Issue #, if available: #792

Description of changes:

This PR contains the code changes necessary for implicitly supporting partitions as requested by issue #792 and the details of its comments.

• Utilities
  • URL suffix lookup from the botocore EndpointResolver based on service and region (also from an existing ARN)
• Deployment/Planning
  • Modifications to the intrinsic function parse_arn to return the dns_suffix for the ARN.
  • A new intrinsic function interrogate_profile has been added where parse_arn is unable to be utilized in the deployment plan.
• Packaging
  • Cloud Formation
    • AWS::Partition and AWS::URLSuffix have been used to fill in all the necessary characteristics for the resources that would need to be modified.
  • Terraform
    • The partition and dns_suffix attributes from data "aws_partition" "chalice" {} have been used in the templates to populate the necessary policies and resource definitions.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Hello,

could you please provide a best practice sample on how to best write tests for a chalice based app? I looked through the tests folder, but I think most of the tests there are not necessary on my own code. I just want to write minimal code to test my own endpoints.

Ideally including how the tests can be run on AWS Codebuild / AWS Codepipeline before deployment with CloudFormation.

A short paragraph in the readme file would be great.

Best regards, Dieter

Issue: closes #1121

This adds in terraform support for chalice package. There's a few goals underlying.. one was to provide provisioning flexibility and extensibility instead of having to layer in multiple provisioning executions for an app (ie reference an s3 bucket, or use chalice lambda function for a step function, etc). Another was to enable chalice use more naturally in orgs that mandate/prefer terraform for infrastructure provisioning.

I've done a few manual e2e tests on a sample app (api gw, 5 lambdas, scheduled func, managed role). The end result is actually a bit faster than chalice's direct api calls for deploy/destroy.

https://gist.github.com/kapilt/1794c092cd2f17e0faadb3e00a44bc33

After each successful deployment, I am facing some problems with Authorizer.

So whenever i ran the following command:

chalice deploy --stage development

My endpoint response is following with incorrect Headers and Payload:

HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 16
Content-Type: application/json
Date: Tue, 09 Jan 2018 05:27:23 GMT
x-amzn-ErrorType: AuthorizerConfigurationException
x-amzn-RequestId: c549c9dc-f4fd-11e7-9066-2d91a1bf8bf4

{
    "message": null
}

My endpoint definition is as following:

@app.route('/dataset', methods=['POST'], authorizer=auth0, cors=True)
  ...

The Solution is to login into console and go to API Gateway > Authorizer > Edit and without any changes click on save. It will ask to Grant permission to invoke the arn click on Grant and re-deploy the API to it's stage.

After re-deploying same request started working and i am getting correct headers as well:

HTTP/1.1 200 OK
Access-Control-Allow-Headers: Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 3278
Content-Type: application/json
Date: Tue, 09 Jan 2018 05:37:32 GMT
X-Amzn-Trace-Id: sampled=0;root=1-5a54551b-f344e6467c4fb4d33d05a081
x-amzn-RequestId: 2ef0086e-f4ff-11e7-9473-3fe4e73405a2

[]

Similar to the S3, SNS and SQS event sources implemented earlier, it would be awesome (especially for my current use case) to also support DynamoDB streams - and while we're at it, supporting Kinesis streams should also be easy.

Fortunately, the implementation in #886 (proposed in #884) should be relatively easy to adapt to support these other sources, since the Lambda event source mapping function is the same.

Proposal

Public API

The DynamoDB streams and Kinesis streams would be implemented nearly identically to the existing event sources - a parameterized decorator.

@app.on_dynamodb_stream_event(table='mytable', batch_size=30, starting_position='TRIM_HORIZON')
def handler(event):
    for record in event:
        print(record.body)

@app.on_kinesis_stream_event(stream='mystream', batch_size=100, starting_position='LATEST')
def handler(event):
    for record in event:
        print(record.body)

Backend

While we could maintain the existing SQS event source as-is, because a significant amount of functionality would be shared between the three stream sources (SQS, DynamoDB and Kinesis), it may make more sense to rename the backend "sqs_event_source" methods as "stream_event_source" methods, and then map each of the three stream decorators to the same core event source with different configs. Then you could build up the event source arn using the source as another parameter.

