fix: remove managed policies from cloned role

functionalone · May 28, 2018 · 942816f · 942816f
1 parent 8d601b4
commit 942816f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/src/lib/index.ts b/src/lib/index.ts
@@ -172,6 +172,8 @@ class ServerlessIamPerFunctionPlugin {
         },
       ],
     };
+    // remove managed policies
+    functionIamRole.Properties.ManagedPolicyArns = [];
     //set vpc if needed
     if (!_.isEmpty(functionObject.vpc) || !_.isEmpty(this.serverless.service.provider.vpc)) {
       functionIamRole.Properties.ManagedPolicyArns = [

diff --git a/src/test/index.test.ts b/src/test/index.test.ts
@@ -128,6 +128,7 @@ describe('plugin tests', function(this: any) {
         const helloRole = serverless.service.provider.compiledCloudFormationTemplate.Resources.HelloIamRoleLambdaExecution;
         assert.isNotEmpty(helloRole);
         assertFunctionRoleName('hello', helloRole.Properties.RoleName);
+        assert.isEmpty(helloRole.Properties.ManagedPolicyArns, 'function resource role has no managed policy');
         //check depends and role is set properlly
         const helloFunctionResource = serverless.service.provider.compiledCloudFormationTemplate.Resources.HelloLambdaFunction;
         assert.isTrue(helloFunctionResource.DependsOn.indexOf('HelloIamRoleLambdaExecution') >= 0, 'function resource depends on role');