From 3ed18cfb89a9bb0fabfe452e100e252b196d378f Mon Sep 17 00:00:00 2001 From: Adrian Hesketh Date: Tue, 5 Feb 2019 22:52:22 +0000 Subject: [PATCH] Update bucket conf to default AES256 encryption and enable versioning. --- .../lib/core-cloudformation-template.json | 16 ++++++- .../aws/package/lib/generateCoreTemplate.js | 43 +++++++++-------- .../package/lib/generateCoreTemplate.test.js | 46 +++++++++++++++++-- .../lib/mergeCustomProviderResources.test.js | 14 ++++++ 4 files changed, 95 insertions(+), 24 deletions(-) diff --git a/lib/plugins/aws/package/lib/core-cloudformation-template.json b/lib/plugins/aws/package/lib/core-cloudformation-template.json index 4be3c3d8e..8ef87e565 100644 --- a/lib/plugins/aws/package/lib/core-cloudformation-template.json +++ b/lib/plugins/aws/package/lib/core-cloudformation-template.json @@ -3,7 +3,21 @@ "Description": "The AWS CloudFormation template for this Serverless application", "Resources": { "ServerlessDeploymentBucket": { - "Type" : "AWS::S3::Bucket" + "Type" : "AWS::S3::Bucket", + "Properties" : { + "VersioningConfiguration": { + "Status": "Enabled" + }, + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + } + } } }, "Outputs": { diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.js b/lib/plugins/aws/package/lib/generateCoreTemplate.js index 98341552c..6c93f225e 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.js @@ -15,13 +15,13 @@ module.exports = { this.serverless.service.provider .compiledCloudFormationTemplate = this.serverless.utils.readFileSync( - path.join(this.serverless.config.serverlessPath, - 'plugins', - 'aws', - 'package', - 'lib', - 'core-cloudformation-template.json') - ); + path.join(this.serverless.config.serverlessPath, + 'plugins', + 'aws', + 'package', + 'lib', + 'core-cloudformation-template.json') + ); const bucketName = this.serverless.service.provider.deploymentBucket; const isS3TransferAccelerationSupported = this.provider.isS3TransferAccelerationSupported(); @@ -54,27 +54,30 @@ module.exports = { }); } + const mergeProperties = []; + if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) { // enable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { - AccelerateConfiguration: { - AccelerationStatus: 'Enabled', - }, - }; + mergeProperties.push({ + AccelerateConfiguration: { + AccelerationStatus: 'Enabled', + }, + }); // keep track of acceleration status via CloudFormation Output this.serverless.service.provider.compiledCloudFormationTemplate - .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; + .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; } else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) { // explicitly disable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { - AccelerateConfiguration: { - AccelerationStatus: 'Suspended', - }, - }; + mergeProperties.push({ + AccelerateConfiguration: { + AccelerationStatus: 'Suspended', + }, + }); } + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, ...mergeProperties); + const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName(); const coreTemplateFilePath = path.join(this.serverless.config.servicePath, diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js index 72a2ae361..2f8e9ea39 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js @@ -109,9 +109,23 @@ describe('#generateCoreTemplate()', () => { expect( awsPlugin.serverless.service.provider.compiledCloudFormationTemplate .Resources.ServerlessDeploymentBucket - ).to.be.deep.equal({ - Type: 'AWS::S3::Bucket', - }); + ).to.be.deep.equal({ + Type: 'AWS::S3::Bucket', + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, + }); }) ); @@ -156,6 +170,18 @@ describe('#generateCoreTemplate()', () => { AccelerateConfiguration: { AccelerationStatus: 'Suspended', }, + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, }, }); }); @@ -172,6 +198,20 @@ describe('#generateCoreTemplate()', () => { const template = serverless.service.provider.coreCloudFormationTemplate; expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({ Type: 'AWS::S3::Bucket', + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }); }); }); diff --git a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js index c765406ff..391763dd8 100644 --- a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js +++ b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js @@ -73,6 +73,20 @@ describe('mergeCustomProviderResources', () => { FakeResource2: { FakePropKey: 'FakePropValue', }, + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }, }, };