Lambda: throw error on empty resource policy (#7491)
This commit is contained in:
parent
565d2bb251
commit
009d0191f9
@ -64,7 +64,7 @@ class UnknownFunctionException(LambdaClientError):
|
|||||||
super().__init__("ResourceNotFoundException", f"Function not found: {arn}")
|
super().__init__("ResourceNotFoundException", f"Function not found: {arn}")
|
||||||
|
|
||||||
|
|
||||||
class FunctionUrlConfigNotFound(LambdaClientError):
|
class GenericResourcNotFound(LambdaClientError):
|
||||||
code = 404
|
code = 404
|
||||||
|
|
||||||
def __init__(self) -> None:
|
def __init__(self) -> None:
|
||||||
|
@ -45,7 +45,7 @@ from moto.utilities.utils import load_resource_as_bytes
|
|||||||
from .exceptions import (
|
from .exceptions import (
|
||||||
ConflictException,
|
ConflictException,
|
||||||
CrossAccountNotAllowed,
|
CrossAccountNotAllowed,
|
||||||
FunctionUrlConfigNotFound,
|
GenericResourcNotFound,
|
||||||
InvalidParameterValueException,
|
InvalidParameterValueException,
|
||||||
InvalidRoleFormat,
|
InvalidRoleFormat,
|
||||||
UnknownAliasException,
|
UnknownAliasException,
|
||||||
@ -1216,7 +1216,7 @@ class LambdaFunction(CloudFormationModel, DockerModel):
|
|||||||
|
|
||||||
def get_url_config(self) -> "FunctionUrlConfig":
|
def get_url_config(self) -> "FunctionUrlConfig":
|
||||||
if not self.url_config:
|
if not self.url_config:
|
||||||
raise FunctionUrlConfigNotFound()
|
raise GenericResourcNotFound()
|
||||||
return self.url_config
|
return self.url_config
|
||||||
|
|
||||||
def update_url_config(self, config: Dict[str, Any]) -> "FunctionUrlConfig":
|
def update_url_config(self, config: Dict[str, Any]) -> "FunctionUrlConfig":
|
||||||
|
@ -2,6 +2,7 @@ import json
|
|||||||
from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional, TypeVar
|
from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional, TypeVar
|
||||||
|
|
||||||
from moto.awslambda.exceptions import (
|
from moto.awslambda.exceptions import (
|
||||||
|
GenericResourcNotFound,
|
||||||
PreconditionFailedException,
|
PreconditionFailedException,
|
||||||
UnknownPolicyException,
|
UnknownPolicyException,
|
||||||
)
|
)
|
||||||
@ -26,6 +27,8 @@ class Policy:
|
|||||||
return json.dumps(p)
|
return json.dumps(p)
|
||||||
|
|
||||||
def get_policy(self) -> Dict[str, Any]:
|
def get_policy(self) -> Dict[str, Any]:
|
||||||
|
if not self.statements:
|
||||||
|
raise GenericResourcNotFound()
|
||||||
return {
|
return {
|
||||||
"Policy": {
|
"Policy": {
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
|
@ -230,9 +230,13 @@ def test_remove_function_permission(key):
|
|||||||
|
|
||||||
remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1")
|
remove = conn.remove_permission(FunctionName=name_or_arn, StatementId="1")
|
||||||
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
|
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
|
||||||
policy = conn.get_policy(FunctionName=name_or_arn)["Policy"]
|
|
||||||
policy = json.loads(policy)
|
with pytest.raises(ClientError) as exc:
|
||||||
assert policy["Statement"] == []
|
conn.get_policy(FunctionName=name_or_arn)["Policy"]
|
||||||
|
|
||||||
|
err = exc.value.response["Error"]
|
||||||
|
assert err["Code"] == "ResourceNotFoundException"
|
||||||
|
assert err["Message"] == "The resource you requested does not exist."
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
|
@pytest.mark.parametrize("key", ["FunctionName", "FunctionArn"])
|
||||||
@ -275,9 +279,12 @@ def test_remove_function_permission__with_qualifier(key):
|
|||||||
FunctionName=name_or_arn, StatementId="1", Qualifier="2"
|
FunctionName=name_or_arn, StatementId="1", Qualifier="2"
|
||||||
)
|
)
|
||||||
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
|
assert remove["ResponseMetadata"]["HTTPStatusCode"] == 204
|
||||||
policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"]
|
with pytest.raises(ClientError) as exc:
|
||||||
policy = json.loads(policy)
|
conn.get_policy(FunctionName=name_or_arn, Qualifier="2")
|
||||||
assert policy["Statement"] == []
|
|
||||||
|
err = exc.value.response["Error"]
|
||||||
|
assert err["Code"] == "ResourceNotFoundException"
|
||||||
|
assert err["Message"] == "The resource you requested does not exist."
|
||||||
|
|
||||||
|
|
||||||
@mock_aws
|
@mock_aws
|
||||||
@ -292,3 +299,31 @@ def test_get_unknown_policy():
|
|||||||
err["Message"]
|
err["Message"]
|
||||||
== "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown"
|
== "Function not found: arn:aws:lambda:us-west-2:123456789012:function:unknown"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@mock_aws
|
||||||
|
def test_policy_error_if_blank_resource_policy():
|
||||||
|
# Setup
|
||||||
|
conn = boto3.client("lambda", _lambda_region)
|
||||||
|
zip_content = get_test_zip_file1()
|
||||||
|
function_name = str(uuid4())[0:6]
|
||||||
|
conn.create_function(
|
||||||
|
FunctionName=function_name,
|
||||||
|
Runtime=PYTHON_VERSION,
|
||||||
|
Role=(get_role_name()),
|
||||||
|
Handler="lambda_function.handler",
|
||||||
|
Code={"ZipFile": zip_content},
|
||||||
|
Description="test lambda function",
|
||||||
|
Timeout=3,
|
||||||
|
MemorySize=128,
|
||||||
|
Publish=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Execute
|
||||||
|
with pytest.raises(ClientError) as exc:
|
||||||
|
conn.get_policy(FunctionName=function_name)
|
||||||
|
|
||||||
|
# Verify
|
||||||
|
err = exc.value.response["Error"]
|
||||||
|
assert err["Code"] == "ResourceNotFoundException"
|
||||||
|
assert err["Message"] == "The resource you requested does not exist."
|
||||||
|
Loading…
Reference in New Issue
Block a user