From b0efd454172db2f40dab964f26271aee5c09db9f Mon Sep 17 00:00:00 2001
From: James Saryerwinnie <js@jamesls.com>
Date: Wed, 26 Jul 2017 13:35:27 -0700
Subject: [PATCH] Fix issue where role updates happened twice

There weren't any tests for this code path and this didn't break
anything, it's just entirely unnecessary.  Looks like this was a result
of an improper refactoring.
---
 CHANGELOG.rst                      |  2 ++
 chalice/deploy/deployer.py         |  1 -
 tests/unit/deploy/test_deployer.py | 32 ++++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index a9ab827fa..d1087f0b6 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,8 @@ CHANGELOG
 * Remove legacy ``policy.json`` file support. Policy files must
   use the stage name, e.g. ``policy-dev.json``
   (`#430 <https://github.com/awslabs/chalice/pull/540>`__)
+* Fix issue where IAM role policies were updated twice on redeploys
+  (`#428 <https://github.com/awslabs/chalice/pull/428>`__)
 
 
 1.0.0b1
diff --git a/chalice/deploy/deployer.py b/chalice/deploy/deployer.py
index 366428d93..68bc9f4d9 100644
--- a/chalice/deploy/deployer.py
+++ b/chalice/deploy/deployer.py
@@ -483,7 +483,6 @@ def _deploy_api_handler(self, config, existing_resources, stage_name,
                     existing_resources.api_handler_name):
             handler_name = existing_resources.api_handler_name
             self._confirm_any_runtime_changes(config, handler_name)
-            self._get_or_create_lambda_role_arn(config, handler_name)
             self._update_lambda_function(config, handler_name, stage_name)
             function_arn = existing_resources.api_handler_arn
             deployed_values['api_handler_name'] = handler_name
diff --git a/tests/unit/deploy/test_deployer.py b/tests/unit/deploy/test_deployer.py
index b47cde67b..bb33042a5 100644
--- a/tests/unit/deploy/test_deployer.py
+++ b/tests/unit/deploy/test_deployer.py
@@ -1639,3 +1639,35 @@ def test_lambda_deployer_with_tags(self, sample_app):
             timeout=60, memory_size=128,
             role_arn='role-arn'
         )
+
+    def test_update_lambda_updates_role_once(self, sample_app):
+        cfg = Config.create(
+            chalice_stage='dev', app_name='myapp', chalice_app=sample_app,
+            manage_iam_role=True, iam_role_arn='role-arn',
+            project_dir='.', tags={'mykey': 'myvalue'}
+        )
+        deployer = LambdaDeployer(
+            self.aws_client, self.packager, self.prompter, self.osutils,
+            self.app_policy)
+
+        self.aws_client.get_role_arn_for_name.return_value = 'role-arn'
+        deployer.deploy(cfg, self.deployed_resources, 'dev')
+        self.aws_client.update_function.assert_called_with(
+            function_name=self.lambda_function_name,
+            zip_contents=self.package_contents,
+            runtime=cfg.lambda_python_version,
+            tags={
+                'aws-chalice': 'version=%s:stage=dev:app=myapp' % (
+                    chalice_version),
+                'mykey': 'myvalue'
+            },
+            environment_variables={},
+            timeout=60, memory_size=128,
+            role_arn='role-arn'
+        )
+        self.aws_client.put_role_policy.assert_called_with(
+            policy_document={'Version': '2012-10-17', 'Statement': []},
+            policy_name='lambda_function_name',
+            role_name='lambda_function_name'
+        )
+        assert self.aws_client.put_role_policy.call_count == 1