How to use the chalice.deploy.models.AutoGenIAMPolicy function in chalice
To help you get started, we’ve selected a few chalice examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
aws / chalice / tests / unit / deploy / test_newdeployer.py View on Github 
assert isinstance(actual_role, models.PreCreatedIAMRole)
assert expectations['iam_role_arn'] == actual_role_arn
if actual_role_arn in roles_by_identifier:
assert roles_by_identifier[actual_role_arn] is actual_role
roles_by_identifier[actual_role_arn] = actual_role
continue
actual_name = actual_role.role_name
assert expectations['name'] == actual_name
if actual_name in roles_by_identifier:
assert roles_by_identifier[actual_name] is actual_role
roles_by_identifier[actual_name] = actual_role
is_autogenerated = expectations.get('autogenerated', False)
policy_file = expectations.get('policy_file')
if is_autogenerated:
assert isinstance(actual_role, models.ManagedIAMRole)
assert isinstance(actual_role.policy, models.AutoGenIAMPolicy)
if policy_file is not None and not is_autogenerated:
assert isinstance(actual_role, models.ManagedIAMRole)
assert isinstance(actual_role.policy,
models.FileBasedIAMPolicy)
assert actual_role.policy.filename == os.path.join(
'.', '.chalice', expectations['policy_file'])def test_autogen_policy_for_function(self, lambda_app):
# This test is just a sanity test that verifies all the params
# for an ManagedIAMRole. The various combinations for role
# configuration is all tested via RoleTestCase.
config = self.create_config(lambda_app, autogen_policy=True)
builder = ApplicationGraphBuilder()
application = builder.build(config, stage_name='dev')
function = application.resources[0]
role = function.role
# We should have linked a ManagedIAMRole
assert isinstance(role, models.ManagedIAMRole)
assert role == models.ManagedIAMRole(
resource_name='default-role',
role_name='lambda-only-dev',
trust_policy=LAMBDA_TRUST_POLICY,
policy=models.AutoGenIAMPolicy(models.Placeholder.BUILD_STAGE),
)def test_vpc_trait_added_when_vpc_configured(self, lambda_app):
@lambda_app.lambda_function()
def foo(event, context):
pass
builder = ApplicationGraphBuilder()
config = self.create_config(lambda_app,
autogen_policy=True,
security_group_ids=['sg1', 'sg2'],
subnet_ids=['sn1', 'sn2'])
application = builder.build(config, stage_name='dev')
policy = application.resources[0].role.policy
assert policy == models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE,
traits=set([models.RoleTraits.VPC_NEEDED]),
)def test_can_plan_for_iam_role_creation(self):
self.remote_state.declare_no_resources_exists()
resource = models.ManagedIAMRole(
resource_name='default-role',
role_name='myrole',
trust_policy={'trust': 'policy'},
policy=models.AutoGenIAMPolicy(document={'iam': 'policy'}),
)
plan = self.determine_plan(resource)
expected = models.APICall(
method_name='create_role',
params={'name': 'myrole',
'trust_policy': {'trust': 'policy'},
'policy': {'iam': 'policy'}},
)
self.assert_apicall_equals(plan[0], expected)
assert list(self.last_plan.messages.values()) == [
'Creating IAM role: myrole\n'
]def test_managed_iam_role(self):
role = models.ManagedIAMRole(
resource_name='default_role',
role_name='app-dev',
trust_policy=LAMBDA_TRUST_POLICY,
policy=models.AutoGenIAMPolicy(document={'iam': 'policy'}),
)
template = self.template_gen.generate([role])
resources = template['Resources']
assert len(resources) == 1
cfn_role = resources['DefaultRole']
assert cfn_role['Type'] == 'AWS::IAM::Role'
assert cfn_role['Properties']['Policies'] == [
{'PolicyName': 'DefaultRolePolicy',
'PolicyDocument': {'iam': 'policy'}}
]
