update iam role setting

Author: horike37

index.js

@@ -13,8 +13,6 @@ class ServerlessStepFunctions {
     this.stage = this.provider.getStage();
     this.awsStateLanguage = {};
     this.functionArns = {};
-    this.iamRoleName = `serverless-step-functions-executerole-${this.region}`;
-    this.iamPolicyName = `serverless-step-functions-executepolicy-${this.region}`;
     this.iamPolicyStatement = `{
       "Version": "2012-10-17",
       "Statement": [
@@ -149,6 +147,7 @@ class ServerlessStepFunctions {
 
   remove() {
     return BbPromise.bind(this)
+    .then(this.deleteIamRole)
     .then(this.getStateMachineArn)
     .then(this.deleteStateMachine)
     .then(() => {
@@ -164,6 +163,18 @@ class ServerlessStepFunctions {
     .then(this.describeExecution);
   }
 
+  getIamRoleName() {
+    let name = `${this.service}-${this.region}-${this.stage}-${this.options.state}-`;
+    name += 'ssf-exerole';
+    return name;
+  }
+
+  getIamPolicyName() {
+    let name = `${this.service}-${this.region}-${this.stage}-${this.options.state}-`;
+    name += 'ssf-exepolicy';
+    return name;
+  }
+
   getStateMachineName() {
     return `${this.service}-${this.stage}-${this.options.state}`;
   }
@@ -172,7 +183,7 @@ class ServerlessStepFunctions {
     return this.provider.request('IAM',
       'getRole',
       {
-        RoleName: this.iamRoleName,
+        RoleName: this.getIamRoleName(),
       },
       this.options.stage,
       this.options.region)
@@ -207,7 +218,7 @@ class ServerlessStepFunctions {
       'createRole',
       {
         AssumeRolePolicyDocument: this.assumeRolePolicyDocument,
-        RoleName: this.iamRoleName,
+        RoleName: this.getIamRoleName(),
       },
       this.options.stage,
       this.options.region)
@@ -217,7 +228,7 @@ class ServerlessStepFunctions {
         'createPolicy',
         {
           PolicyDocument: this.iamPolicyStatement,
-          PolicyName: this.iamPolicyName,
+          PolicyName: this.getIamPolicyName(),
         },
         this.options.stage,
         this.options.region);
@@ -226,7 +237,43 @@ class ServerlessStepFunctions {
       'attachRolePolicy',
       {
         PolicyArn: result.Policy.Arn,
-        RoleName: this.iamRoleName,
+        RoleName: this.getIamRoleName(),
+      },
+      this.options.stage,
+      this.options.region)
+    )
+    .then(() => BbPromise.resolve());
+  }
+
+  deleteIamRole() {
+    let policyArn;
+    return this.provider.request('STS',
+      'getCallerIdentity',
+      {},
+      this.options.stage,
+      this.options.region)
+    .then((result) => {
+      policyArn = `arn:aws:iam::${result.Account}:policy/${this.getIamPolicyName()}`;
+      return this.provider.request('IAM',
+        'detachRolePolicy',
+        {
+          PolicyArn: policyArn,
+          RoleName: this.getIamRoleName(),
+        },
+        this.options.stage,
+        this.options.region)})
+    .then((result) => this.provider.request('IAM',
+        'deletePolicy',
+        {
+          PolicyArn: policyArn,
+        },
+        this.options.stage,
+        this.options.region)
+    )
+    .then((result) => this.provider.request('IAM',
+      'deleteRole',
+      {
+        RoleName: this.getIamRoleName(),
       },
       this.options.stage,
       this.options.region)

index.test.js

@@ -55,14 +55,6 @@ describe('ServerlessStepFunctions', () => {
     it('should set the stage variable', () =>
       expect(serverlessStepFunctions.stage).to.be.equal(provider.getStage()));
 
