def test_with_non_object(self):
target = properties.Object(schema={'prop': properties.String()})
with self.assertRaises(properties.ValidationError) as e:
value = target('Test', 1234)
self.assertIn('Test', e.exception.message)
def test_with_None_and_default(self):
target = properties.Object(default={'prop': 'default'}, schema={'prop': properties.String()})
value = target('Test', None)
self.assertEqual(value.prop, 'default')
def handler(event, context):
props = properties.load(
event,
{
'ConfigurationBucket':
properties.String(),
'ConfigurationKey':
properties.String(
), ##this is only here to force the resource handler to execute on each update to the deployment
'IdentityPoolName':
properties.String(),
'UseAuthSettingsObject':
properties.String(),
'AllowUnauthenticatedIdentities':
properties.String(),
'Roles':
properties.Object(default={}, schema={'*': properties.String()}),
})
#give the identity pool a unique name per stack
stack_name = discovery_utils.get_stack_name_from_stack_arn(
event['StackId'])
identity_pool_name = props.IdentityPoolName + stack_name
identity_pool_name = identity_pool_name.replace('-', ' ')
cognito_client = boto3.client('cognito-identity')
found_pool = _find_identity_pool(cognito_client, identity_pool_name)
identity_pool_id = None
request_type = event['RequestType']
if request_type == 'Delete':
if found_pool != None:
identity_pool_id = found_pool['IdentityPoolId']
cognito_client.delete_identity_pool(
IdentityPoolId=identity_pool_id)
data = {}
else:
use_auth_settings_object = props.UseAuthSettingsObject.lower(
) == 'true'
supported_login_providers = {}
if use_auth_settings_object == True:
#download the auth settings from s3
player_access_key = 'player-access/auth-settings.json'
auth_doc = json.loads(
_load_doc_from_s3(props.ConfigurationBucket,
player_access_key))
#if the doc has entries add them to the supported_login_providers dictionary
if len(auth_doc) > 0:
for key, value in auth_doc.iteritems():
supported_login_providers[
value['provider_uri']] = value['app_id']
allow_anonymous = props.AllowUnauthenticatedIdentities.lower(
) == 'true'
#if the pool exists just update it, otherwise create a new one
if found_pool != None:
response = cognito_client.update_identity_pool(
IdentityPoolId=found_pool['IdentityPoolId'],
IdentityPoolName=identity_pool_name,
AllowUnauthenticatedIdentities=allow_anonymous,
SupportedLoginProviders=supported_login_providers)
identity_pool_id = found_pool['IdentityPoolId']
else:
response = cognito_client.create_identity_pool(
IdentityPoolName=identity_pool_name,
AllowUnauthenticatedIdentities=allow_anonymous,
SupportedLoginProviders=supported_login_providers)
identity_pool_id = response['IdentityPoolId']
#now update the roles for the pool
cognito_client.set_identity_pool_roles(IdentityPoolId=identity_pool_id,
Roles=props.Roles.__dict__)
data = {
'IdentityPoolName': identity_pool_name,
'IdentityPoolId': identity_pool_id
}
physical_resource_id = identity_pool_id
custom_resource_response.succeed(event, context, data,
physical_resource_id)
def test_with_object_and_no_default(self):
target = properties.Object(schema={'prop': properties.String()})
value = target('Test', {'prop': 'value'})
self.assertEqual(value.prop, 'value')
def handler(event, context):
props = properties.load(
event, {
'ConfigurationBucket':
properties.String(),
'ConfigurationKey':
properties.String(),
'FunctionName':
properties.String(),
'Settings':
properties.Object(default={}, schema={'*': properties.String()}),
'Runtime':
properties.String()
})
request_type = event['RequestType']
stack_arn = event['StackId']
logical_role_name = event['LogicalResourceId']
physical_resource_name = event.get('PhysicalResourceId',
None) # None when create request
if request_type == 'Delete':
role_utils.delete_role(stack_arn, logical_role_name, POLICY_NAME)
data = {}
else:
policy_metadata_filter = lambda entry: _policy_metadata_filter(
entry, props.FunctionName)
if request_type == 'Create':
physical_resource_name = discovery_utils.get_stack_name_from_stack_arn(
stack_arn) + '-' + event['LogicalResourceId']
assume_role_service = 'lambda.amazonaws.com'
