archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-18 14:58:43 +00:00
Code Issues Projects Releases Wiki Activity

Generate a single policy statement to cover all stream events. Fixes #2508

Browse Source
This commit is contained in:
Adam Biggs 2016-12-12 15:14:59 -08:00
parent f78fee916d
commit 0b8970fe37
2 changed files with 54 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
lib/plugins/aws/deploy/compile/events/stream/index.js
View File

@ -17,6 +17,27 @@ class AwsCompileStreamEvents {
const functionObj = this.serverless.service.getFunction(functionName);
if (functionObj.events) {
const dynamodbStreamStatement = {
Effect: 'Allow',
Action: [
'dynamodb:GetRecords',
'dynamodb:GetShardIterator',
'dynamodb:DescribeStream',
'dynamodb:ListStreams',
],
Resource: [],
};
const kinesisStreamStatement = {
Effect: 'Allow',
Action: [
'kinesis:GetRecords',
'kinesis:GetShardIterator',
'kinesis:DescribeStream',
'kinesis:ListStreams',
],
Resource: [],
};
functionObj.events.forEach(event => {
if (event.stream) {
let EventSourceArn;
@ -92,47 +113,10 @@ class AwsCompileStreamEvents {
`;
// create type specific PolicyDocument statements
let streamStatement = {};
if (streamType === 'dynamodb') {
streamStatement = {
Effect: 'Allow',
Action: [
'dynamodb:GetRecords',
'dynamodb:GetShardIterator',
'dynamodb:DescribeStream',
'dynamodb:ListStreams',
],
Resource: EventSourceArn,
};
dynamodbStreamStatement.Resource.push(EventSourceArn)
} else {
streamStatement = {
Effect: 'Allow',
Action: [
'kinesis:GetRecords',
'kinesis:GetShardIterator',
'kinesis:DescribeStream',
'kinesis:ListStreams',
],
Resource: EventSourceArn,
};
}
// update the PolicyDocument statements (if default policy is used)
if (this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.IamPolicyLambdaExecution) {
const statement = this.serverless.service.provider.compiledCloudFormationTemplate
.Resources
.IamPolicyLambdaExecution
.Properties
.PolicyDocument
.Statement;
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources
.IamPolicyLambdaExecution
.Properties
.PolicyDocument
.Statement = statement.concat([streamStatement]);
kinesisStreamStatement.Resource.push(EventSourceArn)
}
const newStreamObject = {
@ -143,6 +127,23 @@ class AwsCompileStreamEvents {
newStreamObject);
}
});
// update the PolicyDocument statements (if default policy is used)
if (this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.IamPolicyLambdaExecution) {
const statement = this.serverless.service.provider.compiledCloudFormationTemplate
.Resources
.IamPolicyLambdaExecution
.Properties
.PolicyDocument
.Statement;
if(dynamodbStreamStatement.Resource.length) {
statement.push(dynamodbStreamStatement)
}
if(kinesisStreamStatement.Resource.length) {
statement.push(kinesisStreamStatement)
}
}
}
});
}

16
lib/plugins/aws/deploy/compile/events/stream/index.test.js
View File

@ -275,6 +275,9 @@ describe('AwsCompileStreamEvents', () => {
{
stream: 'arn:aws:dynamodb:region:account:table/foo/stream/1',
},
{
stream: 'arn:aws:dynamodb:region:account:table/bar/stream/2',
},
],
},
};
@ -288,7 +291,10 @@ describe('AwsCompileStreamEvents', () => {
'dynamodb:DescribeStream',
'dynamodb:ListStreams',
],
Resource: 'arn:aws:dynamodb:region:account:table/foo/stream/1',
Resource: [
'arn:aws:dynamodb:region:account:table/foo/stream/1',
'arn:aws:dynamodb:region:account:table/bar/stream/2',
]
},
];
@ -430,6 +436,9 @@ describe('AwsCompileStreamEvents', () => {
{
stream: 'arn:aws:kinesis:region:account:stream/foo',
},
{
stream: 'arn:aws:kinesis:region:account:stream/bar',
},
],
},
};
@ -443,7 +452,10 @@ describe('AwsCompileStreamEvents', () => {
'kinesis:DescribeStream',
'kinesis:ListStreams',
],
Resource: 'arn:aws:kinesis:region:account:stream/foo',
Resource: [
'arn:aws:kinesis:region:account:stream/foo',
'arn:aws:kinesis:region:account:stream/bar',
]
},
];