Could we choose if we want to deploy 1 big function (current way) or to deploy separate functions for each routing definition? This could save resources and improve execution times for more robust projects.

Use case

I have been working on a chalice based app lately that is growing a bit beyond having all routes set up in app.py.

Being heavily influenced by Flask's API, I figured Blueprints might be a welcome addition for Chalice.

Status of this PR

This is mostly intended as a provisional or "Request for Comment" PR. If the maintainers of Chalice like this approach, I'd be happy to continue work on adding tests and documentation for this :)

Currently only very basic functionality exists:

• Construct a chalice.blueprint.Blueprint object
• Add routes to your chalice.blueprint.Blueprint instance with the route decorator, which should accept all the same Keyword Arguments as a vanilla Chalice.route... though i'm not sure if they'll all work :)
• Support for current_request access in Blueprint routes
• Support for url_for in Blueprint routes.

Example!

/app.py

from chalice import Chalice

from chalicelib.blueprint import foo

app = Chalice(app_name="helloworld")
app.debug = True

@app.route("/")
def index():
    return {"hello": "world"}

app.register_blueprint(foo, url_prefix='/foo/')

/chalicelib/blueprint.py

from chalice.blueprint import Blueprint

foo = Blueprint('foo')

@foo.route('/bar', methods=["GET", "POST"])
def bar():
    request = foo.current_request
    return {"result": "bar!", "method": request.method}

@foo.route('/baz')
def baz():
    return {"result": foo.url_for('bar')}

Demo!

blueprintsmaybe ewdurbin$ chalice local > /dev/null 2>&1 &
[1] 10084
blueprintsmaybe ewdurbin$ curl -w "\n" http://localhost:8000/
{"hello": "world"}
blueprintsmaybe ewdurbin$ curl -w "\n" http://localhost:8000/foo/bar
{"result": "bar!", "method": "GET"}
blueprintsmaybe ewdurbin$ curl -w "\n" -XPOST http://localhost:8000/foo/bar
{"result": "bar!", "method": "POST"}
blueprintsmaybe ewdurbin$ curl -w "\n" http://localhost:8000/foo/baz
{"result": "/foo/bar"}

Currently I can define a resource like this:

@app.route('/scalars', methods=['GET', 'OPTIONS']) def scalars(): return { 'mau': 27048, 'wau: 7003 }'

The OPTIONS will help me with enabling CORS in APIG But I'm still missing the 'Access-Control-Allow-Origin' header, so I enable it manually in the console after each deploy.

One approach would be to configure headers in the method. Another would be to call the "Enable CORS" magic button in APIG.

WDYT?

new PR for https://github.com/aws/chalice/pull/457 since I can't write to that repo anymore. Closes issue https://github.com/aws/chalice/issues/413

The PR adds two new fields that can be configured so as to allow support for VPCs:

• subnet_ids
• security_group_ids

When my Bitbucket pipeline runs chalice deploy --stage dev, the deployment works just fine. When I run chalice deploy --stage dev from my command line, the package deployed to AWS is missing most libraries... so I get errors like Unable to import module 'app': No module named 'phpserialize' when the Lambda is executed.

I've verified that the deployment packages differ by running deployments, downloading the deployment packages from AWS (using the Lambda console), and diff'ing the contents of the .zip files.

Clearly there's some difference between my personal environment and the Bitbucket pipeline environment that causes a difference in how the deployment .zip is built, but I can't figure it out. Here's what I've tried:

• Changing the commands to/from chalice deploy && chalice deploy --stage dev. No affect.
• Rebuilding my vendor dependencies: In the past I've been able to 'fix' deployments missing modules by manually rebuilding the wheels in the vendor directory, but this hasn't worked in the past few days: pip download x && pip wheel x-y.y.y.tar.gz && rm *.gz
• python/pip versions: Bitbucket was using python 3.6.3 & pip 9.0.1 and my personal machine was python 3.6.5 & pip 9.0.3. I changed my versions 3.6.3/9.0.1 and my deployment packages were still missing libraries. I changed the Bitbucket pipeline to 3.6.5/10.0.1 and the deployment was still perfect.
• I've also reviewed issues: #106, #155, #189

Anyone else seen this problem? It's plaguing my office here and some of us have turned to pushing all changes to Bitbucket because we can't trust a local chalice deploy to work.

