From 8d62dcfa8fcddcbaa4c20601624817952cc53dfc Mon Sep 17 00:00:00 2001 From: NihalM99 Date: Mon, 16 Oct 2023 02:11:13 +0000 Subject: [PATCH 1/3] Validate if service role exists before proceeding with environment creation --- ebcli/controllers/create.py | 5 ++++- ebcli/lib/iam.py | 12 ++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ebcli/controllers/create.py b/ebcli/controllers/create.py index 3648c7d39..5f08e0348 100644 --- a/ebcli/controllers/create.py +++ b/ebcli/controllers/create.py @@ -16,7 +16,7 @@ from ebcli.core import io, fileoperations, hooks from ebcli.core.abstractcontroller import AbstractBaseController -from ebcli.lib import elasticbeanstalk, utils +from ebcli.lib import elasticbeanstalk, utils, iam from ebcli.objects.exceptions import ( AlreadyExistsError, InvalidOptionsError, @@ -223,6 +223,9 @@ def do_command(self): if itype and instance_types: raise InvalidOptionsError(strings['create.itype_and_instances']) + + if service_role and not iam.role_exists(service_role): + raise InvalidOptionsError(f"The specified service role '{service_role}' does not exist. Please use a role that exists or create a new role .") platform = _determine_platform(platform, iprofile) diff --git a/ebcli/lib/iam.py b/ebcli/lib/iam.py index 6f19934da..a05c84ead 100644 --- a/ebcli/lib/iam.py +++ b/ebcli/lib/iam.py @@ -186,3 +186,15 @@ def get_managed_policy_document(arn): PolicyArn=arn, VersionId=policy_version) return details['PolicyVersion']['Document'] + +def role_exists(role_name): + """ + Check if a given IAM role exists. + :param role_name: Name of the IAM role to check. + :return: True if the role exists, False otherwise. + """ + roles = get_roles() + for role in roles: + if role['RoleName'] == role_name: + return True + return False \ No newline at end of file From aa4c052605e031180d609a14ff9ca90666b279af Mon Sep 17 00:00:00 2001 From: NihalM99 Date: Fri, 20 Oct 2023 16:56:58 +0000 Subject: [PATCH 2/3] Fix tests to include service role validation --- tests/unit/lib/test_iam.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/unit/lib/test_iam.py b/tests/unit/lib/test_iam.py index 60d8765c2..5729f5467 100644 --- a/tests/unit/lib/test_iam.py +++ b/tests/unit/lib/test_iam.py @@ -29,3 +29,20 @@ def test_account_id( self.assertEqual('123123123123', iam.account_id()) make_api_call_mock.assert_called_once_with('iam', 'get_user') + + @mock.patch('ebcli.lib.iam.get_roles') + def test_role_exists(self, get_roles_mock): + # Mock the get_roles function to return a sample list of roles + mock_roles = [ + {'RoleName': 'aws-elasticbeanstalk-ec2-role'}, + {'RoleName': 'aws-elasticbeanstalk-service-role'} + ] + get_roles_mock.return_value = mock_roles + + # Test for a role that exists + self.assertTrue(iam.role_exists('aws-elasticbeanstalk-ec2-role')) + + # Test for a role that doesn't exist + self.assertFalse(iam.role_exists('SomeRandomIAMRole')) + + get_roles_mock.assert_called_once() From d07b1a6ebfdffccebe7b54934e593fe24cd51c0b Mon Sep 17 00:00:00 2001 From: NihalM99 Date: Fri, 20 Oct 2023 17:06:51 +0000 Subject: [PATCH 3/3] Fix test failure --- tests/unit/lib/test_iam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/lib/test_iam.py b/tests/unit/lib/test_iam.py index 5729f5467..9604a1c41 100644 --- a/tests/unit/lib/test_iam.py +++ b/tests/unit/lib/test_iam.py @@ -45,4 +45,4 @@ def test_role_exists(self, get_roles_mock): # Test for a role that doesn't exist self.assertFalse(iam.role_exists('SomeRandomIAMRole')) - get_roles_mock.assert_called_once() + self.assertEqual(get_roles_mock.call_count, 2)