archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-25 15:07:39 +00:00
Code Issues Projects Releases Wiki Activity

dont add websockets policies when using custom roles

Browse Source
This commit is contained in:
Eslam A. Hefnawy 2019-02-28 15:09:48 +03:00
parent 0293040164
commit cc4bafab06
2 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
lib/plugins/aws/package/compile/events/websockets/lib/api.js
View File

@ -23,20 +23,25 @@ module.exports = {
},
});
// insert policy that allows functions to postToConnection
const websocketsPolicy = {
Effect: 'Allow',
Action: ['execute-api:ManageConnections'],
Resource: ['arn:aws:execute-api:*:*:*/@connections/*'],
};
const defaultRoleResource = this.serverless.service.provider.compiledCloudFormationTemplate
.Resources[this.provider.naming.getRoleLogicalId()];
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources[this.provider.naming.getRoleLogicalId()]
.Properties
.Policies[0]
.PolicyDocument
.Statement
.push(websocketsPolicy);
if (defaultRoleResource) {
// insert policy that allows functions to postToConnection
const websocketsPolicy = {
Effect: 'Allow',
Action: ['execute-api:ManageConnections'],
Resource: ['arn:aws:execute-api:*:*:*/@connections/*'],
};
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources[this.provider.naming.getRoleLogicalId()]
.Properties
.Policies[0]
.PolicyDocument
.Statement
.push(websocketsPolicy);
}
return BbPromise.resolve();
},

13
lib/plugins/aws/package/compile/events/websockets/lib/api.test.js
View File

@ -77,4 +77,17 @@ describe('#compileApi()', () => {
},
});
}));
it('should NOT add the websockets policy if role resource does not exist', () => {
awsCompileWebsocketsEvents.serverless.service.provider.compiledCloudFormationTemplate
.Resources = {};
return awsCompileWebsocketsEvents
.compileApi().then(() => {
const resources = awsCompileWebsocketsEvents.serverless.service.provider
.compiledCloudFormationTemplate.Resources;
expect(resources[roleLogicalId]).to.deep.equal(undefined);
});
});
});