Bitbucket OS: Linux 44faaabc-f42c-4803-993e-f72fa3365e1e 4.14.48-coreos-r2 #1 SMP Thu Jun 14 08:23:03 UTC 2018 x86_64 GNU/Linux Laptop OS: Darwin Macbook.localdomain 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64

Here's my requirements.txt file:

chalice==1.3.0
phpserialize==1.3
yoyo-migrations==5.1.5

Here're the contents of my vendor directory:

MarkupSafe-1.0-cp36-cp36m-macosx_10_13_x86_64.whl	idna-2.7-py2.py3-none-any.whl
PyYAML-3.13-cp36-cp36m-macosx_10_13_x86_64.whl		iniherit-0.3.9-py3-none-any.whl
argh-0.26.2-py2.py3-none-any.whl			jmespath-0.9.3-py2.py3-none-any.whl
argparse-1.4.0-py2.py3-none-any.whl			pathtools-0.1.2-py3-none-any.whl
asn1crypto-0.24.0-py2.py3-none-any.whl			phpserialize-1.3-py3-none-any.whl
bidict-0.17.2-py3-none-any.whl				pycparser-2.18-py2.py3-none-any.whl
boto3-1.7.42-py2.py3-none-any.whl			python_dateutil-2.7.3-py2.py3-none-any.whl
botocore-1.10.42-py2.py3-none-any.whl			pytz-2018.4-py2.py3-none-any.whl
cffi-1.11.5-cp36-cp36m-macosx_10_6_intel.whl		s3transfer-0.1.13-py2.py3-none-any.whl
ciso8601-2.0.1.tar.gz					schemapi-0.3.0-py3-none-any.whl
credstash-1.14.0-py3-none-any.whl			simplejson-3.15.0-cp36-cp36m-macosx_10_13_x86_64.whl
cryptography-2.0.3-cp36-cp36m-macosx_10_6_intel.whl	six-1.11.0-py2.py3-none-any.whl
dateutils-0.6.6-py3-none-any.whl			typing-3.5.3.0-py3-none-any.whl
docutils-0.14-py3-none-any.whl				watchdog-0.8.3-cp36-cp36m-macosx_10_13_x86_64.whl
expiringdict-1.1.4-py3-none-any.whl

Here's a sanitized copy of my Bitbucket pipeline file:

image: python:3.6.5

pipelines:
  branches:
    develop:
      - step:
          script:
            - export AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID
            - export AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY
            - pip install -r requirements.txt
            - pip install pytest
            - python -m pytest tests/
            - chalice deploy --stage dev
          deployment: staging

Here's a diff of the deployment package (Bitbucket deployed vs. manually deployed):

Only in notifications-poller-dev-Bitbucket: MarkupSafe-1.0.dist-info
Only in notifications-poller-dev-Bitbucket: PyYAML-3.13.dist-info
Only in notifications-poller-dev-Bitbucket: _yaml.cpython-36m-x86_64-linux-gnu.so
Only in notifications-poller-dev-Bitbucket: bidict
Only in notifications-poller-dev-Bitbucket: bidict-0.17.2.dist-info
Only in notifications-poller-dev-Bitbucket: ciso8601-2.0.1.dist-info
Only in notifications-poller-dev-Bitbucket: ciso8601.cpython-36m-x86_64-linux-gnu.so
Only in notifications-poller-dev-Bitbucket: dateutils
Only in notifications-poller-dev-Bitbucket: dateutils-0.6.6.dist-info
Only in notifications-poller-dev-Bitbucket: iniherit
Only in notifications-poller-dev-Bitbucket: iniherit-0.3.9.dist-info
Only in notifications-poller-dev-Bitbucket: markupsafe
Only in notifications-poller-dev-Bitbucket: pathtools
Only in notifications-poller-dev-Bitbucket: pathtools-0.1.2.dist-info
Only in notifications-poller-dev-Bitbucket: phpserialize-1.3.dist-info
Only in notifications-poller-dev-Bitbucket: phpserialize.py
Only in notifications-poller-dev-Bitbucket: pycparser
Only in notifications-poller-dev-Bitbucket: pycparser-2.18.dist-info
Only in notifications-poller-dev-Bitbucket: schemapi
Only in notifications-poller-dev-Bitbucket: schemapi-0.3.0.dist-info
Only in notifications-poller-dev-Bitbucket: watchdog
Only in notifications-poller-dev-Bitbucket: watchdog-0.8.3.dist-info
Only in notifications-poller-dev-Bitbucket: yaml