# Ensure the RoleName is not in the resource properties
# so we don't require CAPABILITY_NAMED_IAM.
assert 'RoleName' not in cfn_role['Properties']def test_invokes_policy_generator(self):
generator = mock.Mock(spec=AppPolicyGenerator)
generator.generate_policy.return_value = {'policy': 'doc'}
policy = models.AutoGenIAMPolicy(models.Placeholder.BUILD_STAGE)
config = Config.create()
p = PolicyGenerator(generator)
p.handle(config, policy)
assert policy.document == {'policy': 'doc'}def test_can_update_managed_role(self):
role = models.ManagedIAMRole(
resource_name='resource_name',
role_name='myrole',
trust_policy={},
policy=models.AutoGenIAMPolicy(document={'role': 'policy'}),
)
self.remote_state.declare_resource_exists(
role, role_arn='myrole:arn')
plan = self.determine_plan(role)
assert plan[0] == models.StoreValue(
name='myrole_role_arn', value='myrole:arn')
self.assert_apicall_equals(
plan[1],
models.APICall(
method_name='put_role_policy',
params={'role_name': 'myrole',
'policy_name': 'myrole',
'policy_document': {'role': 'policy'}},
)
)
assert plan[-2].variable_name == 'myrole_role_arn'def test_dynamically_lookup_iam_role(self):
remote_state = RemoteState(
self.client, DeployedResources({'resources': [
{'name': 'rest_api', 'rest_api_id': 'foo'}]})
)
resource = models.ManagedIAMRole(
resource_name='default-role',
role_name='myrole',
trust_policy={'trust': 'policy'},
policy=models.AutoGenIAMPolicy(document={'iam': 'policy'}),
)
self.client.get_role_arn_for_name.return_value = 'my-role-arn'
values = remote_state.resource_deployed_values(resource)
assert values == {
'name': 'default-role',
'resource_type': 'iam_role',
'role_arn': 'my-role-arn',
'role_name': 'myrole'
}resource_name = 'role-%s' % function_name
role_name = '%s-%s-%s' % (config.app_name, stage_name,
function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir,
'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(filename=filename)
else:
resource_name = 'default-role'
role_name = '%s-%s' % (config.app_name, stage_name)
policy = models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE)
return models.ManagedIAMRole(
resource_name=resource_name,
role_name=role_name,
trust_policy=LAMBDA_TRUST_POLICY,
policy=policy,
)role_name = '%s-%s-%s' % (config.app_name, stage_name,
function_name)
if config.iam_policy_file is not None:
filename = os.path.join(config.project_dir,
'.chalice',
config.iam_policy_file)
else:
filename = os.path.join(config.project_dir,
'.chalice',
'policy-%s.json' % stage_name)
policy = models.FileBasedIAMPolicy(
filename=filename, document=models.Placeholder.BUILD_STAGE)
else:
resource_name = 'default-role'
role_name = '%s-%s' % (config.app_name, stage_name)
policy = models.AutoGenIAMPolicy(
document=models.Placeholder.BUILD_STAGE,
traits=set([]),
)
return models.ManagedIAMRole(
resource_name=resource_name,
role_name=role_name,
trust_policy=LAMBDA_TRUST_POLICY,
policy=policy,
)
Popular chalice functions
- chalice.app.Chalice
- chalice.awsclient.TypedAWSClient
- chalice.BadRequestError
- chalice.Chalice
- chalice.ChaliceViewError
- chalice.cli.factory.CLIFactory
- chalice.config.Config
- chalice.config.Config.create
- chalice.deploy.deployer.ApplicationGraphBuilder
- chalice.deploy.models
- chalice.deploy.models.APICall
- chalice.deploy.models.AutoGenIAMPolicy
- chalice.deploy.models.LambdaFunction
- chalice.deploy.models.ManagedIAMRole
- chalice.deploy.models.PreCreatedIAMRole
- chalice.deploy.models.RestAPI
- chalice.deploy.planner.Variable
- chalice.Response
- chalice.utils.OSUtils
- chalice.utils.UI