role_arn = role_utils.create_role(stack_arn, logical_role_name,
POLICY_NAME, assume_role_service,
DEFAULT_POLICY_STATEMENTS,
policy_metadata_filter)
elif request_type == 'Update':
role_arn = role_utils.update_role(stack_arn, logical_role_name,
POLICY_NAME,
DEFAULT_POLICY_STATEMENTS,
policy_metadata_filter)
else:
raise ValidationError(
'Unexpected request type: {}'.format(request_type))
input_key = '{}/lambda-function-code.zip'.format(
props.ConfigurationKey)
output_key = _inject_settings(props.Settings.__dict__, props.Runtime,
props.ConfigurationBucket, input_key,
props.FunctionName)
data = {
'ConfigurationBucket': props.ConfigurationBucket,
'ConfigurationKey': output_key,
'Runtime': props.Runtime,
'Role': role_arn
}
custom_resource_response.succeed(event, context, data,
physical_resource_name)
def handler(event, context):
props = properties.load(
event, {
'ConfigurationBucket':
properties.String(),
'ConfigurationKey':
properties.String(),
'FunctionName':
properties.String(),
'Settings':
properties.Object(default={}, schema={'*': properties.String()}),
'Runtime':
properties.String()
})
request_type = event['RequestType']
if request_type == 'Delete':
physical_resource_name = event['PhysicalResourceId']
resource_uuid = physical_resource_name.split(':')[4]
_delete_role(resource_uuid)
data = {}
else:
if request_type == 'Create':
resource_uuid = uuid4()
physical_resource_name = 'CloudCanvas:LambdaConfiguration:{stack_name}:{function_name}:{uuid}'.format(
stack_name=discovery_utils.get_stack_name_from_stack_arn(
event['StackId']),
function_name=props.FunctionName,
uuid=resource_uuid)
role_arn = _create_role(event['StackId'], props.FunctionName,
resource_uuid)
else: # Update
physical_resource_name = event['PhysicalResourceId']
resource_uuid = physical_resource_name.split(':')[4]
role_arn = _update_role(event['StackId'], props.FunctionName,
resource_uuid)
output_key = '{}/feature-code.zip'.format(props.ConfigurationKey)
output_key = _inject_settings(props.Settings.__dict__, props.Runtime,
props.ConfigurationBucket, output_key,
props.FunctionName)
data = {
'ConfigurationBucket': props.ConfigurationBucket,
'ConfigurationKey': output_key,
'Runtime': props.Runtime,
'Role': role_arn
}
custom_resource_response.succeed(event, context, data,
physical_resource_name)
def handler(event, context):
props = properties.load(
event, {
'ConfigurationBucket':
properties.String(),
'ConfigurationKey':
properties.String(),
'FunctionName':
properties.String(),
'Settings':
properties.Object(default={}, schema={'*': properties.String()}),
'Runtime':
properties.String()
})
request_type = event['RequestType']
stack_arn = event['StackId']
logical_role_name = props.FunctionName
id_data = aws_utils.get_data_from_custom_physical_resource_id(
event.get('PhysicalResourceId', None))
if request_type == 'Delete':
role_utils.delete_access_control_role(id_data, logical_role_name)
response_data = {}
else:
if request_type == 'Create':
project_service_lambda_arn = _get_project_service_lambda_arn(
stack_arn)
assume_role_service = 'lambda.amazonaws.com'
role_arn = role_utils.create_access_control_role(
id_data,
stack_arn,
logical_role_name,
assume_role_service,
default_policy=get_default_policy(project_service_lambda_arn))
elif request_type == 'Update':
role_arn = role_utils.get_access_control_role_arn(
id_data, logical_role_name)
else:
raise RuntimeError(
'Unexpected request type: {}'.format(request_type))
_add_built_in_settings(props.Settings.__dict__, stack_arn)
# Check if we have a folder just for this function, if not use the default
input_key = _get_input_key(props)
output_key = _inject_settings(props.Settings.__dict__, props.Runtime,
props.ConfigurationBucket, input_key,
props.FunctionName)
response_data = {
'ConfigurationBucket':
props.ConfigurationBucket,
'ConfigurationKey':
output_key,
'Runtime':
props.Runtime,
'Role':
role_arn,
'RoleName':
role_utils.get_access_control_role_name(stack_arn,
logical_role_name)
}
physical_resource_id = aws_utils.construct_custom_physical_resource_id_with_data(
stack_arn, event['LogicalResourceId'], id_data)