This commit adds support for triggering a lambda function based on an S3 event happening such as an object being created or deleted. This is configured in chalice through a new on_s3_event decorator. Chalice assumes your s3 bucket already exists. However, it will configure bucket configuration and function policies for you. Given this is an existing bucket, we account for existing notification configurations already in place, and intelligently merge in the chalice specific lambda configuration as needed. Same goes for chalice delete, it will only remove the lambda configuration snippet it added to the S3 bucket notification config.

Before this can be merged, we need a plan for this feature and chalice package.

Because you provide chalice with an existing bucket, we aren't able to describe this in a CFN template (that is, CFN can't adopt existing resources into a stack). As a result, the chalice package command fails. There's a few options here. We can implement initial support for managed resources so we can create the bucket for you, or we can create a custom cfn resource that can apply this config to an existing bucket. Implementing managed resources doesn't solve the problem though of what to do with existing buckets. I think this is an important enough use case that I don't want to remove support for it just because CFN can't support this, so for me it boils down to trying to make this work with custom resources or just not support S3 events in chalice package until we add support for managed resources. Then at least customers would have a path forward if they wanted to use CFN to deploy their app. They'd just have to accept the tradeoff that a new bucket would be created for them.

Issue #, if available:

#855

Bumps attrs from 21.4.0 to 22.2.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Hello,

Are there plans to support Amazon EventBridge Scheduler as an Event Source?

It seems more flexible with customizing the input of a scheduled event, whereas EventBridge Rules do not support input transformers on scheduled events.

The project runs when locally hosted Chalice local.

when running Chalice deploy the package missing the project.json to added

gc = pygsheets.authorize(service_file='project.json')

how do i fix this?

I apologize if the question has already been asked before, I could not find anything substantial looking through the issues and docs. Is there a reference or minimal example which demonstrates how to connect to websocket when running chalice local?

Following is my setup, however I encounter errors when trying to connect to ws, only errors locally:

Enable and register websocket support and session

app = Chalice(app_name="testapp")
app.experimental_feature_flags.update(
    [
        "WEBSOCKETS",
    ]
)
app.websocket_api.session = boto3.Session()

# It doesn't get this far, but including below for completeness
@app.on_ws_message()
def _ws_message(event):
    return Response(
        {
            "message": "Success!",
        },
        status_code=200,
    )

Client code for connection

Working version (deployed)

url = "wss://####.execute-api.#####.amazonaws.com/api/"

async def connect():
    async with websockets.connect(
        url,
    ) as ws:
        print("Connected to the switch.")

if __name__ == "__main__":
    asyncio.run(connect())

Non-working version (chalice local)

url = "ws://localhost:8000/"

async def connect():
    async with websockets.connect(
        url,
    ) as ws:
        print("Connected to the switch.")

if __name__ == "__main__":
    asyncio.run(connect())

Error received for the above non-working version:

websockets.exceptions.InvalidStatusCode: server rejected WebSocket connection: HTTP 200

From what I understand, it looks like the connection does not get upgraded properly in local mode. It just hits the "/" http route and accepts the response which is just a {"message": "OK"} in this case.

If someone could point me in the right direction, that'd be great!

Thank you for your help!

With the same call to chalice deploy I am deploying a REST API and a lambda function. This is so that I can run the Lambda function asynchronously after responding to the request.

