in src/rpdk/core/project.py [0:0]
def generate(self):
if self.artifact_type == ARTIFACT_TYPE_MODULE:
return # for Modules, the schema is already generated in cfn validate
# generate template for IAM role assumed by cloudformation
# to provision resources if schema has handlers defined
if "handlers" in self.schema:
handlers = self.schema["handlers"]
template = self.env.get_template("resource-role.yml")
permission = "Allow"
path = self.root / ROLE_TEMPLATE_FILENAME
LOG.debug("Writing Resource Role CloudFormation template: %s", path)
actions = {
action
for handler in handlers.values()
for action in handler.get("permissions", [])
}
# calculate IAM role max session timeout based on highest handler timeout
# with some buffer (70 seconds per minute)
max_handler_timeout = max(
(
handler.get("timeoutInMinutes", DEFAULT_ROLE_TIMEOUT_MINUTES)
for operation, handler in handlers.items()
),
default=DEFAULT_ROLE_TIMEOUT_MINUTES,
)
# max role session timeout must be between 1 hour and 12 hours
role_session_timeout = min(
MAX_ROLE_TIMEOUT_SECONDS,
max(MIN_ROLE_TIMEOUT_SECONDS, 70 * max_handler_timeout),
)
# gets rid of any empty string actions.
# Empty strings cannot be specified as an action in an IAM statement
actions.discard("")
# Check if handler has actions
if not actions:
actions.add("*")
permission = "Deny"
contents = template.render(
type_name=self.hyphenated_name_case_sensitive,
actions=sorted(actions),
permission=permission,
role_session_timeout=role_session_timeout,
)
self.overwrite(path, contents)
self._plugin.generate(self)