moto/tests/test_awslambda/test_lambda_policy.py

import json
from uuid import uuid4

import boto3
import pytest
from botocore.exceptions import ClientError

from moto import mock_lambda, mock_s3
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID

from .utilities import get_role_name, get_test_zip_file1, get_test_zip_file2

PYTHON_VERSION = "python3.11"
_lambda_region = "us-west-2"
boto3.setup_default_session(region_name=_lambda_region)


@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
@mock_lambda
def test_add_function_permission(key):
    """
    Parametrized to ensure that we can add permission by using the FunctionName and the FunctionArn
    """
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    f = conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=(get_role_name()),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
    )
    name_or_arn = f[key]

    response = conn.add_permission(
        FunctionName=name_or_arn,
        StatementId="1",
        Action="lambda:InvokeFunction",
        Principal="432143214321",
        SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",
    )
    assert "Statement" in response
    res = json.loads(response["Statement"])
    assert res["Action"] == "lambda:InvokeFunction"
    assert res["Condition"] == {
        "ArnLike": {
            "AWS:SourceArn": "arn:aws:lambda:us-west-2:account-id:function:helloworld"
        }
    }


@mock_lambda
def test_add_permission_with_principalorgid():
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    fn_arn = conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=(get_role_name()),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
    )["FunctionArn"]

    source_arn = "arn:aws:lambda:us-west-2:account-id:function:helloworld"
    response = conn.add_permission(
        FunctionName=fn_arn,
        StatementId="1",
        Action="lambda:InvokeFunction",
        Principal="432143214321",
        PrincipalOrgID="o-a1b2c3d4e5",
        SourceArn=source_arn,
    )
    assert "Statement" in response
    res = json.loads(response["Statement"])

    assert res["Condition"]["StringEquals"] == {"aws:PrincipalOrgID": "o-a1b2c3d4e5"}
    assert res["Condition"]["ArnLike"] == {"AWS:SourceArn": source_arn}
    assert "PrincipalOrgID" not in res


@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
@mock_lambda
def test_get_function_policy(key):
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    f = conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=get_role_name(),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
        Description="test lambda function",
        Timeout=3,
        MemorySize=128,
        Publish=True,
    )
    name_or_arn = f[key]

    conn.add_permission(
        FunctionName=name_or_arn,
        StatementId="2",
        Action="lambda:InvokeFunction",
        Principal="lambda.amazonaws.com",
        SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",
    )

    response = conn.get_policy(FunctionName=name_or_arn)

    assert "Policy" in response
    res = json.loads(response["Policy"])
    assert res["Statement"][0]["Action"] == "lambda:InvokeFunction"
    assert res["Statement"][0]["Principal"] == {"Service": "lambda.amazonaws.com"}
    assert (
        res["Statement"][0]["Resource"]
        == f"arn:aws:lambda:us-west-2:123456789012:function:{function_name}"
    )


@mock_lambda
def test_get_policy_with_qualifier():
    # assert that the resource within the statement ends with :qualifier
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=get_role_name(),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
        Description="test lambda function",
        Timeout=3,
        MemorySize=128,
        Publish=True,
    )

    zip_content_two = get_test_zip_file2()

    conn.update_function_code(
        FunctionName=function_name, ZipFile=zip_content_two, Publish=True
    )

    conn.add_permission(
        FunctionName=function_name,
        StatementId="1",
        Action="lambda:InvokeFunction",
        Principal="lambda.amazonaws.com",
        SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",
        Qualifier="2",
    )

    response = conn.get_policy(FunctionName=function_name, Qualifier="2")

    assert "Policy" in response
    res = json.loads(response["Policy"])
    assert res["Statement"][0]["Action"] == "lambda:InvokeFunction"
    assert res["Statement"][0]["Principal"] == {"Service": "lambda.amazonaws.com"}
    assert (
        res["Statement"][0]["Resource"]
        == f"arn:aws:lambda:us-west-2:123456789012:function:{function_name}:2"
    )


