Merge pull request #285 from horike37/feature/express_workflow

Feature/express workflow

Author: theburningmonk

lib/deploy/stepFunctions/compileIamRole.js

@@ -5,7 +5,6 @@ const BbPromise = require('bluebird');
 const path = require('path');
 const { isIntrinsic, translateLocalFunctionNames, trimAliasFromLambdaArn } = require('../../utils/aws');
 
-
 function getTaskStates(states) {
   return _.flatMap(states, (state) => {
     switch (state.Type) {
@@ -378,17 +377,29 @@ module.exports = {
   compileIamRole() {
     const customRolesProvided = [];
     let iamPermissions = [];
+    let hasExpressWorkflow = false;
     this.getAllStateMachines().forEach((stateMachineName) => {
       const stateMachineObj = this.getStateMachine(stateMachineName);
       customRolesProvided.push('role' in stateMachineObj);
 
       const taskStates = getTaskStates(stateMachineObj.definition.States);
       iamPermissions = iamPermissions.concat(getIamPermissions.bind(this)(taskStates));
+
+      if (stateMachineObj.type === 'EXPRESS') {
+        hasExpressWorkflow = true;
+      }
     });
     if (_.isEqual(_.uniq(customRolesProvided), [true])) {
       return BbPromise.resolve();
     }
 
+    if (hasExpressWorkflow) {
+      iamPermissions.push({
+        action: 'logs:CreateLogDelivery,logs:GetLogDelivery,logs:UpdateLogDelivery,logs:DeleteLogDelivery,logs:ListLogDeliveries,logs:PutResourcePolicy,logs:DescribeResourcePolicies,logs:DescribeLogGroups',
+        resource: '*',
+      });
+    }
+
     const iamRoleStateMachineExecutionTemplate = this.serverless.utils.readFileSync(
       path.join(__dirname,
         '..',

lib/deploy/stepFunctions/compileIamRole.test.js

@@ -1726,4 +1726,51 @@ describe('#compileIamRole', () => {
     ];
     expect(lambdaPermissions[0].Resource).to.deep.equal(lambdaArns);
   });
+
+  it('should give CloudWatch Logs permissions for Express Workflow', () => {
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine1: {
+          name: 'stateMachineBeta1',
+          type: 'EXPRESS',
+          loggingConfig: {
+            destinations: [
+              {
+                'Fn::GetAtt': ['MyLogGroup', 'Arn'],
+              },
+            ],
+          },
+          definition: {
+            StartAt: 'A',
+            States: {
+              A: {
+                Type: 'Task',
+                Resource: 'arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:hello',
+                End: true,
+              },
+            },
+          },
+        },
+      },
+    };
+
+    serverlessStepFunctions.compileIamRole();
+    const statements = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources.IamRoleStateMachineExecution
+      .Properties.Policies[0].PolicyDocument.Statement;
+
+    const logsPermissions = statements.filter(s => s.Action.includes('logs:CreateLogDelivery'));
+    expect(logsPermissions).to.have.lengthOf(1);
+    expect(logsPermissions[0].Resource).to.equal('*');
+    expect(logsPermissions[0].Action).to.deep.equal([
+      'logs:CreateLogDelivery',
+      'logs:GetLogDelivery',
+      'logs:UpdateLogDelivery',
+      'logs:DeleteLogDelivery',
+      'logs:ListLogDeliveries',
+      'logs:PutResourcePolicy',
+      'logs:DescribeResourcePolicies',
+      'logs:DescribeLogGroups',
+    ]);
+  });
 });

lib/deploy/stepFunctions/compileNotifications.js

@@ -305,12 +305,20 @@ function* compileResources(stateMachineLogicalId, stateMachineName, notification
   }
 }
 
-function validateConfig(serverless, stateMachineName, notificationsObj) {
+function validateConfig(serverless, stateMachineName, stateMachineObj, notificationsObj) {
   // no notifications defined at all
   if (!_.isObject(notificationsObj)) {
     return false;
   }
 
+  if (stateMachineObj.type === 'EXPRESS') {
+    serverless.cli.consoleLog(
+      `State machine [${stateMachineName}] : notifications are not supported on Express Workflows. `
+      + 'Please see https://docs.aws.amazon.com/step-functions/latest/dg/concepts-standard-vs-express.html for difference between Step Functions Standard and Express Workflow.',
+    );
+    return false;
+  }
+
   const { error } = Joi.validate(
     notificationsObj, schema, { allowUnknown: false },
   );
@@ -335,7 +343,7 @@ module.exports = {
       const stateMachineName = stateMachineObj.name || name;
       const notificationsObj = stateMachineObj.notifications;
 
