From b096001ac4c1921e9b2d17d9575adcbaa0bc73c8 Mon Sep 17 00:00:00 2001 From: Tie Date: Mon, 19 Jun 2023 11:49:35 -0400 Subject: [PATCH 1/4] fix scheduler role --- lib/plugins/aws/package/compile/events/schedule.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/plugins/aws/package/compile/events/schedule.js b/lib/plugins/aws/package/compile/events/schedule.js index 2cdbb799d06..2a34cf0d029 100644 --- a/lib/plugins/aws/package/compile/events/schedule.js +++ b/lib/plugins/aws/package/compile/events/schedule.js @@ -136,9 +136,11 @@ class AwsCompileScheduledEvents { Name = event.schedule.name; timezone = event.schedule.timezone; Description = event.schedule.description; - roleArn = { - 'Fn::GetAtt': ['IamRoleLambdaExecution', 'Arn'], - }; + + const functionLogicalId = this.provider.naming.getLambdaLogicalId(functionName); + const functionResource = resources[functionLogicalId]; + + roleArn = functionResource.Properties.Role; method = event.schedule.method || METHOD_EVENT_BUS; From 1361b4ff6d58c8c3c5231547d838649ccc65bdb3 Mon Sep 17 00:00:00 2001 From: Tie Date: Tue, 20 Jun 2023 11:26:54 -0400 Subject: [PATCH 2/4] add test --- .../package/compile/events/schedule.test.js | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js index 11eb0d3ce33..5b945f0f3b4 100644 --- a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js +++ b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js @@ -10,7 +10,7 @@ const METHOD_EVENT_BUS = 'eventBus'; chaiUse(chaiAsPromised); -async function run(events) { +async function run(events, role) { const params = { fixture: 'function', command: 'package', @@ -18,6 +18,7 @@ async function run(events) { functions: { test: { handler: 'index.handler', + role, events, }, }, @@ -414,4 +415,24 @@ describe('test/unit/lib/plugins/aws/package/compile/events/schedule.test.js', () it('should not create schedule resources when no scheduled event is given', async () => { expect((await run([])).scheduleCfResources).to.be.empty; }); + + it('should pass the custom roleArn to method:schedule resources', async () => { + const events = [ + { + schedule: { + rate: 'rate(15 minutes)', + method: METHOD_SCHEDULER, + name: 'scheduler-scheduled-event', + description: 'Scheduler Scheduled Event', + input: '{"key":"array"}', + }, + }, + ]; + + const resources = (await run(events, 'customRole')).scheduleCfResources; + + expect(resources[0].Properties.Target.RoleArn).to.deep.equal({ + 'Fn::GetAtt': ['customRole', 'Arn'], + }); + }); }); From c7df06da2c2332a19ae1e3de3dffbb7a44ab3919 Mon Sep 17 00:00:00 2001 From: Tie Date: Tue, 27 Jun 2023 10:17:58 -0400 Subject: [PATCH 3/4] use default execution role if it exists --- .../aws/package/compile/events/schedule.js | 4 +- .../package/compile/events/schedule.test.js | 41 +++++++++++++++++-- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/lib/plugins/aws/package/compile/events/schedule.js b/lib/plugins/aws/package/compile/events/schedule.js index 2a34cf0d029..bfe89be514c 100644 --- a/lib/plugins/aws/package/compile/events/schedule.js +++ b/lib/plugins/aws/package/compile/events/schedule.js @@ -140,7 +140,9 @@ class AwsCompileScheduledEvents { const functionLogicalId = this.provider.naming.getLambdaLogicalId(functionName); const functionResource = resources[functionLogicalId]; - roleArn = functionResource.Properties.Role; + roleArn = resources.IamRoleLambdaExecution + ? { 'Fn::GetAtt': ['IamRoleLambdaExecution', 'Arn'] } + : functionResource.Properties.Role; method = event.schedule.method || METHOD_EVENT_BUS; diff --git a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js index 5b945f0f3b4..47ca491e1a4 100644 --- a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js +++ b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js @@ -10,16 +10,17 @@ const METHOD_EVENT_BUS = 'eventBus'; chaiUse(chaiAsPromised); -async function run(events, role) { +async function run(events, providerRole, functionRole) { const params = { fixture: 'function', command: 'package', configExt: { + provider: providerRole ? { iam: { role: providerRole } } : undefined, functions: { test: { handler: 'index.handler', - role, events, + role: