archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-25 15:07:39 +00:00
Code Issues Projects Releases Wiki Activity

fix(AWS Lambda): Permissions on lambda layer retained

Browse Source
This commit is contained in:
Raymond van der Straten 2020-12-04 17:53:32 +01:00 committed by Piotr Grzesik
parent 3c5e497116
commit bf418ac6ca
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/plugins/aws/package/compile/layers.js
View File

@ -75,10 +75,14 @@ class AwsCompileLayers {
const newPermission = this.cfLambdaLayerPermissionTemplate();
newPermission.Properties.LayerVersionArn = { Ref: layerLogicalId };
newPermission.Properties.Principal = account;
const layerPermLogicalId = this.provider.naming.getLambdaLayerPermissionLogicalId(
let layerPermLogicalId = this.provider.naming.getLambdaLayerPermissionLogicalId(
layerName,
account
);
if (layerObject.retain) {
layerPermLogicalId = `${layerPermLogicalId}${sha}`;
newPermission.DeletionPolicy = 'Retain';
}
newLayerObject[layerPermLogicalId] = newPermission;
return newPermission;
});

17
test/unit/lib/plugins/aws/package/compile/layers.test.js
View File

@ -323,6 +323,7 @@ describe('AwsCompileLayers', () => {
});
describe('lib/plugins/aws/package/compile/layers/index.test.js', () => {
const allowedAccount = 'arn:aws:iam::123456789012:root';
let cfResources;
let naming;
let updateConfig;
@ -337,6 +338,7 @@ describe('lib/plugins/aws/package/compile/layers/index.test.js', () => {
layerRetain: {
path: 'layer',
retain: true,
allowedAccounts: [allowedAccount],
},
},
},
@ -358,7 +360,7 @@ describe('lib/plugins/aws/package/compile/layers/index.test.js', () => {
});
describe('`layers[].retain` property', () => {
it('should ensure expected deletion policy', () => {
it('should ensure expected deletion policy for layer resource', () => {
const layerResourceNamePrefix = naming.getLambdaLayerLogicalId('layerRetain');
const layerResourceName = Object.keys(cfResources).find(resourceName =>
resourceName.startsWith(layerResourceNamePrefix)
@ -368,6 +370,19 @@ describe('lib/plugins/aws/package/compile/layers/index.test.js', () => {
expect(layerResource.DeletionPolicy).to.equal('Retain');
});
it('should ensure expected deletion policy for layer permission resource', () => {
const layerPermissionResourceNamePrefix = naming.getLambdaLayerPermissionLogicalId(
'layerRetain',
allowedAccount
);
const layerPermissionResourceName = Object.keys(cfResources).find(resourceName =>
resourceName.startsWith(layerPermissionResourceNamePrefix)
);
expect(layerPermissionResourceName).to.not.equal(layerPermissionResourceNamePrefix);
const layerPermissionResource = cfResources[layerPermissionResourceName];
expect(layerPermissionResource.DeletionPolicy).to.equal('Retain');
});
it('should ensure unique resource id per layer version', async () => {
const layerResourceNamePrefix = naming.getLambdaLayerLogicalId('layerRetain');
const firstLayerResourceName = Object.keys(cfResources).find(resourceName =>