fix: scheduled events + tests

serverless-operations · Nov 30, 2022 · 0dbfecf · 0dbfecf
1 parent 7070ae5
commit 0dbfecf
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 28 deletions.
diff --git a/lib/deploy/events/schedule/compileScheduledEvents.js b/lib/deploy/events/schedule/compileScheduledEvents.js
@@ -5,6 +5,8 @@ const BbPromise = require('bluebird');
 
 module.exports = {
   compileScheduledEvents() {
+    const service = this.serverless.service;
+    const permissionsBoundary = service.provider.rolePermissionsBoundary;
     _.forEach(this.getAllStateMachines(), (stateMachineName) => {
       const stateMachineObj = this.getStateMachine(stateMachineName);
       let scheduleNumberInFunction = 0;
@@ -131,7 +133,7 @@ module.exports = {
               }
             `;
 
-            const iamRoleTemplate = `
+            let iamRoleTemplate = `
             {
               "Type": "AWS::IAM::Role",
               "Properties": {
@@ -169,6 +171,11 @@ module.exports = {
               }
             }
             `;
+            if (permissionsBoundary) {
+              const jsonIamRole = JSON.parse(iamRoleTemplate);
+              jsonIamRole.Properties.PermissionsBoundary = permissionsBoundary;
+              iamRoleTemplate = JSON.stringify(jsonIamRole);
+            }
 
             const newScheduleObject = {
               [scheduleLogicalId]: JSON.parse(scheduleTemplate),

diff --git a/lib/deploy/events/schedule/compileScheduledEvents.test.js b/lib/deploy/events/schedule/compileScheduledEvents.test.js
@@ -423,4 +423,28 @@ describe('#httpValidate()', () => {
       expect(() => serverlessStepFunctions.compileScheduledEvents()).to.throw(Error);
     });
   });
+  it('should handle permissionsBoundary', () => {
+    serverlessStepFunctions.serverless.service.stepFunctions = {
+      stateMachines: {
+        first: {
+          events: [
+            {
+              schedule: {
+                rate: 'rate(10 minutes)',
+                enabled: false,
+                inputPath: '$.stageVariables',
+              },
+            },
+          ],
+        },
+      },
+    };
+    serverless.service.provider.rolePermissionsBoundary = 'arn:aws:iam::myAccount:policy/permission_boundary';
+    serverlessStepFunctions.compileScheduledEvents();
+
+    expect(serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources
+      .FirstScheduleToStepFunctionsRole
+      .Properties.PermissionsBoundary).to.equal('arn:aws:iam::myAccount:policy/permission_boundary');
+  });
 });
diff --git a/lib/deploy/stepFunctions/compileIamRole.test.js b/lib/deploy/stepFunctions/compileIamRole.test.js
@@ -2647,4 +2647,30 @@ describe('#compileIamRole', () => {
       },
     ]);
   });
+  it('should handle permissionsBoundary', () => {
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine1: {
+          id: 'StateMachine1',
+          definition: {
+            StartAt: 'A',
+            States: {
+              A: {
+                Type: 'Task',
+                Resource:
+                  'arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:hello',
+                End: true,
+              },
+            },
+          },
+        },
+      },
+    };
+    serverless.service.provider.rolePermissionsBoundary = 'arn:aws:iam::myAccount:policy/permission_boundary';
+    serverlessStepFunctions.compileIamRole();
+    const boundary = serverlessStepFunctions.serverless.service.provider
+      .compiledCloudFormationTemplate.Resources.StateMachine1Role.Properties
+      .PermissionsBoundary;
+    expect(boundary).to.equal('arn:aws:iam::myAccount:policy/permission_boundary');
+  });
 });
diff --git a/lib/deploy/stepFunctions/compileNotifications.test.js b/lib/deploy/stepFunctions/compileNotifications.test.js
@@ -522,31 +522,4 @@ describe('#compileNotifications', () => {
     expect(logMessage.startsWith('State machine [Beta1] : notifications are not supported on Express Workflows.'))
       .to.equal(true);
   });
-
-  it('should handle permissionsBoundary', () => {
-    serverless.service.stepFunctions = {
-      stateMachines: {
-        myStateMachine1: {
-          id: 'StateMachine1',
-          definition: {
-            StartAt: 'A',
-            States: {
-              A: {
-                Type: 'Task',
-                Resource:
-                  'arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:hello',
-                End: true,
-              },
-            },
-          },
-        },
-      },
-    };
-    serverless.service.provider.rolePermissionsBoundary = 'arn:aws:iam::myAccount:policy/permission_boundary';
-    serverlessStepFunctions.compileIamRole();
-    const boundary = serverlessStepFunctions.serverless.service.provider
-      .compiledCloudFormationTemplate.Resources.StateMachine1Role.Properties
-      .PermissionsBoundary;
-    expect(boundary).to.equal('arn:aws:iam::myAccount:policy/permission_boundary');
-  });
 });