def test_app_policy_generator_vpc_policy():
config = Config.create(subnet_ids=['sn1', 'sn2'],
security_group_ids=['sg1', 'sg2'],
project_dir='.')
generator = AppPolicyGenerator(OsUtilsMock())
policy = generator.generate_policy(config)
assert policy == {
'Statement': [
{
'Action': [
'logs:CreateLogGroup', 'logs:CreateLogStream',
'logs:PutLogEvents'
],
'Effect':
'Allow',
'Resource':
'arn:aws:logs:*:*:*'
},
{
'Action': [
'ec2:CreateNetworkInterface',
'ec2:DescribeNetworkInterfaces',
'ec2:DetachNetworkInterface', 'ec2:DeleteNetworkInterface'
],
'Effect':
'Allow',
'Resource':
'*'
},
],
'Version':
'2012-10-17'
}
def create_build_stage(osutils, ui, swagger_gen):
# type: (OSUtils, UI, SwaggerGenerator) -> BuildStage
pip_runner = PipRunner(pip=SubprocessPip(osutils=osutils),
osutils=osutils)
dependency_builder = PipDependencyBuilder(
osutils=osutils,
pip_runner=pip_runner
)
build_stage = BuildStage(
steps=[
InjectDefaults(),
DeploymentPackager(
packager=LambdaDeploymentPackager(
osutils=osutils,
dependency_builder=dependency_builder,
ui=ui,
),
),
PolicyGenerator(
policy_gen=AppPolicyGenerator(
osutils=osutils
),
osutils=osutils,
),
SwaggerBuilder(
swagger_generator=swagger_gen,
),
LambdaEventSourcePolicyInjector(),
WebsocketPolicyInjector()
],
)
return build_stage
def create_default_deployer(session, config, ui):
# type: (Session, Config, UI) -> Deployer
client = TypedAWSClient(session)
osutils = OSUtils()
pip_runner = PipRunner(pip=SubprocessPip(osutils=osutils), osutils=osutils)
dependency_builder = PipDependencyBuilder(osutils=osutils,
pip_runner=pip_runner)
return Deployer(
application_builder=ApplicationGraphBuilder(),
deps_builder=DependencyBuilder(),
build_stage=BuildStage(steps=[
InjectDefaults(),
DeploymentPackager(packager=LambdaDeploymentPackager(
osutils=osutils,
dependency_builder=dependency_builder,
ui=UI(),
), ),
PolicyGenerator(policy_gen=AppPolicyGenerator(osutils=osutils), ),
SwaggerBuilder(swagger_generator=TemplatedSwaggerGenerator(), )
], ),
plan_stage=PlanStage(
osutils=osutils,
remote_state=RemoteState(
client, config.deployed_resources(config.chalice_stage)),
),
sweeper=UnreferencedResourcePlanner(),
executor=Executor(client, ui),
recorder=ResultsRecorder(osutils=osutils),
)
def test_app_policy_generator_vpc_policy():
config = Config.create(
subnet_ids=['sn1', 'sn2'],
security_group_ids=['sg1', 'sg2'],
project_dir='.'
)
generator = AppPolicyGenerator(OsUtilsMock())
policy = generator.generate_policy(config)
assert policy == {'Statement': [
{'Action': ['logs:CreateLogGroup',
'logs:CreateLogStream',
'logs:PutLogEvents'],
'Effect': 'Allow',
'Resource': 'arn:aws:logs:*:*:*'},
{'Action': ['ec2:CreateNetworkInterface',
'ec2:DescribeNetworkInterfaces',
'ec2:DetachNetworkInterface',
'ec2:DeleteNetworkInterface'],
'Effect': 'Allow',
'Resource': '*'},
], 'Version': '2012-10-17'}
def create_default_deployer(session, prompter=None):
# type: (botocore.session.Session, NoPrompt) -> Deployer
if prompter is None:
prompter = NoPrompt()
aws_client = TypedAWSClient(session)
api_gateway_deploy = APIGatewayDeployer(aws_client)
osutils = OSUtils()
packager = LambdaDeploymentPackager(osutils=osutils)
lambda_deploy = LambdaDeployer(
aws_client, packager, prompter, osutils,
ApplicationPolicyHandler(osutils, AppPolicyGenerator(osutils)))
return Deployer(api_gateway_deploy, lambda_deploy)
def create_app_packager(config):
# type: (Config) -> AppPackager
osutils = OSUtils()
# The config object does not handle a default value
# for autogen'ing a policy so we need to handle this here.
return AppPackager(
# We're add place holder values that will be filled in once the
# lambda function is deployed.
SAMTemplateGenerator(
CFNSwaggerGenerator('{region}', {}),
PreconfiguredPolicyGenerator(
config,
ApplicationPolicyHandler(osutils,
AppPolicyGenerator(osutils)))),
LambdaDeploymentPackager())
def create_default_deployer(session, ui=None):
# type: (botocore.session.Session, UI) -> Deployer
if ui is None:
ui = UI()
aws_client = TypedAWSClient(session)
api_gateway_deploy = APIGatewayDeployer(aws_client, ui)
osutils = OSUtils()
dependency_builder = DependencyBuilder(osutils)
packager = LambdaDeploymentPackager(osutils=osutils,
dependency_builder=dependency_builder,
ui=ui)
lambda_deploy = LambdaDeployer(
aws_client, packager, ui, osutils,
ApplicationPolicyHandler(osutils, AppPolicyGenerator(osutils)))
return Deployer(api_gateway_deploy, lambda_deploy, ui)
def create_build_stage(osutils, ui, swagger_gen, config):
# type: (OSUtils, UI, SwaggerGenerator, Config) -> BuildStage
pip_runner = PipRunner(pip=SubprocessPip(osutils=osutils), osutils=osutils)
dependency_builder = PipDependencyBuilder(osutils=osutils,
pip_runner=pip_runner)
deployment_packager = cast(BaseDeployStep, None)
if config.automatic_layer:
deployment_packager = ManagedLayerDeploymentPackager(
lambda_packager=AppOnlyDeploymentPackager(
osutils=osutils,
dependency_builder=dependency_builder,
ui=ui,
),
layer_packager=LayerDeploymentPackager(
osutils=osutils,
dependency_builder=dependency_builder,
ui=ui,
))
else:
deployment_packager = DeploymentPackager(
packager=LambdaDeploymentPackager(
osutils=osutils,
dependency_builder=dependency_builder,
ui=ui,
))
build_stage = BuildStage(steps=[
InjectDefaults(), deployment_packager,
PolicyGenerator(
policy_gen=AppPolicyGenerator(osutils=osutils),
osutils=osutils,
),
SwaggerBuilder(swagger_generator=swagger_gen, ),
LambdaEventSourcePolicyInjector(),
WebsocketPolicyInjector()
], )
return build_stage
def app_policy(in_memory_osutils):
return ApplicationPolicyHandler(in_memory_osutils,
AppPolicyGenerator(in_memory_osutils))