def test_transform_unhandled_failure_empty_managed_policy_map(): document = { 'Transform': 'AWS::Serverless-2016-10-31', 'Resources': { 'Resource': { 'Type': 'AWS::Serverless::Function', 'Properties': { 'CodeUri': 's3://bucket/key', 'Handler': 'index.handler', 'Runtime': 'nodejs4.3', 'Policies': 'AmazonS3FullAccess' } } } } parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = {} with pytest.raises(Exception) as e: transform(document, parameter_values, mock_policy_loader) error_message = str(e.value) assert error_message == 'Managed policy map is empty, but should not be.'
def test_transform_unhandled_failure_empty_managed_policy_map(): document = { "Transform": "AWS::Serverless-2016-10-31", "Resources": { "Resource": { "Type": "AWS::Serverless::Function", "Properties": { "CodeUri": "s3://bucket/key", "Handler": "index.handler", "Runtime": "nodejs12.x", "Policies": "AmazonS3FullAccess", }, } }, } parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = {} with pytest.raises(Exception) as e: transform(document, parameter_values, mock_policy_loader) error_message = str(e.value) assert error_message == "Managed policy map is empty, but should not be."
def test_transform_success(self, testcase, partition_with_region): partition = partition_with_region[0] region = partition_with_region[1] manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict manifest = json.loads(json.dumps(manifest)) partition_folder = partition if partition != "aws" else "" expected = json.load(open(os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json'), 'r')) with patch('boto3.session.Session.region_name', region): parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = { 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), } output_fragment = transform( manifest, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) # Only update the deployment Logical Id hash in Py3. if sys.version_info.major >= 3: self._update_logical_id_hash(expected) self._update_logical_id_hash(output_fragment) assert deep_sort_lists(output_fragment) == deep_sort_lists(expected)
def test_transform_success_resource_policy(self, testcase, partition_with_region): partition = partition_with_region[0] region = partition_with_region[1] manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + ".yaml"), "r")) # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict manifest = json.loads(json.dumps(manifest)) partition_folder = partition if partition != "aws" else "" expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + ".json") expected = json.load(open(expected_filepath, "r")) with patch("boto3.session.Session.region_name", region): parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = { "AWSLambdaBasicExecutionRole": "arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole".format( partition ), "AmazonDynamoDBFullAccess": "arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess".format(partition), "AmazonDynamoDBReadOnlyAccess": "arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess".format(partition), "AWSLambdaRole": "arn:{}:iam::aws:policy/service-role/AWSLambdaRole".format(partition), } output_fragment = transform(manifest, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) # Only update the deployment Logical Id hash in Py3. if sys.version_info.major >= 3: self._update_logical_id_hash(expected) self._update_logical_id_hash(output_fragment) assert deep_sort_lists(output_fragment) == deep_sort_lists(expected)
def _do_transform(self, document, parameter_values=get_template_parameter_values()): mock_policy_loader = get_policy_mock() output_fragment = transform(document, parameter_values, mock_policy_loader) print json.dumps(output_fragment, indent=2) return output_fragment
def test_transform_unhandled_failure_empty_managed_policy_map(): document = { 'Transform': 'AWS::Serverless-2016-10-31', 'Resources': { 'Resource': { 'Type': 'AWS::Serverless::Function', 'Properties': { 'CodeUri': 's3://bucket/key', 'Handler': 'index.handler', 'Runtime': 'nodejs4.3', 'Policies': 'AmazonS3FullAccess' } } } } parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = {} with pytest.raises(Exception) as e: transform(document, parameter_values, mock_policy_loader) error_message = e.value.message assert error_message == 'Managed policy map is empty, but should not be.'
