fix: Support resolve simple ref intrinsics for Tracing Properties and…

… Fix Bugs in Tracing Properties
aws · Jun 20, 2023 · 2c997e2 · 2c997e2
1 parent 68101bf
commit 2c997e2
Show file tree

Hide file tree

Showing 9 changed files with 870 additions and 29 deletions.
diff --git a/samtranslator/model/lambda_.py b/samtranslator/model/lambda_.py
@@ -4,6 +4,8 @@
 from samtranslator.model.intrinsics import fnGetAtt, ref
 from samtranslator.utils.types import Intrinsicable
 
+TRACING_CONFIG_ACTIVE = "Active"
+
 
 class LambdaFunction(Resource):
     resource_type = "AWS::Lambda::Function"

diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py
@@ -1,4 +1,4 @@
-""" SAM macro definitions """
+""" SAM macro definitions """
 import copy
 from contextlib import suppress
 from typing import Any, Callable, Dict, List, Optional, Tuple, Union, cast
@@ -61,6 +61,7 @@
     ref,
 )
 from samtranslator.model.lambda_ import (
+    TRACING_CONFIG_ACTIVE,
     LambdaAlias,
     LambdaEventInvokeConfig,
     LambdaFunction,
@@ -298,6 +299,7 @@ def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
             execution_role = self._construct_role(
                 managed_policy_map,
                 event_invoke_policies,
+                intrinsics_resolver,
                 get_managed_policy_map,
             )
             lambda_function.Role = execution_role.get_runtime_attr("arn")
@@ -581,6 +583,7 @@ def _construct_role(
         self,
         managed_policy_map: Dict[str, Any],
         event_invoke_policies: List[Dict[str, Any]],
+        intrinsics_resolver: IntrinsicsResolver,
         get_managed_policy_map: Optional[GetManagedPolicyMap] = None,
     ) -> IAMRole:
         """Constructs a Lambda execution role based on this SAM function's Policies property.
@@ -597,7 +600,9 @@ def _construct_role(
         )
 
         managed_policy_arns = [ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaBasicExecutionRole")]
-        if self.Tracing:
+
+        tracing = intrinsics_resolver.resolve_parameter_refs(self.Tracing)
+        if tracing == TRACING_CONFIG_ACTIVE:
             managed_policy_name = get_xray_managed_policy_name()
             managed_policy_arns.append(ArnGenerator.generate_aws_managed_policy_arn(managed_policy_name))
         if self.VpcConfig:

diff --git a/tests/translator/input/function_with_tracing.yaml b/tests/translator/input/function_with_tracing.yaml
@@ -0,0 +1,81 @@
+Parameters:
+  TracingParamPassThrough:
+    Type: String
+    Default: PassThrough
+  TracingParamActive:
+    Type: String
+    Default: Active
+
+Resources:
+  ActiveTracingFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: index.handler
+      Runtime: nodejs14.x
+      InlineCode: |
+        exports.handler = async (event, context, callback) => {
+            return {
+              statusCode: 200,
+              body: 'Success'
+            }
+          }
+      MemorySize: 128
+      Policies:
+      - AWSLambdaRole
+      - AmazonS3ReadOnlyAccess
+      Tracing: Active
+
+  ActiveIntrinsicTracingFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: index.handler
+      Runtime: nodejs14.x
+      InlineCode: |
+        exports.handler = async (event, context, callback) => {
+            return {
+              statusCode: 200,
+              body: 'Success'
+            }
+          }
+      MemorySize: 128
+      Policies:
+      - AWSLambdaRole
+      - AmazonS3ReadOnlyAccess
+      Tracing: !Ref TracingParamActive
+
+  PassThroughTracingFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: index.handler
+      Runtime: nodejs14.x
+      InlineCode: |
+        exports.handler = async (event, context, callback) => {
+            return {
+              statusCode: 200,
+              body: 'Success'
+            }
+          }
+      MemorySize: 128
+      Policies:
+      - AWSLambdaRole
+      - AmazonS3ReadOnlyAccess
+      Tracing: PassThrough
+
+  PassThroughIntrinsicTracingFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: index.handler
+      Runtime: nodejs14.x
+      MemorySize: 128
+      InlineCode: |
+        exports.handler = async (event, context, callback) => {
+            return {
+              statusCode: 200,
+              body: 'Success'
+            }
+          }
+      Policies:
+      - AWSLambdaRole
+      - AmazonS3ReadOnlyAccess
+      Tracing:
+        Ref: TracingParamPassThrough
diff --git a/tests/translator/output/aws-cn/function_with_tracing.json b/tests/translator/output/aws-cn/function_with_tracing.json
@@ -0,0 +1,252 @@
+{
+  "Parameters": {
+    "TracingParamActive": {
+      "Default": "Active",
+      "Type": "String"
+    },
+    "TracingParamPassThrough": {
+      "Default": "PassThrough",
+      "Type": "String"
+    }
+  },
+  "Resources": {
+    "ActiveIntrinsicTracingFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "exports.handler = async (event, context, callback) => {\n    return {\n      statusCode: 200,\n      body: 'Success'\n    }\n  }\n"
+        },
+        "Handler": "index.handler",
+        "MemorySize": 128,
+        "Role": {
+          "Fn::GetAtt": [
+            "ActiveIntrinsicTracingFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs14.x",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ],
+        "TracingConfig": {
+          "Mode": {
+            "Ref": "TracingParamActive"
+          }
+        }
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "ActiveIntrinsicTracingFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
+          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
+          "arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "ActiveTracingFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "exports.handler = async (event, context, callback) => {\n    return {\n      statusCode: 200,\n      body: 'Success'\n    }\n  }\n"
+        },
+        "Handler": "index.handler",
+        "MemorySize": 128,
+        "Role": {
+          "Fn::GetAtt": [
+            "ActiveTracingFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs14.x",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ],
+        "TracingConfig": {
+          "Mode": "Active"
+        }
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "ActiveTracingFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
+          "arn:aws-cn:iam::aws:policy/AWSXRayDaemonWriteAccess",
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
+          "arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "PassThroughIntrinsicTracingFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "exports.handler = async (event, context, callback) => {\n    return {\n      statusCode: 200,\n      body: 'Success'\n    }\n  }\n"
+        },
+        "Handler": "index.handler",
+        "MemorySize": 128,
+        "Role": {
+          "Fn::GetAtt": [
+            "PassThroughIntrinsicTracingFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs14.x",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ],
+        "TracingConfig": {
+          "Mode": {
+            "Ref": "TracingParamPassThrough"
+          }
+        }
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "PassThroughIntrinsicTracingFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
+          "arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "PassThroughTracingFunction": {
+      "Properties": {
+        "Code": {
+          "ZipFile": "exports.handler = async (event, context, callback) => {\n    return {\n      statusCode: 200,\n      body: 'Success'\n    }\n  }\n"
+        },
+        "Handler": "index.handler",
+        "MemorySize": 128,
+        "Role": {
+          "Fn::GetAtt": [
+            "PassThroughTracingFunctionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs14.x",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ],
+        "TracingConfig": {
+          "Mode": "PassThrough"
+        }
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "PassThroughTracingFunctionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
+          "arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    }
+  }
+}