feat: action parameter support for event.http

BREAKING CHANGE: action key in config event.http is now used for creating dynamic IAM Role and API Gateway Request Template to passthru request

Author: shota

lib/deploy/events/apiGateway/apigateway-to-stepfunctions-assume-role.json

@@ -1,7 +1,6 @@
 'use strict';
 const _ = require('lodash');
 const BbPromise = require('bluebird');
-const path = require('path');
 
 module.exports = {
   compileHttpIamRole() {
@@ -14,15 +13,60 @@ module.exports = {
       return BbPromise.resolve();
     }
 
-    const iamRoleApiGatewayToStepFunctionsTemplate =
-      JSON.stringify(this.serverless.utils.readFileSync(
-      path.join(__dirname,
-        'apigateway-to-stepfunctions-assume-role.json'))
-    );
+    const iamRoleApiGatewayToStepFunctionsAction = [
+      'states:StartExecution',
+    ];
+
+    // generate IAM Role action by http.action parameter.
+    this.pluginhttpValidated.events.forEach((event) => {
+      if (!_.has(event, 'http')) return;
+
+      if (_.has(event.http, 'action')) {
+        const actionName = `states:${event.http.action}`;
+
+        if (iamRoleApiGatewayToStepFunctionsAction.indexOf(actionName) === -1) {
+          iamRoleApiGatewayToStepFunctionsAction.push(actionName);
+        }
+      }
+    });
+
+    const iamRoleApiGatewayToStepFunctions = {
+      Type: 'AWS::IAM::Role',
+      Properties: {
+        AssumeRolePolicyDocument: {
+          Version: '2012-10-17',
+          Statement: [
+            {
+              Effect: 'Allow',
+              Principal: {
+                Service: 'apigateway.amazonaws.com',
+              },
+              Action: 'sts:AssumeRole',
+            },
+          ],
+        },
+        Policies: [
+          {
+            PolicyName: 'apigatewaytostepfunctions',
+            PolicyDocument: {
+              Version: '2012-10-17',
+              Statement: [
+                {
+                  Effect: 'Allow',
+                  Action: iamRoleApiGatewayToStepFunctionsAction,
+                  Resource: '*',
+                },
+              ],
+            },
+          },
+        ],
+      },
+    };
+
 
     const getApiToStepFunctionsIamRoleLogicalId = this.getApiToStepFunctionsIamRoleLogicalId();
     const newIamRoleStateMachineExecutionObject = {
-      [getApiToStepFunctionsIamRoleLogicalId]: JSON.parse(iamRoleApiGatewayToStepFunctionsTemplate),
+      [getApiToStepFunctionsIamRoleLogicalId]: iamRoleApiGatewayToStepFunctions,
     };
 
     _.merge(this.serverless.service.provider.compiledCloudFormationTemplate.Resources,

lib/deploy/events/apiGateway/iamRole.js

@@ -150,6 +150,13 @@ module.exports = {
       ],
     };
     const iamRole = _.get(http, 'iamRole', defaultIamRole);
+    let integrationAction = ':states:action/StartExecution';
+    let passthroughBehavior = 'NEVER';
+    if (http && http.action) {
+      integrationAction = `:states:action/${http.action}`;
+      passthroughBehavior = 'WHEN_NO_TEMPLATES';
+    }
+
     const integration = {
       IntegrationHttpMethod: 'POST',
       Type: 'AWS',
@@ -162,12 +169,11 @@ module.exports = {
             {
               Ref: 'AWS::Region',
             },
-            (!http || !http.is_describe) ?
-              ':states:action/StartExecution' : ':states:action/DescribeExecution',
+            integrationAction,
           ],
         ],
       },
-      PassthroughBehavior: 'NEVER',
+      PassthroughBehavior: passthroughBehavior,
       RequestTemplates: this.getIntegrationRequestTemplates(
         stateMachineName,
         stateMachineObj,
@@ -235,6 +241,12 @@ module.exports = {
         http.request.template
       );
     }
+
+    if (_.has(http, 'action')) {
+      // no template if some action was defined.
+      return {};
+    }
+
     // default template
     return defaultTemplate;
   },