def test_can_inject_policy(self, sample_sqs_event_app):
config = Config.create(chalice_app=sample_sqs_event_app,
autogen_policy=True,
project_dir='.')
event_source = self.create_model_from_app(sample_sqs_event_app, config)
role = event_source.lambda_function.role
role.policy.document = {'Statement': []}
injector = LambdaEventSourcePolicyInjector()
injector.handle(config, event_source)
assert role.policy.document == {
'Statement': [SQS_EVENT_SOURCE_POLICY.copy()],
}
def handle_sqseventsource(self, config, resource):
# type: (Config, models.SQSEventSource) -> None
# The sqs integration works by polling for
# available records so the lambda function needs
# permission to call sqs.
role = resource.lambda_function.role
if (not self._policy_injected
and isinstance(role, models.ManagedIAMRole)
and isinstance(role.policy, models.AutoGenIAMPolicy)
and not isinstance(role.policy.document, models.Placeholder)):
self._inject_trigger_policy(role.policy.document,
SQS_EVENT_SOURCE_POLICY.copy())
self._policy_injected = True
def handle_sqseventsource(self, config, resource):
# type: (Config, models.SQSEventSource) -> None
# The sqs integration works by polling for
# available records so the lambda function needs
# permission to call sqs.
role = resource.lambda_function.role
if (not self._policy_injected and
isinstance(role, models.ManagedIAMRole) and
isinstance(role.policy, models.AutoGenIAMPolicy) and
not isinstance(role.policy.document,
models.Placeholder)):
self._inject_trigger_policy(role.policy.document,
SQS_EVENT_SOURCE_POLICY.copy())
self._policy_injected = True
def handle_sqseventsource(self, config, resource):
# type: (Config, models.SQSEventSource) -> None
# The sqs integration works by polling for
# available records so the lambda function needs
# permission to call sqs.
role = resource.lambda_function.role
if not self._sqs_policy_injected and \
self._needs_policy_injected(role):
# mypy can't follow the type narrowing from
# _needs_policy_injected so we're working around
# that by explicitly casting the role.
role = cast(models.ManagedIAMRole, role)
document = cast(Dict[str, Any], role.policy.document)
self._inject_trigger_policy(document,
SQS_EVENT_SOURCE_POLICY.copy())
self._sqs_policy_injected = True
def test_no_inject_is_already_injected(self, sample_sqs_event_app):
@sample_sqs_event_app.on_sqs_message(queue='second-queue')
def second_handler(event):
pass
config = Config.create(chalice_app=sample_sqs_event_app,
autogen_policy=True,
project_dir='.')
builder = ApplicationGraphBuilder()
application = builder.build(config, stage_name='dev')
event_sources = application.resources
role = event_sources[1].lambda_function.role
role.policy.document = {'Statement': []}
injector = LambdaEventSourcePolicyInjector()
injector.handle(config, event_sources[0])
injector.handle(config, event_sources[1])
# Even though we have two queue handlers, we only need to
# inject the policy once.
assert role.policy.document == {
'Statement': [SQS_EVENT_SOURCE_POLICY.copy()],
}