Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: Support new CodeDeploy ManagedPolicy (#1858)
* fix: Support new CodeDeploy MangedPolicy in regions without AWSCodeDeployRoleForLambda CodeDeploy is migrating from AWSCodeDeployRoleForLambda to AWSCodeDeployRoleForLambdaLimited. Some partitions do not support AWSCodeDeployRoleForLambda and therefore we need to use the newer one in those partitions. We cannot widely update to AWSCodeDeployRoleForLambdaLimited since this can cause customer's stacks to fail unexpectedly. * Forgot to commit unit tests * Handle PR feedback Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com>
- Loading branch information
Showing
6 changed files
with
151 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
tests/unit/model/preferences/test_deployment_preference_collection.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
from unittest import TestCase | ||
|
||
from mock import patch | ||
from parameterized import parameterized | ||
|
||
from samtranslator.model.preferences.deployment_preference_collection import DeploymentPreferenceCollection | ||
|
||
|
||
class TestDeploymentPreferenceCollection(TestCase): | ||
@parameterized.expand( | ||
[ | ||
["aws-iso"], | ||
["aws-iso-b"], | ||
] | ||
) | ||
def test_codedeploy_iam_role_contains_AWSCodeDeployRoleForLambdaLimited_managedpolicy(self, partition): | ||
|
||
with patch( | ||
"samtranslator.translator.arn_generator.ArnGenerator.get_partition_name" | ||
) as get_partition_name_patch: | ||
get_partition_name_patch.return_value = partition | ||
|
||
iam_role = DeploymentPreferenceCollection().codedeploy_iam_role | ||
|
||
self.assertIn( | ||
"arn:{}:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited".format(partition), | ||
iam_role.ManagedPolicyArns, | ||
) | ||
|
||
@parameterized.expand( | ||
[ | ||
["aws"], | ||
["aws-cn"], | ||
["aws-us-gov"], | ||
] | ||
) | ||
def test_codedeploy_iam_role_contains_AWSCodeDeployRoleForLambda_managedpolicy(self, partition): | ||
|
||
with patch( | ||
"samtranslator.translator.arn_generator.ArnGenerator.get_partition_name" | ||
) as get_partition_name_patch: | ||
get_partition_name_patch.return_value = partition | ||
|
||
iam_role = DeploymentPreferenceCollection().codedeploy_iam_role | ||
|
||
self.assertIn( | ||
"arn:{}:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda".format(partition), | ||
iam_role.ManagedPolicyArns, | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
from unittest import TestCase | ||
|
||
from mock import patch | ||
from parameterized import parameterized | ||
|
||
from samtranslator.region_configuration import RegionConfiguration | ||
|
||
|
||
class TestRegionConfiguration(TestCase): | ||
@parameterized.expand( | ||
[ | ||
["aws"], | ||
] | ||
) | ||
def test_when_apigw_edge_configuration_supported(self, partition): | ||
|
||
with patch( | ||
"samtranslator.translator.arn_generator.ArnGenerator.get_partition_name" | ||
) as get_partition_name_patch: | ||
get_partition_name_patch.return_value = partition | ||
|
||
self.assertTrue(RegionConfiguration.is_apigw_edge_configuration_supported()) | ||
|
||
@parameterized.expand( | ||
[ | ||
["aws-cn"], | ||
["aws-us-gov"], | ||
["aws-iso"], | ||
["aws-iso-b"], | ||
] | ||
) | ||
def test_when_apigw_edge_configuration_is_not_supported(self, partition): | ||
with patch( | ||
"samtranslator.translator.arn_generator.ArnGenerator.get_partition_name" | ||
) as get_partition_name_patch: | ||
get_partition_name_patch.return_value = partition | ||
|
||
self.assertFalse(RegionConfiguration.is_apigw_edge_configuration_supported()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
from unittest import TestCase | ||
|
||
from mock import patch | ||
from parameterized import parameterized | ||
|
||
from samtranslator.translator.arn_generator import ArnGenerator | ||
|
||
|
||
class TestArnGenerator(TestCase): | ||
@parameterized.expand( | ||
[ | ||
["us-east-1", "aws"], | ||
["eu-west-1", "aws"], | ||
["cn-north-1", "aws-cn"], | ||
["us-gov-west-1", "aws-us-gov"], | ||
["us-iso-east-1", "aws-iso"], | ||
["us-isob-east-1", "aws-iso-b"], | ||
] | ||
) | ||
def test_get_partition_name(self, region, expected_partition): | ||
self.assertEqual(expected_partition, ArnGenerator.get_partition_name(region=region)) | ||
|
||
@parameterized.expand( | ||
[ | ||
["us-east-1", "aws"], | ||
["eu-west-1", "aws"], | ||
["cn-north-1", "aws-cn"], | ||
["us-gov-west-1", "aws-us-gov"], | ||
["us-iso-east-1", "aws-iso"], | ||
["us-isob-east-1", "aws-iso-b"], | ||
] | ||
) | ||
def test_get_partition_name_when_region_not_provided(self, region, expected_partition): | ||
with patch("boto3.session.Session.region_name", region): | ||
self.assertEqual(expected_partition, ArnGenerator.get_partition_name()) |