def test_with_None_and_default(self): target = properties.Object(default={'prop': 'default'}, schema={'prop': properties.String()}) value = target('Test', None) self.assertEqual(value.prop, 'default')
def test_with_non_object(self): target = properties.Object(schema={'prop': properties.String()}) with self.assertRaises(properties.ValidationError) as e: value = target('Test', 1234) self.assertIn('Test', e.exception.message)
def load_reference_metadata_properties(event): # Strip the fields other than 'ReferenceMetadata' from event['ResourceProperties'] reference_metadata = event.get('ResourceProperties', {}).get('ReferenceMetadata', {}) event['ResourceProperties'] = {'ReferenceMetadata': reference_metadata} return properties.load( event, { 'ReferenceMetadata': properties.Object( schema={ 'Arn': properties.String(), 'PhysicalId': properties.String(), 'Permissions': properties.Object( schema={ 'Action': properties.StringOrListOfString(), 'ResourceSuffix': properties.StringOrListOfString() }) }) })
"Action": ["lambda:InvokeFunction"], "Resource": project_service_lambda_arn }) return json.dumps(policy) PROPERTIES_SCHEMA = { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String(), 'FunctionName': properties.String(), 'Settings': properties.Object(default={}, schema={'*': properties.String()}), 'Runtime': properties.String(), 'Services': properties.ObjectOrListOfObject(default=[], schema={ 'InterfaceId': properties.String(), 'Optional': properties.Boolean(default=False) }), 'IgnoreAppendingSettingsToZip': properties.Boolean(default=False) }
'MethodSettings': properties.Object( default={}, schema={ '*': properties.Object( default={}, # path, can be * schema={ '*': properties.Object( default={}, # method, can be * schema={ 'cacheDataEncrypted': properties.Boolean(default=False), 'cacheTtlInSeconds': properties.Integer(default=300), 'cachingEnabled': properties.Boolean(default=False), 'dataTraceEnabled': properties.Boolean(default=False), 'loggingLevel': properties.String(default='OFF'), 'metricsEnabled': properties.Boolean(default=False), 'throttlingBurstLimit': properties.Integer(default=500), 'throttlingRateLimit': properties.Integer(default=1000), }) }) }), 'StageVariables':
# Default custom resource lambda timeout in Seconds, can be between 3-900 as per Lambda spec _default_lambda_timeout = 10 # Seconds # Schema for _handler_properties_configuration # Set these values to increase memory and timeout values for a given custom resource Lambda # These are mostly Lambda configuration properties and should follow existing names and restrictions _handler_properties_configuration = { 'MemorySize': properties.Integer(default=_default_lambda_memory), # MB: Must be a multiple of 64MB as per Lambda spec 'Timeout': properties.Integer(default=_default_lambda_timeout), # Seconds: Must be between 3-900 as per Lambda spec } # Schema for ArnHandler or FunctionHandlers for core resource types _handler_schema = { 'Function': properties.String(""), 'HandlerFunctionConfiguration': properties.Object(default={}, schema=_handler_properties_configuration), 'PolicyStatement': properties.ObjectOrListOfObject(default=[], schema={ 'Sid': properties.String(""), 'Action': properties.StringOrListOfString(), 'Resource': properties.StringOrListOfString(default=[]), 'Effect': properties.String(), 'Condition': properties.Dictionary(default={}) }) } # Schema for the CoreResourceTypes custom CloudFormation resources. # Note: LambdaConfiguration and LambdaTimeout are globally applied to all custom resource Lambdas. To change Memory and Timeout for a given Lambda # use a HandlerFunctionConfiguration which overrides the global lambda configs # # Note: Need to define expected fields here to avoid "Property is not supported" failures during definition validation _schema = {
def test_with_object_and_no_default(self): target = properties.Object(schema={'prop': properties.String()}) value = target('Test', {'prop': 'value'}) self.assertEqual(value.prop, 'value')
