Lambda: throw error on empty resource policy (#7491)

This commit is contained in:
rafcio19 2024-03-19 22:49:46 +01:00 committed by GitHub
parent 565d2bb251
commit 009d0191f9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 47 additions and 9 deletions

View File

@ -64,7 +64,7 @@ class UnknownFunctionException(LambdaClientError):
super().__init__("ResourceNotFoundException", f"Function not found: {arn}") super().__init__("ResourceNotFoundException", f"Function not found: {arn}")
class FunctionUrlConfigNotFound(LambdaClientError): class GenericResourcNotFound(LambdaClientError):
code = 404 code = 404
def __init__(self) -> None: def __init__(self) -> None:

View File

@ -45,7 +45,7 @@ from moto.utilities.utils import load_resource_as_bytes
from .exceptions import ( from .exceptions import (
ConflictException, ConflictException,
CrossAccountNotAllowed, CrossAccountNotAllowed,
FunctionUrlConfigNotFound, GenericResourcNotFound,
InvalidParameterValueException, InvalidParameterValueException,
InvalidRoleFormat, InvalidRoleFormat,
UnknownAliasException, UnknownAliasException,
@ -1216,7 +1216,7 @@ class LambdaFunction(CloudFormationModel, DockerModel):
def get_url_config(self) -> "FunctionUrlConfig": def get_url_config(self) -> "FunctionUrlConfig":
if not self.url_config: if not self.url_config:
raise FunctionUrlConfigNotFound() raise GenericResourcNotFound()
return self.url_config return self.url_config
def update_url_config(self, config: Dict[str, Any]) -> "FunctionUrlConfig": def update_url_config(self, config: Dict[str, Any]) -> "FunctionUrlConfig":

View File

@ -2,6 +2,7 @@ import json
from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional, TypeVar from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional, TypeVar
from moto.awslambda.exceptions import ( from moto.awslambda.exceptions import (
GenericResourcNotFound,
PreconditionFailedException, PreconditionFailedException,
UnknownPolicyException, UnknownPolicyException,
) )
@ -26,6 +27,8 @@ class Policy:
return json.dumps(p) return json.dumps(p)
def get_policy(self) -> Dict[str, Any]: def get_policy(self) -> Dict[str, Any]:
if not self.statements:
raise GenericResourcNotFound()
return { return {
"Policy": { "Policy": {
"Version": "2012-10-17", "Version": "2012-10-17",

View File

@ -230,9 +230,13 @@ def test_remove_function_permission(key):
remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1") remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1")
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204 assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
policy = conn.get_policy(FunctionName=name_or_arn)["Policy"]
policy = json.loads(policy) with pytest.raises(ClientError) as exc:
assert policy["Statement"] == [] conn.get_policy(FunctionName=name_or_arn)["Policy"]
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == "The resource you requested does not exist."
@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"]) @pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
@ -275,9 +279,12 @@ def test_remove_function_permission__with_qualifier(key):
FunctionName=name_or_arn, StatementId="1", Qualifier="2" FunctionName=name_or_arn, StatementId="1", Qualifier="2"
) )
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204 assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"] with pytest.raises(ClientError) as exc:
policy = json.loads(policy) conn.get_policy(FunctionName=name_or_arn, Qualifier="2")
assert policy["Statement"] == []
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == "The resource you requested does not exist."
@mock_aws @mock_aws
@ -292,3 +299,31 @@ def test_get_unknown_policy():
err["Message"] err["Message"]
== "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown" == "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown"
) )
@mock_aws
def test_policy_error_if_blank_resource_policy():
# Setup
conn = boto3.client("lambda", _lambda_region)
zip_content = get_test_zip_file1()
function_name = str(uuid4())[0:6]
conn.create_function(
FunctionName=function_name,
Runtime=PYTHON_VERSION,
Role=(get_role_name()),
Handler="lambda_function.handler",
Code={"ZipFile": zip_content},
Description="test lambda function",
Timeout=3,
MemorySize=128,
Publish=True,
)
# Execute
with pytest.raises(ClientError) as exc:
conn.get_policy(FunctionName=function_name)
# Verify
err = exc.value.response["Error"]
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == "The resource you requested does not exist."