chore: Merge develop into tf start api (#5239)

* feat: update SAM CLI with latest App Templates commit hash (#5211) * feat: updating app templates repo hash with (a34f563f067e13df3eb350d36461b99397b6cda6) * dummy change to trigger checks * revert dummy commit --------- Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * fix: fix failing Terraform integration test cases (#5218) * fix: fix the failing terraform integration test cases * fix: fix the resource address while accessing the module config resources * fix: fix checking the experimental log integration test cases * chore: bump version to 1.85.0 (#5226) * chore: use the SAR Application created in testing accounts (#5221) * chore: update aws_lambda_builders to 1.32.0 (#5215) Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * feat: Added linking Gateway Method to Lambda Authorizer (#5228) * Added linking method to authorizer * Fixed docstring spelling mistake --------- Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * feat: Return early during linking if no destination resources are found (#5220) * Returns during linking if no destination resources are found * Updated comment to correctly reflect state * Cleaned extra word --------- Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> * chore: Strengthen wording on "no Auth" during deploy (#5231) Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> * feat: Link Lambda Authorizer to Rest API (#5219) * Link RestApiId property for Lambda Authorizers * Updated docstring * Format files --------- Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: GitHub Action <action@github.com> Co-authored-by: Mohamed Elasmar <71043312+moelasmar@users.noreply.github.com> Co-authored-by: Lucas <12496191+lucashuy@users.noreply.github.com> Co-authored-by: Jacob Fuss <32497805+jfuss@users.noreply.github.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com>
aws · Jun 1, 2023 · 7be9427 · 7be9427
1 parent b7150f4
commit 7be9427
Show file tree

Hide file tree

Showing 16 changed files with 319 additions and 27 deletions.
diff --git a/requirements/reproducible-mac.txt b/requirements/reproducible-mac.txt
@@ -275,6 +275,7 @@ importlib-metadata==6.1.0 \
     --hash=sha256:43ce9281e097583d758c2c708c4376371261a02c34682491a8e98352365aad20 \
     --hash=sha256:ff80f3b5394912eb1b108fcfd444dc78b7f1f3e16b16188054bd01cb9cb86f09
     # via
+    #   attrs
     #   click
     #   flask
     #   jsonpickle

diff --git a/samcli/__init__.py b/samcli/__init__.py
@@ -2,4 +2,4 @@
 SAM CLI version
 """
 
-__version__ = "1.84.0"
+__version__ = "1.85.0"
diff --git a/samcli/commands/deploy/deploy_context.py b/samcli/commands/deploy/deploy_context.py
@@ -242,7 +242,7 @@ def deploy(
 
         for resource, authorization_required in auth_required_per_resource:
             if not authorization_required:
-                click.secho(f"{resource} may not have authorization defined.", fg="yellow")
+                click.secho(f"{resource} has no authentication.", fg="yellow")
 
         if use_changeset:
             try:

diff --git a/samcli/commands/deploy/guided_context.py b/samcli/commands/deploy/guided_context.py
@@ -224,7 +224,7 @@ def prompt_authorization(self, stacks: List[Stack]):
         for resource, authorization_required in auth_required_per_resource:
             if not authorization_required:
                 auth_confirm = confirm(
-                    f"\t{self.start_bold}{resource} may not have authorization defined, Is this okay?{self.end_bold}",
+                    f"\t{self.start_bold}{resource} has no authentication. Is this okay?{self.end_bold}",
                     default=False,
                 )
                 if not auth_confirm:

diff --git a/samcli/hook_packages/terraform/hooks/prepare/exceptions.py b/samcli/hook_packages/terraform/hooks/prepare/exceptions.py
@@ -207,6 +207,32 @@ class GatewayAuthorizerToLambdaFunctionLocalVariablesLinkingLimitationException(
     """
 
