Fail connector when Permissions is an empty list (#261)

xazhao · hoffa · web-flow · commit 358a19c0d43b · 2022-09-27T15:38:00.000-07:00
* Fail connector when Permissions is an empty list

* Update samtranslator/model/sam_resources.py

Co-authored-by: Chris Rehn &lt;1280602+hoffa@users.noreply.github.com&gt;

Co-authored-by: Chris Rehn &lt;1280602+hoffa@users.noreply.github.com&gt;
diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py
@@ -1653,9 +1653,16 @@ def to_cloudformation(self, **kwargs) -> List:
         profile_permissions = profile_properties["AccessCategories"]
         valid_permissions_combinations = profile_properties.get("ValidAccessCategories")
 
+        valid_permissions_str = ", ".join(profile_permissions)
+
+        if not self.Permissions:
+            raise InvalidResourceException(
+                self.logical_id,
+                f"'Permissions' cannot be empty; valid values are: {valid_permissions_str}.",
+            )
+
         for permission in self.Permissions:
             if permission not in profile_permissions:
-                valid_permissions_str = ", ".join(profile_permissions)
                 raise InvalidResourceException(
                     self.logical_id,
                     f"Unsupported 'Permissions' provided; valid values are: {valid_permissions_str}.",
diff --git a/tests/translator/input/error_connector.yaml b/tests/translator/input/error_connector.yaml
@@ -171,4 +171,13 @@ Resources:
         Id: MyFunction
       Destination:
         Id: MyQueue
-      Permission:
+      Permissions:
+
+  EmptyListPermissionConnector:
+    Type: AWS::Serverless::Connector
+    Properties:
+      Source:
+        Id: MyFunction
+      Destination:
+        Id: MyQueue
+      Permissions: []
diff --git a/tests/translator/output/error_connector.json b/tests/translator/output/error_connector.json
@@ -44,7 +44,10 @@
       },
       {
         "errorMessage": "Resource with id [EmptyPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector"
+      },
+      {
+        "errorMessage": "Resource with id [EmptyListPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector"
       }
     ], 
-    "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 15. Resource with id [BothIdAndOtherProps] is invalid. Must provide either 'Id' or a combination of the other properties, not both. Resource with id [EmptyPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector Resource with id [MissingLambdaFunctionArn] is invalid. Source.Arn is missing. Resource with id [MissingRole] is invalid. Unable to get IAM role name from 'Source' resource. Resource with id [MissingRoleDestination] is invalid. Unable to get IAM role name from 'Destination' resource. Resource with id [MissingSnsTopicArn] is invalid. Destination.Arn is missing. Resource with id [MissingSqsQueueUrl] is invalid. Destination.Arn is missing. Resource with id [NoIdMissingType] is invalid. 'Type' is missing or not a string. Resource with id [NoPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [NonExistentLogicalId] is invalid. Unable to find resource with logical ID 'ThisDoesntExist'. Resource with id [NonStrId] is invalid. 'Id' is missing or not a string. Resource with id [ResourceWithoutType] is invalid. 'Type' is missing or not a string. Resource with id [UnsupportedAccessCategory] is invalid. Unsupported 'Permissions' provided; valid values are: Read, Write. Resource with id [UnsupportedAccessCategoryCombination] is invalid. Unsupported 'Permissions' provided; valid combinations are: Read + Write. Resource with id [UnsupportedType] is invalid. Unable to create connector from AWS::Fancy::CoolType to AWS::Lambda::Function; it's not supported or the template is invalid."
+    "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 16. Resource with id [BothIdAndOtherProps] is invalid. Must provide either 'Id' or a combination of the other properties, not both. Resource with id [EmptyListPermissionConnector] is invalid. 'Permissions' can not be empty; valid values are: Read, Write. Resource with id [EmptyPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [MissingLambdaFunctionArn] is invalid. Source.Arn is missing. Resource with id [MissingRole] is invalid. Unable to get IAM role name from 'Source' resource. Resource with id [MissingRoleDestination] is invalid. Unable to get IAM role name from 'Destination' resource. Resource with id [MissingSnsTopicArn] is invalid. Destination.Arn is missing. Resource with id [MissingSqsQueueUrl] is invalid. Destination.Arn is missing. Resource with id [NoIdMissingType] is invalid. 'Type' is missing or not a string. Resource with id [NoPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [NonExistentLogicalId] is invalid. Unable to find resource with logical ID 'ThisDoesntExist'. Resource with id [NonStrId] is invalid. 'Id' is missing or not a string. Resource with id [ResourceWithoutType] is invalid. 'Type' is missing or not a string. Resource with id [UnsupportedAccessCategory] is invalid. Unsupported 'Permissions' provided; valid values are: Read, Write. Resource with id [UnsupportedAccessCategoryCombination] is invalid. Unsupported 'Permissions' provided; valid combinations are: Read + Write. Resource with id [UnsupportedType] is invalid. Unable to create connector from AWS::Fancy::CoolType to AWS::Lambda::Function; it's not supported or the template is invalid."
   }

