Exemplo n.º 1
0
 def put_function(self, fn):
     """
     :param fn: Function
     :type fn: LambdaFunction
     """
     valid_role = re.match(InvalidRoleFormat.pattern, fn.role)
     if valid_role:
         account = valid_role.group(2)
         if account != ACCOUNT_ID:
             raise CrossAccountNotAllowed()
         try:
             iam_backend.get_role_by_arn(fn.role)
         except IAMNotFoundException:
             raise InvalidParameterValueException(
                 "The role defined for the function cannot be assumed by Lambda."
             )
     else:
         raise InvalidRoleFormat(fn.role)
     if fn.function_name in self._functions:
         self._functions[fn.function_name]["latest"] = fn
     else:
         self._functions[fn.function_name] = {
             "latest": fn,
             "versions": [],
             "alias": weakref.WeakValueDictionary(),
         }
     # instantiate a new policy for this version of the lambda
     fn.policy = Policy(fn)
     self._arns[fn.function_arn] = fn
Exemplo n.º 2
0
def test_policy():
    policy = Policy(MockLambdaFunction("arn"))
    statement = {
        "StatementId": "statement0",
        "Action": "lambda:InvokeFunction",
        "FunctionName": "function_name",
        "Principal": "events.amazonaws.com",
        "SourceArn": "arn:aws:events:us-east-1:111111111111:rule/rule_name",
        "SourceAccount": "111111111111",
    }

    expected = {
        "Action": "lambda:InvokeFunction",
        "FunctionName": "function_name",
        "Principal": {
            "Service": "events.amazonaws.com"
        },
        "Effect": "Allow",
        "Resource": "arn:$LATEST",
        "Sid": "statement0",
        "Condition": {
            "ArnLike": {
                "AWS:SourceArn":
                "arn:aws:events:us-east-1:111111111111:rule/rule_name",
            },
            "StringEquals": {
                "AWS:SourceAccount": "111111111111"
            },
        },
    }

    policy.add_statement(json.dumps(statement))
    expected.should.be.equal(policy.statements[0])

    sid = statement.get("StatementId", None)
    if sid == None:
        raise "TestCase.statement does not contain StatementId"

    policy.del_statement(sid)
    [].should.be.equal(policy.statements)