functionRole, }, }, }, @@ -429,9 +430,41 @@ describe('test/unit/lib/plugins/aws/package/compile/events/schedule.test.js', () }, ]; - const resources = (await run(events, 'customRole')).scheduleCfResources; + const { scheduleCfResources, iamResource } = await run(events, 'customRole'); - expect(resources[0].Properties.Target.RoleArn).to.deep.equal({ + expect(scheduleCfResources[0].Properties.Target.RoleArn).to.deep.equal({ + 'Fn::GetAtt': ['customRole', 'Arn'], + }); + + expect(iamResource).to.be.undefined; + }); + + it('should not pass the custom roleArn to method:schedule resources', async () => { + const events = [ + { + schedule: { + rate: 'rate(15 minutes)', + method: METHOD_SCHEDULER, + name: 'scheduler-scheduled-event', + description: 'Scheduler Scheduled Event', + input: '{"key":"array"}', + }, + }, + ]; + + const { scheduleCfResources, iamResource, cfResources } = await run( + events, + undefined, + 'customRole' + ); + + expect(scheduleCfResources[0].Properties.Target.RoleArn).to.deep.equal({ + 'Fn::GetAtt': ['IamRoleLambdaExecution', 'Arn'], + }); + + expect(iamResource).to.exist; + + expect(cfResources.TestLambdaFunction.Properties.Role).to.deep.equal({ 'Fn::GetAtt': ['customRole', 'Arn'], }); }); From 477e9f1e1f26ac324f307faad2dbfbc2733e22c0 Mon Sep 17 00:00:00 2001 From: Tie Date: Tue, 27 Jun 2023 11:56:22 -0400 Subject: [PATCH 4/4] scheduler always uses role of function --- .../aws/package/compile/events/schedule.js | 4 +- .../package/compile/events/schedule.test.js | 39 ++----------------- 2 files changed, 4 insertions(+), 39 deletions(-) diff --git a/lib/plugins/aws/package/compile/events/schedule.js b/lib/plugins/aws/package/compile/events/schedule.js index bfe89be514c..2a34cf0d029 100644 --- a/lib/plugins/aws/package/compile/events/schedule.js +++ b/lib/plugins/aws/package/compile/events/schedule.js @@ -140,9 +140,7 @@ class AwsCompileScheduledEvents { const functionLogicalId = this.provider.naming.getLambdaLogicalId(functionName); const functionResource = resources[functionLogicalId]; - roleArn = resources.IamRoleLambdaExecution - ? { 'Fn::GetAtt': ['IamRoleLambdaExecution', 'Arn'] } - : functionResource.Properties.Role; + roleArn = functionResource.Properties.Role; method = event.schedule.method || METHOD_EVENT_BUS; diff --git a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js index 47ca491e1a4..66cb1505135 100644 --- a/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js +++ b/test/unit/lib/plugins/aws/package/compile/events/schedule.test.js @@ -10,17 +10,16 @@ const METHOD_EVENT_BUS = 'eventBus'; chaiUse(chaiAsPromised); -async function run(events, providerRole, functionRole) { +async function run(events, options = {}) { const params = { fixture: 'function', command: 'package', configExt: { - provider: providerRole ? { iam: { role: providerRole } } : undefined, functions: { test: { handler: 'index.handler', events, - role: functionRole, + role: options.functionRole, }, }, }, @@ -430,42 +429,10 @@ describe('test/unit/lib/plugins/aws/package/compile/events/schedule.test.js', () }, ]; - const { scheduleCfResources, iamResource } = await run(events, 'customRole'); + const { scheduleCfResources } = await run(events, { functionRole: 'customRole' }); expect(scheduleCfResources[0].Properties.Target.RoleArn).to.deep.equal({ 'Fn::GetAtt': ['customRole', 'Arn'], }); - - expect(iamResource).to.be.undefined; - }); - - it('should not pass the custom roleArn to method:schedule resources', async () => { - const events = [ - { - schedule: { - rate: 'rate(15 minutes)', - method: METHOD_SCHEDULER, - name: 'scheduler-scheduled-event', - description: 'Scheduler Scheduled Event', - input: '{"key":"array"}', - }, - }, - ]; - - const { scheduleCfResources, iamResource, cfResources } = await run( - events, - undefined, - 'customRole' - ); - - expect(scheduleCfResources[0].Properties.Target.RoleArn).to.deep.equal({ - 'Fn::GetAtt': ['IamRoleLambdaExecution', 'Arn'], - }); - - expect(iamResource).to.exist; - - expect(cfResources.TestLambdaFunction.Properties.Role).to.deep.equal({ - 'Fn::GetAtt': ['customRole', 'Arn'], - }); }); });