 
+class OneGatewayAuthorizerToRestApiLinkingLimitationException(OneResourceLinkingLimitationException):
+    """
+    Exception specific for Gateway Authorizer linking to more than one Rest API
+    """
+
+
+class GatewayAuthorizerToRestApiLocalVariablesLinkingLimitationException(LocalVariablesLinkingLimitationException):
+    """
+    Exception specific for Gateway Authorizer linking to Rest APIs using locals.
+    """
+
+
+class OneGatewayMethodToGatewayAuthorizerLinkingLimitationException(OneResourceLinkingLimitationException):
+    """
+    Exception specific for Gateway Method linking to more than one Gateway Authorizer
+    """
+
+
+class GatewayMethodToGatewayAuthorizerLocalVariablesLinkingLimitationException(
+    LocalVariablesLinkingLimitationException
+):
+    """
+    Exception specific for Gateway Method linking to Gateway Authorizer using locals.
+    """
+
+
 class InvalidSamMetadataPropertiesException(UserException):
     pass
 

diff --git a/samcli/hook_packages/terraform/hooks/prepare/resource_linking.py b/samcli/hook_packages/terraform/hooks/prepare/resource_linking.py
@@ -10,6 +10,8 @@
 from samcli.hook_packages.terraform.hooks.prepare.exceptions import (
     FunctionLayerLocalVariablesLinkingLimitationException,
     GatewayAuthorizerToLambdaFunctionLocalVariablesLinkingLimitationException,
+    GatewayAuthorizerToRestApiLocalVariablesLinkingLimitationException,
+    GatewayMethodToGatewayAuthorizerLocalVariablesLinkingLimitationException,
     GatewayResourceToApiGatewayIntegrationLocalVariablesLinkingLimitationException,
     GatewayResourceToApiGatewayIntegrationResponseLocalVariablesLinkingLimitationException,
     GatewayResourceToApiGatewayMethodLocalVariablesLinkingLimitationException,
@@ -18,6 +20,8 @@
     LambdaFunctionToApiGatewayIntegrationLocalVariablesLinkingLimitationException,
     LocalVariablesLinkingLimitationException,
     OneGatewayAuthorizerToLambdaFunctionLinkingLimitationException,
+    OneGatewayAuthorizerToRestApiLinkingLimitationException,
+    OneGatewayMethodToGatewayAuthorizerLinkingLimitationException,
     OneGatewayResourceToApiGatewayIntegrationLinkingLimitationException,
     OneGatewayResourceToApiGatewayIntegrationResponseLinkingLimitationException,
     OneGatewayResourceToApiGatewayMethodLinkingLimitationException,
@@ -50,6 +54,7 @@
 LAMBDA_LAYER_RESOURCE_ADDRESS_PREFIX = "aws_lambda_layer_version."
 API_GATEWAY_REST_API_RESOURCE_ADDRESS_PREFIX = "aws_api_gateway_rest_api."
 API_GATEWAY_RESOURCE_RESOURCE_ADDRESS_PREFIX = "aws_api_gateway_resource."
+API_GATEWAY_AUTHORIZER_RESOURCE_ADDRESS_PREFIX = "aws_api_gateway_authorizer."
 TERRAFORM_LOCAL_VARIABLES_ADDRESS_PREFIX = "local."
 DATA_RESOURCE_ADDRESS_PREFIX = "data."
 
@@ -231,9 +236,12 @@ def _link_using_terraform_config(self, source_tf_resource: TFResource, cfn_resou
             )
         if not dest_resources:
             LOG.debug(
-                "There are destination resources defined for for the source resource %s",
+                "There are no destination resources defined for the source resource %s, skipping linking.",
                 source_tf_resource.full_address,
             )
+
+            return
+
         for cfn_resource in cfn_resources:
             self._resource_pair.cfn_resource_update_call_back_function(cfn_resource, dest_resources)  # type: ignore
 
@@ -284,7 +292,12 @@ def _link_using_linking_fields(self, cfn_resource: Dict) -> None:
             else ExistingResourceReference(value)
             for value in values
         ]
-        LOG.debug("The value of the source resource linking field after mapping $s", dest_resources)
+
+        if not dest_resources:
+            LOG.debug("Skipping linking call back, no destination resources discovered.")
+            return
+
+        LOG.debug("The value of the source resource linking field after mapping %s", dest_resources)
         self._resource_pair.cfn_resource_update_call_back_function(cfn_resource, dest_resources)  # type: ignore
 