@mock_lambda
def test_add_permission_with_unknown_qualifier():
    # assert that the resource within the statement ends with :qualifier
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=get_role_name(),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
        Description="test lambda function",
        Timeout=3,
        MemorySize=128,
        Publish=True,
    )

    with pytest.raises(ClientError) as exc:
        conn.add_permission(
            FunctionName=function_name,
            StatementId="2",
            Action="lambda:InvokeFunction",
            Principal="lambda.amazonaws.com",
            SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",
            Qualifier="5",
        )
    err = exc.value.response["Error"]
    assert err["Code"] == "ResourceNotFoundException"
    assert (
        err["Message"]
        == f"Function not found: arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:{function_name}:5"
    )


@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
@mock_lambda
def test_remove_function_permission(key):
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    f = conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=(get_role_name()),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
    )
    name_or_arn = f[key]

    conn.add_permission(
        FunctionName=name_or_arn,
        StatementId="1",
        Action="lambda:InvokeFunction",
        Principal="432143214321",
        SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",
    )

    remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1")
    assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
    policy = conn.get_policy(FunctionName=name_or_arn)["Policy"]
    policy = json.loads(policy)
    assert policy["Statement"] == []


@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
@mock_lambda
def test_remove_function_permission__with_qualifier(key):
    conn = boto3.client("lambda", _lambda_region)
    zip_content = get_test_zip_file1()
    function_name = str(uuid4())[0:6]
    f = conn.create_function(
        FunctionName=function_name,
        Runtime=PYTHON_VERSION,
        Role=(get_role_name()),
        Handler="lambda_function.handler",
        Code={"ZipFile": zip_content},
        Description="test lambda function",
        Timeout=3,
        MemorySize=128,
        Publish=True,
    )
    name_or_arn = f[key]

    # Ensure Qualifier=2 exists
    zip_content_two = get_test_zip_file2()
    conn.update_function_code(
        FunctionName=function_name, ZipFile=zip_content_two, Publish=True
    )

    conn.add_permission(
        FunctionName=name_or_arn,
        StatementId="1",
        Action="lambda:InvokeFunction",
        Principal="432143214321",
        SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",
        SourceAccount="123412341234",
        EventSourceToken="blah",
        Qualifier="2",
    )

    remove = conn.remove_permission(
        FunctionName=name_or_arn, StatementId="1", Qualifier="2"
    )
    assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
    policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"]
    policy = json.loads(policy)
    assert policy["Statement"] == []


@mock_lambda
@mock_s3
def test_get_unknown_policy():
    conn = boto3.client("lambda", _lambda_region)

    with pytest.raises(ClientError) as exc:
        conn.get_policy(FunctionName="unknown")
    err = exc.value.response["Error"]
    assert err["Code"] == "ResourceNotFoundException"
    assert (
        err["Message"]
        == "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown"
    )
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`import json`
Admin: sorting imports with ruff (#7075) 2023-11-30 07:55:51 -08:00			`from uuid import uuid4`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00
Admin: sorting imports with ruff (#7075) 2023-11-30 07:55:51 -08:00			`import boto3`
			`import pytest`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`from botocore.exceptions import ClientError`
Admin: sorting imports with ruff (#7075) 2023-11-30 07:55:51 -08:00
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`from moto import mock_lambda, mock_s3`
MultiAccount support (#5192) 2022-08-13 09:49:43 +00:00			`from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID`
Admin: sorting imports with ruff (#7075) 2023-11-30 07:55:51 -08:00
AWSLambda: Only publish functions when source has changed (#5734) 2022-12-05 09:31:20 -01:00			`from .utilities import get_role_name, get_test_zip_file1, get_test_zip_file2`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`PYTHON_VERSION = "python3.11"`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`_lambda_region = "us-west-2"`
			`boto3.setup_default_session(region_name=_lambda_region)`


			`@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])`
			`@mock_lambda`
			`def test_add_function_permission(key):`
			`"""`
			`Parametrized to ensure that we can add permission by using the FunctionName and the FunctionArn`
			`"""`
			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`f = conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`Role=(get_role_name()),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`)`
			`name_or_arn = f[key]`

