in SourceAccessConfigurations for Amazon MQ event.",
+                    )
+                basic_auth_uri = conf.get("URI")
+                if not basic_auth_uri:
+                    raise InvalidEventException(
+                        self.relative_id,
+                        "No BASIC_AUTH URI property specified in SourceAccessConfigurations for Amazon MQ event.",
+                    )
+
+        if not basic_auth_uri:
             raise InvalidEventException(
                 self.relative_id,
-                "No URI property specified in SourceAccessConfigurations for ActiveMQ.",
+                "No BASIC_AUTH property specified in SourceAccessConfigurations for Amazon MQ event.",
             )
         document = {
             "PolicyName": "SamAutoGeneratedAMQPolicy",
@@ -245,7 +260,7 @@ def get_policy_statements(self):
                             "secretsmanager:GetSecretValue",
                         ],
                         "Effect": "Allow",
-                        "Resource": self.SourceAccessConfigurations[0].get("URI"),
+                        "Resource": basic_auth_uri,
                     },
                     {
                         "Action": [

diff --git a/samtranslator/translator/managed_policy_translator.py b/samtranslator/translator/managed_policy_translator.py
@@ -7,15 +7,19 @@ class ManagedPolicyLoader(object):
     def __init__(self, iam_client):
         self._iam_client = iam_client
         self._policy_map = None
+        self.max_items = 1000
 
     def load(self):
         if self._policy_map is None:
             LOG.info("Loading policies from IAM...")
+
             paginator = self._iam_client.get_paginator("list_policies")
             # Setting the scope to AWS limits the returned values to only AWS Managed Policies and will
             # not returned policies owned by any specific account.
             # http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html#API_ListPolicies_RequestParameters
-            page_iterator = paginator.paginate(Scope="AWS")
+            # Note(jfuss): boto3 PaginationConfig MaxItems does not control the number of items returned from the API
+            # call. This is actually controlled by PageSize.
+            page_iterator = paginator.paginate(Scope="AWS", PaginationConfig={"PageSize": self.max_items})
             name_to_arn_map = {}
 
             for page in page_iterator:

diff --git a/tests/model/eventsources/test_mq_event_source.py b/tests/model/eventsources/test_mq_event_source.py
@@ -0,0 +1,42 @@
+from unittest import TestCase
+from samtranslator.model.eventsources.pull import MQ
+
+
+class MQEventSource(TestCase):
+    def setUp(self):
+        self.logical_id = "MQEvent"
+        self.mq_event_source = MQ(self.logical_id)
+
+    def test_get_policy_arn(self):
+        source_arn = self.mq_event_source.get_policy_arn()
+        expected_source_arn = None
+        self.assertEqual(source_arn, expected_source_arn)
+
+    def test_get_policy_statements(self):
+        self.mq_event_source.SourceAccessConfigurations = [{"Type": "BASIC_AUTH", "URI": "SECRET_URI"}]
+        self.mq_event_source.Broker = "BROKER_ARN"
+        policy_statements = self.mq_event_source.get_policy_statements()
+        expected_policy_document = [
+            {
+                "PolicyName": "SamAutoGeneratedAMQPolicy",
+                "PolicyDocument": {
+                    "Statement": [
+                        {
+                            "Action": [
+                                "secretsmanager:GetSecretValue",
+                            ],
+                            "Effect": "Allow",
+                            "Resource": "SECRET_URI",
+                        },
+                        {
+                            "Action": [
+                                "mq:DescribeBroker",
+                            ],
+                            "Effect": "Allow",
+                            "Resource": "BROKER_ARN",
+                        },
+                    ]
+                },
+            }
+        ]
+        self.assertEqual(policy_statements, expected_policy_document)
diff --git a/tests/translator/input/error_invalid_config_mq.yaml b/tests/translator/input/error_invalid_config_mq.yaml
@@ -0,0 +1,19 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations:
+              - Type: BASIC_AUTH
+                URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
+              - Type: VPC_SUBNET
+                URI: invalidforMQtriggers
diff --git a/tests/translator/input/error_missing_basic_auth_in_mq.yaml b/tests/translator/input/error_missing_basic_auth_in_mq.yaml
@@ -0,0 +1,17 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations:
+              - Type: VIRTUAL_HOST
+                URI: vhost_name
diff --git a/tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml b/tests/translator/input/error_missing_basic_auth_uri_in_mq.yaml
@@ -0,0 +1,16 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations: 
+              - Type: BASIC_AUTH
diff --git a/tests/translator/input/error_missing_sac_in_mq.yaml b/tests/translator/input/error_missing_sac_in_mq.yaml
@@ -0,0 +1,15 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations: []
diff --git a/tests/translator/input/error_multiple_basic_auth_in_mq.yaml b/tests/translator/input/error_multiple_basic_auth_in_mq.yaml
@@ -0,0 +1,19 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations:
+              - Type: BASIC_AUTH
+                URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
+              - Type: BASIC_AUTH
+                URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-second-secret-1a2b3c
diff --git a/tests/translator/input/function_with_mq_virtual_host.yaml b/tests/translator/input/function_with_mq_virtual_host.yaml
@@ -0,0 +1,19 @@
+Resources:
+  MQFunction:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      CodeUri: s3://sam-demo-bucket/queues.zip
+      Handler: queue.mq_handler
+      Runtime: python2.7
+      Events:
+        MyMQQueue:
+          Type: MQ
+          Properties:
+            Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9
+            Queues:
+              - "Queue1"
+            SourceAccessConfigurations:
+              - Type: BASIC_AUTH
+                URI: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c
+              - Type: VIRTUAL_HOST
+                URI: vhost_name
diff --git a/tests/translator/output/aws-cn/function_with_mq_virtual_host.json b/tests/translator/output/aws-cn/function_with_mq_virtual_host.json
@@ -0,0 +1,102 @@
+{
+  "Resources": {
+    "MQFunction": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": "sam-demo-bucket",
+          "S3Key": "queues.zip"
+        },
+        "Handler": "queue.mq_handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "MQFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python2.7",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      }
+    },
+    "MQFunctionRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ]
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Policies": [
+          {
+            "PolicyName": "SamAutoGeneratedAMQPolicy",
+            "PolicyDocument": {
+              "Statement": [
+                {
+                  "Action": [
+                    "secretsmanager:GetSecretValue"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c"
+                },
+                {
+                  "Action": [
+                    "mq:DescribeBroker"
+                  ],
+                  "Effect": "Allow",
+                  "Resource": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9"
+                }
+              ]
+            }
+          }
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      }
+    },
+    "MQFunctionMyMQQueue": {
+      "Type": "AWS::Lambda::EventSourceMapping",
+      "Properties": {
+        "EventSourceArn": "arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9",
+        "FunctionName": {
+          "Ref": "MQFunction"
+        },
+        "Queues": [
+          "Queue1"
+        ],
+        "SourceAccessConfigurations": [
+          {
+            "Type": "BASIC_AUTH",
+            "URI": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c"
+          },
+          {
+            "Type": "VIRTUAL_HOST",
+            "URI": "vhost_name"
+          }
+        ]
+      }
+    }
+  }
+}