def _create_role_reference(self, config, stage_name, function_name):
# type: (Config, str, str) -> models.IAMRole
# First option, the user doesn't want us to manage
# the role at all.
if not config.manage_iam_role:
# We've already validated the iam_role_arn is provided
# if manage_iam_role is set to False.
return models.PreCreatedIAMRole(role_arn=config.iam_role_arn, )
policy = models.IAMPolicy(document=models.Placeholder.BUILD_STAGE)
if not config.autogen_policy:
resource_name = '%s_role' % function_name
role_name = '%s-%s-%s' % (config.app_name, stage_name,
function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir, '.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir, '.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(
filename=filename, document=models.Placeholder.BUILD_STAGE)
else:
resource_name = 'default-role'
role_name = '%s-%s' % (config.app_name, stage_name)
policy = models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE)
return models.ManagedIAMRole(
resource_name=resource_name,
role_name=role_name,
trust_policy=LAMBDA_TRUST_POLICY,
policy=policy,
)
def test_role_arn_inserted_when_necessary(self):
function = models.LambdaFunction(
resource_name='foo',
function_name='app-dev-foo',
environment_variables={},
runtime='python27',
handler='app.app',
tags={'foo': 'bar'},
timeout=120,
memory_size=128,
deployment_package=models.DeploymentPackage(filename='foo.zip'),
role=models.PreCreatedIAMRole(role_arn='role:arn'),
)
template = self.template_gen.generate_sam_template([function])
cfn_resource = list(template['Resources'].values())[0]
assert cfn_resource == {
'Type': 'AWS::Serverless::Function',
'Properties': {
'CodeUri': 'foo.zip',
'Handler': 'app.app',
'MemorySize': 128,
'Role': 'role:arn',
'Runtime': 'python27',
'Tags': {
'foo': 'bar'
},
'Timeout': 120
},
}
def test_can_build_lambda_function_app_with_vpc_config(
self, sample_app_lambda_only):
@sample_app_lambda_only.lambda_function()
def foo(event, context):
pass
builder = ApplicationGraphBuilder()
config = self.create_config(sample_app_lambda_only,
iam_role_arn='role:arn',
security_group_ids=['sg1', 'sg2'],
subnet_ids=['sn1', 'sn2'])
application = builder.build(config, stage_name='dev')
assert application.resources[0] == models.LambdaFunction(
resource_name='myfunction',
function_name='lambda-only-dev-myfunction',
environment_variables={},
runtime=config.lambda_python_version,
handler='app.myfunction',
tags=config.tags,
timeout=None,
memory_size=None,
deployment_package=models.DeploymentPackage(
models.Placeholder.BUILD_STAGE),
role=models.PreCreatedIAMRole('role:arn'),
security_group_ids=['sg1', 'sg2'],
subnet_ids=['sn1', 'sn2'],
layers=[],
reserved_concurrency=None,
xray=None,
)
def test_can_build_resource_with_single_dep(self):
role = models.PreCreatedIAMRole(role_arn='foo')
app = models.Application(stage='dev', resources=[role])
dep_builder = DependencyBuilder()
deps = dep_builder.build_dependencies(app)
assert deps == [role]
def test_can_build_lambda_function_app_with_reserved_concurrency(
self, sample_app_lambda_only):
# This is the simplest configuration we can get.
builder = ApplicationGraphBuilder()
config = self.create_config(sample_app_lambda_only,
iam_role_arn='role:arn',
reserved_concurrency=5)
application = builder.build(config, stage_name='dev')
