Skip to content

Commit 100cb5f

Browse files
authored
feat: Support Disabled Tracing Configuration (#3223)
1 parent 53eddc7 commit 100cb5f

File tree

10 files changed

+410
-13
lines changed

10 files changed

+410
-13
lines changed

samtranslator/internal/schema_source/aws_serverless_function.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -484,7 +484,7 @@ class ScheduleV2Event(BaseModel):
484484
VpcConfig = Optional[PassThroughProp]
485485
Environment = Optional[PassThroughProp]
486486
Tags = Optional[DictStrAny]
487-
Tracing = Optional[SamIntrinsicable[Literal["Active", "PassThrough"]]]
487+
Tracing = Optional[SamIntrinsicable[Literal["Active", "PassThrough", "Disabled"]]]
488488
KmsKeyArn = Optional[PassThroughProp]
489489
Layers = Optional[PassThroughProp]
490490
AutoPublishAlias = Optional[SamIntrinsicable[str]]

samtranslator/model/lambda_.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44
from samtranslator.model.intrinsics import fnGetAtt, ref
55
from samtranslator.utils.types import Intrinsicable
66

7+
LAMBDA_TRACING_CONFIG_DISABLED = "Disabled"
8+
79

810
class LambdaFunction(Resource):
911
resource_type = "AWS::Lambda::Function"

samtranslator/model/sam_resources.py

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
""" SAM macro definitions """
1+
""" SAM macro definitions """
22
import copy
33
from contextlib import suppress
44
from typing import Any, Callable, Dict, List, Optional, Tuple, Union, cast
@@ -88,6 +88,7 @@
8888
ref,
8989
)
9090
from samtranslator.model.lambda_ import (
91+
LAMBDA_TRACING_CONFIG_DISABLED,
9192
LambdaAlias,
9293
LambdaEventInvokeConfig,
9394
LambdaFunction,
@@ -265,7 +266,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def]
265266
if self.DeadLetterQueue:
266267
self._validate_dlq(self.DeadLetterQueue)
267268

268-
lambda_function = self._construct_lambda_function()
269+
lambda_function = self._construct_lambda_function(intrinsics_resolver)
269270
resources.append(lambda_function)
270271

271272
if self.ProvisionedConcurrencyConfig and not self.AutoPublishAlias:
@@ -325,6 +326,7 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def]
325326
execution_role = self._construct_role(
326327
managed_policy_map,
327328
event_invoke_policies,
329+
intrinsics_resolver,
328330
get_managed_policy_map,
329331
)
330332
lambda_function.Role = execution_role.get_runtime_attr("arn")
@@ -543,7 +545,7 @@ def _get_resolved_alias_name(
543545

544546
return resolved_alias_name
545547

546-
def _construct_lambda_function(self) -> LambdaFunction:
548+
def _construct_lambda_function(self, intrinsics_resolver: IntrinsicsResolver) -> LambdaFunction:
547549
"""Constructs and returns the Lambda function.
548550
549551
:returns: a list containing the Lambda function and execution role resources
@@ -576,7 +578,10 @@ def _construct_lambda_function(self) -> LambdaFunction:
576578
lambda_function.SnapStart = self.SnapStart
577579
lambda_function.EphemeralStorage = self.EphemeralStorage
578580

579-
if self.Tracing:
581+
tracing = intrinsics_resolver.resolve_parameter_refs(self.Tracing)
582+
583+
# Explicitly setting Trace to 'Disabled' is the same as omitting Tracing property.
584+
if self.Tracing and tracing != LAMBDA_TRACING_CONFIG_DISABLED:
580585
lambda_function.TracingConfig = {"Mode": self.Tracing}
581586

582587
if self.DeadLetterQueue:
@@ -608,6 +613,7 @@ def _construct_role(
608613
self,
609614
managed_policy_map: Dict[str, Any],
610615
event_invoke_policies: List[Dict[str, Any]],
616+
intrinsics_resolver: IntrinsicsResolver,
611617
get_managed_policy_map: Optional[GetManagedPolicyMap] = None,
612618
) -> IAMRole:
613619
"""Constructs a Lambda execution role based on this SAM function's Policies property.
@@ -624,7 +630,11 @@ def _construct_role(
624630
)
625631

626632
managed_policy_arns = [ArnGenerator.generate_aws_managed_policy_arn("service-role/AWSLambdaBasicExecutionRole")]
627-
if self.Tracing:
633+
634+
tracing = intrinsics_resolver.resolve_parameter_refs(self.Tracing)
635+
636+
# Do not add xray policy to generated IAM role if users explicitly specify 'Disabled' in Tracing property.
637+
if self.Tracing and tracing != LAMBDA_TRACING_CONFIG_DISABLED:
628638
managed_policy_name = get_xray_managed_policy_name()
629639
managed_policy_arns.append(ArnGenerator.generate_aws_managed_policy_arn(managed_policy_name))
630640
if self.VpcConfig:

samtranslator/schema/schema.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -244070,7 +244070,8 @@
244070244070
{
244071244071
"enum": [
244072244072
"Active",
244073-
"PassThrough"
244073+
"PassThrough",
244074+
"Disabled"
244074244075
],
244075244076
"type": "string"
244076244077
}
@@ -244456,7 +244457,8 @@
244456244457
{
244457244458
"enum": [
244458244459
"Active",
244459-
"PassThrough"
244460+
"PassThrough",
244461+
"Disabled"
244460244462
],
244461244463
"type": "string"
244462244464
}

schema_source/sam.schema.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5432,7 +5432,8 @@
54325432
{
54335433
"enum": [
54345434
"Active",
5435-
"PassThrough"
5435+
"PassThrough",
5436+
"Disabled"
54365437
],
54375438
"type": "string"
54385439
}
@@ -6009,7 +6010,8 @@
60096010
{
60106011
"enum": [
60116012
"Active",
6012-
"PassThrough"
6013+
"PassThrough",
6014+
"Disabled"
60136015
],
60146016
"type": "string"
60156017
}

tests/translator/input/function_with_tracing.yaml

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,47 @@ Parameters:
55
TracingParamActive:
66
Type: String
77
Default: Active
8+
TracingParamDisabled:
9+
Type: String
10+
Default: Disabled
811

