feat(function): Add validation for S3 NotificationConfiguration (#2473)

Author: hawflau

samtranslator/model/eventsources/push.py

@@ -313,7 +313,7 @@ def to_cloudformation(self, **kwargs):
         #   merging is literally "last one wins", which works fine because we linearly loop through the template once.
         #   The de-dupe happens inside `samtranslator.translator.Translator.translate` method when merging results of
         #   to_cloudformation() to output template.
-        self._inject_notification_configuration(function, bucket)
+        self._inject_notification_configuration(function, bucket, bucket_id)
         resources.append(S3Bucket.from_dict(bucket_id, bucket))
 
         return resources
@@ -378,7 +378,7 @@ def _depend_on_lambda_permissions_using_tag(self, bucket, permission):
         properties["Tags"] = tags + get_tag_list(dep_tag)
         return bucket
 
-    def _inject_notification_configuration(self, function, bucket):
+    def _inject_notification_configuration(self, function, bucket, bucket_id):
         base_event_mapping = {"Function": function.get_runtime_attr("arn")}
 
         if self.Filter is not None:
@@ -407,13 +407,16 @@ def _inject_notification_configuration(self, function, bucket):
             notification_config = {}
             properties["NotificationConfiguration"] = notification_config
 
+        if not isinstance(notification_config, dict):
+            raise InvalidResourceException(bucket_id, "Invalid type for NotificationConfiguration.")
+
         lambda_notifications = notification_config.get("LambdaConfigurations", None)
         if lambda_notifications is None:
             lambda_notifications = []
             notification_config["LambdaConfigurations"] = lambda_notifications
 
         if not isinstance(lambda_notifications, list):
-            raise InvalidResourceException(self.logical_id, "Invalid type for LambdaConfigurations. Must be a list.")
+            raise InvalidResourceException(bucket_id, "Invalid type for LambdaConfigurations. Must be a list.")
 
         for event_mapping in event_mappings:
             if event_mapping not in lambda_notifications:

tests/translator/input/error_s3_lambda_configuration_invalid_type.yaml

@@ -21,4 +21,31 @@ Resources:
       NotificationConfiguration:
         LambdaConfigurations:
           Event: s3:ObjectCreated:Put
-          Function: arn:aws:iam::...
+          Function: arn:aws:iam::...
+
+  AnotherFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: app.lambdaHandler
+      Runtime: nodejs14.x
+      Architectures:
+        - x86_64
+      Events:
+        S3Event:
+          Type: S3
+          Properties:
+            Bucket:
+              Ref: AnotherBucket
+            Events: s3:ObjectCreated:*
+
+  AnotherBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      NotificationConfiguration:
+      - Event: s3:ObjectCreated:*
+        Function:
+          Fn::GetAtt:
+          - AnotherFunction
+          - Arn
+        

tests/translator/output/error_s3_lambda_configuration_invalid_type.json

@@ -4,5 +4,5 @@
       "errorMessage": "Resource with id [AppFunctionS3Event] is invalid. Invalid type for LambdaConfigurations. Must be a list."
     }
   ],
-  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [AppFunctionS3Event] is invalid. Invalid type for LambdaConfigurations. Must be a list."
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 2. Resource with id [AnotherBucket] is invalid. Invalid type for NotificationConfiguration. Resource with id [RandomBucket] is invalid. Invalid type for LambdaConfigurations. Must be a list."
 }