custom_resource_response.succeed(event, context, response_data,
physical_resource_id)
def handler(event, context):
props = properties.load(event, {
'ConfigurationBucket': properties.String(),
'ConfigurationKey': properties.String(), ##this is only here to force the resource handler to execute on each update to the deployment
'IdentityPoolName': properties.String(),
'UseAuthSettingsObject': properties.String(),
'AllowUnauthenticatedIdentities': properties.String(),
'DeveloperProviderName': properties.String(default=''),
'Roles': properties.Object( default={},
schema={
'*': properties.String()
}),
'RoleMappings': properties.Object(default={},
schema={
'Cognito': properties.Object(default={}, schema={
'Type': properties.String(''),
'AmbiguousRoleResolution': properties.String('')
})
}
)
})
#give the identity pool a unique name per stack
stack_name = aws_utils.get_stack_name_from_stack_arn(event['StackId'])
identity_pool_name = stack_name+props.IdentityPoolName
identity_pool_name = identity_pool_name.replace('-', ' ')
identity_client = identity_pool.get_identity_client()
identity_pool_id = event.get('PhysicalResourceId')
found_pool = identity_pool.get_identity_pool(identity_pool_id)
request_type = event['RequestType']
if request_type == 'Delete':
if found_pool != None:
identity_client.delete_identity_pool(IdentityPoolId=identity_pool_id)
data = {}
else:
use_auth_settings_object = props.UseAuthSettingsObject.lower() == 'true'
supported_login_providers = {}
if use_auth_settings_object == True:
#download the auth settings from s3
player_access_key = 'player-access/'+constant.AUTH_SETTINGS_FILENAME
auth_doc = json.loads(_load_doc_from_s3(props.ConfigurationBucket, player_access_key))
#if the doc has entries add them to the supported_login_providers dictionary
if len(auth_doc) > 0:
for key, value in auth_doc.iteritems():
supported_login_providers[value['provider_uri']] = value['app_id']
cognito_identity_providers = identity_pool.get_cognito_identity_providers(event['StackId'], event['LogicalResourceId'])
print 'Identity Providers: ', cognito_identity_providers
allow_anonymous = props.AllowUnauthenticatedIdentities.lower() == 'true'
#if the pool exists just update it, otherwise create a new one
args = {
'IdentityPoolName': identity_pool_name,
'AllowUnauthenticatedIdentities': allow_anonymous,
'SupportedLoginProviders': supported_login_providers,
'CognitoIdentityProviders': cognito_identity_providers
}
if props.DeveloperProviderName:
args['DeveloperProviderName'] = props.DeveloperProviderName
if found_pool != None:
identity_client.update_identity_pool(IdentityPoolId=identity_pool_id, **args)
else:
response = identity_client.create_identity_pool(**args)
identity_pool_id=response['IdentityPoolId']
#update the roles for the pool
role_mappings = {}
if props.RoleMappings.Cognito.Type and len(cognito_identity_providers) > 0:
print 'Adding role mappings for cognito', props.RoleMappings.Cognito.__dict__
role_mappings['{}:{}'.format(cognito_identity_providers[0]['ProviderName'],cognito_identity_providers[0]['ClientId'])]=props.RoleMappings.Cognito.__dict__
print "Role Mappings: ", role_mappings
identity_client.set_identity_pool_roles(
IdentityPoolId=identity_pool_id,
Roles=props.Roles.__dict__,
RoleMappings=role_mappings)
data = {
'IdentityPoolName': identity_pool_name,
'IdentityPoolId': identity_pool_id
}
physical_resource_id = identity_pool_id
custom_resource_response.succeed(event, context, data, physical_resource_id)
'MethodSettings':
properties.Object(
default={},
schema={
'*':
properties.Object(
default={}, # path, can be *
schema={
'*':
properties.Object(
default={}, # method, can be *
schema={
'CacheDataEncrypted':
properties.Boolean(default=False),
'CacheTtlInSeconds':
properties.Integer(default=60),
'CachingEnable':
properties.Boolean(default=False),
'DataTraceEnabled':
properties.Boolean(default=False),
'LoggingLevel':
properties.String(default='OFF'),
'MetricsEnabled':
properties.Boolean(default=False),
'ThrottlingBurstLimit':
properties.Integer(default=2000),
'ThrottlingRateLimit':
properties.Integer(default=1000),
})
})
}),
'StageVariables':
