def test_with_non_object(self): target = properties.Object(schema={'prop': properties.String()}) with self.assertRaises(properties.ValidationError) as e: value = target('Test', 1234) self.assertIn('Test', e.exception.message)
def test_with_None_and_default(self): target = properties.Object(default={'prop': 'default'}, schema={'prop': properties.String()}) value = target('Test', None) self.assertEqual(value.prop, 'default')
def handler(event, context): props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String( ), ##this is only here to force the resource handler to execute on each update to the deployment 'IdentityPoolName': properties.String(), 'UseAuthSettingsObject': properties.String(), 'AllowUnauthenticatedIdentities': properties.String(), 'Roles': properties.Object(default={}, schema={'*': properties.String()}), }) #give the identity pool a unique name per stack stack_name = discovery_utils.get_stack_name_from_stack_arn( event['StackId']) identity_pool_name = props.IdentityPoolName + stack_name identity_pool_name = identity_pool_name.replace('-', ' ') cognito_client = boto3.client('cognito-identity') found_pool = _find_identity_pool(cognito_client, identity_pool_name) identity_pool_id = None request_type = event['RequestType'] if request_type == 'Delete': if found_pool != None: identity_pool_id = found_pool['IdentityPoolId'] cognito_client.delete_identity_pool( IdentityPoolId=identity_pool_id) data = {} else: use_auth_settings_object = props.UseAuthSettingsObject.lower( ) == 'true' supported_login_providers = {} if use_auth_settings_object == True: #download the auth settings from s3 player_access_key = 'player-access/auth-settings.json' auth_doc = json.loads( _load_doc_from_s3(props.ConfigurationBucket, player_access_key)) #if the doc has entries add them to the supported_login_providers dictionary if len(auth_doc) > 0: for key, value in auth_doc.iteritems(): supported_login_providers[ value['provider_uri']] = value['app_id'] allow_anonymous = props.AllowUnauthenticatedIdentities.lower( ) == 'true' #if the pool exists just update it, otherwise create a new one if found_pool != None: response = cognito_client.update_identity_pool( IdentityPoolId=found_pool['IdentityPoolId'], IdentityPoolName=identity_pool_name, AllowUnauthenticatedIdentities=allow_anonymous, SupportedLoginProviders=supported_login_providers) identity_pool_id = found_pool['IdentityPoolId'] else: response = cognito_client.create_identity_pool( IdentityPoolName=identity_pool_name, AllowUnauthenticatedIdentities=allow_anonymous, SupportedLoginProviders=supported_login_providers) identity_pool_id = response['IdentityPoolId'] #now update the roles for the pool cognito_client.set_identity_pool_roles(IdentityPoolId=identity_pool_id, Roles=props.Roles.__dict__) data = { 'IdentityPoolName': identity_pool_name, 'IdentityPoolId': identity_pool_id } physical_resource_id = identity_pool_id custom_resource_response.succeed(event, context, data, physical_resource_id)
def test_with_object_and_no_default(self): target = properties.Object(schema={'prop': properties.String()}) value = target('Test', {'prop': 'value'}) self.assertEqual(value.prop, 'value')
def handler(event, context): props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String(), 'FunctionName': properties.String(), 'Settings': properties.Object(default={}, schema={'*': properties.String()}), 'Runtime': properties.String() }) request_type = event['RequestType'] stack_arn = event['StackId'] logical_role_name = event['LogicalResourceId'] physical_resource_name = event.get('PhysicalResourceId', None) # None when create request if request_type == 'Delete': role_utils.delete_role(stack_arn, logical_role_name, POLICY_NAME) data = {} else: policy_metadata_filter = lambda entry: _policy_metadata_filter( entry, props.FunctionName) if request_type == 'Create': physical_resource_name = discovery_utils.get_stack_name_from_stack_arn( stack_arn) + '-' + event['LogicalResourceId'] assume_role_service = 'lambda.amazonaws.com' role_arn = role_utils.create_role(stack_arn, logical_role_name, POLICY_NAME, assume_role_service, DEFAULT_POLICY_STATEMENTS, policy_metadata_filter) elif request_type == 'Update': role_arn = role_utils.update_role(stack_arn, logical_role_name, POLICY_NAME, DEFAULT_POLICY_STATEMENTS, policy_metadata_filter) else: raise ValidationError( 'Unexpected request type: {}'.format(request_type)) input_key = '{}/lambda-function-code.zip'.format( props.ConfigurationKey) output_key = _inject_settings(props.Settings.