From 4c7eac6705bf8ec641b17277b2a9f0519f148218 Mon Sep 17 00:00:00 2001 From: Conor Maher Date: Fri, 27 May 2022 09:37:00 +0100 Subject: [PATCH] Support setting the underlying terraform aws provider role per stage --- chalice/config.py | 7 +++++++ chalice/package.py | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/chalice/config.py b/chalice/config.py index 75d800a61..175afe332 100644 --- a/chalice/config.py +++ b/chalice/config.py @@ -372,6 +372,13 @@ def reserved_concurrency(self): varies_per_chalice_stage=True, varies_per_function=True) + @property + def terraform_assume_role(self): + # type: () -> str + return self._chain_lookup('terraform_assume_role', + varies_per_chalice_stage=True, + varies_per_function=False) + def scope(self, chalice_stage, function_name): # type: (str, str) -> Config # Used to create a new config object that's scoped to a different diff --git a/chalice/package.py b/chalice/package.py index 8bc358c87..ef7bf9dae 100644 --- a/chalice/package.py +++ b/chalice/package.py @@ -822,6 +822,7 @@ def generate(self, resources): for resource in resources: self.dispatch(resource, template) + self._inject_terraform_provider(template) return template def _fref(self, lambda_function, attr='arn'): @@ -1406,6 +1407,16 @@ def _generate_domainname(self, resource, template): # type: (models.DomainName, Dict[str, Any]) -> None pass + def _inject_terraform_provider(self, template): + # type: (Dict[str, Any]) -> None + if self._config.terraform_assume_role is None: + return + provider = template.setdefault("provider", {}) + aws_provider = provider.setdefault("aws", {}) + aws_provider['assume_role'] = { + 'role_arn': self._config.terraform_assume_role + } + class AppPackager(object): def __init__(self,