From cc4bafab061d2ede152c41de7c15ebf6cb5a4eee Mon Sep 17 00:00:00 2001
From: "Eslam A. Hefnawy" <eahefnawy@gmail.com>
Date: Thu, 28 Feb 2019 15:09:48 +0300
Subject: [PATCH] dont add websockets policies when using custom roles

---
 .../compile/events/websockets/lib/api.js      | 31 +++++++++++--------
 .../compile/events/websockets/lib/api.test.js | 13 ++++++++
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/lib/plugins/aws/package/compile/events/websockets/lib/api.js b/lib/plugins/aws/package/compile/events/websockets/lib/api.js
index 0dbd28045..f52067a6a 100644
--- a/lib/plugins/aws/package/compile/events/websockets/lib/api.js
+++ b/lib/plugins/aws/package/compile/events/websockets/lib/api.js
@@ -23,20 +23,25 @@ module.exports = {
       },
     });
 
-    // insert policy that allows functions to postToConnection
-    const websocketsPolicy = {
-      Effect: 'Allow',
-      Action: ['execute-api:ManageConnections'],
-      Resource: ['arn:aws:execute-api:*:*:*/@connections/*'],
-    };
+    const defaultRoleResource = this.serverless.service.provider.compiledCloudFormationTemplate
+      .Resources[this.provider.naming.getRoleLogicalId()];
 
-    this.serverless.service.provider.compiledCloudFormationTemplate
-      .Resources[this.provider.naming.getRoleLogicalId()]
-      .Properties
-      .Policies[0]
-      .PolicyDocument
-      .Statement
-      .push(websocketsPolicy);
+    if (defaultRoleResource) {
+      // insert policy that allows functions to postToConnection
+      const websocketsPolicy = {
+        Effect: 'Allow',
+        Action: ['execute-api:ManageConnections'],
+        Resource: ['arn:aws:execute-api:*:*:*/@connections/*'],
+      };
+
+      this.serverless.service.provider.compiledCloudFormationTemplate
+        .Resources[this.provider.naming.getRoleLogicalId()]
+        .Properties
+        .Policies[0]
+        .PolicyDocument
+        .Statement
+        .push(websocketsPolicy);
+    }
 
     return BbPromise.resolve();
   },
diff --git a/lib/plugins/aws/package/compile/events/websockets/lib/api.test.js b/lib/plugins/aws/package/compile/events/websockets/lib/api.test.js
index bf31fbcbb..a3ed46155 100644
--- a/lib/plugins/aws/package/compile/events/websockets/lib/api.test.js
+++ b/lib/plugins/aws/package/compile/events/websockets/lib/api.test.js
@@ -77,4 +77,17 @@ describe('#compileApi()', () => {
         },
       });
     }));
+
+  it('should NOT add the websockets policy if role resource does not exist', () => {
+    awsCompileWebsocketsEvents.serverless.service.provider.compiledCloudFormationTemplate
+      .Resources = {};
+
+    return awsCompileWebsocketsEvents
+      .compileApi().then(() => {
+        const resources = awsCompileWebsocketsEvents.serverless.service.provider
+          .compiledCloudFormationTemplate.Resources;
+
+        expect(resources[roleLogicalId]).to.deep.equal(undefined);
+      });
+  });
 });