Fix scenario if role is provided (#85)

Author: arothian

lib/cfn-model/transforms/serverless.rb

@@ -133,7 +133,9 @@ def replace_serverless_function(cfn_hash, resource_name, with_line_numbers)
         # https://github.com/aws/serverless-application-model/issues/264
         if serverless_function.key?('Metadata') && serverless_function['Metadata'].key?('cfn_nag')
           cfn_hash['Resources'][resource_name]['Metadata'] = serverless_function['Metadata']
-          cfn_hash['Resources'][resource_name + 'Role']['Metadata'] = serverless_function['Metadata']
+          unless serverless_function['Properties']['Role']
+            cfn_hash['Resources'][resource_name + 'Role']['Metadata'] = serverless_function['Metadata']
+          end
         end
       end
 

spec/test_templates/yaml/sam/valid_metadata_lambda_fn.yml

@@ -2,6 +2,9 @@
 # Example from
 # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html
 Transform: AWS::Serverless-2016-10-31
+Parameters:
+  RoleArn:
+    Type: String
 Resources:
   MyServerlessFunctionLogicalID:
     Type: AWS::Serverless::Function
@@ -14,3 +17,15 @@ Resources:
       Handler: index.handler
       Runtime: nodejs12.x
       CodeUri: 's3://testBucket/mySourceCode.zip'
+  MyServerlessFunctionLogicalID2:
+    Type: AWS::Serverless::Function
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: W58
+            reason: I know what I am doing
+    Properties:
+      Handler: index.handler
+      Runtime: nodejs12.x
+      CodeUri: 's3://testBucket/mySourceCode.zip'
+      Role: !Ref RoleArn

spec/transforms/serverless_spec.rb

@@ -113,6 +113,20 @@
         actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalIDRole'].key?('Metadata')
       ).to be true
     end
+    it 'Adds metadata to transformed resources without role' do
+      cloudformation_template_yml = \
+        yaml_test_template('sam/valid_metadata_lambda_fn')
+      actual_cfn_model = @cfn_parser.parse cloudformation_template_yml
+      expect(
+        actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalID'].key?('Metadata')
+      ).to be true
+      expect(
+        actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalIDRole'].key?('Metadata')
+      ).to be true
+      expect(
+        actual_cfn_model.raw_model['Resources']['MyServerlessFunctionLogicalID2'].key?('Metadata')
+      ).to be true
+    end
   end
 
   context 'Template with serverless transform without URI' do