Skip to content

Commit

Permalink
Merge pull request #495 from aws/Servicerolevalidation-fix
Browse files Browse the repository at this point in the history
Validate if service role exists before proceeding with environment cr…
  • Loading branch information
NihalM99 authored Oct 24, 2023
2 parents 0eeaf04 + d07b1a6 commit 9662e36
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 1 deletion.
5 changes: 4 additions & 1 deletion ebcli/controllers/create.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

from ebcli.core import io, fileoperations, hooks
from ebcli.core.abstractcontroller import AbstractBaseController
from ebcli.lib import elasticbeanstalk, utils
from ebcli.lib import elasticbeanstalk, utils, iam
from ebcli.objects.exceptions import (
AlreadyExistsError,
InvalidOptionsError,
Expand Down Expand Up @@ -223,6 +223,9 @@ def do_command(self):

if itype and instance_types:
raise InvalidOptionsError(strings['create.itype_and_instances'])

if service_role and not iam.role_exists(service_role):
raise InvalidOptionsError(f"The specified service role '{service_role}' does not exist. Please use a role that exists or create a new role .")

platform = _determine_platform(platform, iprofile)

Expand Down
12 changes: 12 additions & 0 deletions ebcli/lib/iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -186,3 +186,15 @@ def get_managed_policy_document(arn):
PolicyArn=arn,
VersionId=policy_version)
return details['PolicyVersion']['Document']

def role_exists(role_name):
"""
Check if a given IAM role exists.
:param role_name: Name of the IAM role to check.
:return: True if the role exists, False otherwise.
"""
roles = get_roles()
for role in roles:
if role['RoleName'] == role_name:
return True
return False
17 changes: 17 additions & 0 deletions tests/unit/lib/test_iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,20 @@ def test_account_id(
self.assertEqual('123123123123', iam.account_id())

make_api_call_mock.assert_called_once_with('iam', 'get_user')

@mock.patch('ebcli.lib.iam.get_roles')
def test_role_exists(self, get_roles_mock):
# Mock the get_roles function to return a sample list of roles
mock_roles = [
{'RoleName': 'aws-elasticbeanstalk-ec2-role'},
{'RoleName': 'aws-elasticbeanstalk-service-role'}
]
get_roles_mock.return_value = mock_roles

# Test for a role that exists
self.assertTrue(iam.role_exists('aws-elasticbeanstalk-ec2-role'))

# Test for a role that doesn't exist
self.assertFalse(iam.role_exists('SomeRandomIAMRole'))

self.assertEqual(get_roles_mock.call_count, 2)

0 comments on commit 9662e36

Please sign in to comment.