def test_transform_success(self, testcase, partition_with_region): partition = partition_with_region[0] region = partition_with_region[1] manifest = yaml_parse(open(os.path.join(input_folder, testcase + '.yaml'), 'r')) # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict manifest = json.loads(json.dumps(manifest)) partition_folder = partition if partition != "aws" else "" expected = json.load(open(os.path.join(output_folder,partition_folder, testcase + '.json'), 'r')) old_region = os.environ.get("AWS_DEFAULT_REGION", "") os.environ["AWS_DEFAULT_REGION"] = region try: parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = { 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), } output_fragment = transform( manifest, parameter_values, mock_policy_loader) finally: os.environ["AWS_DEFAULT_REGION"] = old_region print json.dumps(output_fragment, indent=2) assert deep_sorted(output_fragment) == deep_sorted(expected)
def test_swagger_definitionuri_sha_gets_recomputed(): document = { "Transform": "AWS::Serverless-2016-10-31", "Resources": { "Resource": { "Type": "AWS::Serverless::Api", "Properties": {"StageName": "Prod", "DefinitionUri": "s3://bucket/key"}, } }, } mock_policy_loader = get_policy_mock() parameter_values = get_template_parameter_values() output_fragment = transform(document, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) deployment_key = get_deployment_key(output_fragment) assert deployment_key # Now let's change the Body property and transform again document["Resources"]["Resource"]["Properties"]["DefinitionUri"] = "s3://bucket/key1/key2" output_fragment = transform(document, parameter_values, mock_policy_loader) deployment_key_changed = get_deployment_key(output_fragment) assert deployment_key_changed assert deployment_key != deployment_key_changed # Now let's re-deploy the document without any changes. Deployment Key must NOT change output_fragment = transform(document, parameter_values, mock_policy_loader) assert get_deployment_key(output_fragment) == deployment_key_changed
def _do_transform(self, document, parameter_values=get_template_parameter_values()): mock_policy_loader = get_policy_mock() output_fragment = transform(document, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) return output_fragment
def translate_and_find_deployment_ids(manifest): parameter_values = get_template_parameter_values() output_fragment = transform(manifest, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) deployment_ids = set() for key, value in output_fragment["Resources"].items(): if value["Type"] == "AWS::ApiGateway::Deployment": deployment_ids.add(key) return deployment_ids
def test_transform_invalid_document(testcase): manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + ".yaml"), "r")) expected = json.load(open(os.path.join(OUTPUT_FOLDER, testcase + ".json"), "r")) mock_policy_loader = MagicMock() parameter_values = get_template_parameter_values() with pytest.raises(InvalidDocumentException) as e: transform(manifest, parameter_values, mock_policy_loader) error_message = get_exception_error_message(e) assert error_message == expected.get("errorMessage")
def test_transform_invalid_document(testcase): manifest = yaml.load(open(os.path.join(input_folder, testcase + '.yaml'), 'r')) expected = json.load(open(os.path.join(output_folder, testcase + '.json'), 'r')) mock_policy_loader = MagicMock() parameter_values = get_template_parameter_values() with pytest.raises(InvalidDocumentException) as e: transform(manifest, parameter_values, mock_policy_loader) error_message = get_exception_error_message(e) assert error_message == expected.get('errorMessage')
def test_transform_invalid_document(testcase): manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) expected = json.load(open(os.path.join(OUTPUT_FOLDER, testcase + '.json'), 'r')) mock_policy_loader = MagicMock() parameter_values = get_template_parameter_values() with pytest.raises(InvalidDocumentException) as e: transform(manifest, parameter_values, mock_policy_loader) error_message = get_exception_error_message(e) assert error_message == expected.get('errorMessage')
