diff --git a/moto/codebuild/responses.py b/moto/codebuild/responses.py index 67a6e90e2..b30a136c0 100644 --- a/moto/codebuild/responses.py +++ b/moto/codebuild/responses.py @@ -30,14 +30,13 @@ def _validate_required_params_source(source: Dict[str, Any]) -> None: def _validate_required_params_service_role(account_id: str, service_role: str) -> None: - if f"arn:aws:iam::{account_id}:role/service-role/" not in service_role: + if not service_role.startswith(f"arn:aws:iam::{account_id}:role/"): raise InvalidInputException( "Invalid service role: Service role account ID does not match caller's account" ) def _validate_required_params_artifacts(artifacts: Dict[str, Any]) -> None: - if artifacts["type"] not in ["CODEPIPELINE", "S3", "NO_ARTIFACTS"]: raise InvalidInputException("Invalid type provided: Artifact type") @@ -51,7 +50,6 @@ def _validate_required_params_artifacts(artifacts: Dict[str, Any]) -> None: def _validate_required_params_environment(environment: Dict[str, Any]) -> None: - if environment["type"] not in [ "WINDOWS_CONTAINER", "LINUX_CONTAINER", @@ -116,9 +114,8 @@ class CodeBuildResponse(BaseResponse): def create_project(self) -> str: _validate_required_params_source(self._get_param("source")) - _validate_required_params_service_role( - self.current_account, self._get_param("serviceRole") - ) + service_role = self._get_param("serviceRole") + _validate_required_params_service_role(self.current_account, service_role) _validate_required_params_artifacts(self._get_param("artifacts")) _validate_required_params_environment(self._get_param("environment")) _validate_required_params_project_name(self._get_param("name")) @@ -134,7 +131,7 @@ class CodeBuildResponse(BaseResponse): self._get_param("source"), self._get_param("artifacts"), self._get_param("environment"), - self._get_param("serviceRole"), + service_role=service_role, ) return json.dumps({"project": project_metadata}) diff --git a/tests/test_codebuild/test_codebuild.py b/tests/test_codebuild/test_codebuild.py index 05471c077..041211cd1 100644 --- a/tests/test_codebuild/test_codebuild.py +++ b/tests/test_codebuild/test_codebuild.py @@ -107,64 +107,34 @@ def test_codebuild_create_project_no_artifacts(): @mock_codebuild -def test_codebuild_create_project_with_invalid_name(): +def test_codebuild_create_project_with_invalid_inputs(): client = boto3.client("codebuild", region_name="eu-central-1") - name = "!some_project" - source = dict() - source["type"] = "S3" - # repository location for S3 - source["location"] = "bucketname/path/file.zip" - # output artifacts - artifacts = {"type": "NO_ARTIFACTS"} - - environment = dict() - environment["type"] = "LINUX_CONTAINER" - environment["image"] = "contents_not_validated" - environment["computeType"] = "BUILD_GENERAL1_SMALL" - service_role = ( - f"arn:aws:iam::{ACCOUNT_ID}:role/service-role/my-codebuild-service-role" - ) + _input = { + "source": {"type": "S3", "location": "bucketname/path/file.zip"}, + "artifacts": {"type": "NO_ARTIFACTS"}, + "environment": { + "type": "LINUX_CONTAINER", + "image": "contents_not_validated", + "computeType": "BUILD_GENERAL1_SMALL", + }, + "serviceRole": f"arn:aws:iam::{ACCOUNT_ID}:role/service-role/my-role", + } + # Name too long with pytest.raises(client.exceptions.from_code("InvalidInputException")) as err: - client.create_project( - name=name, - source=source, - artifacts=artifacts, - environment=environment, - serviceRole=service_role, - ) + client.create_project(name=("some_project_" * 12), **_input) err.value.response["Error"]["Code"].should.equal("InvalidInputException") - -@mock_codebuild -def test_codebuild_create_project_with_invalid_name_length(): - client = boto3.client("codebuild", region_name="eu-central-1") - - name = "some_project_" * 12 - source = dict() - source["type"] = "S3" - # repository location for S3 - source["location"] = "bucketname/path/file.zip" - # output artifacts - artifacts = {"type": "NO_ARTIFACTS"} - - environment = dict() - environment["type"] = "LINUX_CONTAINER" - environment["image"] = "contents_not_validated" - environment["computeType"] = "BUILD_GENERAL1_SMALL" - service_role = ( - f"arn:aws:iam::{ACCOUNT_ID}:role/service-role/my-codebuild-service-role" - ) - + # Name invalid with pytest.raises(client.exceptions.from_code("InvalidInputException")) as err: - client.create_project( - name=name, - source=source, - artifacts=artifacts, - environment=environment, - serviceRole=service_role, - ) + client.create_project(name="!some_project_", **_input) + err.value.response["Error"]["Code"].should.equal("InvalidInputException") + + # ServiceRole invalid + _input["serviceRole"] = "arn:aws:iam::0000:role/service-role/my-role" + with pytest.raises(client.exceptions.from_code("InvalidInputException")) as err: + client.create_project(name="valid_name", **_input) err.value.response["Error"]["Code"].should.equal("InvalidInputException") @@ -349,7 +319,6 @@ def test_codebuild_get_batch_builds_for_project_no_history(): @mock_codebuild def test_codebuild_start_build_no_project(): - client = boto3.client("codebuild", region_name="eu-central-1") name = "some_project" @@ -361,7 +330,6 @@ def test_codebuild_start_build_no_project(): @mock_codebuild def test_codebuild_start_build_no_overrides(): - client = boto3.client("codebuild", region_name="eu-central-1") name = "some_project" @@ -428,7 +396,6 @@ def test_codebuild_start_build_multiple_times(): @mock_codebuild def test_codebuild_start_build_with_overrides(): - client = boto3.client("codebuild", region_name="eu-central-1") name = "some_project"