mirror of
https://github.com/fog/fog-aws.git
synced 2022-11-09 13:50:52 -05:00
100 lines
3.7 KiB
Ruby
100 lines
3.7 KiB
Ruby
module Fog
|
|
module AWS
|
|
class Lambda
|
|
class Real
|
|
require 'fog/aws/parsers/lambda/base'
|
|
|
|
# Adds a permission to the access policy associated with the specified AWS Lambda function.
|
|
# http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html
|
|
# ==== Parameters
|
|
# * FunctionName <~String> - Name of the Lambda function whose access policy you are updating by adding a new permission.
|
|
# * Action <~String> - AWS Lambda action you want to allow in this statement.
|
|
# * Principal <~String> - principal who is getting this permission.
|
|
# * SourceAccount <~String> - AWS account ID (without a hyphen) of the source owner.
|
|
# * SourceArn <~String> - Amazon Resource Name (ARN) of the source resource to assign permissions.
|
|
# * StatemendId. <~String> - unique statement identifier.
|
|
# ==== Returns
|
|
# * response<~Excon::Response>:
|
|
# * body<~Hash>:
|
|
# * 'Statement' <~Hash> - permission statement you specified in the request.
|
|
def add_permission(params={})
|
|
function_name = params.delete('FunctionName')
|
|
action = params.delete('Action')
|
|
principal = params.delete('Principal')
|
|
source_account = params.delete('SourceAccount')
|
|
source_arn = params.delete('SourceArn')
|
|
sid = params.delete('StatementId')
|
|
|
|
permission = {
|
|
'Action' => action,
|
|
'Principal' => principal,
|
|
'StatementId' => sid
|
|
}
|
|
permission['SourceAccount'] = source_account if source_account
|
|
permission['SourceArn'] = source_arn if source_arn
|
|
|
|
request({
|
|
:method => 'POST',
|
|
:path => "/functions/#{function_name}/versions/HEAD/policy",
|
|
:expects => 201,
|
|
:body => Fog::JSON.encode(permission),
|
|
:parser => Fog::AWS::Parsers::Lambda::Base.new
|
|
}.merge(params))
|
|
end
|
|
end
|
|
|
|
class Mock
|
|
def add_permission(params={})
|
|
function_id = params.delete('FunctionName')
|
|
function = self.get_function_configuration(
|
|
'FunctionName' => function_id
|
|
).body
|
|
function_arn = function['FunctionArn']
|
|
|
|
action = params.delete('Action')
|
|
principal = params.delete('Principal')
|
|
source_account = params.delete('SourceAccount')
|
|
source_arn = params.delete('SourceArn')
|
|
sid = params.delete('StatementId')
|
|
|
|
if action.nil? || action.empty?
|
|
message = 'Action cannot be blank'
|
|
raise Fog::AWS::Lambda::Error, message
|
|
end
|
|
|
|
if principal.nil? || principal.empty?
|
|
message = 'Principal cannot be blank'
|
|
raise Fog::AWS::Lambda::Error, message
|
|
end
|
|
|
|
if sid.nil? || sid.empty?
|
|
message = 'Sid cannot be blank'
|
|
raise Fog::AWS::Lambda::Error, message
|
|
end
|
|
|
|
statement = {
|
|
'Action' => [action],
|
|
'Principal' => { 'Service' => principal },
|
|
'Sid' => sid,
|
|
'Resource' => function_arn,
|
|
'Effect' => 'Allow'
|
|
}
|
|
if source_arn
|
|
statement['Condition'] = {}
|
|
statement['Condition']['ArnLike'] = {
|
|
'AWS:SourceArn' => source_arn
|
|
}
|
|
end
|
|
|
|
self.data[:permissions][function_arn] ||= []
|
|
self.data[:permissions][function_arn] << statement
|
|
|
|
response = Excon::Response.new
|
|
response.status = 201
|
|
response.body = { 'Statement' => statement }
|
|
response
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|