-      if (!validateConfig(this.serverless, stateMachineName, notificationsObj)) {
+      if (!validateConfig(this.serverless, stateMachineName, stateMachineObj, notificationsObj)) {
         return [];
       }
 

lib/deploy/stepFunctions/compileNotifications.test.js

@@ -433,4 +433,40 @@ describe('#compileNotifications', () => {
     expect(logMessage.startsWith('State machine [Beta1] : notifications config is malformed.'))
       .to.equal(true);
   });
+
+  it('should log the validation errors if state machine is an Express Workflow', () => {
+    const genStateMachine = name => ({
+      name,
+      type: 'EXPRESS',
+      definition: {
+        StartAt: 'A',
+        States: {
+          A: {
+            Type: 'Pass',
+            End: true,
+          },
+        },
+      },
+      notifications: {
+        ABORTED: [{ sns: 'SNS_TOPIC_ARN' }],
+      },
+    });
+
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        beta1: genStateMachine('Beta1'),
+      },
+    };
+
+    serverlessStepFunctions.compileNotifications();
+    const resources = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources;
+    expect(_.keys(resources)).to.have.lengthOf(0);
+
+    expect(consoleLogSpy.callCount).equal(1);
+    const { args } = consoleLogSpy.lastCall;
+    const [logMessage] = args;
+    expect(logMessage.startsWith('State machine [Beta1] : notifications are not supported on Express Workflows.'))
+      .to.equal(true);
+  });
 });

lib/deploy/stepFunctions/compileStateMachines.js

@@ -96,9 +96,10 @@ module.exports = {
         let DefinitionString;
         let RoleArn;
         let DependsOn = [];
+        let LoggingConfiguration;
         const Tags = toTags(this.serverless.service.provider.tags);
 
-        const { error } = Joi.validate(stateMachineObj, schema, { allowUnknown: false });
+        const { error, value } = Joi.validate(stateMachineObj, schema, { allowUnknown: false });
         if (error) {
           const errorMessage = `State machine [${stateMachineName}] is malformed. `
             + 'Please check the README for more info. '
@@ -181,6 +182,20 @@ module.exports = {
           _.forEach(stateMachineTags, tag => Tags.push(tag));
         }
 
+        if (value.type === 'EXPRESS' && value.loggingConfig) {
+          const Destinations = (value.loggingConfig.destinations || [])
+            .map(arn => ({
+              CloudWatchLogsLogGroup: {
+                LogGroupArn: arn,
+              },
+            }));
+          LoggingConfiguration = {
+            Level: value.loggingConfig.level,
+            IncludeExecutionData: value.loggingConfig.includeExecutionData,
+            Destinations,
+          };
+        }
+
         const stateMachineLogicalId = this.getStateMachineLogicalId(stateMachineName,
           stateMachineObj);
         const stateMachineOutputLogicalId = this
@@ -191,6 +206,8 @@ module.exports = {
             DefinitionString,
             RoleArn,
             Tags,
+            StateMachineType: stateMachineObj.type,
+            LoggingConfiguration,
           },
           DependsOn,
         };

lib/deploy/stepFunctions/compileStateMachines.schema.js

@@ -26,13 +26,20 @@ const dependsOn = Joi.alternatives().try(
   Joi.array().items(Joi.string()),
 );
 
+const loggingConfig = Joi.object().keys({
+  level: Joi.string().valid('ALL', 'ERROR', 'FATAL', 'OFF').default('OFF'),
+  includeExecutionData: Joi.boolean().default(false),
+  destinations: Joi.array().items(arn),
+});
+
 const id = Joi.string();
 const tags = Joi.object();
 const name = Joi.string();
 const events = Joi.array();
 const alarms = Joi.object();
 const notifications = Joi.object();
 const useExactVersion = Joi.boolean().default(false);
+const type = Joi.string().valid('STANDARD', 'EXPRESS').default('STANDARD');
 
 const schema = Joi.object().keys({
   id,
@@ -45,6 +52,8 @@ const schema = Joi.object().keys({
   tags,
   alarms,
   notifications,
+  type,
+  loggingConfig,
 });
 
 module.exports = schema;

lib/deploy/stepFunctions/compileStateMachines.test.js

@@ -1175,4 +1175,57 @@ describe('#compileStateMachines', () => {
     expect(definitionString).to.contain('${AWS::AccountId}');
     expect(definitionString).to.not.contain('#{AWS::AccountId}');
   });
+
+  it('should compile logging configuration for Express Workflows', () => {
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine1: {
+          name: 'stateMachineBeta1',
+          type: 'EXPRESS',
+          loggingConfig: {
+            destinations: [
+              {
+                'Fn::GetAtt': ['MyLogGroup', 'Arn'],
+              },
+            ],
+          },
+          definition: {
+            StartAt: 'A',
+            States: {
+              A: {
+                Type: 'Task',
+                Resource: 'arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:hello',
+                End: true,
+              },
+            },
+          },
+        },
+      },
+    };
+
+    serverlessStepFunctions.compileStateMachines();
+    const actual = serverlessStepFunctions
+      .serverless
+      .service
+      .provider
+      .compiledCloudFormationTemplate
+      .Resources
+      .StateMachineBeta1
+      .Properties;
+
+    expect(actual.StateMachineType).to.equal('EXPRESS');
+    expect(actual).to.haveOwnProperty('LoggingConfiguration');
+    expect(actual.LoggingConfiguration.Level).to.equal('OFF'); // default value
+    expect(actual.LoggingConfiguration.IncludeExecutionData).to.equal(false); // default value
+    expect(actual.LoggingConfiguration.Destinations).to.have.length(1);
+
+    const loggingDestination = actual.LoggingConfiguration.Destinations[0];
+    expect(loggingDestination).to.deep.equal({
+      CloudWatchLogsLogGroup: {
+        LogGroupArn: {
+          'Fn::GetAtt': ['MyLogGroup', 'Arn'],
+        },
+      },
+    });
+  });
 });