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,10 @@`
`44`	`44`	`},`
`45`	`45`	`{`
`46`	`46`	`"errorMessage": "Resource with id [EmptyPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector"`
	`47`	`+ },`
	`48`	`+ {`
	`49`	`+ "errorMessage": "Resource with id [EmptyListPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector"`
`47`	`50`	`}`
`48`	`51`	`],`
`49`		- "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 15. Resource with id [BothIdAndOtherProps] is invalid. Must provide either 'Id' or a combination of the other properties, not both. Resource with id [EmptyPermissionConnector] is invalid. property Permission not defined for resource of type AWS::Serverless::Connector Resource with id [MissingLambdaFunctionArn] is invalid. Source.Arn is missing. Resource with id [MissingRole] is invalid. Unable to get IAM role name from 'Source' resource. Resource with id [MissingRoleDestination] is invalid. Unable to get IAM role name from 'Destination' resource. Resource with id [MissingSnsTopicArn] is invalid. Destination.Arn is missing. Resource with id [MissingSqsQueueUrl] is invalid. Destination.Arn is missing. Resource with id [NoIdMissingType] is invalid. 'Type' is missing or not a string. Resource with id [NoPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [NonExistentLogicalId] is invalid. Unable to find resource with logical ID 'ThisDoesntExist'. Resource with id [NonStrId] is invalid. 'Id' is missing or not a string. Resource with id [ResourceWithoutType] is invalid. 'Type' is missing or not a string. Resource with id [UnsupportedAccessCategory] is invalid. Unsupported 'Permissions' provided; valid values are: Read, Write. Resource with id [UnsupportedAccessCategoryCombination] is invalid. Unsupported 'Permissions' provided; valid combinations are: Read + Write. Resource with id [UnsupportedType] is invalid. Unable to create connector from AWS::Fancy::CoolType to AWS::Lambda::Function; it's not supported or the template is invalid."
	`52`	+ "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 16. Resource with id [BothIdAndOtherProps] is invalid. Must provide either 'Id' or a combination of the other properties, not both. Resource with id [EmptyListPermissionConnector] is invalid. 'Permissions' can not be empty; valid values are: Read, Write. Resource with id [EmptyPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [MissingLambdaFunctionArn] is invalid. Source.Arn is missing. Resource with id [MissingRole] is invalid. Unable to get IAM role name from 'Source' resource. Resource with id [MissingRoleDestination] is invalid. Unable to get IAM role name from 'Destination' resource. Resource with id [MissingSnsTopicArn] is invalid. Destination.Arn is missing. Resource with id [MissingSqsQueueUrl] is invalid. Destination.Arn is missing. Resource with id [NoIdMissingType] is invalid. 'Type' is missing or not a string. Resource with id [NoPermissionConnector] is invalid. Missing required property 'Permissions'. Resource with id [NonExistentLogicalId] is invalid. Unable to find resource with logical ID 'ThisDoesntExist'. Resource with id [NonStrId] is invalid. 'Id' is missing or not a string. Resource with id [ResourceWithoutType] is invalid. 'Type' is missing or not a string. Resource with id [UnsupportedAccessCategory] is invalid. Unsupported 'Permissions' provided; valid values are: Read, Write. Resource with id [UnsupportedAccessCategoryCombination] is invalid. Unsupported 'Permissions' provided; valid combinations are: Read + Write. Resource with id [UnsupportedType] is invalid. Unable to create connector from AWS::Fancy::CoolType to AWS::Lambda::Function; it's not supported or the template is invalid."
`50`	`53`	`}`