From b2ff3d98f61034b41dcf61afedda23b332cd8811 Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Fri, 8 Mar 2024 20:49:52 +0000 Subject: [PATCH] CloudFormation: AWS::IAM::Role now supports RoleId (#7442) --- moto/iam/models.py | 4 +++- tests/test_iam/test_iam_cloudformation.py | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/moto/iam/models.py b/moto/iam/models.py index 1231544cb..b998da051 100644 --- a/moto/iam/models.py +++ b/moto/iam/models.py @@ -838,13 +838,15 @@ class Role(CloudFormationModel): @classmethod def has_cfn_attr(cls, attr: str) -> bool: - return attr in ["Arn"] + return attr in ["Arn", "RoleId"] def get_cfn_attribute(self, attribute_name: str) -> str: from moto.cloudformation.exceptions import UnformattedGetAttTemplateException if attribute_name == "Arn": return self.arn + if attribute_name == "RoleId": + return self.id raise UnformattedGetAttTemplateException() def get_tags(self) -> List[Dict[str, str]]: diff --git a/tests/test_iam/test_iam_cloudformation.py b/tests/test_iam/test_iam_cloudformation.py index 2ac97ff82..678939ae1 100644 --- a/tests/test_iam/test_iam_cloudformation.py +++ b/tests/test_iam/test_iam_cloudformation.py @@ -27,6 +27,13 @@ Resources: - ec2.amazonaws.com Action: - 'sts:AssumeRole' +Outputs: + RootRole: + Value: !Ref RootRole + RoleARN: + Value: {"Fn::GetAtt": ["RootRole", "Arn"]} + RoleID: + Value: {"Fn::GetAtt": ["RootRole", "RoleId"]} """ @@ -1417,8 +1424,16 @@ def test_iam_cloudformation_create_role(): role = [res for res in resources if res["ResourceType"] == "AWS::IAM::Role"][0] assert role["LogicalResourceId"] == "RootRole" + outputs = cf_client.describe_stacks(StackName=stack_name)["Stacks"][0]["Outputs"] + outputs = {o["OutputKey"]: o["OutputValue"] for o in outputs} + iam_client = boto3.client("iam", region_name="us-east-1") - assert len(iam_client.list_roles()["Roles"]) == 1 + roles = iam_client.list_roles()["Roles"] + assert len(roles) == 1 + + assert roles[0]["RoleName"] == [v for k, v in outputs.items() if k == "RootRole"][0] + assert roles[0]["Arn"] == [v for k, v in outputs.items() if k == "RoleARN"][0] + assert roles[0]["RoleId"] == [v for k, v in outputs.items() if k == "RoleID"][0] cf_client.delete_stack(StackName=stack_name)