     def _process_resolved_resources(
@@ -1535,7 +1548,7 @@ def _link_gateway_authorizer_to_lambda_function_call_back(
 def _link_gateway_authorizer_to_lambda_function(
     authorizer_config_resources: Dict[str, TFResource],
     authorizer_cfn_resources: Dict[str, List],
-    authorizer_tf_resources: Dict[str, Dict],
+    lamda_function_resources: Dict[str, Dict],
 ) -> None:
     """
     Iterate through all the resources and link the corresponding Authorizer to each Lambda Function
@@ -1546,8 +1559,8 @@ def _link_gateway_authorizer_to_lambda_function(
         Dictionary of configuration Authorizer resources
     authorizer_cfn_resources: Dict[str, List]
         Dictionary containing resolved configuration address of CFN Authorizer resources
-    lambda_layers_terraform_resources: Dict[str, Dict]
-        Dictionary of all actual terraform layers resources (not configuration resources). The dictionary's key is the
+    lamda_function_resources: Dict[str, Dict]
+        Dictionary of Terraform Lambda Function resources (not configuration resources). The dictionary's key is the
         calculated logical id for each resource
     """
     exceptions = ResourcePairExceptions(
@@ -1557,7 +1570,7 @@ def _link_gateway_authorizer_to_lambda_function(
     resource_linking_pair = ResourceLinkingPair(
         source_resource_cfn_resource=authorizer_cfn_resources,
         source_resource_tf_config=authorizer_config_resources,
-        destination_resource_tf=authorizer_tf_resources,
+        destination_resource_tf=lamda_function_resources,
         tf_destination_attribute_name="invoke_arn",
         terraform_link_field_name="authorizer_uri",
         cfn_link_field_name="AuthorizerUri",
@@ -1566,3 +1579,105 @@ def _link_gateway_authorizer_to_lambda_function(
         linking_exceptions=exceptions,
     )
     ResourceLinker(resource_linking_pair).link_resources()
+
+
+def _link_gateway_authorizer_to_rest_api(
+    authorizer_config_resources: Dict[str, TFResource],
+    authorizer_cfn_resources: Dict[str, List],
+    rest_api_resource: Dict[str, Dict],
+) -> None:
+    """
+    Iterate through all the resources and link the corresponding Authorizer to each Rest Api
+
+    Parameters
+    ----------
+    authorizer_config_resources: Dict[str, TFResource]
+        Dictionary of configuration Authorizer resources
+    authorizer_cfn_resources: Dict[str, List]
+        Dictionary containing resolved configuration address of CFN Authorizer resources
+    rest_api_resource: Dict[str, Dict]
+        Dictionary of Terraform Rest Api resources (not configuration resources). The dictionary's key is the
+        calculated logical id for each resource
+    """
+    exceptions = ResourcePairExceptions(
+        multiple_resource_linking_exception=OneGatewayAuthorizerToRestApiLinkingLimitationException,
+        local_variable_linking_exception=GatewayAuthorizerToRestApiLocalVariablesLinkingLimitationException,
+    )
+    resource_linking_pair = ResourceLinkingPair(
+        source_resource_cfn_resource=authorizer_cfn_resources,
+        source_resource_tf_config=authorizer_config_resources,
+        destination_resource_tf=rest_api_resource,
+        tf_destination_attribute_name="id",
+        terraform_link_field_name="rest_api_id",
+        cfn_link_field_name="RestApiId",
+        terraform_resource_type_prefix=API_GATEWAY_REST_API_RESOURCE_ADDRESS_PREFIX,
+        cfn_resource_update_call_back_function=_link_gateway_resource_to_gateway_rest_apis_rest_api_id_call_back,
+        linking_exceptions=exceptions,
+    )
+    ResourceLinker(resource_linking_pair).link_resources()
+
+
+def _link_gateway_method_to_gateway_authorizer_call_back(
+    gateway_method_cfn_resource: Dict, authorizer_resources: List[ReferenceType]
+) -> None:
+    """
+    Callback function that is used by the linking algorithm to update a CFN Method Resource with
+    a reference to the Lambda Authorizers's Id
+
+    Parameters
+    ----------
+    gateway_method_cfn_resource: Dict
+        API Gateway Method CFN resource
+    authorizer_resources: List[ReferenceType]
+        List of referenced Authorizers either as the logical id of Authorizer resources
+        defined in the customer project, or ARN values for actual Authorizers defined
