CloudFormation: Error when referencing unknown resource in FN:GetAtt (#6019)

2023-03-06 15:00:20 -01:00 · 2023-03-06 15:00:20 -01:00 · 26904fdb36
commit 26904fdb36
parent 4ac344bda6
3 changed files with 40 additions and 4 deletions
--- a/moto/cloudformation/parsing.py
+++ b/moto/cloudformation/parsing.py
@ -137,13 +137,16 @@ def clean_json(resource_json: Any, resources_map: "ResourceMap") -> Any:
            return result

        if "Fn::GetAtt" in resource_json:
-            resource = resources_map.get(resource_json["Fn::GetAtt"][0])
+            resource_name = resource_json["Fn::GetAtt"][0]
+            resource = resources_map.get(resource_name)
            if resource is None:
-                return resource_json
+                raise ValidationError(
+                    message=f"Template error: instance of Fn::GetAtt references undefined resource {resource_name}"
+                )
            try:
                return resource.get_cfn_attribute(resource_json["Fn::GetAtt"][1])
            except NotImplementedError as n:
-                logger.warning(str(n).format(resource_json["Fn::GetAtt"][0]))
+                logger.warning(str(n).format(resource_name))
            except UnformattedGetAttTemplateException:
                raise ValidationError(
                    "Bad Request",
--- a/tests/test_cloudformation/fixtures/custom_lambda.py
+++ b/tests/test_cloudformation/fixtures/custom_lambda.py
@ -69,3 +69,16 @@ def get_template(lambda_code):
            }
        },
    }
+
+
+def get_template_for_unknown_lambda():
+    return {
+        "AWSTemplateFormatVersion": "2010-09-09",
+        "Description": "Sample template using Custom Resource pointing to unknown Function",
+        "Resources": {
+            "CustomInfo": {
+                "Type": "Custom::Info",
+                "Properties": {"ServiceToken": {"Fn::GetAtt": ["InfoFunction", "Arn"]}},
+            },
+        },
+    }
--- a/tests/test_cloudformation/test_cloudformation_custom_resources.py
+++ b/tests/test_cloudformation/test_cloudformation_custom_resources.py
@ -3,12 +3,14 @@ import json
 import requests
 import sure  # noqa # pylint: disable=unused-import
 import time
+import pytest

+from botocore.exceptions import ClientError
 from moto import mock_lambda, mock_cloudformation, mock_logs, mock_s3, settings
 from unittest import SkipTest
 from uuid import uuid4
 from tests.test_awslambda.utilities import wait_for_log_msg
-from .fixtures.custom_lambda import get_template
+from .fixtures.custom_lambda import get_template, get_template_for_unknown_lambda


 def get_lambda_code():
@ -170,6 +172,24 @@ def test_create_custom_lambda_resource__verify_manual_request():
    )


+@mock_cloudformation
+def test_create_custom_lambda_resource__unknown_arn():
+    # Try to create a Lambda with an unknown ARN
+    # Verify that this fails in a predictable manner
+    cf = boto3.client("cloudformation", region_name="eu-north-1")
+    with pytest.raises(ClientError) as exc:
+        cf.create_stack(
+            StackName=f"stack{str(uuid4())[0:6]}",
+            TemplateBody=json.dumps(get_template_for_unknown_lambda()),
+            Capabilities=["CAPABILITY_IAM"],
+        )
+    err = exc.value.response["Error"]
+    err["Code"].should.equal("ValidationError")
+    err["Message"].should.equal(
+        "Template error: instance of Fn::GetAtt references undefined resource InfoFunction"
+    )
+
+
 def get_log_group_name(cf, stack_name):
    resources = cf.describe_stack_resources(StackName=stack_name)["StackResources"]
    start = time.time()