From ad234f225f7ccd79114cba997bc2d318b1f0b90c Mon Sep 17 00:00:00 2001 From: Andrey Kislyuk Date: Wed, 11 Dec 2019 14:45:10 -0800 Subject: [PATCH 1/2] Batch: computeResources.instanceRole is an instance profile It's not an IAM role (the API parameter name in Batch is a misnomer). Validation by matching against known role ARNs will always fail. Scan the known instance profile ARNs instead. --- moto/batch/models.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/moto/batch/models.py b/moto/batch/models.py index ab52db54c..736b89075 100644 --- a/moto/batch/models.py +++ b/moto/batch/models.py @@ -815,8 +815,10 @@ class BatchBackend(BaseBackend): raise InvalidParameterValueException( "computeResources must contain {0}".format(param) ) - - if self.iam_backend.get_role_by_arn(cr["instanceRole"]) is None: + for profile in self.iam_backend.get_instance_profiles(): + if profile.arn == cr["instanceRole"]: + break + else: raise InvalidParameterValueException( "could not find instanceRole {0}".format(cr["instanceRole"]) ) From 624dafcb5cdec8b0de78f2998cdf5862d85b82aa Mon Sep 17 00:00:00 2001 From: Andrey Kislyuk Date: Fri, 13 Dec 2019 17:52:37 +0000 Subject: [PATCH 2/2] Fix tests --- tests/test_batch/test_batch.py | 8 ++++++-- tests/test_batch/test_cloudformation.py | 10 +++++++--- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/test_batch/test_batch.py b/tests/test_batch/test_batch.py index 691d90b6d..ffa796980 100644 --- a/tests/test_batch/test_batch.py +++ b/tests/test_batch/test_batch.py @@ -55,6 +55,10 @@ def _setup(ec2_client, iam_client): RoleName="TestRole", AssumeRolePolicyDocument="some_policy" ) iam_arn = resp["Role"]["Arn"] + iam_client.create_instance_profile(InstanceProfileName="TestRole") + iam_client.add_role_to_instance_profile( + InstanceProfileName="TestRole", RoleName="TestRole" + ) return vpc_id, subnet_id, sg_id, iam_arn @@ -83,7 +87,7 @@ def test_create_managed_compute_environment(): "subnets": [subnet_id], "securityGroupIds": [sg_id], "ec2KeyPair": "string", - "instanceRole": iam_arn, + "instanceRole": iam_arn.replace("role", "instance-profile"), "tags": {"string": "string"}, "bidPercentage": 123, "spotIamFleetRole": "string", @@ -209,7 +213,7 @@ def test_delete_managed_compute_environment(): "subnets": [subnet_id], "securityGroupIds": [sg_id], "ec2KeyPair": "string", - "instanceRole": iam_arn, + "instanceRole": iam_arn.replace("role", "instance-profile"), "tags": {"string": "string"}, "bidPercentage": 123, "spotIamFleetRole": "string", diff --git a/tests/test_batch/test_cloudformation.py b/tests/test_batch/test_cloudformation.py index a8b94f3a3..a6baedb38 100644 --- a/tests/test_batch/test_cloudformation.py +++ b/tests/test_batch/test_cloudformation.py @@ -51,6 +51,10 @@ def _setup(ec2_client, iam_client): RoleName="TestRole", AssumeRolePolicyDocument="some_policy" ) iam_arn = resp["Role"]["Arn"] + iam_client.create_instance_profile(InstanceProfileName="TestRole") + iam_client.add_role_to_instance_profile( + InstanceProfileName="TestRole", RoleName="TestRole" + ) return vpc_id, subnet_id, sg_id, iam_arn @@ -78,7 +82,7 @@ def test_create_env_cf(): "InstanceTypes": ["optimal"], "Subnets": [subnet_id], "SecurityGroupIds": [sg_id], - "InstanceRole": iam_arn, + "InstanceRole": iam_arn.replace("role", "instance-profile"), }, "ServiceRole": iam_arn, }, @@ -129,7 +133,7 @@ def test_create_job_queue_cf(): "InstanceTypes": ["optimal"], "Subnets": [subnet_id], "SecurityGroupIds": [sg_id], - "InstanceRole": iam_arn, + "InstanceRole": iam_arn.replace("role", "instance-profile"), }, "ServiceRole": iam_arn, }, @@ -195,7 +199,7 @@ def test_create_job_def_cf(): "InstanceTypes": ["optimal"], "Subnets": [subnet_id], "SecurityGroupIds": [sg_id], - "InstanceRole": iam_arn, + "InstanceRole": iam_arn.replace("role", "instance-profile"), }, "ServiceRole": iam_arn, },