Merge 39aa3e1 into e1511ab

serverless-operations · Jun 4, 2019 · 66b94cc · 66b94cc
2 parents e1511ab + 39aa3e1
commit 66b94cc
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 0 deletions.
diff --git a/lib/deploy/stepFunctions/compileIamRole.js b/lib/deploy/stepFunctions/compileIamRole.js
@@ -242,6 +242,7 @@ function getIamPermissions(serverless, taskStates) {
       case 'arn:aws:states:::ecs:runTask':
         return getEcsPermissions();
 
+      case 'arn:aws:states:::lambda:invoke':
       case 'arn:aws:states:::lambda:invoke.waitForTaskToken':
         return getLambdaPermissions(state);
 

diff --git a/lib/deploy/stepFunctions/compileIamRole.test.js b/lib/deploy/stepFunctions/compileIamRole.test.js
@@ -1151,4 +1151,58 @@ describe('#compileIamRole', () => {
     ];
     expect(lambdaPermissions[0].Resource).to.deep.eq(lambdaArns);
   });
+
+  it('should support lambda::invoke resource type', () => {
+    const getStateMachine = (name, functionName) => ({
+      name,
+      definition: {
+        StartAt: 'A',
+        States: {
+          A: {
+            Type: 'Task',
+            Resource: 'arn:aws:states:::lambda:invoke',
+            Parameters: {
+              FunctionName: functionName,
+              Payload: {
+                'ExecutionName.$': '$$.Execution.Name',
+              },
+            },
+            End: true,
+          },
+        },
+      },
+    });
+
+    // function name can be...
+    const lambda1 = 'a'; // name-only
+    const lambda2 = 'b:v1'; // name-only with alias
+    const lambda3 = 'arn:aws:lambda:us-west-2:1234567890:function:c'; // full arn
+    const lambda4 = '1234567890:function:d'; // partial arn
+
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine1: getStateMachine('sm1', lambda1),
+        myStateMachine2: getStateMachine('sm2', lambda2),
+        myStateMachine3: getStateMachine('sm3', lambda3),
+        myStateMachine4: getStateMachine('sm4', lambda4),
+      },
+    };
+
+    serverlessStepFunctions.compileIamRole();
+    const statements = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources.IamRoleStateMachineExecution
+      .Properties.Policies[0].PolicyDocument.Statement;
+
+    const lambdaPermissions = statements.filter(s =>
+      _.isEqual(s.Action, ['lambda:InvokeFunction']));
+    expect(lambdaPermissions).to.have.lengthOf(1);
+
+    const lambdaArns = [
+      { 'Fn::Sub': 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:a' },
+      { 'Fn::Sub': 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:b:v1' },
+      'arn:aws:lambda:us-west-2:1234567890:function:c',
+      { 'Fn::Sub': 'arn:aws:lambda:${AWS::Region}:1234567890:function:d' },
+    ];
+    expect(lambdaPermissions[0].Resource).to.deep.eq(lambdaArns);
+  });
 });