in chalice/deploy/planner.py [0:0]
def _plan_managediamrole(self, resource):
# type: (models.ManagedIAMRole) -> Sequence[InstructionMsg]
document = resource.policy.document
role_exists = self._remote_state.resource_exists(resource)
varname = '%s_role_arn' % resource.role_name
if not role_exists:
return [
models.BuiltinFunction(
'service_principal',
['lambda'],
output_var='lambda_service_principal',
),
models.JPSearch('principal',
input_var='lambda_service_principal',
output_var='lambda_principal'),
models.StoreValue(
name='lambda_principal',
value=StringFormat('{lambda_principal}',
['lambda_principal']),
),
models.StoreValue(
name='lambda_trust_policy',
value={
"Version": "2012-10-17",
"Statement": [{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": Variable('lambda_principal')
},
"Action": "sts:AssumeRole"
}]
},
),
(models.APICall(
method_name='create_role',
params={'name': resource.role_name,
'trust_policy': Variable('lambda_trust_policy'),
'policy': document},
output_var=varname,
), "Creating IAM role: %s\n" % resource.role_name),
models.RecordResourceVariable(
resource_type='iam_role',
resource_name=resource.resource_name,
name='role_arn',
variable_name=varname,
),
models.RecordResourceValue(
resource_type='iam_role',
resource_name=resource.resource_name,
name='role_name',
value=resource.role_name,
)
]
role_arn = self._remote_state.resource_deployed_values(
resource)['role_arn']
return [
models.StoreValue(name=varname, value=role_arn),
(models.APICall(
method_name='put_role_policy',
params={'role_name': resource.role_name,
'policy_name': resource.role_name,
'policy_document': document},
), "Updating policy for IAM role: %s\n" % resource.role_name),
models.RecordResourceVariable(
resource_type='iam_role',
resource_name=resource.resource_name,
name='role_arn',
variable_name=varname,
),
models.RecordResourceValue(
resource_type='iam_role',
resource_name=resource.resource_name,
name='role_name',
value=resource.role_name,
)
]