Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

AWSLambda - Error when removing unknown permission (#4846)

Browse Source
This commit is contained in:
Bert Blommers 2022-02-09 18:31:53 -01:00 committed by GitHub
parent 5580b519e0
commit de559e450d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
moto/awslambda/exceptions.py
View File

@ -1,11 +1,9 @@
from botocore.client import ClientError
from moto.core.exceptions import JsonRESTError from moto.core.exceptions import JsonRESTError
class LambdaClientError(ClientError): class LambdaClientError(JsonRESTError):
def __init__(self, error, message): def __init__(self, error, message):
error_response = {"Error": {"Code": error, "Message": message}} super().__init__(error, message)
super().__init__(error_response, None)
class CrossAccountNotAllowed(LambdaClientError): class CrossAccountNotAllowed(LambdaClientError):
@ -35,3 +33,13 @@ class PreconditionFailedException(JsonRESTError):
def __init__(self, message): def __init__(self, message):
super().__init__("PreconditionFailedException", message) super().__init__("PreconditionFailedException", message)
class UnknownPolicyException(LambdaClientError):
code = 404
def __init__(self):
super().__init__(
"ResourceNotFoundException",
"No policy is associated with the given resource.",
)

8
moto/awslambda/policy.py
View File

@ -1,7 +1,10 @@
import json import json
import uuid import uuid
from moto.awslambda.exceptions import PreconditionFailedException from moto.awslambda.exceptions import (
PreconditionFailedException,
UnknownPolicyException,
)
class Policy: class Policy:
@ -48,6 +51,9 @@ class Policy:
for statement in self.statements: for statement in self.statements:
if "Sid" in statement and statement["Sid"] == sid: if "Sid" in statement and statement["Sid"] == sid:
self.statements.remove(statement) self.statements.remove(statement)
break
else:
raise UnknownPolicyException()
# converts AddPermission request to PolicyStatement # converts AddPermission request to PolicyStatement
# https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html # https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html

15
moto/awslambda/responses.py
View File

@ -6,11 +6,24 @@ try:
except ImportError: except ImportError:
from urllib.parse import unquote from urllib.parse import unquote
from functools import wraps
from moto.core.utils import amz_crc32, amzn_request_id, path_url from moto.core.utils import amz_crc32, amzn_request_id, path_url
from moto.core.responses import BaseResponse from moto.core.responses import BaseResponse
from .exceptions import LambdaClientError
from .models import lambda_backends from .models import lambda_backends
def error_handler(f):
@wraps(f)
def _wrapper(*args, **kwargs):
try:
return f(*args, **kwargs)
except LambdaClientError as e:
return e.code, e.get_headers(), e.get_body()
return _wrapper
class LambdaResponse(BaseResponse): class LambdaResponse(BaseResponse):
@property @property
def json_body(self): def json_body(self):
@ -29,6 +42,7 @@ class LambdaResponse(BaseResponse):
""" """
return lambda_backends[self.region] return lambda_backends[self.region]
@error_handler
def root(self, request, full_url, headers): def root(self, request, full_url, headers):
self.setup_class(request, full_url, headers) self.setup_class(request, full_url, headers)
if request.method == "GET": if request.method == "GET":
@ -127,6 +141,7 @@ class LambdaResponse(BaseResponse):
else: else:
raise ValueError("Cannot handle {0} request".format(request.method)) raise ValueError("Cannot handle {0} request".format(request.method))
@error_handler
def policy(self, request, full_url, headers): def policy(self, request, full_url, headers):
self.setup_class(request, full_url, headers) self.setup_class(request, full_url, headers)
if request.method == "GET": if request.method == "GET":

22
tests/test_awslambda/test_lambda.py
View File

@ -5,6 +5,7 @@ import json
import sure # noqa # pylint: disable=unused-import import sure # noqa # pylint: disable=unused-import
import pytest import pytest
from botocore.exceptions import ClientError
from freezegun import freeze_time from freezegun import freeze_time
from moto import mock_lambda, mock_s3 from moto import mock_lambda, mock_s3
from moto.core.models import ACCOUNT_ID from moto.core.models import ACCOUNT_ID
@ -1227,3 +1228,24 @@ def test_remove_function_permission(key):
policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"] policy = conn.get_policy(FunctionName=name_or_arn, Qualifier="2")["Policy"]
policy = json.loads(policy) policy = json.loads(policy)
policy["Statement"].should.equal([]) policy["Statement"].should.equal([])
@mock_lambda
def test_remove_unknown_permission_throws_error():
conn = boto3.client("lambda", _lambda_region)
zip_content = get_test_zip_file1()
function_name = str(uuid4())[0:6]
f = conn.create_function(
FunctionName=function_name,
Runtime="python3.7",
Role=(get_role_name()),
Handler="lambda_function.handler",
Code={"ZipFile": zip_content},
)
arn = f["FunctionArn"]
with pytest.raises(ClientError) as exc:
conn.remove_permission(FunctionName=arn, StatementId="1")
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
err["Message"].should.equal("No policy is associated with the given resource.")