			`response = conn.add_permission(`
			`FunctionName=name_or_arn,`
			`StatementId="1",`
			`Action="lambda:InvokeFunction",`
			`Principal="432143214321",`
			`SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",`
			`)`
			`assert "Statement" in response`
			`res = json.loads(response["Statement"])`
			`assert res["Action"] == "lambda:InvokeFunction"`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert res["Condition"] == {`
			`"ArnLike": {`
			`"AWS:SourceArn": "arn:aws:lambda:us-west-2:account-id:function:helloworld"`
AWSLambda:add_permission() now properly handles the PrincipalOrgID-parameter (#5511) 2022-10-01 21:08:20 +00:00			`}`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`}`
AWSLambda:add_permission() now properly handles the PrincipalOrgID-parameter (#5511) 2022-10-01 21:08:20 +00:00

			`@mock_lambda`
			`def test_add_permission_with_principalorgid():`
			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`fn_arn = conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
AWSLambda:add_permission() now properly handles the PrincipalOrgID-parameter (#5511) 2022-10-01 21:08:20 +00:00			`Role=(get_role_name()),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`)["FunctionArn"]`

			`source_arn = "arn:aws:lambda:us-west-2:account-id:function:helloworld"`
			`response = conn.add_permission(`
			`FunctionName=fn_arn,`
			`StatementId="1",`
			`Action="lambda:InvokeFunction",`
			`Principal="432143214321",`
			`PrincipalOrgID="o-a1b2c3d4e5",`
			`SourceArn=source_arn,`
			`)`
			`assert "Statement" in response`
			`res = json.loads(response["Statement"])`

Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert res["Condition"]["StringEquals"] == {"aws:PrincipalOrgID": "o-a1b2c3d4e5"}`
			`assert res["Condition"]["ArnLike"] == {"AWS:SourceArn": source_arn}`
			`assert "PrincipalOrgID" not in res`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00

			`@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])`
			`@mock_lambda`
			`def test_get_function_policy(key):`
			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`f = conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`Role=get_role_name(),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`Description="test lambda function",`
			`Timeout=3,`
			`MemorySize=128,`
			`Publish=True,`
			`)`
			`name_or_arn = f[key]`

			`conn.add_permission(`
			`FunctionName=name_or_arn,`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`StatementId="2",`
			`Action="lambda:InvokeFunction",`
			`Principal="lambda.amazonaws.com",`
			`SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",`
			`)`

			`response = conn.get_policy(FunctionName=name_or_arn)`

			`assert "Policy" in response`
			`res = json.loads(response["Policy"])`
			`assert res["Statement"][0]["Action"] == "lambda:InvokeFunction"`
			`assert res["Statement"][0]["Principal"] == {"Service": "lambda.amazonaws.com"}`
			`assert (`
			`res["Statement"][0]["Resource"]`
			`== f"arn:aws:lambda:us-west-2:123456789012:function:{function_name}"`
			`)`


			`@mock_lambda`
			`def test_get_policy_with_qualifier():`
			`# assert that the resource within the statement ends with :qualifier`
			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`Role=get_role_name(),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`Description="test lambda function",`
			`Timeout=3,`
			`MemorySize=128,`
			`Publish=True,`
			`)`

AWSLambda: Only publish functions when source has changed (#5734) 2022-12-05 09:31:20 -01:00			`zip_content_two = get_test_zip_file2()`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00
			`conn.update_function_code(`
			`FunctionName=function_name, ZipFile=zip_content_two, Publish=True`
			`)`

			`conn.add_permission(`
			`FunctionName=function_name,`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`StatementId="1",`
			`Action="lambda:InvokeFunction",`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`Principal="lambda.amazonaws.com",`
			`SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`Qualifier="2",`
			`)`

AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`response = conn.get_policy(FunctionName=function_name, Qualifier="2")`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00
			`assert "Policy" in response`
			`res = json.loads(response["Policy"])`
			`assert res["Statement"][0]["Action"] == "lambda:InvokeFunction"`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`assert res["Statement"][0]["Principal"] == {"Service": "lambda.amazonaws.com"}`
			`assert (`
			`res["Statement"][0]["Resource"]`
			`== f"arn:aws:lambda:us-west-2:123456789012:function:{function_name}:2"`
			`)`