def test_transform_success_openapi3(self, testcase, partition_with_region): partition = partition_with_region[0] region = partition_with_region[1] manifest = yaml_parse(open(os.path.join(INPUT_FOLDER, testcase + '.yaml'), 'r')) # To uncover unicode-related bugs, convert dict to JSON string and parse JSON back to dict manifest = json.loads(json.dumps(manifest)) partition_folder = partition if partition != "aws" else "" expected_filepath = os.path.join(OUTPUT_FOLDER, partition_folder, testcase + '.json') expected = json.load(open(expected_filepath, 'r')) with patch('boto3.session.Session.region_name', region): parameter_values = get_template_parameter_values() mock_policy_loader = MagicMock() mock_policy_loader.load.return_value = { 'AWSLambdaBasicExecutionRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'.format(partition), 'AmazonDynamoDBFullAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBFullAccess'.format(partition), 'AmazonDynamoDBReadOnlyAccess': 'arn:{}:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'.format(partition), 'AWSLambdaRole': 'arn:{}:iam::aws:policy/service-role/AWSLambdaRole'.format(partition), } output_fragment = transform( manifest, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) # Run cfn-lint on translator test output files. rules = cfnlint.core.get_rules([], LINT_IGNORE_WARNINGS, []) # Only update the deployment Logical Id hash in Py3. if sys.version_info.major >= 3: self._update_logical_id_hash(expected) self._update_logical_id_hash(output_fragment) output_template = cfnlint.decode.cfn_json.load(expected_filepath) else: # deprecation warning catching in py2 import warnings with warnings.catch_warnings(): warnings.filterwarnings("ignore",category=DeprecationWarning) output_template = cfnlint.decode.cfn_json.load(expected_filepath) runner = cfnlint.Runner(rules, expected_filepath, output_template, [region]) matches = [] # Only run linter on normal/gov partitions. It errors on china regions if testcase not in LINT_IGNORE_TESTS and partition != 'aws-cn': matches = runner.run() print('cfn-lint ({}): {}'.format(expected_filepath, matches)) assert deep_sort_lists(output_fragment) == deep_sort_lists(expected) assert len(matches) == 0
def test_swagger_body_sha_gets_recomputed(): document = { 'Transform': 'AWS::Serverless-2016-10-31', 'Resources': { 'Resource': { 'Type': 'AWS::Serverless::Api', 'Properties': { "StageName": "Prod", "DefinitionBody": { # Some body property will do "a": "b" } } } } } mock_policy_loader = get_policy_mock() parameter_values = get_template_parameter_values() output_fragment = transform(document, parameter_values, mock_policy_loader) print json.dumps(output_fragment, indent=2) deployment_key = get_deployment_key(output_fragment) assert deployment_key # Now let's change the Body property and transform again document["Resources"]["Resource"]["Properties"]["DefinitionBody"]["a"] = "foo" output_fragment = transform(document, parameter_values, mock_policy_loader) deployment_key_changed = get_deployment_key(output_fragment) assert deployment_key_changed assert deployment_key != deployment_key_changed # Now let's re-deploy the document without any changes. Deployment Key must NOT change output_fragment = transform(document, parameter_values, mock_policy_loader) assert get_deployment_key(output_fragment) == deployment_key_changed
def test_swagger_body_sha_gets_recomputed(): document = { 'Transform': 'AWS::Serverless-2016-10-31', 'Resources': { 'Resource': { 'Type': 'AWS::Serverless::Api', 'Properties': { "StageName": "Prod", "DefinitionBody": { # Some body property will do "a": "b" } } } } } mock_policy_loader = get_policy_mock() parameter_values = get_template_parameter_values() output_fragment = transform(document, parameter_values, mock_policy_loader) print(json.dumps(output_fragment, indent=2)) deployment_key = get_deployment_key(output_fragment) assert deployment_key # Now let's change the Body property and transform again document["Resources"]["Resource"]["Properties"]["DefinitionBody"]["a"] = "foo" output_fragment = transform(document, parameter_values, mock_policy_loader) deployment_key_changed = get_deployment_key(output_fragment) assert deployment_key_changed assert deployment_key != deployment_key_changed # Now let's re-deploy the document without any changes. Deployment Key must NOT change output_fragment = transform(document, parameter_values, mock_policy_loader) assert get_deployment_key(output_fragment) == deployment_key_changed