From 08447b704f54f74def88a2f87961a3cbd609ce17 Mon Sep 17 00:00:00 2001 From: Kevin Formsma Date: Mon, 2 Nov 2020 11:24:37 -0500 Subject: [PATCH] Fix scenario if role is provided (#85) --- lib/cfn-model/transforms/serverless.rb | 4 +++- .../yaml/sam/valid_metadata_lambda_fn.yml | 15 +++++++++++++++ spec/transforms/serverless_spec.rb | 14 ++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/cfn-model/transforms/serverless.rb b/lib/cfn-model/transforms/serverless.rb index ad8d667..8289027 100644 --- a/lib/cfn-model/transforms/serverless.rb +++ b/lib/cfn-model/transforms/serverless.rb @@ -133,7 +133,9 @@ def replace_serverless_function(cfn_hash, resource_name, with_line_numbers) # https://github.com/aws/serverless-application-model/issues/264 if serverless_function.key?('Metadata') && serverless_function['Metadata'].key?('cfn_nag') cfn_hash['Resources'][resource_name]['Metadata'] = serverless_function['Metadata'] - cfn_hash['Resources'][resource_name + 'Role']['Metadata'] = serverless_function['Metadata'] + unless serverless_function['Properties']['Role'] + cfn_hash['Resources'][resource_name + 'Role']['Metadata'] = serverless_function['Metadata'] + end end end diff --git a/spec/test_templates/yaml/sam/valid_metadata_lambda_fn.yml b/spec/test_templates/yaml/sam/valid_metadata_lambda_fn.yml index ca3101d..7b5812e 100644 --- a/spec/test_templates/yaml/sam/valid_metadata_lambda_fn.yml +++ b/spec/test_templates/yaml/sam/valid_metadata_lambda_fn.yml @@ -2,6 +2,9 @@ # Example from # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html Transform: AWS::Serverless-2016-10-31 +Parameters: + RoleArn: + Type: String Resources: MyServerlessFunctionLogicalID: Type: AWS::Serverless::Function @@ -14,3 +17,15 @@ Resources: Handler: index.handler Runtime: nodejs12.x CodeUri: 's3://testBucket/mySourceCode.zip' + MyServerlessFunctionLogicalID2: + Type: AWS::Serverless::Function + Metadata: + cfn_nag: + rules_to_suppress: + - id: W58 + reason: I know what I am doing + Properties: + Handler: index.handler + Runtime: nodejs12.x + CodeUri: 's3://testBucket/mySourceCode.zip' + Role: !Ref RoleArn diff --git a/spec/transforms/serverless_spec.rb b/spec/transforms/serverless_spec.rb index ccba214..c81938b 100644 --- a/spec/transforms/serverless_spec.rb +++ b/spec/transforms/serverless_spec.rb @@ -113,6 +113,20 @@ actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalIDRole'].key?('Metadata') ).to be true end + it 'Adds metadata to transformed resources without role' do + cloudformation_template_yml = \ + yaml_test_template('sam/valid_metadata_lambda_fn') + actual_cfn_model = @cfn_parser.parse cloudformation_template_yml + expect( + actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalID'].key?('Metadata') + ).to be true + expect( + actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalIDRole'].key?('Metadata') + ).to be true + expect( + actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalID2'].key?('Metadata') + ).to be true + end end context 'Template with serverless transform without URI' do