feat: Support kmsKeyArn for deploy function

2026-01-18 14:58:43 +00:00 · 2021-01-24 14:12:05 -05:00 · 2021-01-24 14:12:05 -05:00 · 8a92be9be3
commit 8a92be9be3
parent 9abe9db27f
2 changed files with 133 additions and 5 deletions
--- a/lib/plugins/aws/deployFunction.js
+++ b/lib/plugins/aws/deployFunction.js
@ -26,6 +26,23 @@ class AwsDeployFunction {
        await this.validate();
        await this.checkIfFunctionExists();
        this.checkIfFunctionChangesBetweenImageAndHandler();
+
+        if (_.get(this.serverless.service.serviceObject, 'awsKmsKeyArn')) {
+          this.serverless._logDeprecation(
+            'AWS_KMS_KEY_ARN',
+            'Starting with next major version, ' +
+              '"awsKmsKeyArn" service property will be replaced by "provider.kmsKeyArn"'
+          );
+        }
+        if (
+          Object.values(this.serverless.service.functions).some(({ awsKmsKeyArn }) => awsKmsKeyArn)
+        ) {
+          this.serverless._logDeprecation(
+            'AWS_KMS_KEY_ARN',
+            'Starting with next major version, ' +
+              '"awsKmsKeyArn" function property will be replaced by "kmsKeyArn"'
+          );
+        }
      },

      'deploy:function:packageFunction': () =>
@ -152,10 +169,14 @@ class AwsDeployFunction {
      FunctionName: functionObj.name,
    };

-    if (functionObj.awsKmsKeyArn && !_.isObject(functionObj.awsKmsKeyArn)) {
-      params.KMSKeyArn = functionObj.awsKmsKeyArn;
-    } else if (serviceObj.awsKmsKeyArn && !_.isObject(serviceObj.awsKmsKeyArn)) {
-      params.KMSKeyArn = serviceObj.awsKmsKeyArn;
+    const kmsKeyArn =
+      functionObj.kmsKeyArn ||
+      providerObj.kmsKeyArn ||
+      functionObj.awsKmsKeyArn ||
+      serviceObj.awsKmsKeyArn;
+
+    if (kmsKeyArn) {
+      params.KMSKeyArn = kmsKeyArn;
    }

    if (params.KMSKeyArn && params.KMSKeyArn === remoteFunctionConfiguration.KMSKeyArn) {
--- a/test/unit/lib/plugins/aws/deployFunction.test.js
+++ b/test/unit/lib/plugins/aws/deployFunction.test.js
@ -7,8 +7,8 @@ const fs = require('fs');
 const proxyquire = require('proxyquire');
 const AwsProvider = require('../../../../../lib/plugins/aws/provider');
 const Serverless = require('../../../../../lib/Serverless');
-const { getTmpDirPath } = require('../../../../utils/fs');
 const runServerless = require('../../../../utils/run-serverless');
+const { getTmpDirPath } = require('../../../../utils/fs');

 chai.use(require('chai-as-promised'));
 chai.use(require('sinon-chai'));
@ -37,6 +37,7 @@ describe('AwsDeployFunction', () => {
        },
      },
    };
+    serverless.service.serviceObject = {};
    serverless.service.functions = {
      first: {
        handler: true,
@ -804,4 +805,110 @@ describe('test/unit/lib/plugins/aws/deployFunction.test.js', () => {
      'Configuration did not change. Skipping function configuration update.'
    );
  });
+
+  it('configuration uses the "kmsKeyArn" instead of functionObj.awsKmsKeyArn', async () => {
+    await runServerless({
+      fixture: 'function',
+      cliArgs: ['deploy', 'function', '--function', 'foo'],
+      lastLifecycleHookName: 'deploy:function:deploy',
+      awsRequestStubMap,
+      configExt: {
+        functions: {
+          foo: {
+            handler: 'index.handler',
+            name: 'foobar',
+            awsKmsKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+          },
+        },
+        provider: {
+          kmsKeyArn: 'arn:aws:kms:us-east-1:newKey',
+        },
+      },
+    });
+
+    sinon.assert.calledWith(updateFunctionConfigurationStub, {
+      Handler: 'index.handler',
+      FunctionName: 'foobar',
+      KMSKeyArn: 'arn:aws:kms:us-east-1:newKey',
+    });
+  });
+
+  it('configuration uses the "kmsKeyArn" instead of serviceObj.awsKmsKeyArn', async () => {
+    await runServerless({
+      fixture: 'function',
+      cliArgs: ['deploy', 'function', '--function', 'foo'],
+      lastLifecycleHookName: 'deploy:function:deploy',
+      awsRequestStubMap,
+      configExt: {
+        functions: {
+          foo: {
+            handler: 'index.handler',
+            name: 'foobar',
+            kmsKeyArn: 'arn:aws:kms:us-east-1:newKey',
+          },
+        },
+        service: {
+          name: 'service',
+          awsKmsKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+        },
+      },
+    });
+
+    sinon.assert.calledWith(updateFunctionConfigurationStub, {
+      Handler: 'index.handler',
+      FunctionName: 'foobar',
+      KMSKeyArn: 'arn:aws:kms:us-east-1:newKey',
+    });
+  });
+
+  it('configuration uses serviceObj.awsKmsKeyArn if no kmsKeyArn provided', async () => {
+    await runServerless({
+      fixture: 'function',
+      cliArgs: ['deploy', 'function', '--function', 'foo'],
+      lastLifecycleHookName: 'deploy:function:deploy',
+      awsRequestStubMap,
+      configExt: {
+        functions: {
+          foo: {
+            handler: 'index.handler',
+            name: 'foobar',
+          },
+        },
+        service: {
+          name: 'service',
+          awsKmsKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+        },
+      },
+    });
+
+    sinon.assert.calledWith(updateFunctionConfigurationStub, {
+      Handler: 'index.handler',
+      FunctionName: 'foobar',
+      KMSKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+    });
+  });
+
+  it('configuration uses functionObj.awsKmsKeyArn and if kmsKeyArn not provided', async () => {
+    await runServerless({
+      fixture: 'function',
+      cliArgs: ['deploy', 'function', '--function', 'foo'],
+      lastLifecycleHookName: 'deploy:function:deploy',
+      awsRequestStubMap,
+      configExt: {
+        functions: {
+          foo: {
+            handler: 'index.handler',
+            name: 'foobar',
+            awsKmsKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+          },
+        },
+      },
+    });
+
+    sinon.assert.calledWith(updateFunctionConfigurationStub, {
+      Handler: 'index.handler',
+      FunctionName: 'foobar',
+      KMSKeyArn: 'arn:aws:kms:us-east-1:oldKey',
+    });
+  });
 });