Skip to content

Commit f282ed2

Browse files
zirkelczirkelc
committed
fix: lambda permissions for jsonata
1 parent f611231 commit f282ed2

File tree

2 files changed

+80
-36
lines changed

2 files changed

+80
-36
lines changed

lib/deploy/stepFunctions/compileIamRole.js

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -360,9 +360,18 @@ function getRedshiftDataPermissions(action, state) {
360360
}
361361

362362
function getLambdaPermissions(state) {
363+
if (isJsonPathParameter(state, 'FunctionName') || isJsonataArgument(state, 'FunctionName')) {
364+
const allowedFunctions = getParameterOrArgument(state, 'AllowedFunctions');
365+
return [{
366+
action: 'lambda:InvokeFunction',
367+
resource: allowedFunctions || '*',
368+
}];
369+
}
370+
363371
// function name can be name-only, name-only with alias, full arn or partial arn
364372
// https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html#API_Invoke_RequestParameters
365373
const functionName = getParameterOrArgument(state, 'FunctionName');
374+
366375
if (_.isString(functionName)) {
367376
const segments = functionName.split(':');
368377

@@ -429,14 +438,6 @@ function getLambdaPermissions(state) {
429438
}];
430439
}
431440

432-
if (getParameterOrArgument(state, 'FunctionName.$')) {
433-
const allowedFunctions = getParameterOrArgument(state, 'AllowedFunctions');
434-
return [{
435-
action: 'lambda:InvokeFunction',
436-
resource: allowedFunctions || '*',
437-
}];
438-
}
439-
440441
// hope for the best...
441442
return [{
442443
action: 'lambda:InvokeFunction',

lib/deploy/stepFunctions/compileIamRole.test.js

Lines changed: 71 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -3629,7 +3629,7 @@ describe('#compileIamRole', () => {
36293629
]);
36303630
});
36313631

3632-
it('should support variable FunctionName', () => {
3632+
itParam('should support variable FunctionName: ${value}', ['JSONPath', 'JSONata'], (queryLanguage) => {
36333633
serverless.service.stepFunctions = {
36343634
stateMachines: {
36353635
myStateMachine1: {
@@ -3640,26 +3640,47 @@ describe('#compileIamRole', () => {
36403640
A: {
36413641
Type: 'Task',
36423642
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
3643-
Parameters: {
3644-
'FunctionName.$': '$.functionName',
3645-
Payload: {
3646-
'model.$': '$.new_model',
3647-
'token.$': '$$.Task.Token',
3643+
...getParamsOrArgs(
3644+
queryLanguage,
3645+
{
3646+
'FunctionName.$': '$.functionName',
3647+
Payload: {
3648+
'model.$': '$.new_model',
3649+
'token.$': '$$.Task.Token',
3650+
},
36483651
},
3649-
},
3652+
{
3653+
FunctionName: '{% $states.input.functionName %}',
3654+
Payload: {
3655+
model: '{% $states.input.new_model %}',
3656+
token: '{% $states.context.Task.Token %}',
3657+
},
3658+
},
3659+
),
36503660
Next: 'B',
36513661
},
36523662
B: {
36533663
Type: 'Task',
36543664
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
3655-
Parameters: {
3656-
'FunctionName.$': '$.functionName',
3657-
AllowedFunctions: '*limited*',
3658-
Payload: {
3659-
'model.$': '$.new_model',
3660-
'token.$': '$$.Task.Token',
3665+
...getParamsOrArgs(
3666+
queryLanguage,
3667+
{
3668+
'FunctionName.$': '$.functionName',
3669+
AllowedFunctions: '*limited*',
3670+
Payload: {
3671+
'model.$': '$.new_model',
3672+
'token.$': '$$.Task.Token',
3673+
},
36613674
},
3662-
},
3675+
{
3676+
FunctionName: '{% $states.input.functionName %}',
3677+
AllowedFunctions: '*limited*',
3678+
Payload: {
3679+
model: '{% $states.input.new_model %}',
3680+
token: '{% $states.context.Task.Token %}',
3681+
},
3682+
},
3683+
),
36633684
End: true,
36643685
},
36653686
},
@@ -3685,27 +3706,49 @@ describe('#compileIamRole', () => {
36853706
A: {
36863707
Type: 'Task',
36873708
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
3688-
Parameters: {
3689-
'FunctionName.$': '$.functionName',
3690-
AllowedFunctions: 'arn:aws:lambda:us-west-2:1234567890:function:foo',
3691-
Payload: {
3692-
'model.$': '$.new_model',
3693-
'token.$': '$$.Task.Token',
3709+
...getParamsOrArgs(
3710+
queryLanguage,
3711+
{
3712+
'FunctionName.$': '$.functionName',
3713+
AllowedFunctions: 'arn:aws:lambda:us-west-2:1234567890:function:foo',
3714+
Payload: {
3715+
'model.$': '$.new_model',
3716+
'token.$': '$$.Task.Token',
3717+
},
36943718
},
3695-
},
3719+
{
3720+
FunctionName: '{% $states.input.functionName %}',
3721+
AllowedFunctions: 'arn:aws:lambda:us-west-2:1234567890:function:foo',
3722+
Payload: {
3723+
model: '{% $states.input.new_model %}',
3724+
token: '{% $states.context.Task.Token %}',
3725+
},
3726+
},
3727+
),
36963728
Next: 'B',
36973729
},
36983730
B: {
36993731
Type: 'Task',
37003732
Resource: 'arn:aws:states:::lambda:invoke.waitForTaskToken',
3701-
Parameters: {
3702-
'FunctionName.$': '$.functionName',
3703-
AllowedFunctions: '*limited*',
3704-
Payload: {
3705-
'model.$': '$.new_model',
3706-
'token.$': '$$.Task.Token',
3733+
...getParamsOrArgs(
3734+
queryLanguage,
3735+
{
3736+
'FunctionName.$': '$.functionName',
3737+
AllowedFunctions: '*limited*',
3738+
Payload: {
3739+
'model.$': '$.new_model',
3740+
'token.$': '$$.Task.Token',
3741+
},
37073742
},
3708-
},
3743+
{
3744+
FunctionName: '{% $states.input.functionName %}',
3745+
AllowedFunctions: '*limited*',
3746+
Payload: {
3747+
model: '{% $states.input.new_model %}',
3748+
token: '{% $states.context.Task.Token %}',
3749+
},
3750+
},
3751+
),
37093752
End: true,
37103753
},
37113754
},

0 commit comments

Comments
 (0)