Exception due to FunctionDict usage

[undergroundwires]

Reproducible repository: https://github.com/undergroundwires/aws-static-site-with-cd

Steps:

1. pip install cfripper
2. cfripper ./stacks/*.yaml --resolve

Error message:

Unhandled exception raised, please create an issue with the error message at https://github.com/Skyscanner/cfripper/issues
Traceback (most recent call last):
  File "/opt/hostedtoolcache/Python/3.12.8/x64/lib/python3.12/site-packages/cfripper/cli.py", line 225, in cli
    process_template(template=template, resolve_parameters=resolve_parameters, **kwargs)
  File "/opt/hostedtoolcache/Python/3.12.8/x64/lib/python3.12/site-packages/cfripper/cli.py", line 117, in process_template
    cfmodel = get_cfmodel(template)
              ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/hostedtoolcache/Python/3.12.8/x64/lib/python3.12/site-packages/cfripper/cli.py", line 53, in get_cfmodel
    cfmodel = pycfmodel.parse(template_file)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/hostedtoolcache/Python/3.12.8/x64/lib/python3.12/site-packages/pycfmodel/__init__.py", line 5, in parse
    return CFModel.model_validate(template)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/hostedtoolcache/Python/3.12.8/x64/lib/python3.12/site-packages/pydantic/main.py", line 627, in model_validate
    return cls.__pydantic_validator__.validate_python(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pydantic_core._pydantic_core.ValidationError: 4 validation errors for CFModel
Resources.DeploymentUser.union[tagged-union[EC2VpcEndpointPolicy,ESDomain,IAMGroup,IAMManagedPolicy,IAMPolicy,IAMRole,IAMUser,KMSKey,OpenSearchDomain,RDSDBSecurityGroup,RDSDBSecurityGroupIngress,S3Bucket,S3BucketPolicy,SecurityGroup,SecurityGroupEgress,SecurityGroupIngress,SNSTopicPolicy,SQSQueuePolicy],GenericResource].tagged-union[EC2VpcEndpointPolicy,ESDomain,IAMGroup,IAMManagedPolicy,IAMPolicy,IAMRole,IAMUser,KMSKey,OpenSearchDomain,RDSDBSecurityGroup,RDSDBSecurityGroupIngress,S3Bucket,S3BucketPolicy,SecurityGroup,SecurityGroupEgress,SecurityGroupIngress,SNSTopicPolicy,SQSQueuePolicy].AWS::IAM::User.Properties.IAMUserProperties.Tags
  Extra inputs are not permitted [type=extra_forbidden, input_value=[{'Key': 'Application', '...ef': 'RootDomainName'}}], input_type=list]
    For further information visit https://errors.pydantic.dev/2.10/v/extra_forbidden
Resources.DeploymentUser.union[tagged-union[EC2VpcEndpointPolicy,ESDomain,IAMGroup,IAMManagedPolicy,IAMPolicy,IAMRole,IAMUser,KMSKey,OpenSearchDomain,RDSDBSecurityGroup,RDSDBSecurityGroupIngress,S3Bucket,S3BucketPolicy,SecurityGroup,SecurityGroupEgress,SecurityGroupIngress,SNSTopicPolicy,SQSQueuePolicy],GenericResource].tagged-union[EC2VpcEndpointPolicy,ESDomain,IAMGroup,IAMManagedPolicy,IAMPolicy,IAMRole,IAMUser,KMSKey,OpenSearchDomain,RDSDBSecurityGroup,RDSDBSecurityGroupIngress,S3Bucket,S3BucketPolicy,SecurityGroup,SecurityGroupEgress,SecurityGroupIngress,SNSTopicPolicy,SQSQueuePolicy].AWS::IAM::User.Properties.FunctionDict
  Value error, FunctionDict should only have 1 key and be a function [type=value_error, input_value={'Tags': [{'Key': 'Applic...f': 'RootDomainName'}}]}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.10/v/value_error
Resources.DeploymentUser.union[tagged-union[EC2VpcEndpointPolicy,ESDomain,IAMGroup,IAMManagedPolicy,IAMPolicy,IAMRole,IAMUser,KMSKey,OpenSearchDomain,RDSDBSecurityGroup,RDSDBSecurityGroupIngress,S3Bucket,S3BucketPolicy,SecurityGroup,SecurityGroupEgress,SecurityGroupIngress,SNSTopicPolicy,SQSQueuePolicy],GenericResource].GenericResource.Type
  Value error, Instantiation of GenericResource from AWS::IAM::User in ValidationInfo(config={'title': 'GenericResource', 'extra_fields_behavior': 'allow'}, context=None, data={}, field_name='Type') not allowed [type=value_error, input_value='AWS::IAM::User', input_type=str]
    For further information visit https://errors.pydantic.dev/2.10/v/value_error
Resources.DeploymentUser.FunctionDict
  Value error, FunctionDict should only have 1 key and be a function [type=value_error, input_value={'Type': 'AWS::IAM::User'...': 'RootDomainName'}}]}}, input_type=dict]
    For further information visit https://errors.pydantic.dev/2.10/v/value_error

[w0rmr1d3r]

Hi undergroundwires ,
Thank you for your submission.
We are aware of this bug, although named with a different title, the solution is being built in this PR: Skyscanner/pycfmodel#155

Yes, the issue relies on pycfmodel (used by cfripper) rathenr than cfripper itself.

Will keep working on that PR to try to fix it.