-    it('should set the iamRoleName variable', () =>
-      expect(serverlessStepFunctions.iamRoleName).to.be
-      .equal('serverless-step-functions-executerole-us-east-1'));
-
-    it('should set the iamPolicyName variable', () =>
-      expect(serverlessStepFunctions.iamPolicyName).to.be
-      .equal('serverless-step-functions-executepolicy-us-east-1'));
-
     it('should set the assumeRolePolicyDocument variable', () =>
       expect(serverlessStepFunctions.assumeRolePolicyDocument).to.be
       .equal(`{
@@ -155,14 +147,17 @@ describe('ServerlessStepFunctions', () => {
 
   describe('#remove()', () => {
     it('should run promise chain in order', () => {
+      const deleteIamRoleStub = sinon
+        .stub(serverlessStepFunctions, 'deleteIamRole').returns(BbPromise.resolve());
       const getStateMachineArnStub = sinon
         .stub(serverlessStepFunctions, 'getStateMachineArn').returns(BbPromise.resolve());
       const deleteStateMachineStub = sinon
         .stub(serverlessStepFunctions, 'deleteStateMachine').returns(BbPromise.resolve());
 
       return serverlessStepFunctions.remove()
         .then(() => {
-          expect(getStateMachineArnStub.calledOnce).to.be.equal(true);
+          expect(deleteIamRoleStub.calledOnce).to.be.equal(true);
+          expect(getStateMachineArnStub.calledAfter(deleteIamRoleStub)).to.be.equal(true);
           expect(deleteStateMachineStub.calledAfter(getStateMachineArnStub)).to.be.equal(true);
 
           serverlessStepFunctions.getStateMachineArn.restore();
@@ -193,10 +188,17 @@ describe('ServerlessStepFunctions', () => {
     });
   });
 
-  describe('#getStateMachineName', () => {
-    it('should return stateMachineName', () => {
-      expect(serverlessStepFunctions.getStateMachineName())
-      .to.be.equal('step-functions-dev-stateMachine');
+  describe('#getIamRoleName', () => {
+    it('should return IamRoleName', () => {
+      expect(serverlessStepFunctions.getIamRoleName())
+      .to.be.equal('step-functions-us-east-1-dev-stateMachine-ssf-exerole');
+    });
+  });
+
+  describe('#getIamPolicyName', () => {
+    it('should return IamPolicyName', () => {
+      expect(serverlessStepFunctions.getIamPolicyName())
+      .to.be.equal('step-functions-us-east-1-dev-stateMachine-ssf-exepolicy');
     });
   });
 
@@ -214,7 +216,7 @@ describe('ServerlessStepFunctions', () => {
           'IAM',
           'getRole',
           {
-            RoleName: 'serverless-step-functions-executerole-us-east-1',
+            RoleName: 'step-functions-us-east-1-dev-stateMachine-ssf-exerole',
           },
           serverlessStepFunctions.options.stage,
           serverlessStepFunctions.options.region
@@ -299,6 +301,32 @@ describe('ServerlessStepFunctions', () => {
     );
   });
 
+  describe('#deleteIamRole()', () => {
+    let deleteIamRoleStub;
+    beforeEach(() => {
+      deleteIamRoleStub = sinon.stub(serverlessStepFunctions.provider, 'request');
+      deleteIamRoleStub.onFirstCall().returns(BbPromise.resolve({ Account: 1234 }));
+      deleteIamRoleStub.onSecondCall().returns(BbPromise.resolve());
+      deleteIamRoleStub.onThirdCall().returns(BbPromise.resolve());
+      deleteIamRoleStub.onCall(4).returns(BbPromise.resolve());
+    });
+
+    it('should deleteIamRole with correct params', () => serverlessStepFunctions.deleteIamRole()
+      .then(() => {
+        expect(deleteIamRoleStub.callCount).to.be.equal(4);
+        expect(deleteIamRoleStub.args[0][0]).to.be.equal('STS');
+        expect(deleteIamRoleStub.args[0][1]).to.be.equal('getCallerIdentity');
+        expect(deleteIamRoleStub.args[1][0]).to.be.equal('IAM');
+        expect(deleteIamRoleStub.args[1][1]).to.be.equal('detachRolePolicy');
+        expect(deleteIamRoleStub.args[2][0]).to.be.equal('IAM');
+        expect(deleteIamRoleStub.args[2][1]).to.be.equal('deletePolicy');
+        expect(deleteIamRoleStub.args[3][0]).to.be.equal('IAM');
+        expect(deleteIamRoleStub.args[3][1]).to.be.equal('deleteRole');
+        serverlessStepFunctions.provider.request.restore();
+      })
+    );
+  });
+
   describe('#getStateMachineArn()', () => {
     let getStateMachineStub;
     beforeEach(() => {