+        in customer's account. This list should always contain one element only.
+    """
+    if len(authorizer_resources) > 1:
+        raise InvalidResourceLinkingException("Could not link multiple Lambda Authorizers to one Gateway Method")
+
+    if not authorizer_resources:
+        LOG.info("Unable to find any references to Authorizers, skip linking Gateway Method to Lambda Authorizer")
+        return
+
+    logical_id = authorizer_resources[0]
+    gateway_method_cfn_resource["Properties"]["AuthorizerId"] = (
+        {"Ref": logical_id.value} if isinstance(logical_id, LogicalIdReference) else logical_id.value
+    )
+
+
+def _link_gateway_method_to_gateway_authorizer(
+    gateway_method_config_resources: Dict[str, TFResource],
+    gateway_method_config_address_cfn_resources_map: Dict[str, List],
+    authorizer_resources: Dict[str, Dict],
+) -> None:
+    """
+    Iterate through all the resources and link the corresponding
+    Gateway Method resources to each Gateway Authorizer
+
+    Parameters
+    ----------
+    gateway_method_config_resources: Dict[str, TFResource]
+        Dictionary of configuration Gateway Methods
+    gateway_method_config_address_cfn_resources_map: Dict[str, List]
+        Dictionary containing resolved configuration addresses matched up to the cfn Gateway Stage
+    authorizer_resources: Dict[str, Dict]
+        Dictionary of all Terraform Authorizer resources (not configuration resources).
+        The dictionary's key is the calculated logical id for each resource.
+    """
+    exceptions = ResourcePairExceptions(
+        multiple_resource_linking_exception=OneGatewayMethodToGatewayAuthorizerLinkingLimitationException,
+        local_variable_linking_exception=GatewayMethodToGatewayAuthorizerLocalVariablesLinkingLimitationException,
+    )
+    resource_linking_pair = ResourceLinkingPair(
+        source_resource_cfn_resource=gateway_method_config_address_cfn_resources_map,
+        source_resource_tf_config=gateway_method_config_resources,
+        destination_resource_tf=authorizer_resources,
+        tf_destination_attribute_name="id",
+        terraform_link_field_name="authorizer_id",
+        cfn_link_field_name="AuthorizerId",
+        terraform_resource_type_prefix=API_GATEWAY_AUTHORIZER_RESOURCE_ADDRESS_PREFIX,
+        cfn_resource_update_call_back_function=_link_gateway_method_to_gateway_authorizer_call_back,
+        linking_exceptions=exceptions,
+    )
+    ResourceLinker(resource_linking_pair).link_resources()
diff --git a/samcli/hook_packages/terraform/hooks/prepare/resources/resource_links.py b/samcli/hook_packages/terraform/hooks/prepare/resources/resource_links.py
@@ -13,11 +13,13 @@
 )
 from samcli.hook_packages.terraform.hooks.prepare.resource_linking import (
     _link_gateway_authorizer_to_lambda_function,
+    _link_gateway_authorizer_to_rest_api,
     _link_gateway_integration_responses_to_gateway_resource,
     _link_gateway_integration_responses_to_gateway_rest_apis,
     _link_gateway_integrations_to_function_resource,
     _link_gateway_integrations_to_gateway_resource,
     _link_gateway_integrations_to_gateway_rest_apis,
+    _link_gateway_method_to_gateway_authorizer,
     _link_gateway_method_to_gateway_resource,
     _link_gateway_methods_to_gateway_rest_apis,
     _link_gateway_resources_to_gateway_rest_apis,
@@ -78,4 +80,14 @@
         dest=TF_AWS_LAMBDA_FUNCTION,
         linking_func=_link_gateway_authorizer_to_lambda_function,
     ),
+    LinkingPairCaller(
+        source=TF_AWS_API_GATEWAY_AUTHORIZER,
+        dest=TF_AWS_API_GATEWAY_REST_API,
+        linking_func=_link_gateway_authorizer_to_rest_api,
+    ),
+    LinkingPairCaller(
+        source=TF_AWS_API_GATEWAY_METHOD,
+        dest=TF_AWS_API_GATEWAY_AUTHORIZER,
+        linking_func=_link_gateway_method_to_gateway_authorizer,
+    ),
 ]
diff --git a/samcli/hook_packages/terraform/hooks/prepare/translate.py b/samcli/hook_packages/terraform/hooks/prepare/translate.py
@@ -111,15 +111,21 @@ def _check_unresolvable_values(root_module: dict, root_tf_module: TFModule) -> N
         # iterate over resources for current module
         for resource in curr_module.get("resources", []):
             resource_type = resource.get("type")
+            resource_name = resource.get("name")
+            resource_mode = resource.get("mode")
 
