-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split IAM Policy from IAM Role & Improve DependsOn for Streams #4427
Changes from all commits
a8ea484
be658f3
3a5a534
6c613a0
2556539
a740fff
dced87b
168f9c2
6695ef7
0cd144e
be8314c
abc0666
69ad1c2
1d304d1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,13 @@ | |||
{ | |||
"Type": "AWS::IAM::Policy", | |||
"Properties": { | |||
"PolicyName": "[TO BE REPLACED]", | |||
"PolicyDocument": { | |||
"Version": "2012-10-17", | |||
"Statement": [] | |||
}, | |||
"Roles": [{ | |||
"Ref": "[TO BE REPLACED]" | |||
}] | |||
} | |||
} | |||
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
|
@@ -42,4 +42,4 @@ | ||
} | } | ||
] | ] | ||
} | } | ||
} | } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This change should be reverted |
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
|
@@ -13,8 +13,20 @@ module.exports = { | ||
compiledTemplateFileName | compiledTemplateFileName | ||
); | ); | ||
|
|
||
this.serverless.utils.writeFileSync(compiledTemplateFilePath, | const compiledTemplate = this.serverless.service.provider.compiledCloudFormationTemplate; | ||
this.serverless.service.provider.compiledCloudFormationTemplate); | if (compiledTemplate.Resources[this.provider.naming.getPolicyLogicalId()]) { | ||
const customIAMPolicyStatement = compiledTemplate | |||
.Resources[this.provider.naming.getPolicyLogicalId()] | |||
.Properties | |||
.PolicyDocument | |||
.Statement; | |||
// remove custom IAM Policy if no custom statements (empty array would be invalid for CF) | |||
if (!customIAMPolicyStatement.length) { | |||
delete compiledTemplate.Resources[this.provider.naming.getPolicyLogicalId()]; | |||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this ok to introduce further changes to compiledTemplate here? Maintance-wise it can be confusing. Maybe we should rather introduce some dedicated cleanup/optimize step, prior save that one, and put it there to make it transparent? |
|||
} | |||
} | |||
|
|||
this.serverless.utils.writeFileSync(compiledTemplateFilePath, compiledTemplate); | |||
|
|
||
return BbPromise.resolve(); | return BbPromise.resolve(); | ||
}, | }, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing EOL