Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def assert_required_roles_created(self, application):
resources = application.resources
assert len(resources) == len(self.given)
functions_by_name = {f.function_name: f for f in resources}
# Roles that have the same name/arn should be the same
# object. If we encounter a role that's already in
# roles_by_identifier, we'll verify that it's the exact same object.
roles_by_identifier = {}
for function_name, expected in self.roles.items():
full_name = 'appname-dev-%s' % function_name
assert full_name in functions_by_name
actual_role = functions_by_name[full_name].role
expectations = self.roles[function_name]
if not expectations.get('managed_role', True):
actual_role_arn = actual_role.role_arn
assert isinstance(actual_role, models.PreCreatedIAMRole)
assert expectations['iam_role_arn'] == actual_role_arn
if actual_role_arn in roles_by_identifier:
assert roles_by_identifier[actual_role_arn] is actual_role
roles_by_identifier[actual_role_arn] = actual_role
continue
actual_name = actual_role.role_name
assert expectations['name'] == actual_name
if actual_name in roles_by_identifier:
assert roles_by_identifier[actual_name] is actual_role
roles_by_identifier[actual_name] = actual_role
is_autogenerated = expectations.get('autogenerated', False)
policy_file = expectations.get('policy_file')
if is_autogenerated:
assert isinstance(actual_role, models.ManagedIAMRole)
assert isinstance(actual_role.policy, models.AutoGenIAMPolicy)
if policy_file is not None and not is_autogenerated:
application = builder.build(config, stage_name='dev')
# The top level resource is always an Application.
assert isinstance(application, models.Application)
assert len(application.resources) == 1
assert application.resources[0] == models.LambdaFunction(
resource_name='foo',
function_name='lambda-only-dev-foo',
environment_variables={},
runtime=config.lambda_python_version,
handler='app.foo',
tags=config.tags,
timeout=None,
memory_size=None,
deployment_package=models.DeploymentPackage(
models.Placeholder.BUILD_STAGE),
role=models.PreCreatedIAMRole('role:arn'),
security_group_ids=[],
subnet_ids=[],
layers=[],
reserved_concurrency=5,
)
def lambda_function():
return models.LambdaFunction(
resource_name='foo',
function_name='app-stage-foo',
deployment_package=None,
environment_variables={},
runtime='python2.7',
handler='app.app',
tags={},
timeout=None,
memory_size=None,
role=models.PreCreatedIAMRole(role_arn='foobar'),
security_group_ids=[],
subnet_ids=[],
layers=[],
reserved_concurrency=None,
)
security_group_ids=['sg1', 'sg2'],
subnet_ids=['sn1', 'sn2'])
application = builder.build(config, stage_name='dev')
assert application.resources[0] == models.LambdaFunction(
resource_name='foo',
function_name='lambda-only-dev-foo',
environment_variables={},
runtime=config.lambda_python_version,
handler='app.foo',
tags=config.tags,
timeout=None,
memory_size=None,
deployment_package=models.DeploymentPackage(
models.Placeholder.BUILD_STAGE),
role=models.PreCreatedIAMRole('role:arn'),
security_group_ids=['sg1', 'sg2'],
subnet_ids=['sn1', 'sn2'],
layers=[],
reserved_concurrency=None,
)
def _create_role_reference(self, config, stage_name, function_name):
# type: (Config, str, str) -> models.IAMRole
# First option, the user doesn't want us to manage
# the role at all.
if not config.manage_iam_role:
# We've already validated the iam_role_arn is provided
# if manage_iam_role is set to False.
return models.PreCreatedIAMRole(
role_arn=config.iam_role_arn,
)
policy = models.IAMPolicy(document=models.Placeholder.BUILD_STAGE)
if not config.autogen_policy:
resource_name = '%s_role' % function_name
role_name = '%s-%s-%s' % (config.app_name, stage_name,
function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir,
'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(
def _create_role_reference(self, config, stage_name, function_name):
# type: (Config, str, str) -> models.IAMRole
# First option, the user doesn't want us to manage
# the role at all.
if not config.manage_iam_role:
# We've already validated the iam_role_arn is provided
# if manage_iam_role is set to False.
return models.PreCreatedIAMRole(
role_arn=config.iam_role_arn,
)
policy = models.IAMPolicy()
if not config.autogen_policy:
resource_name = 'role-%s' % function_name
role_name = '%s-%s-%s' % (config.app_name, stage_name,
function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir,
'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(filename=filename)