def handler(event, context): props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String( ), ##this is only here to force the resource handler to execute on each update to the deployment 'IdentityPoolName': properties.String(), 'UseAuthSettingsObject': properties.String(), 'AllowUnauthenticatedIdentities': properties.String(), 'DeveloperProviderName': properties.String(default=''), 'Roles': properties.Object(default={}, schema={'*': properties.String()}), 'RoleMappings': properties.Object( default={}, schema={ 'Cognito': properties.Object( default={}, schema={ 'Type': properties.String(''), 'AmbiguousRoleResolution': properties.String('') }) }) }) #give the identity pool a unique name per stack stack_manager = stack_info.StackInfoManager() stack_name = aws_utils.get_stack_name_from_stack_arn(event['StackId']) identity_pool_name = stack_name + props.IdentityPoolName identity_pool_name = identity_pool_name.replace('-', ' ') identity_client = identity_pool.get_identity_client() identity_pool_id = custom_resource_utils.get_embedded_physical_id( event.get('PhysicalResourceId')) found_pool = identity_pool.get_identity_pool(identity_pool_id) request_type = event['RequestType'] if request_type == 'Delete': if found_pool != None: identity_client.delete_identity_pool( IdentityPoolId=identity_pool_id) data = {} else: use_auth_settings_object = props.UseAuthSettingsObject.lower( ) == 'true' supported_login_providers = {} if use_auth_settings_object == True: #download the auth settings from s3 player_access_key = 'player-access/' + constant.AUTH_SETTINGS_FILENAME auth_doc = json.loads( _load_doc_from_s3(props.ConfigurationBucket, player_access_key)) #if the doc has entries add them to the supported_login_providers dictionary if len(auth_doc) > 0: for key, value in auth_doc.iteritems(): supported_login_providers[ value['provider_uri']] = value['app_id'] cognito_identity_providers = identity_pool.get_cognito_identity_providers( stack_manager, event['StackId'], event['LogicalResourceId']) print 'Identity Providers: ', cognito_identity_providers allow_anonymous = props.AllowUnauthenticatedIdentities.lower( ) == 'true' #if the pool exists just update it, otherwise create a new one args = { 'IdentityPoolName': identity_pool_name, 'AllowUnauthenticatedIdentities': allow_anonymous, 'SupportedLoginProviders': supported_login_providers, 'CognitoIdentityProviders': cognito_identity_providers } if props.DeveloperProviderName: args['DeveloperProviderName'] = props.DeveloperProviderName if found_pool != None: identity_client.update_identity_pool( IdentityPoolId=identity_pool_id, **args) else: response = identity_client.create_identity_pool(**args) identity_pool_id = response['IdentityPoolId'] #update the roles for the pool role_mappings = {} if props.RoleMappings.Cognito.Type and len( cognito_identity_providers) > 0: print 'Adding role mappings for cognito', props.RoleMappings.Cognito.__dict__ role_mappings['{}:{}'.format( cognito_identity_providers[0]['ProviderName'], cognito_identity_providers[0] ['ClientId'])] = props.RoleMappings.Cognito.__dict__ print "Role Mappings: ", role_mappings identity_client.set_identity_pool_roles( IdentityPoolId=identity_pool_id, Roles=props.Roles.__dict__, RoleMappings=role_mappings) data = { 'IdentityPoolName': identity_pool_name, 'IdentityPoolId': identity_pool_id } physical_resource_id = identity_pool_id return custom_resource_response.success_response(data, physical_resource_id)