912
Resources:
13+
DisabledTracingFunction:
14+
Type: AWS::Serverless::Function
15+
Properties:
16+
Handler: index.handler
17+
Runtime: nodejs14.x
18+
InlineCode: |
19+
exports.handler = async (event, context, callback) => {
20+
return {
21+
statusCode: 200,
22+
body: 'Success'
23+
}
24+
}
25+
MemorySize: 128
26+
Policies:
27+
- AWSLambdaRole
28+
- AmazonS3ReadOnlyAccess
29+
Tracing: Disabled
30+
31+
DisabledIntrinsicsTracingFunction:
32+
Type: AWS::Serverless::Function
33+
Properties:
34+
Handler: index.handler
35+
Runtime: nodejs14.x
36+
InlineCode: |
37+
exports.handler = async (event, context, callback) => {
38+
return {
39+
statusCode: 200,
40+
body: 'Success'
41+
}
42+
}
43+
MemorySize: 128
44+
Policies:
45+
- AWSLambdaRole
46+
- AmazonS3ReadOnlyAccess
47+
Tracing: !Ref TracingParamDisabled
48+
1049
RandomValueTracingFunction:
1150
Type: AWS::Serverless::Function
1251
Properties:

tests/translator/output/aws-cn/function_with_tracing.json

Lines changed: 114 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@
44
"Default": "Active",
55
"Type": "String"
66
},
7+
"TracingParamDisabled": {
8+
"Default": "Disabled",
9+
"Type": "String"
10+
},
711
"TracingParamPassThrough": {
812
"Default": "PassThrough",
913
"Type": "String"
@@ -130,6 +134,116 @@
130134
},
131135
"Type": "AWS::IAM::Role"
132136
},
137+
"DisabledIntrinsicsTracingFunction": {
138+
"Properties": {
139+
"Code": {
140+
"ZipFile": "exports.handler = async (event, context, callback) => {\n return {\n statusCode: 200,\n body: 'Success'\n }\n }\n"
141+
},
142+
"Handler": "index.handler",
143+
"MemorySize": 128,
144+
"Role": {
145+
"Fn::GetAtt": [
146+
"DisabledIntrinsicsTracingFunctionRole",
147+
"Arn"
148+
]
149+
},
150+
"Runtime": "nodejs14.x",
151+
"Tags": [
152+
{
153+
"Key": "lambda:createdBy",
154+
"Value": "SAM"
155+
}
156+
]
157+
},
158+
"Type": "AWS::Lambda::Function"
159+
},
160+
"DisabledIntrinsicsTracingFunctionRole": {
161+
"Properties": {
162+
"AssumeRolePolicyDocument": {
163+
"Statement": [
164+
{
165+
"Action": [
166+
"sts:AssumeRole"
167+
],
168+
"Effect": "Allow",
169+
"Principal": {
170+
"Service": [
171+
"lambda.amazonaws.com"
172+
]
173+
}
174+
}
175+
],
176+
"Version": "2012-10-17"
177+
},
178+
"ManagedPolicyArns": [
179+
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
180+
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
181+
"arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
182+
],
183+
"Tags": [
184+
{
185+
"Key": "lambda:createdBy",
186+
"Value": "SAM"
187+
}
188+
]
189+
},
190+
"Type": "AWS::IAM::Role"
191+
},
192+
"DisabledTracingFunction": {
193+
"Properties": {
194+
"Code": {
195+
"ZipFile": "exports.handler = async (event, context, callback) => {\n return {\n statusCode: 200,\n body: 'Success'\n }\n }\n"
196+
},
197+
"Handler": "index.handler",
198+
"MemorySize": 128,
199+
"Role": {
200+
"Fn::GetAtt": [
201+
"DisabledTracingFunctionRole",
202+
"Arn"
203+
]
204+
},
205+
"Runtime": "nodejs14.x",
206+
"Tags": [
207+
{
208+
"Key": "lambda:createdBy",
209+
"Value": "SAM"
210+
}
211+
]
212+
},
213+
"Type": "AWS::Lambda::Function"
214+
},
215+
"DisabledTracingFunctionRole": {
216+
"Properties": {
217+
"AssumeRolePolicyDocument": {
218+
"Statement": [
219+
{
220+
"Action": [
221+
"sts:AssumeRole"
222+
],
223+
"Effect": "Allow",
224+
"Principal": {
225+
"Service": [
226+
"lambda.amazonaws.com"
227+
]
228+
}
229+
}
230+
],
231+
"Version": "2012-10-17"
232+
},
233+
"ManagedPolicyArns": [
234+
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
235+
"arn:aws-cn:iam::aws:policy/service-role/AWSLambdaRole",
236+
"arn:aws-cn:iam::aws:policy/AmazonS3ReadOnlyAccess"
237+
],
238+
"Tags": [
239+
{
240+
"Key": "lambda:createdBy",
241+
"Value": "SAM"
242+
}
243+
]
244+
},
245+
"Type": "AWS::IAM::Role"
246+
},
133247
"EmptyTracingFunction": {
134248
"Properties": {
135249
"Code": {

0 commit comments

Comments
 (0)