From b1fdf15398c8cdba3509e16faea22d0eceae4c2e Mon Sep 17 00:00:00 2001 From: "Ryan S. Brown" Date: Thu, 23 Mar 2017 09:16:44 -0400 Subject: [PATCH] PR #3360 introduced an incorrect IAM policy for log groups --- lib/plugins/aws/deploy/lib/mergeIamTemplates.js | 4 ++-- .../aws/deploy/lib/mergeIamTemplates.test.js | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/plugins/aws/deploy/lib/mergeIamTemplates.js b/lib/plugins/aws/deploy/lib/mergeIamTemplates.js index bdd21dfb6..b240607b0 100644 --- a/lib/plugins/aws/deploy/lib/mergeIamTemplates.js +++ b/lib/plugins/aws/deploy/lib/mergeIamTemplates.js @@ -80,7 +80,7 @@ module.exports = { .Statement[0] .Resource .push({ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}' + - `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}` }); + `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*` }); this.serverless.service.provider.compiledCloudFormationTemplate .Resources[this.provider.naming.getRoleLogicalId()] @@ -90,7 +90,7 @@ module.exports = { .Statement[1] .Resource .push({ 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}' + - `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*` }); + `:log-group:${this.provider.naming.getLogGroupName(functionObject.name)}:*:*` }); }); if (this.serverless.service.provider.iamRoleStatements) { diff --git a/lib/plugins/aws/deploy/lib/mergeIamTemplates.test.js b/lib/plugins/aws/deploy/lib/mergeIamTemplates.test.js index e93385af4..70951db96 100644 --- a/lib/plugins/aws/deploy/lib/mergeIamTemplates.test.js +++ b/lib/plugins/aws/deploy/lib/mergeIamTemplates.test.js @@ -96,7 +96,7 @@ describe('#mergeIamTemplates()', () => { Resource: [ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}`, + + `log-group:/aws/lambda/${qualifiedFunction}:*`, }, ], }, @@ -108,7 +108,7 @@ describe('#mergeIamTemplates()', () => { Resource: [ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*`, + + `log-group:/aws/lambda/${qualifiedFunction}:*:*`, }, ], }, @@ -292,7 +292,7 @@ describe('#mergeIamTemplates()', () => { ).to.deep.equal([ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}`, + + `log-group:/aws/lambda/${qualifiedFunction}:*`, }, ]); expect(awsDeploy.serverless.service.provider.compiledCloudFormationTemplate @@ -305,7 +305,7 @@ describe('#mergeIamTemplates()', () => { ).to.deep.equal([ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + `log-group:/aws/lambda/${qualifiedFunction}:*`, + + `log-group:/aws/lambda/${qualifiedFunction}:*:*`, }, ]); }); @@ -333,9 +333,9 @@ describe('#mergeIamTemplates()', () => { ).to.deep.equal( [ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func0' }, + + 'log-group:/aws/lambda/func0:*' }, { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func1' }, + + 'log-group:/aws/lambda/func1:*' }, ] ); expect(awsDeploy.serverless.service.provider.compiledCloudFormationTemplate @@ -348,9 +348,9 @@ describe('#mergeIamTemplates()', () => { ).to.deep.equal( [ { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func0:*' }, + + 'log-group:/aws/lambda/func0:*:*' }, { 'Fn::Sub': 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:' - + 'log-group:/aws/lambda/func1:*' }, + + 'log-group:/aws/lambda/func1:*:*' }, ] ); });