feat: support iamRole override for HTTP events

fixes issue #91

Author: theburningmonk

lib/deploy/events/apiGateway/iamRole.js

@@ -5,6 +5,15 @@ const path = require('path');
 
 module.exports = {
   compileHttpIamRole() {
+    const needDefaultIamRole = this.pluginhttpValidated.events.some((event) =>
+      // a http event that doesn't specify its own iamRole would need us to
+      // generate a default IAM role
+      _.has(event, 'http') && !_.has(event, 'http.iamRole'));
+
+    if (!needDefaultIamRole) {
+      return BbPromise.resolve();
+    }
+
     const iamRoleApiGatewayToStepFunctionsTemplate =
       JSON.stringify(this.serverless.utils.readFileSync(
       path.join(__dirname,

lib/deploy/events/apiGateway/iamRole.test.js

@@ -31,12 +31,93 @@ describe('#compileHttpIamRole()', () => {
     serverlessStepFunctions = new ServerlessStepFunctions(serverless);
   });
 
-  it('should create a IAM Role resource', () => serverlessStepFunctions
-    .compileHttpIamRole().then(() => {
-      expect(
-        serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
-          .Resources.ApigatewayToStepFunctionsRole.Type
-      ).to.equal('AWS::IAM::Role');
-    })
-  );
+  it('should create an IAM Role resource when there are no iamRole overrides', () => {
+    serverlessStepFunctions.pluginhttpValidated = {
+      events: [
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar1',
+            method: 'post',
+          },
+        },
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar2',
+            method: 'post',
+            private: true,
+          },
+        },
+      ],
+    };
+
+    serverlessStepFunctions
+      .compileHttpIamRole().then(() => {
+        expect(
+          serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+            .Resources.ApigatewayToStepFunctionsRole.Type
+        ).to.equal('AWS::IAM::Role');
+      });
+  });
+
+  it('should create an IAM Role resource when at least one event has no iamRole override', () => {
+    serverlessStepFunctions.pluginhttpValidated = {
+      events: [
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar1',
+            method: 'post',
+          },
+        },
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar2',
+            method: 'post',
+            iamRole: 'arn:aws:iam::12345567890:role/test',
+          },
+        },
+      ],
+    };
+
+    serverlessStepFunctions
+      .compileHttpIamRole().then(() => {
+        expect(
+          serverlessStepFunctions.serverless.service.provider.compiledCloudFormationTemplate
+            .Resources.ApigatewayToStepFunctionsRole.Type
+        ).to.equal('AWS::IAM::Role');
+      });
+  });
+
+  it('should not create an IAM Role resource when all events have iamRole override', () => {
+    serverlessStepFunctions.pluginhttpValidated = {
+      events: [
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar1',
+            method: 'post',
+            iamRole: 'arn:aws:iam::12345567890:role/test1',
+          },
+        },
+        {
+          stateMachineName: 'first',
+          http: {
+            path: 'foo/bar2',
+            method: 'post',
+            iamRole: 'arn:aws:iam::12345567890:role/test2',
+          },
+        },
+      ],
+    };
+
+    serverlessStepFunctions
+      .compileHttpIamRole().then(() => {
+        const resources = serverlessStepFunctions.serverless.service.provider
+          .compiledCloudFormationTemplate.Resources;
+        expect(resources).to.not.haveOwnProperty('ApigatewayToStepFunctionsRole');
+      });
+  });
 });

lib/deploy/events/apiGateway/methods.js

@@ -142,16 +142,18 @@ module.exports = {
   },
 
   getMethodIntegration(stateMachineName, stateMachineObj, http) {
-    const apiToStepFunctionsIamRoleLogicalId = this.getApiToStepFunctionsIamRoleLogicalId();
+    const defaultIamRoleLogicalId = this.getApiToStepFunctionsIamRoleLogicalId();
+    const defaultIamRole = {
+      'Fn::GetAtt': [
+        `${defaultIamRoleLogicalId}`,
+        'Arn',
+      ],
+    };
+    const iamRole = _.get(http, 'iamRole', defaultIamRole);
     const integration = {
       IntegrationHttpMethod: 'POST',
       Type: 'AWS',
-      Credentials: {
-        'Fn::GetAtt': [
-          `${apiToStepFunctionsIamRoleLogicalId}`,
-          'Arn',
-        ],
-      },
+      Credentials: iamRole,
       Uri: {
         'Fn::Join': [
           '',