             resource_mapper = RESOURCE_TRANSLATOR_MAPPING.get(resource_type)
             if not resource_mapper:
                 continue
 
             resource_values = resource.get("values")
-            resource_full_address = resource.get("address")
+            resource_address = (
+                f"data.{resource_type}.{resource_name}"
+                if resource_mode == "data"
+                else f"{resource_type}.{resource_name}"
+            )
 
-            config_resource_address = get_configuration_address(resource_full_address)
+            config_resource_address = get_configuration_address(resource_address)
             config_resource = curr_tf_module.resources[config_resource_address]
 
             for prop_builder in resource_mapper.property_builder_mapping.values():

diff --git a/samcli/runtime_config.json b/samcli/runtime_config.json
@@ -1,3 +1,3 @@
 {
-    "app_template_repo_commit": "824220f550c2d651dbbf5c64020c453dfcd39c4f"
+    "app_template_repo_commit": "a34f563f067e13df3eb350d36461b99397b6cda6"
 }
diff --git a/tests/integration/local/invoke/test_invoke_terraform_applications.py b/tests/integration/local/invoke/test_invoke_terraform_applications.py
@@ -159,7 +159,7 @@ def test_invoke_function_get_experimental_prompted(self):
             "You can also enable this beta feature with 'sam local invoke --beta-features'."
         )
         self.assertRegex(stdout.decode("utf-8"), terraform_beta_feature_prompted_text)
-        self.assertTrue(stderr.decode("utf-8").startswith(Colored().yellow(EXPERIMENTAL_WARNING)))
+        self.assertRegex(stderr.decode("utf-8"), EXPERIMENTAL_WARNING)
 
         response = json.loads(stdout.decode("utf-8").split("\n")[2][85:].strip())
         expected_response = json.loads('{"statusCode":200,"body":"{\\"message\\": \\"hello world\\"}"}')

diff --git a/tests/integration/testdata/buildcmd/aws-serverless-application-with-application-id-map.yaml b/tests/integration/testdata/buildcmd/aws-serverless-application-with-application-id-map.yaml
@@ -4,7 +4,7 @@ Transform: AWS::Serverless-2016-10-31
 Mappings:
   MappingExample:
     us-east-2:
-      ApplicationId: arn:aws:serverlessrepo:us-east-1:077246666028:applications/hello-world
+      ApplicationId: !Sub arn:aws:serverlessrepo:us-east-1:${AWS::AccountId}:applications/sam-cli-integration-test-sar-app
 
 Resources:
   MyApplication:

diff --git a/...ntegration/testdata/buildcmd/terraform/image_based_lambda_functions_local_backend/main.tf b/...ntegration/testdata/buildcmd/terraform/image_based_lambda_functions_local_backend/main.tf
@@ -1,6 +1,5 @@
 provider "aws" {
     # Make it faster by skipping something
-    skip_get_ec2_platforms      = true
     skip_metadata_api_check     = true
     skip_region_validation      = true
     skip_credentials_validation = true

diff --git a/...s/integration/testdata/buildcmd/terraform/image_based_lambda_functions_s3_backend/main.tf b/...s/integration/testdata/buildcmd/terraform/image_based_lambda_functions_s3_backend/main.tf
@@ -4,7 +4,6 @@ terraform {
 
 provider "aws" {
     # Make it faster by skipping something
-    skip_get_ec2_platforms      = true
     skip_metadata_api_check     = true
     skip_region_validation      = true
     skip_credentials_validation = true