示例#1
0
 def test_can_inject_policy(self, sample_sqs_event_app):
     config = Config.create(chalice_app=sample_sqs_event_app,
                            autogen_policy=True,
                            project_dir='.')
     event_source = self.create_model_from_app(sample_sqs_event_app, config)
     role = event_source.lambda_function.role
     role.policy.document = {'Statement': []}
     injector = LambdaEventSourcePolicyInjector()
     injector.handle(config, event_source)
     assert role.policy.document == {
         'Statement': [SQS_EVENT_SOURCE_POLICY.copy()],
     }
示例#2
0
 def handle_sqseventsource(self, config, resource):
     # type: (Config, models.SQSEventSource) -> None
     # The sqs integration works by polling for
     # available records so the lambda function needs
     # permission to call sqs.
     role = resource.lambda_function.role
     if (not self._policy_injected
             and isinstance(role, models.ManagedIAMRole)
             and isinstance(role.policy, models.AutoGenIAMPolicy)
             and not isinstance(role.policy.document, models.Placeholder)):
         self._inject_trigger_policy(role.policy.document,
                                     SQS_EVENT_SOURCE_POLICY.copy())
         self._policy_injected = True
示例#3
0
 def handle_sqseventsource(self, config, resource):
     # type: (Config, models.SQSEventSource) -> None
     # The sqs integration works by polling for
     # available records so the lambda function needs
     # permission to call sqs.
     role = resource.lambda_function.role
     if (not self._policy_injected and
         isinstance(role, models.ManagedIAMRole) and
         isinstance(role.policy, models.AutoGenIAMPolicy) and
         not isinstance(role.policy.document,
                        models.Placeholder)):
         self._inject_trigger_policy(role.policy.document,
                                     SQS_EVENT_SOURCE_POLICY.copy())
         self._policy_injected = True
示例#4
0
 def handle_sqseventsource(self, config, resource):
     # type: (Config, models.SQSEventSource) -> None
     # The sqs integration works by polling for
     # available records so the lambda function needs
     # permission to call sqs.
     role = resource.lambda_function.role
     if not self._sqs_policy_injected and \
             self._needs_policy_injected(role):
         # mypy can't follow the type narrowing from
         # _needs_policy_injected so we're working around
         # that by explicitly casting the role.
         role = cast(models.ManagedIAMRole, role)
         document = cast(Dict[str, Any], role.policy.document)
         self._inject_trigger_policy(document,
                                     SQS_EVENT_SOURCE_POLICY.copy())
         self._sqs_policy_injected = True
示例#5
0
    def test_no_inject_is_already_injected(self, sample_sqs_event_app):
        @sample_sqs_event_app.on_sqs_message(queue='second-queue')
        def second_handler(event):
            pass

        config = Config.create(chalice_app=sample_sqs_event_app,
                               autogen_policy=True,
                               project_dir='.')
        builder = ApplicationGraphBuilder()
        application = builder.build(config, stage_name='dev')
        event_sources = application.resources
        role = event_sources[1].lambda_function.role
        role.policy.document = {'Statement': []}
        injector = LambdaEventSourcePolicyInjector()
        injector.handle(config, event_sources[0])
        injector.handle(config, event_sources[1])
        # Even though we have two queue handlers, we only need to
        # inject the policy once.
        assert role.policy.document == {
            'Statement': [SQS_EVENT_SOURCE_POLICY.copy()],
        }