@app.route('/v1/lambdaTest')
def test_endpoint():
    _ = lambda_client.invoke(
        FunctionName='mvp-api-dev-testFunction',
        InvocationType='Event',
        Payload="{}"
    )

    return {'status_code': 200}


@app.lambda_function(name='testFunction')
def test_lambda_function(event, context):
    time.sleep(20)

The deployed API Lambda does not have permission automatically to invoke api-dev-testFunction. This can be fixed by updating the policy in the AWS console but it must be done on every deployment.

To avoid this, I created a policy file .chalice/policy-dev.json with the policy configuration, which is like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:*:logs:*:*:*"
        },
        {
            "Sid": "InvokePermission",
            "Effect": "Allow",
            "Action": [
                "lambda:InvokeFunction"
            ],
            "Resource": "*"
        }
    ]
}

The .chalice/config.json looks like this, with autogen_policy set to false, and pointing to the above policy file policy-dev.json:

{
  "version": "2.0",
  "app_name": "mvp-api",
  "stages": {
    "dev": {
      "lambda_memory_size": 3008,
      "api_gateway_stage": "api",
      "autogen_policy": false,
      "iam_policy_file": "policy-dev.json"
    }
  }
}

After chalice deploy, the API works as expected, but an error is reported in the console. Here is the stack trace:

(-----) user@system:~/projects/mvp-api$ chalice deploy
/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/_distutils_hack/__init__.py:30: UserWarning: Setuptools is replacing distutils.
  warnings.warn("Setuptools is replacing distutils.")
Creating deployment package.
Reusing existing deployment package.
Updating policy for IAM role: mvp-api-dev-testFunction
Updating lambda function: mvp-api-dev-testFunction
Updating policy for IAM role: mvp-api-dev-api_handler
Updating lambda function: mvp-api-dev
Updating rest API
Deleting IAM role: mvp-api-dev
Traceback (most recent call last):
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/deploy/deployer.py", line 376, in deploy
    return self._deploy(config, chalice_stage_name)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/deploy/deployer.py", line 392, in _deploy
    self._executor.execute(plan)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/deploy/executor.py", line 42, in execute
    getattr(self, '_do_%s' % instruction.__class__.__name__.lower(),
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/deploy/executor.py", line 55, in _do_apicall
    result = method(**final_kwargs)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/awsclient.py", line 1062, in delete_role
    client.delete_role(RoleName=name)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/botocore/client.py", line 508, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/botocore/client.py", line 915, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.DeleteConflictException: An error occurred (DeleteConflict) when calling the DeleteRole operation: Cannot delete entity, must detach all policies first.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/cli/__init__.py", line 636, in main
    return cli(obj={})
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/cli/__init__.py", line 189, in deploy
    deployed_values = d.deploy(config, chalice_stage_name=stage)
  File "/home/-----/anaconda3/envs/mvp38/lib/python3.8/site-packages/chalice/deploy/deployer.py", line 378, in deploy
    raise ChaliceDeploymentError(e)
chalice.deploy.deployer.ChaliceDeploymentError: ERROR - While deploying your chalice application, received the following error:

 An error occurred (DeleteConflict) when calling the DeleteRole operation: 
 Cannot delete entity, must detach all policies first.

Any ideas on the meaning of this error, and how to correct it?

Many thanks to you!

According to Doc, it said

Scopes can also be used with custom authorizers and built-in authorizers. These authorizers will need to inspect the access token to determine if access should be granted based on the scopes configured for the authorizer and route.

from chalice import Blueprint

extra_routes = Blueprint(__name__)

@extra_routes.authorizer()
def demo_auth(auth_request):
    token = auth_request.token
    # we can decode token in this part, and get scope that sets in token payload,
    # then how to get scopes from authorizer that sets in route using with_scopes.
    if token == 'allow':
        return AuthResponse(routes=['/'], principal_id='user')
    else:
        return AuthResponse(routes=[], principal_id='user')


@extra_routes.route('/',  methods=['GET'], authorizer=demo_auth.with_scopes(["author", "editor"]))
def index():
    return {'context': app.current_request.context}