Skip to content

Commit 09a2973

Browse files
author
Jeremy Owens
committed
feat: add functionality for variable FunctionName in lambda state
1 parent a07672d commit 09a2973

File tree

2 files changed

+104
-0
lines changed

2 files changed

+104
-0
lines changed

lib/deploy/stepFunctions/compileIamRole.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,13 @@ function getLambdaPermissions(state) {
225225
}];
226226
}
227227

228+
if (state.Parameters['FunctionName.$']) {
229+
return [{
230+
action: 'lambda:InvokeFunction',
231+
resource: state.Parameters.AllowedFunctions ? state.Parameters.AllowedFunctions : '*',
232+
}];
233+
}
234+
228235
// hope for the best...
229236
return [{
230237
action: 'lambda:InvokeFunction',

lib/deploy/stepFunctions/compileIamRole.test.js

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1831,4 +1831,101 @@ describe('#compileIamRole', () => {
18311831
'logs:DescribeLogGroups',
18321832
]);
18331833
});
1834+
1835+
it('should support variable FunctionName', () => {
1836+
serverless.service.stepFunctions = {
1837+
stateMachines: {
1838+
myStateMachine1: {
1839+
id: 'StateMachine1',
1840+
definition: {
1841+
StartAt: 'A',
1842+
States: {
1843+
A: {
1844+
Type: 'Task',
1845+
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
1846+
Parameters: {
1847+
'FunctionName.$': '$.functionName',
1848+
Payload: {
1849+
'model.$': '$.new_model',
1850+
'token.$': '$$.Task.Token',
1851+
},
1852+
},
1853+
Next: 'B',
1854+
},
1855+
B: {
1856+
Type: 'Task',
1857+
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
1858+
Parameters: {
1859+
'FunctionName.$': '$.functionName',
1860+
AllowedFunctions: '*limited*',
1861+
Payload: {
1862+
'model.$': '$.new_model',
1863+
'token.$': '$$.Task.Token',
1864+
},
1865+
},
1866+
End: true,
1867+
},
1868+
},
1869+
},
1870+
},
1871+
},
1872+
};
1873+
serverlessStepFunctions.compileIamRole();
1874+
const statements = serverlessStepFunctions.serverless.service
1875+
.provider.compiledCloudFormationTemplate.Resources.StateMachine1Role
1876+
.Properties.Policies[0].PolicyDocument.Statement;
1877+
const lambdaPermissions = statements.filter(s => _.isEqual(s.Action, ['lambda:InvokeFunction']));
1878+
expect(lambdaPermissions).to.have.lengthOf(1);
1879+
expect(lambdaPermissions[0].Resource).to.deep.equal('*');
1880+
// Run the test again with limitations added
1881+
serverless.service.stepFunctions = {
1882+
stateMachines: {
1883+
myStateMachine1: {
1884+
id: 'StateMachine1',
1885+
definition: {
1886+
StartAt: 'A',
1887+
States: {
1888+
A: {
1889+
Type: 'Task',
1890+
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
1891+
Parameters: {
1892+
'FunctionName.$': '$.functionName',
1893+
AllowedFunctions: 'arn:aws:lambda:us-west-2:1234567890:function:foo',
1894+
Payload: {
1895+
'model.$': '$.new_model',
1896+
'token.$': '$$.Task.Token',
1897+
},
1898+
},
1899+
Next: 'B',
1900+
},
1901+
B: {
1902+
Type: 'Task',
1903+
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
1904+
Parameters: {
1905+
'FunctionName.$': '$.functionName',
1906+
AllowedFunctions: '*limited*',
1907+
Payload: {
1908+
'model.$': '$.new_model',
1909+
'token.$': '$$.Task.Token',
1910+
},
1911+
},
1912+
End: true,
1913+
},
1914+
},
1915+
},
1916+
},
1917+
},
1918+
};
1919+
serverlessStepFunctions.compileIamRole();
1920+
const statements2 = serverlessStepFunctions.serverless.service
1921+
.provider.compiledCloudFormationTemplate.Resources.StateMachine1Role
1922+
.Properties.Policies[0].PolicyDocument.Statement;
1923+
const lambdaPermissions2 = statements2.filter(s => _.isEqual(s.Action, ['lambda:InvokeFunction']));
1924+
expect(lambdaPermissions2).to.have.lengthOf(1);
1925+
console.log(lambdaPermissions2);
1926+
expect(lambdaPermissions2[0].Resource).to.deep.equal([
1927+
'arn:aws:lambda:us-west-2:1234567890:function:foo',
1928+
'*limited*',
1929+
]);
1930+
});
18341931
});

0 commit comments

Comments
 (0)