			`@mock_lambda`
			`def test_add_permission_with_unknown_qualifier():`
			`# assert that the resource within the statement ends with :qualifier`
			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`Role=get_role_name(),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`Description="test lambda function",`
			`Timeout=3,`
			`MemorySize=128,`
			`Publish=True,`
			`)`

			`with pytest.raises(ClientError) as exc:`
			`conn.add_permission(`
			`FunctionName=function_name,`
			`StatementId="2",`
			`Action="lambda:InvokeFunction",`
			`Principal="lambda.amazonaws.com",`
			`SourceArn=f"arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:helloworld",`
			`Qualifier="5",`
			`)`
			`err = exc.value.response["Error"]`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert err["Code"] == "ResourceNotFoundException"`
			`assert (`
			`err["Message"]`
			`== f"Function not found: arn:aws:lambda:us-west-2:{ACCOUNT_ID}:function:{function_name}:5"`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`)`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00

			`@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])`
			`@mock_lambda`
			`def test_remove_function_permission(key):`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`f = conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`Role=(get_role_name()),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`)`
			`name_or_arn = f[key]`

			`conn.add_permission(`
			`FunctionName=name_or_arn,`
			`StatementId="1",`
			`Action="lambda:InvokeFunction",`
			`Principal="432143214321",`
			`SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",`
			`)`

			`remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1")`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`policy = conn.get_policy(FunctionName=name_or_arn)["Policy"]`
			`policy = json.loads(policy)`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert policy["Statement"] == []`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00

			`@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])`
			`@mock_lambda`
			`def test_remove_function_permission__with_qualifier(key):`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`conn = boto3.client("lambda", _lambda_region)`
			`zip_content = get_test_zip_file1()`
			`function_name = str(uuid4())[0:6]`
			`f = conn.create_function(`
			`FunctionName=function_name,`
Techdebt: Streamline AWSLambda/Docker tests (#6735) 2023-08-31 06:47:49 +00:00			`Runtime=PYTHON_VERSION,`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`Role=(get_role_name()),`
			`Handler="lambda_function.handler",`
			`Code={"ZipFile": zip_content},`
			`Description="test lambda function",`
			`Timeout=3,`
			`MemorySize=128,`
			`Publish=True,`
			`)`
			`name_or_arn = f[key]`

AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`# Ensure Qualifier=2 exists`
AWSLambda: Only publish functions when source has changed (#5734) 2022-12-05 09:31:20 -01:00			`zip_content_two = get_test_zip_file2()`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`conn.update_function_code(`
			`FunctionName=function_name, ZipFile=zip_content_two, Publish=True`
			`)`

Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`conn.add_permission(`
			`FunctionName=name_or_arn,`
			`StatementId="1",`
			`Action="lambda:InvokeFunction",`
			`Principal="432143214321",`
			`SourceArn="arn:aws:lambda:us-west-2:account-id:function:helloworld",`
			`SourceAccount="123412341234",`
			`EventSourceToken="blah",`
			`Qualifier="2",`
			`)`

			`remove = conn.remove_permission(`
			`FunctionName=name_or_arn, StatementId="1", Qualifier="2"`
			`)`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00			`policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"]`
			`policy = json.loads(policy)`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert policy["Statement"] == []`
Improvements: AWSLambda (#4943) 2022-03-17 11:32:31 -01:00

			`@mock_lambda`
			`@mock_s3`
			`def test_get_unknown_policy():`
			`conn = boto3.client("lambda", _lambda_region)`

			`with pytest.raises(ClientError) as exc:`
			`conn.get_policy(FunctionName="unknown")`
			`err = exc.value.response["Error"]`
Techdebt: Replace sure with regular asserts in AWSLambda tests (#6393) 2023-06-11 18:44:30 +00:00			`assert err["Code"] == "ResourceNotFoundException"`
			`assert (`
			`err["Message"]`
			`== "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown"`
AWSLambda - Policy improvements (#4949) 2022-03-19 12:00:39 -01:00			`)`