1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
import json
from typing import Any
from moto.codepipeline.exceptions import (
InvalidStructureException,
InvalidTagsException,
PipelineNotFoundException,
ResourceNotFoundException,
TooManyTagsException,
)
from moto.core.base_backend import BackendDict, BaseBackend
from moto.core.common_models import BaseModel
from moto.core.utils import iso_8601_datetime_with_milliseconds, utcnow
from moto.iam.exceptions import NotFoundException as IAMNotFoundException
from moto.iam.models import IAMBackend, iam_backends
from moto.utilities.utils import get_partition
class CodePipeline(BaseModel):
def __init__(self, account_id: str, region: str, pipeline: dict[str, Any]):
# the version number for a new pipeline is always 1
pipeline["version"] = 1
self.pipeline = self.add_default_values(pipeline)
self.tags: dict[str, str] = {}
self._arn = f"arn:{get_partition(region)}:codepipeline:{region}:{account_id}:{pipeline['name']}"
self._created = utcnow()
self._updated = utcnow()
@property
def metadata(self) -> dict[str, str]:
return {
"pipelineArn": self._arn,
"created": iso_8601_datetime_with_milliseconds(self._created),
"updated": iso_8601_datetime_with_milliseconds(self._updated),
}
def add_default_values(self, pipeline: dict[str, Any]) -> dict[str, Any]:
for stage in pipeline["stages"]:
for action in stage["actions"]:
if "runOrder" not in action:
action["runOrder"] = 1
if "configuration" not in action:
action["configuration"] = {}
if "outputArtifacts" not in action:
action["outputArtifacts"] = []
if "inputArtifacts" not in action:
action["inputArtifacts"] = []
return pipeline
def validate_tags(self, tags: list[dict[str, str]]) -> None:
for tag in tags:
if tag["key"].startswith("aws:"):
raise InvalidTagsException(
"Not allowed to modify system tags. "
"System tags start with 'aws:'. "
"msg=[Caller is an end user and not allowed to mutate system tags]"
)
if (len(self.tags) + len(tags)) > 50:
raise TooManyTagsException(self._arn)
class CodePipelineBackend(BaseBackend):
def __init__(self, region_name: str, account_id: str):
super().__init__(region_name, account_id)
self.pipelines: dict[str, CodePipeline] = {}
@staticmethod
def default_vpc_endpoint_service(
service_region: str, zones: list[str]
) -> list[dict[str, str]]:
"""Default VPC endpoint service."""
return BaseBackend.default_vpc_endpoint_service_factory(
service_region, zones, "codepipeline", policy_supported=False
)
@property
def iam_backend(self) -> IAMBackend:
return iam_backends[self.account_id][self.partition]
def create_pipeline(
self, pipeline: dict[str, Any], tags: list[dict[str, str]]
) -> tuple[dict[str, Any], list[dict[str, str]]]:
name = pipeline["name"]
if name in self.pipelines:
raise InvalidStructureException(
f"A pipeline with the name '{name}' already exists in account '{self.account_id}'"
)
try:
role = self.iam_backend.get_role_by_arn(pipeline["roleArn"])
trust_policy_statements = json.loads(role.assume_role_policy_document)[
"Statement"
]
trusted_service_principals = [
i["Principal"]["Service"] for i in trust_policy_statements
]
if "codepipeline.amazonaws.com" not in trusted_service_principals:
raise IAMNotFoundException("")
except IAMNotFoundException:
raise InvalidStructureException(
f"CodePipeline is not authorized to perform AssumeRole on role {pipeline['roleArn']}"
)
if len(pipeline["stages"]) < 2:
raise InvalidStructureException(
"Pipeline has only 1 stage(s). There should be a minimum of 2 stages in a pipeline"
)
self.pipelines[pipeline["name"]] = CodePipeline(
self.account_id, self.region_name, pipeline
)
if tags is not None:
self.pipelines[pipeline["name"]].validate_tags(tags)
new_tags = {tag["key"]: tag["value"] for tag in tags}
self.pipelines[pipeline["name"]].tags.update(new_tags)
else:
tags = []
return pipeline, sorted(tags, key=lambda i: i["key"])
def get_pipeline(self, name: str) -> tuple[dict[str, Any], dict[str, str]]:
codepipeline = self.pipelines.get(name)
if not codepipeline:
raise PipelineNotFoundException(
f"Account '{self.account_id}' does not have a pipeline with name '{name}'"
)
return codepipeline.pipeline, codepipeline.metadata
def update_pipeline(self, pipeline: dict[str, Any]) -> dict[str, Any]:
codepipeline = self.pipelines.get(pipeline["name"])
if not codepipeline:
raise ResourceNotFoundException(
f"The account with id '{self.account_id}' does not include a pipeline with the name '{pipeline['name']}'"
)
# version number is auto incremented
pipeline["version"] = codepipeline.pipeline["version"] + 1
codepipeline._updated = utcnow()
codepipeline.pipeline = codepipeline.add_default_values(pipeline)
return codepipeline.pipeline
def list_pipelines(self) -> list[dict[str, str]]:
pipelines = []
for name, codepipeline in self.pipelines.items():
pipelines.append(
{
"name": name,
"version": codepipeline.pipeline["version"],
"created": codepipeline.metadata["created"],
"updated": codepipeline.metadata["updated"],
}
)
return sorted(pipelines, key=lambda i: i["name"])
def delete_pipeline(self, name: str) -> None:
self.pipelines.pop(name, None)
def list_tags_for_resource(self, arn: str) -> list[dict[str, str]]:
name = arn.split(":")[-1]
pipeline = self.pipelines.get(name)
if not pipeline:
raise ResourceNotFoundException(
f"The account with id '{self.account_id}' does not include a pipeline with the name '{name}'"
)
tags = [{"key": key, "value": value} for key, value in pipeline.tags.items()]
return sorted(tags, key=lambda i: i["key"])
def tag_resource(self, arn: str, tags: list[dict[str, str]]) -> None:
name = arn.split(":")[-1]
pipeline = self.pipelines.get(name)
if not pipeline:
raise ResourceNotFoundException(
f"The account with id '{self.account_id}' does not include a pipeline with the name '{name}'"
)
pipeline.validate_tags(tags)
for tag in tags:
pipeline.tags.update({tag["key"]: tag["value"]})
def untag_resource(self, arn: str, tag_keys: list[str]) -> None:
name = arn.split(":")[-1]
pipeline = self.pipelines.get(name)
if not pipeline:
raise ResourceNotFoundException(
f"The account with id '{self.account_id}' does not include a pipeline with the name '{name}'"
)
for key in tag_keys:
pipeline.tags.pop(key, None)
codepipeline_backends = BackendDict(CodePipelineBackend, "codepipeline")
|
