fix: Append CodeSha256 Value to Description (#3337)

GavinZZ · web-flow · commit 0900f2bab2ad · 2023-09-05T13:09:14.000-07:00
diff --git a/integration/resources/templates/combination/connector_bucket_to_function_write.yaml b/integration/resources/templates/combination/connector_bucket_to_function_write.yaml
@@ -64,6 +64,8 @@ Resources:
   TriggerBucket:
     # See also https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html
     DependsOn: MyConnector
+    UpdateReplacePolicy: Delete
+    DeletionPolicy: Delete
     Type: AWS::S3::Bucket
     Properties:
       BucketName: !Ref BucketName
diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py
@@ -252,7 +252,7 @@ def resources_to_link(self, resources: Dict[str, Any]) -> Dict[str, Any]:
             raise InvalidResourceException(self.logical_id, e.message) from e
 
     @cw_timer
-    def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
+    def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def] # noqa: PLR0912, PLR0915
         """Returns the Lambda function, role, and event resources to which this SAM Function corresponds.
 
         :param dict kwargs: already-converted resources that may need to be modified when converting this \
@@ -290,6 +290,15 @@ def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
                         self.logical_id,
                         "AutoPublishCodeSha256 must be a string",
                     )
+                # Lambda doesn't create a new version if the code in the unpublished version is the same as the
+                # previous published version. To address situations where users modify only the 'CodeUri' content,
+                # CloudFormation might not detect any changes in the Lambda function within the template, leading
+                # to deployment issues. To resolve this, we'll append codesha256 value to the description.
+                description = intrinsics_resolver.resolve_parameter_refs(self.Description)
+                if not description or isinstance(description, str):
+                    lambda_function.Description = f"{description} {code_sha256}" if description else code_sha256
+                else:
+                    lambda_function.Description = {"Fn::Join": [" ", [description, code_sha256]]}
             lambda_version = self._construct_version(
                 lambda_function, intrinsics_resolver=intrinsics_resolver, code_sha256=code_sha256
             )
diff --git a/tests/translator/input/function_with_alias_and_code_sha256.yaml b/tests/translator/input/function_with_alias_and_code_sha256.yaml
@@ -14,3 +14,24 @@ Resources:
       AutoPublishAlias: live
       AutoPublishCodeSha256: !Ref AutoPublishCodeSha256
       VersionDescription: sam-testing
+
+  FunctionWithIntrinsicDescription:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Handler: hello.handler
+      Runtime: python2.7
+      AutoPublishAlias: live
+      AutoPublishCodeSha256: !Ref AutoPublishCodeSha256
+      VersionDescription: sam-testing
+      Description: !Join [':', [a, b, c]]
+  FunctionWithDescription:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Handler: hello.handler
+      Runtime: python2.7
+      AutoPublishAlias: live
+      AutoPublishCodeSha256: !Ref AutoPublishCodeSha256
+      VersionDescription: sam-testing
+      Description: My testing description
diff --git a/tests/translator/output/aws-cn/function_with_alias_all_properties_and_code_sha256.json b/tests/translator/output/aws-cn/function_with_alias_all_properties_and_code_sha256.json
@@ -6,6 +6,7 @@
           "S3Bucket": "sam-demo-bucket",
           "S3Key": "hello.zip"
         },
+        "Description": "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b",
         "Handler": "hello.handler",
         "Role": {
           "Fn::GetAtt": [
diff --git a/tests/translator/output/aws-cn/function_with_alias_and_code_sha256.json b/tests/translator/output/aws-cn/function_with_alias_and_code_sha256.json
@@ -7,12 +7,188 @@
     }
   },
   "Resources": {
+    "FunctionWithDescription": {
+      "Properties": {
+        "Code": {
+          "S3Bucket": "sam-demo-bucket",
+          "S3Key": "hello.zip"
+        },
+        "Description": "My testing description 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b",
+        "Handler": "hello.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "FunctionWithDescriptionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python2.7",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "FunctionWithDescriptionAliaslive": {
+      "Properties": {
+        "FunctionName": {
+          "Ref": "FunctionWithDescription"
+        },
+        "FunctionVersion": {
+          "Fn::GetAtt": [
+            "FunctionWithDescriptionVersion6b86b273ff",
+            "Version"
+          ]
+        },
+        "Name": "live"
+      },
+      "Type": "AWS::Lambda::Alias"
+    },
+    "FunctionWithDescriptionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "FunctionWithDescriptionVersion6b86b273ff": {
+      "DeletionPolicy": "Retain",
+      "Properties": {
+        "Description": "sam-testing",
+        "FunctionName": {
+          "Ref": "FunctionWithDescription"
+        }
+      },
+      "Type": "AWS::Lambda::Version"
+    },
+    "FunctionWithIntrinsicDescription": {
+      "Properties": {
+        "Code": {
+          "S3Bucket": "sam-demo-bucket",
+          "S3Key": "hello.zip"
+        },
+        "Description": {
+          "Fn::Join": [
+            " ",
+            [
+              {
+                "Fn::Join": [
+                  ":",
+                  [
+                    "a",
+                    "b",
+                    "c"
+                  ]
+                ]
+              },
+              "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b"
+            ]
+          ]
+        },
+        "Handler": "hello.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "FunctionWithIntrinsicDescriptionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python2.7",
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::Lambda::Function"
+    },
+    "FunctionWithIntrinsicDescriptionAliaslive": {
+      "Properties": {
+        "FunctionName": {
+          "Ref": "FunctionWithIntrinsicDescription"
+        },
+        "FunctionVersion": {
+          "Fn::GetAtt": [
+            "FunctionWithIntrinsicDescriptionVersion6b86b273ff",
+            "Version"
+          ]
+        },
+        "Name": "live"
+      },
+      "Type": "AWS::Lambda::Alias"
+    },
+    "FunctionWithIntrinsicDescriptionRole": {
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+        ],
+        "Tags": [
+          {
+            "Key": "lambda:createdBy",
+            "Value": "SAM"
+          }
+        ]
+      },
+      "Type": "AWS::IAM::Role"
+    },
+    "FunctionWithIntrinsicDescriptionVersion6b86b273ff": {
+      "DeletionPolicy": "Retain",
+      "Properties": {
+        "Description": "sam-testing",
+        "FunctionName": {
+          "Ref": "FunctionWithIntrinsicDescription"
+        }
+      },
+      "Type": "AWS::Lambda::Version"
+    },
     "MinimalFunction": {
       "Properties": {
         "Code": {
           "S3Bucket": "sam-demo-bucket",
           "S3Key": "hello.zip"
         },
+        "Description": "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b",
         "Handler": "hello.handler",
         "Role": {
           "Fn::GetAtt": [
diff --git a/tests/translator/output/aws-us-gov/function_with_alias_all_properties_and_code_sha256.json b/tests/translator/output/aws-us-gov/function_with_alias_all_properties_and_code_sha256.json
@@ -6,6 +6,7 @@
           "S3Bucket": "sam-demo-bucket",
           "S3Key": "hello.zip"
         },
+        "Description": "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b",
         "Handler": "hello.handler",
         "Role": {
           "Fn::GetAtt": [
diff --git a/tests/translator/output/aws-us-gov/function_with_alias_and_code_sha256.json b/tests/translator/output/aws-us-gov/function_with_alias_and_code_sha256.json
diff --git a/tests/translator/output/function_with_alias_all_properties_and_code_sha256.json b/tests/translator/output/function_with_alias_all_properties_and_code_sha256.json
diff --git a/tests/translator/output/function_with_alias_and_code_sha256.json b/tests/translator/output/function_with_alias_and_code_sha256.json