# The top level resource is always an Application.
assert isinstance(application, models.Application)
assert len(application.resources) == 1
assert application.resources[0] == models.LambdaFunction(
resource_name='myfunction',
function_name='lambda-only-dev-myfunction',
environment_variables={},
runtime=config.lambda_python_version,
handler='app.myfunction',
tags=config.tags,
timeout=None,
memory_size=None,
deployment_package=models.DeploymentPackage(
models.Placeholder.BUILD_STAGE),
role=models.PreCreatedIAMRole('role:arn'),
security_group_ids=[],
subnet_ids=[],
layers=[],
reserved_concurrency=5,
xray=None,
)
def create_function_resource(name,
function_name=None,
environment_variables=None,
runtime='python2.7',
handler='app.app',
tags=None,
timeout=60,
memory_size=128,
deployment_package=None,
role=None):
if function_name is None:
function_name = 'appname-dev-%s' % name
if environment_variables is None:
environment_variables = {}
if tags is None:
tags = {}
if deployment_package is None:
deployment_package = models.DeploymentPackage(filename='foo')
if role is None:
role = models.PreCreatedIAMRole(role_arn='role:arn')
return models.LambdaFunction(
resource_name=name,
function_name=function_name,
environment_variables=environment_variables,
runtime=runtime,
handler=handler,
tags=tags,
timeout=timeout,
memory_size=memory_size,
deployment_package=deployment_package,
role=role,
security_group_ids=[],
subnet_ids=[],
reserved_concurrency=None,
)
def lambda_function():
return models.LambdaFunction(
resource_name='foo',
function_name='app-stage-foo',
deployment_package=None,
environment_variables={},
runtime='python2.7',
handler='app.app',
tags={},
timeout=None,
memory_size=None,
role=models.PreCreatedIAMRole(role_arn='foobar'))
def lambda_function(self):
return models.LambdaFunction(
resource_name='foo',
function_name='app-dev-foo',
environment_variables={},
runtime='python27',
handler='app.app',
tags={'foo': 'bar'},
timeout=120,
memory_size=128,
deployment_package=models.DeploymentPackage(filename='foo.zip'),
role=models.PreCreatedIAMRole(role_arn='role:arn'),
)
def create_function_resource(name):
return models.LambdaFunction(
resource_name=name,
function_name='appname-dev-%s' % name,
environment_variables={},
runtime='python2.7',
handler='app.app',
tags={},
timeout=60,
memory_size=128,
deployment_package=models.DeploymentPackage(filename='foo'),
role=models.PreCreatedIAMRole(role_arn='role:arn'),
security_group_ids=[],
subnet_ids=[],
layers=[])
def lambda_function():
return models.LambdaFunction(
resource_name='foo',
function_name='app-stage-foo',
deployment_package=None,
environment_variables={},
runtime='python2.7',
handler='app.app',
tags={},
timeout=None,
memory_size=None,
role=models.PreCreatedIAMRole(role_arn='foobar'),
security_group_ids=[],
subnet_ids=[],
reserved_concurrency=None,
)
def lambda_function(self):
return models.LambdaFunction(
resource_name='foo',
function_name='app-dev-foo',
environment_variables={},
runtime='python27',
handler='app.app',
tags={'foo': 'bar'},
timeout=120,
memory_size=128,
deployment_package=models.DeploymentPackage(filename='foo.zip'),
role=models.PreCreatedIAMRole(role_arn='role:arn'),
security_group_ids=[],
subnet_ids=[],
reserved_concurrency=None,
layers=None,
)
def create_function_resource(name):
return models.LambdaFunction(
resource_name=name,
function_name='appname-dev-%s' % name,
environment_variables={},
runtime='python2.7',
handler='app.app',
tags={},
timeout=60,
memory_size=128,
deployment_package=models.DeploymentPackage(
models.Placeholder.BUILD_STAGE),
xray=False,
role=models.PreCreatedIAMRole(role_arn='role:arn'),
security_group_ids=[],
subnet_ids=[],
layers=[],
reserved_concurrency=None,
)
def test_can_instantiate_app_with_deps():
role = models.PreCreatedIAMRole(role_arn='foo')
app = models.Application(stage='dev', resources=[role])
assert app.dependencies() == [role]
def test_no_update_for_non_managed_role(self):
role = models.PreCreatedIAMRole(role_arn='role:arn')
plan = self.determine_plan(role)
assert plan == []
