def _create_role_reference(self, config, stage_name, function_name): # type: (Config, str, str) -> models.IAMRole # First option, the user doesn't want us to manage # the role at all. if not config.manage_iam_role: # We've already validated the iam_role_arn is provided # if manage_iam_role is set to False. return models.PreCreatedIAMRole(role_arn=config.iam_role_arn, ) policy = models.IAMPolicy(document=models.Placeholder.BUILD_STAGE) if not config.autogen_policy: resource_name = '%s_role' % function_name role_name = '%s-%s-%s' % (config.app_name, stage_name, function_name) if config.iam_policy_file is not None: filename = os.path.join(config.project_dir, '.chalice', config.iam_policy_file) else: filename = os.path.join(config.project_dir, '.chalice', 'policy-%s.json' % stage_name) policy = models.FileBasedIAMPolicy( filename=filename, document=models.Placeholder.BUILD_STAGE) else: resource_name = 'default-role' role_name = '%s-%s' % (config.app_name, stage_name) policy = models.AutoGenIAMPolicy( document=models.Placeholder.BUILD_STAGE) return models.ManagedIAMRole( resource_name=resource_name, role_name=role_name, trust_policy=LAMBDA_TRUST_POLICY, policy=policy, )
def test_role_arn_inserted_when_necessary(self): function = models.LambdaFunction( resource_name='foo', function_name='app-dev-foo', environment_variables={}, runtime='python27', handler='app.app', tags={'foo': 'bar'}, timeout=120, memory_size=128, deployment_package=models.DeploymentPackage(filename='foo.zip'), role=models.PreCreatedIAMRole(role_arn='role:arn'), ) template = self.template_gen.generate_sam_template([function]) cfn_resource = list(template['Resources'].values())[0] assert cfn_resource == { 'Type': 'AWS::Serverless::Function', 'Properties': { 'CodeUri': 'foo.zip', 'Handler': 'app.app', 'MemorySize': 128, 'Role': 'role:arn', 'Runtime': 'python27', 'Tags': { 'foo': 'bar' }, 'Timeout': 120 }, }
def test_can_build_lambda_function_app_with_vpc_config( self, sample_app_lambda_only): @sample_app_lambda_only.lambda_function() def foo(event, context): pass builder = ApplicationGraphBuilder() config = self.create_config(sample_app_lambda_only, iam_role_arn='role:arn', security_group_ids=['sg1', 'sg2'], subnet_ids=['sn1', 'sn2']) application = builder.build(config, stage_name='dev') assert application.resources[0] == models.LambdaFunction( resource_name='myfunction', function_name='lambda-only-dev-myfunction', environment_variables={}, runtime=config.lambda_python_version, handler='app.myfunction', tags=config.tags, timeout=None, memory_size=None, deployment_package=models.DeploymentPackage( models.Placeholder.BUILD_STAGE), role=models.PreCreatedIAMRole('role:arn'), security_group_ids=['sg1', 'sg2'], subnet_ids=['sn1', 'sn2'], layers=[], reserved_concurrency=None, xray=None, )
def test_can_build_resource_with_single_dep(self): role = models.PreCreatedIAMRole(role_arn='foo') app = models.Application(stage='dev', resources=[role]) dep_builder = DependencyBuilder() deps = dep_builder.build_dependencies(app) assert deps == [role]
def test_can_build_lambda_function_app_with_reserved_concurrency( self, sample_app_lambda_only): # This is the simplest configuration we can get. builder = ApplicationGraphBuilder() config = self.create_config(sample_app_lambda_only, iam_role_arn='role:arn', reserved_concurrency=5) application = builder.build(config, stage_name='dev') # The top level resource is always an Application. assert isinstance(application, models.Application) assert len(application.resources) == 1 assert application.resources[0] == models.LambdaFunction( resource_name='myfunction', function_name='lambda-only-dev-myfunction', environment_variables={}, runtime=config.lambda_python_version, handler='app.myfunction', tags=config.tags, timeout=None, memory_size=None, deployment_package=models.DeploymentPackage( models.Placeholder.BUILD_STAGE), role=models.PreCreatedIAMRole('role:arn'), security_group_ids=[], subnet_ids=[], layers=[], reserved_concurrency=5, xray=None, )
def create_function_resource(name, function_name=None, environment_variables=None, runtime='python2.7', handler='app.app', tags=None, timeout=60, memory_size=128, deployment_package=None, role=None): if function_name is None: function_name = 'appname-dev-%s' % name if environment_variables is None: environment_variables = {} if tags is None: tags = {} if deployment_package is None: deployment_package = models.DeploymentPackage(filename='foo') if role is None: role = models.PreCreatedIAMRole(role_arn='role:arn') return models.LambdaFunction( resource_name=name, function_name=function_name, environment_variables=environment_variables, runtime=runtime, handler=handler, tags=tags, timeout=timeout, memory_size=memory_size, deployment_package=deployment_package, role=role, security_group_ids=[], subnet_ids=[], reserved_concurrency=None, )
def lambda_function(): return models.LambdaFunction( resource_name='foo', function_name='app-stage-foo', deployment_package=None, environment_variables={}, runtime='python2.7', handler='app.app', tags={}, timeout=None, memory_size=None, role=models.PreCreatedIAMRole(role_arn='foobar'))
def lambda_function(self): return models.LambdaFunction( resource_name='foo', function_name='app-dev-foo', environment_variables={}, runtime='python27', handler='app.app', tags={'foo': 'bar'}, timeout=120, memory_size=128, deployment_package=models.DeploymentPackage(filename='foo.zip'), role=models.PreCreatedIAMRole(role_arn='role:arn'), )
def create_function_resource(name): return models.LambdaFunction( resource_name=name, function_name='appname-dev-%s' % name, environment_variables={}, runtime='python2.7', handler='app.app', tags={}, timeout=60, memory_size=128, deployment_package=models.DeploymentPackage(filename='foo'), role=models.PreCreatedIAMRole(role_arn='role:arn'), security_group_ids=[], subnet_ids=[], layers=[])
def lambda_function(): return models.LambdaFunction( resource_name='foo', function_name='app-stage-foo', deployment_package=None, environment_variables={}, runtime='python2.7', handler='app.app', tags={}, timeout=None, memory_size=None, role=models.PreCreatedIAMRole(role_arn='foobar'), security_group_ids=[], subnet_ids=[], reserved_concurrency=None, )
def lambda_function(self): return models.LambdaFunction( resource_name='foo', function_name='app-dev-foo', environment_variables={}, runtime='python27', handler='app.app', tags={'foo': 'bar'}, timeout=120, memory_size=128, deployment_package=models.DeploymentPackage(filename='foo.zip'), role=models.PreCreatedIAMRole(role_arn='role:arn'), security_group_ids=[], subnet_ids=[], reserved_concurrency=None, layers=None, )
def create_function_resource(name): return models.LambdaFunction( resource_name=name, function_name='appname-dev-%s' % name, environment_variables={}, runtime='python2.7', handler='app.app', tags={}, timeout=60, memory_size=128, deployment_package=models.DeploymentPackage( models.Placeholder.BUILD_STAGE), xray=False, role=models.PreCreatedIAMRole(role_arn='role:arn'), security_group_ids=[], subnet_ids=[], layers=[], reserved_concurrency=None, )
def test_can_instantiate_app_with_deps(): role = models.PreCreatedIAMRole(role_arn='foo') app = models.Application(stage='dev', resources=[role]) assert app.dependencies() == [role]
def test_no_update_for_non_managed_role(self): role = models.PreCreatedIAMRole(role_arn='role:arn') plan = self.determine_plan(role) assert plan == []