#2546 - AWS Lambda: Add Role validation when creating functions

2019-11-07 17:11:13 +00:00 · 2019-11-07 17:11:13 +00:00 · 40aa73a12b
commit 40aa73a12b
parent 0c3d7c4f04
6 changed files with 149 additions and 50 deletions
--- a/tests/test_cloudformation/test_cloudformation_stack_crud.py
+++ b/tests/test_cloudformation/test_cloudformation_stack_crud.py
@ -4,6 +4,7 @@ import os
 import json

 import boto
+import boto.iam
 import boto.s3
 import boto.s3.key
 import boto.cloudformation
@ -20,6 +21,7 @@ from moto import (
    mock_route53_deprecated,
 )
 from moto.cloudformation import cloudformation_backends
+from moto.iam import mock_iam_deprecated

 dummy_template = {
    "AWSTemplateFormatVersion": "2010-09-09",
@ -516,7 +518,7 @@ def test_create_stack_lambda_and_dynamodb():
                    "Code": {"S3Bucket": "bucket_123", "S3Key": "key_123"},
                    "FunctionName": "func1",
                    "Handler": "handler.handler",
-                    "Role": "role1",
+                    "Role": get_role_name(),
                    "Runtime": "python2.7",
                    "Description": "descr",
                    "MemorySize": 12345,
@ -591,3 +593,12 @@ def test_create_stack_kinesis():
    stack = conn.describe_stacks()[0]
    resources = stack.list_resources()
    assert len(resources) == 1
+
+
+def get_role_name():
+    with mock_iam_deprecated():
+        iam = boto.connect_iam()
+        role = iam.create_role("my-role")["create_role_response"]["create_role_result"][
+            "role"
+        ]["arn"]
+        return role
--- a/tests/test_cloudformation/test_cloudformation_stack_integration.py
+++ b/tests/test_cloudformation/test_cloudformation_stack_integration.py
@ -1773,7 +1773,7 @@ def lambda_handler(event, context):
                    "Handler": "lambda_function.handler",
                    "Description": "Test function",
                    "MemorySize": 128,
-                    "Role": "test-role",
+                    "Role": get_role_name(),
                    "Runtime": "python2.7",
                    "Environment": {"Variables": {"TEST_ENV_KEY": "test-env-val"}},
                },
@ -1791,7 +1791,7 @@ def lambda_handler(event, context):
    result["Functions"][0]["Description"].should.equal("Test function")
    result["Functions"][0]["Handler"].should.equal("lambda_function.handler")
    result["Functions"][0]["MemorySize"].should.equal(128)
-    result["Functions"][0]["Role"].should.equal("test-role")
+    result["Functions"][0]["Role"].should.equal(get_role_name())
    result["Functions"][0]["Runtime"].should.equal("python2.7")
    result["Functions"][0]["Environment"].should.equal(
        {"Variables": {"TEST_ENV_KEY": "test-env-val"}}
@ -2311,3 +2311,12 @@ def test_stack_dynamodb_resources_integration():
    response["Item"]["Sales"].should.equal(Decimal("10"))
    response["Item"]["NumberOfSongs"].should.equal(Decimal("5"))
    response["Item"]["Album"].should.equal("myAlbum")
+
+
+def get_role_name():
+    with mock_iam_deprecated():
+        iam = boto.connect_iam()
+        role = iam.create_role("my-role")["create_role_response"]["create_role_result"][
+            "role"
+        ]["arn"]
+        return role