archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-25 15:07:39 +00:00
Code Issues Projects Releases Wiki Activity

PR #3360 introduced an incorrect IAM policy for log groups

Browse Source
This commit is contained in:
Ryan S. Brown 2017-03-23 09:16:44 -04:00
parent 247132c979
commit b1fdf15398
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/plugins/aws/deploy/lib/mergeIamTemplates.js
View File

@ -80,7 +80,7 @@ module.exports = {
.Statement[0]
.Resource
.push({ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}' +
`:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}` });
`:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*` });
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources[this.provider.naming.getRoleLogicalId()]
@ -90,7 +90,7 @@ module.exports = {
.Statement[1]
.Resource
.push({ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}' +
`:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*` });
`:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*:*` });
});
if (this.serverless.service.provider.iamRoleStatements) {

16
lib/plugins/aws/deploy/lib/mergeIamTemplates.test.js
View File

@ -96,7 +96,7 @@ describe('#mergeIamTemplates()', () => {
Resource: [
{
'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ `log-group:/aws/lambda/${qualifiedFunction}`,
+ `log-group:/aws/lambda/${qualifiedFunction}:*`,
},
],
},
@ -108,7 +108,7 @@ describe('#mergeIamTemplates()', () => {
Resource: [
{
'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ `log-group:/aws/lambda/${qualifiedFunction}:*`,
+ `log-group:/aws/lambda/${qualifiedFunction}:*:*`,
},
],
},
@ -292,7 +292,7 @@ describe('#mergeIamTemplates()', () => {
).to.deep.equal([
{
'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ `log-group:/aws/lambda/${qualifiedFunction}`,
+ `log-group:/aws/lambda/${qualifiedFunction}:*`,
},
]);
expect(awsDeploy.serverless.service.provider.compiledCloudFormationTemplate
@ -305,7 +305,7 @@ describe('#mergeIamTemplates()', () => {
).to.deep.equal([
{
'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ `log-group:/aws/lambda/${qualifiedFunction}:*`,
+ `log-group:/aws/lambda/${qualifiedFunction}:*:*`,
},
]);
});
@ -333,9 +333,9 @@ describe('#mergeIamTemplates()', () => {
).to.deep.equal(
[
{ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ 'log-group:/aws/lambda/func0' },
+ 'log-group:/aws/lambda/func0:*' },
{ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ 'log-group:/aws/lambda/func1' },
+ 'log-group:/aws/lambda/func1:*' },
]
);
expect(awsDeploy.serverless.service.provider.compiledCloudFormationTemplate
@ -348,9 +348,9 @@ describe('#mergeIamTemplates()', () => {
).to.deep.equal(
[
{ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ 'log-group:/aws/lambda/func0:*' },
+ 'log-group:/aws/lambda/func0:*:*' },
{ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:'
+ 'log-group:/aws/lambda/func1:*' },
+ 'log-group:/aws/lambda/func1:*:*' },
]
);
});