def _create_role_reference(self, config, stage_name, function_name): # type: (Config, str, str) -> models.IAMRole # First option, the user doesn't want us to manage # the role at all. if not config.manage_iam_role: # We've already validated the iam_role_arn is provided # if manage_iam_role is set to False. return models.PreCreatedIAMRole(role_arn=config.iam_role_arn, ) policy = models.IAMPolicy(document=models.Placeholder.BUILD_STAGE) if not config.autogen_policy: resource_name = '%s_role' % function_name role_name = '%s-%s-%s' % (config.app_name, stage_name, function_name) if config.iam_policy_file is not None: filename = os.path.join(config.project_dir, '.chalice', config.iam_policy_file) else: filename = os.path.join(config.project_dir, '.chalice', 'policy-%s.json' % stage_name) policy = models.FileBasedIAMPolicy( filename=filename, document=models.Placeholder.BUILD_STAGE) else: resource_name = 'default-role' role_name = '%s-%s' % (config.app_name, stage_name) policy = models.AutoGenIAMPolicy( document=models.Placeholder.BUILD_STAGE) return models.ManagedIAMRole( resource_name=resource_name, role_name=role_name, trust_policy=LAMBDA_TRUST_POLICY, policy=policy, )
def _create_rest_api_model( self, config, # type: Config deployment, # type: models.DeploymentPackage stage_name, # type: str ): # type: (...) -> models.RestAPI # Need to mess with the function name for back-compat. lambda_function = self._create_lambda_model(config=config, deployment=deployment, name='api_handler', handler_name='app.app', stage_name=stage_name) # For backwards compatibility with the old deployer, the # lambda function for the API handler doesn't have the # resource_name appended to its complete function_name, # it's just <app>-<stage>. function_name = '%s-%s' % (config.app_name, config.chalice_stage) lambda_function.function_name = function_name if config.minimum_compression_size is None: minimum_compression = '' else: minimum_compression = str(config.minimum_compression_size) authorizers = [] for auth in config.chalice_app.builtin_auth_handlers: auth_lambda = self._create_lambda_model( config=config, deployment=deployment, name=auth.name, handler_name=auth.handler_string, stage_name=stage_name, ) authorizers.append(auth_lambda) policy = None policy_path = config.api_gateway_policy_file if (config.api_gateway_endpoint_type == 'PRIVATE' and not policy_path): policy = models.IAMPolicy( document=self._get_default_private_api_policy(config)) elif policy_path: policy = models.FileBasedIAMPolicy( document=models.Placeholder.BUILD_STAGE, filename=os.path.join(config.project_dir, '.chalice', policy_path)) return models.RestAPI(resource_name='rest_api', swagger_doc=models.Placeholder.BUILD_STAGE, endpoint_type=config.api_gateway_endpoint_type, minimum_compression=minimum_compression, api_gateway_stage=config.api_gateway_stage, lambda_function=lambda_function, authorizers=authorizers, policy=policy)