def handler(event, context): """Entry point for the Custom::CognitoIdentityPool resource handler.""" stack_id = event['StackId'] props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String( ), # this is only here to force the resource handler to execute on each update to the deployment 'IdentityPoolName': properties.String(), 'UseAuthSettingsObject': properties.String(), 'AllowUnauthenticatedIdentities': properties.String(), 'DeveloperProviderName': properties.String(default=''), 'ShareMode': properties.String( default='' ), # SHARED when the pool from the file should be used 'Roles': properties.Object(default={}, schema={'*': properties.String()}), 'RoleMappings': properties.Object( default={}, schema={ 'Cognito': properties.Object( default={}, schema={ 'Type': properties.String(''), 'AmbiguousRoleResolution': properties.String('') }) }) }) # give the identity pool a unique name per stack stack_manager = stack_info.StackInfoManager() stack = stack_manager.get_stack_info(stack_id) # Set up resource tags for all resources created tags = { constant.PROJECT_NAME_TAG: stack.project_stack.project_name, constant.STACK_ID_TAG: stack_id } shared_pool = aws_utils.get_cognito_pool_from_file( props.ConfigurationBucket, props.ConfigurationKey, event['LogicalResourceId'], stack) identity_pool_name = stack.stack_name + props.IdentityPoolName identity_pool_name = identity_pool_name.replace('-', ' ') identity_client = identity_pool.get_identity_client() identity_pool_id = custom_resource_utils.get_embedded_physical_id( event.get('PhysicalResourceId')) found_pool = identity_pool.get_identity_pool(identity_pool_id) request_type = event['RequestType'] if shared_pool and props.ShareMode == 'SHARED': data = { 'IdentityPoolName': identity_pool_name, 'IdentityPoolId': shared_pool['PhysicalResourceId'] } return custom_resource_response.success_response( data, shared_pool['PhysicalResourceId']) if request_type == 'Delete': if found_pool is not None: identity_client.delete_identity_pool( IdentityPoolId=identity_pool_id) data = {} else: use_auth_settings_object = props.UseAuthSettingsObject.lower( ) == 'true' supported_login_providers = {} if use_auth_settings_object: # download the auth settings from s3 player_access_key = 'player-access/' + constant.AUTH_SETTINGS_FILENAME auth_doc = json.loads( _load_doc_from_s3(props.ConfigurationBucket, player_access_key)) # if the doc has entries add them to the supported_login_providers dictionary if len(auth_doc) > 0: for key, value in six.iteritems(auth_doc): supported_login_providers[ value['provider_uri']] = value['app_id'] cognito_identity_providers = identity_pool.get_cognito_identity_providers( stack_manager, stack_id, event['LogicalResourceId']) print('Identity Providers: {}'.format(cognito_identity_providers)) allow_anonymous = props.AllowUnauthenticatedIdentities.lower( ) == 'true' # if the pool exists just update it, otherwise create a new one args = { 'IdentityPoolName': identity_pool_name, 'AllowUnauthenticatedIdentities': allow_anonymous, 'SupportedLoginProviders': supported_login_providers, 'CognitoIdentityProviders': cognito_identity_providers, 'IdentityPoolTags': tags } if props.DeveloperProviderName: args['DeveloperProviderName'] = props.DeveloperProviderName if found_pool is not None: identity_client.update_identity_pool( IdentityPoolId=identity_pool_id, **args) else: response = identity_client.create_identity_pool(**args) identity_pool_id = response['IdentityPoolId'] # update the roles for the pool role_mappings = {} if props.RoleMappings.Cognito.Type and len( cognito_identity_providers) > 0: print('Adding role mappings for Cognito {}'.format( props.RoleMappings.Cognito.__dict__)) role_mappings['{}:{}'.format( cognito_identity_providers[0]['ProviderName'], cognito_identity_providers[0] ['ClientId'])] = props.RoleMappings.Cognito.__dict__ print("Role Mappings: {}".format(role_mappings)) identity_client.set_identity_pool_roles( IdentityPoolId=identity_pool_id, Roles=props.Roles.__dict__, RoleMappings=role_mappings) data = { 'IdentityPoolName': identity_pool_name, 'IdentityPoolId': identity_pool_id } physical_resource_id = identity_pool_id return custom_resource_response.success_response(data, physical_resource_id)