__dict__, props.Runtime, props.ConfigurationBucket, input_key, props.FunctionName) data = { 'ConfigurationBucket': props.ConfigurationBucket, 'ConfigurationKey': output_key, 'Runtime': props.Runtime, 'Role': role_arn } custom_resource_response.succeed(event, context, data, physical_resource_name)
def handler(event, context): props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String(), 'FunctionName': properties.String(), 'Settings': properties.Object(default={}, schema={'*': properties.String()}), 'Runtime': properties.String() }) request_type = event['RequestType'] if request_type == 'Delete': physical_resource_name = event['PhysicalResourceId'] resource_uuid = physical_resource_name.split(':')[4] _delete_role(resource_uuid) data = {} else: if request_type == 'Create': resource_uuid = uuid4() physical_resource_name = 'CloudCanvas:LambdaConfiguration:{stack_name}:{function_name}:{uuid}'.format( stack_name=discovery_utils.get_stack_name_from_stack_arn( event['StackId']), function_name=props.FunctionName, uuid=resource_uuid) role_arn = _create_role(event['StackId'], props.FunctionName, resource_uuid) else: # Update physical_resource_name = event['PhysicalResourceId'] resource_uuid = physical_resource_name.split(':')[4] role_arn = _update_role(event['StackId'], props.FunctionName, resource_uuid) output_key = '{}/feature-code.zip'.format(props.ConfigurationKey) output_key = _inject_settings(props.Settings.__dict__, props.Runtime, props.ConfigurationBucket, output_key, props.FunctionName) data = { 'ConfigurationBucket': props.ConfigurationBucket, 'ConfigurationKey': output_key, 'Runtime': props.Runtime, 'Role': role_arn } custom_resource_response.succeed(event, context, data, physical_resource_name)
def handler(event, context): props = properties.load( event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String(), 'FunctionName': properties.String(), 'Settings': properties.Object(default={}, schema={'*': properties.String()}), 'Runtime': properties.String() }) request_type = event['RequestType'] stack_arn = event['StackId'] logical_role_name = props.FunctionName id_data = aws_utils.get_data_from_custom_physical_resource_id( event.get('PhysicalResourceId', None)) if request_type == 'Delete': role_utils.delete_access_control_role(id_data, logical_role_name) response_data = {} else: if request_type == 'Create': project_service_lambda_arn = _get_project_service_lambda_arn( stack_arn) assume_role_service = 'lambda.amazonaws.com' role_arn = role_utils.create_access_control_role( id_data, stack_arn, logical_role_name, assume_role_service, default_policy=get_default_policy(project_service_lambda_arn)) elif request_type == 'Update': role_arn = role_utils.get_access_control_role_arn( id_data, logical_role_name) else: raise RuntimeError( 'Unexpected request type: {}'.format(request_type)) _add_built_in_settings(props.Settings.__dict__, stack_arn) # Check if we have a folder just for this function, if not use the default input_key = _get_input_key(props) output_key = _inject_settings(props.Settings.__dict__, props.Runtime, props.ConfigurationBucket, input_key, props.FunctionName) response_data = { 'ConfigurationBucket': props.ConfigurationBucket, 'ConfigurationKey': output_key, 'Runtime': props.Runtime, 'Role': role_arn, 'RoleName': role_utils.get_access_control_role_name(stack_arn, logical_role_name) } physical_resource_id = aws_utils.construct_custom_physical_resource_id_with_data( stack_arn, event['LogicalResourceId'], id_data) custom_resource_response.succeed(event, context, response_data, physical_resource_id)
