fix(AWS Kafka): Allow usage of Server Root CA without client TLS auth

Co-authored-by: Fabian Desoye <fabian.desoye@prosiebensat1digital.de>
serverless · Mar 11, 2022 · 6a6417c · 6a6417c
1 parent eb0d4eb
commit 6a6417c
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 42 deletions.
diff --git a/lib/plugins/aws/package/compile/events/kafka.js b/lib/plugins/aws/package/compile/events/kafka.js
@@ -130,12 +130,7 @@ class AwsCompileKafkaEvents {
         if (!event.kafka) return;
 
         const {
-          accessConfigurations: {
-            vpcSecurityGroup,
-            vpcSubnet,
-            clientCertificateTlsAuth,
-            serverRootCaCertificate,
-          },
+          accessConfigurations: { vpcSecurityGroup, vpcSubnet },
         } = event.kafka;
 
         if ((vpcSecurityGroup && !vpcSubnet) || (vpcSubnet && !vpcSecurityGroup)) {
@@ -146,13 +141,6 @@ class AwsCompileKafkaEvents {
           );
         }
 
-        if (serverRootCaCertificate && !clientCertificateTlsAuth) {
-          throw new ServerlessError(
-            `You cannot specify "serverRootCaCertificate" accessConfiguration without providing "clientCertificateTlsAuth" accessConfiguration for function: ${functionName}`,
-            'FUNCTION_KAFKA_CLIENT_CERTIFICATE_TLS_AUTH_CONFIGURATION_MISSING'
-          );
-        }
-
         hasKafkaEvent = true;
         const { topic, batchSize, maximumBatchingWindow, enabled } = event.kafka;
         const startingPosition = event.kafka.startingPosition || 'TRIM_HORIZON';

diff --git a/test/unit/lib/plugins/aws/package/compile/events/kafka.test.js b/test/unit/lib/plugins/aws/package/compile/events/kafka.test.js
@@ -457,35 +457,6 @@ describe('test/unit/lib/plugins/aws/package/compile/events/kafka.test.js', () =>
         await runCompileEventSourceMappingTest(eventConfig);
       });
 
-      it('should fail to compile EventSourceMapping resource properties for SERVER_ROOT_CA_CERTIFICATE with no CLIENT_CERTIFICATE_TLS_AUTH', async () => {
-        await expect(
-          runServerless({
-            fixture: 'function',
-            configExt: {
-              functions: {
-                basic: {
-                  events: [
-                    {
-                      kafka: {
-                        topic,
-                        bootstrapServers: ['abc.xyz:9092'],
-                        accessConfigurations: {
-                          serverRootCaCertificate: serverRootCaCertificateArn,
-                        },
-                      },
-                    },
-                  ],
-                },
-              },
-            },
-            command: 'package',
-          })
-        ).to.be.rejected.and.eventually.have.property(
-          'code',
-          'FUNCTION_KAFKA_CLIENT_CERTIFICATE_TLS_AUTH_CONFIGURATION_MISSING'
-        );
-      });
-
       it('should update default IAM role with EC2 statement when VPC accessConfiguration is provided', async () => {
         const { cfTemplate } = await runServerless({
           fixture: 'function',