def handler(event, context): props = properties.load(event, { 'ConfigurationBucket': properties.String(), 'ConfigurationKey': properties.String(), ##this is only here to force the resource handler to execute on each update to the deployment 'IdentityPoolName': properties.String(), 'UseAuthSettingsObject': properties.String(), 'AllowUnauthenticatedIdentities': properties.String(), 'DeveloperProviderName': properties.String(default=''), 'Roles': properties.Object( default={}, schema={ '*': properties.String() }), 'RoleMappings': properties.Object(default={}, schema={ 'Cognito': properties.Object(default={}, schema={ 'Type': properties.String(''), 'AmbiguousRoleResolution': properties.String('') }) } ) }) #give the identity pool a unique name per stack stack_name = aws_utils.get_stack_name_from_stack_arn(event['StackId']) identity_pool_name = stack_name+props.IdentityPoolName identity_pool_name = identity_pool_name.replace('-', ' ') identity_client = identity_pool.get_identity_client() identity_pool_id = event.get('PhysicalResourceId') found_pool = identity_pool.get_identity_pool(identity_pool_id) request_type = event['RequestType'] if request_type == 'Delete': if found_pool != None: identity_client.delete_identity_pool(IdentityPoolId=identity_pool_id) data = {} else: use_auth_settings_object = props.UseAuthSettingsObject.lower() == 'true' supported_login_providers = {} if use_auth_settings_object == True: #download the auth settings from s3 player_access_key = 'player-access/'+constant.AUTH_SETTINGS_FILENAME auth_doc = json.loads(_load_doc_from_s3(props.ConfigurationBucket, player_access_key)) #if the doc has entries add them to the supported_login_providers dictionary if len(auth_doc) > 0: for key, value in auth_doc.iteritems(): supported_login_providers[value['provider_uri']] = value['app_id'] cognito_identity_providers = identity_pool.get_cognito_identity_providers(event['StackId'], event['LogicalResourceId']) print 'Identity Providers: ', cognito_identity_providers allow_anonymous = props.AllowUnauthenticatedIdentities.lower() == 'true' #if the pool exists just update it, otherwise create a new one args = { 'IdentityPoolName': identity_pool_name, 'AllowUnauthenticatedIdentities': allow_anonymous, 'SupportedLoginProviders': supported_login_providers, 'CognitoIdentityProviders': cognito_identity_providers } if props.DeveloperProviderName: args['DeveloperProviderName'] = props.DeveloperProviderName if found_pool != None: identity_client.update_identity_pool(IdentityPoolId=identity_pool_id, **args) else: response = identity_client.create_identity_pool(**args) identity_pool_id=response['IdentityPoolId'] #update the roles for the pool role_mappings = {} if props.RoleMappings.Cognito.Type and len(cognito_identity_providers) > 0: print 'Adding role mappings for cognito', props.RoleMappings.Cognito.__dict__ role_mappings['{}:{}'.format(cognito_identity_providers[0]['ProviderName'],cognito_identity_providers[0]['ClientId'])]=props.RoleMappings.Cognito.__dict__ print "Role Mappings: ", role_mappings identity_client.set_identity_pool_roles( IdentityPoolId=identity_pool_id, Roles=props.Roles.__dict__, RoleMappings=role_mappings) data = { 'IdentityPoolName': identity_pool_name, 'IdentityPoolId': identity_pool_id } physical_resource_id = identity_pool_id custom_resource_response.succeed(event, context, data, physical_resource_id)
'MethodSettings': properties.Object( default={}, schema={ '*': properties.Object( default={}, # path, can be * schema={ '*': properties.Object( default={}, # method, can be * schema={ 'CacheDataEncrypted': properties.Boolean(default=False), 'CacheTtlInSeconds': properties.Integer(default=60), 'CachingEnable': properties.Boolean(default=False), 'DataTraceEnabled': properties.Boolean(default=False), 'LoggingLevel': properties.String(default='OFF'), 'MetricsEnabled': properties.Boolean(default=False), 'ThrottlingBurstLimit': properties.Integer(default=2000), 'ThrottlingRateLimit': properties.Integer(default=1000), }) }) }), 'StageVariables':