event sources: adding permissions

Author: eahefnawy

lib/actions/EventDeployS3Lambda.js

@@ -52,8 +52,9 @@ module.exports = function(SPlugin, serverlessPath) {
       let event          = _this.S.state.getEvents({ paths: [_this.evt.options.path] })[0],
           populatedEvent = event.getPopulated({stage: _this.evt.options.stage, region: _this.evt.options.region}),
           functionName   = _this.S.state.getFunctions({paths: [_this.evt.options.path.split('#')[0]]})[0].getDeployedName(_this.evt.options),
+          statementId    = 'sEvents-' + functionName + '-' + event.name + '-' + _this.evt.options.stage,
           awsAccountId   = _this.S.state.meta.get().stages[_this.evt.options.stage].regions[_this.evt.options.region].variables.iamRoleArnLambda.split('::')[1].split(':')[0],
-          lambdaArn      = 'arn:aws:lambda:' + _this.evt.options.region + ':' + awsAccountId + ':function:' + functionName;
+          lambdaArn      = 'arn:aws:lambda:' + _this.evt.options.region + ':' + awsAccountId + ':function:' + functionName + ':' + _this.evt.options.stage;
 
       let awsConfig  = {
         region:          _this.evt.options.region,
@@ -62,20 +63,47 @@ module.exports = function(SPlugin, serverlessPath) {
       };
 
       _this.S3 = require('../utils/aws/S3')(awsConfig);
+      _this.Lambda = require('../utils/aws/Lambda')(awsConfig);
 
       let params = {
-        Bucket: populatedEvent.config.bucket,
-        NotificationConfiguration: {
-          LambdaFunctionConfigurations: [
-            {
-              Events: populatedEvent.config.bucketEvents,
-              LambdaFunctionArn: lambdaArn
-            }
-          ]
-        }
+        FunctionName: lambdaArn,
+        StatementId: statementId,
+        Qualifier: _this.evt.options.stage
       };
+      return _this.Lambda.removePermissionPromised(params)
+        .then(function(data) {
+          SUtils.sDebug(`Removed lambda permission with statement ID: ${statementId}`);
+        })
+        .catch(function(error) {})
+        .then(function (data) {
+
+          SUtils.sDebug(`Adding lambda permission with statement ID: ${statementId}`);
+
+          let params = {
+            FunctionName: lambdaArn,
+            StatementId: statementId,
+            Action: 'lambda:InvokeFunction',
+            Principal: 's3.amazonaws.com',
+            SourceArn: 'arn:aws:s3:::' + populatedEvent.config.bucket,
+            Qualifier: _this.evt.options.stage
+          };
+          return _this.Lambda.addPermissionPromised(params);
+        })
+        .then(function(data) {
+          let params = {
+            Bucket: populatedEvent.config.bucket,
+            NotificationConfiguration: {
+              LambdaFunctionConfigurations: [
+                {
+                  Events: populatedEvent.config.bucketEvents,
+                  LambdaFunctionArn: lambdaArn
+                }
+              ]
+            }
+          };
 
-      return _this.S3.putBucketNotificationConfigurationPromised(params)
+          return _this.S3.putBucketNotificationConfigurationPromised(params)
+        })
         .then(function(data) {
 
           SUtils.sDebug(`Put notification configuration for bucket ${populatedEvent.config.bucket} and lambda ${lambdaArn}`);

lib/actions/EventDeploySNSLambda.js

@@ -53,7 +53,9 @@ module.exports = function(SPlugin, serverlessPath) {
       let event          = _this.S.state.getEvents({ paths: [_this.evt.options.path] })[0],
           populatedEvent = event.getPopulated({stage: _this.evt.options.stage, region: _this.evt.options.region}),
           functionName   = _this.S.state.getFunctions({paths: [_this.evt.options.path.split('#')[0]]})[0].getDeployedName(_this.evt.options),
+          statementId    = 'sEvents-' + functionName + '-' + event.name + '-' + _this.evt.options.stage,
           awsAccountId   = _this.S.state.meta.get().stages[_this.evt.options.stage].regions[_this.evt.options.region].variables.iamRoleArnLambda.split('::')[1].split(':')[0],
+          topicArn       = 'arn:aws:sns:' + _this.evt.options.region + ':' + awsAccountId + ':' + populatedEvent.config.topicName,
           lambdaArn      = 'arn:aws:lambda:' + _this.evt.options.region + ':' + awsAccountId + ':function:' + functionName + ':' + _this.evt.options.stage;
 
       let awsConfig  = {
@@ -63,23 +65,47 @@ module.exports = function(SPlugin, serverlessPath) {
       };
 
       _this.SNS = require('../utils/aws/SNS')(awsConfig);
+      _this.Lambda = require('../utils/aws/Lambda')(awsConfig);
+
 
       let params = {
-        Protocol: 'lambda',
-        TopicArn: populatedEvent.config.topicArn,
-        Endpoint: lambdaArn
+        FunctionName: lambdaArn,
+        StatementId: statementId,
+        Qualifier: _this.evt.options.stage
       };
-
-      return _this.SNS.subscribePromised(params)
+      return _this.Lambda.removePermissionPromised(params)
+        .then(function(data) {
+          SUtils.sDebug(`Removed lambda permission with statement ID: ${statementId}`);
+        })
+        .catch(function(error) {})
+        .then(function (data) {
+
+          SUtils.sDebug(`Adding lambda permission with statement ID: ${statementId}`);
+
+          let params = {
+            FunctionName: lambdaArn,
+            StatementId: statementId,
+            Action: 'lambda:InvokeFunction',
+            Principal: 'sns.amazonaws.com',
+            Qualifier: _this.evt.options.stage
+          };
+          return _this.Lambda.addPermissionPromised(params);
+        })
+        .then(function(data) {
+          let params = {
+            Protocol: 'lambda',
+            TopicArn: topicArn,
+            Endpoint: lambdaArn
+          };
+
+          return _this.SNS.subscribePromised(params)
+        })
         .then(function(data){
-
-          SUtils.sDebug(`Subscription to SNS topic ${populatedEvent.config.topicArn} added for lambda ${lambdaArn}`);
-
+          SUtils.sDebug(`Subscription to SNS topic ${topicArn} added for lambda ${lambdaArn}`);
           return BbPromise.resolve(data);
         });
     }
   }
 
-
   return( EventDeploySNSLambda );
 };

lib/actions/EventDeployScheduledLambda.js

@@ -68,15 +68,17 @@ module.exports = function (SPlugin, serverlessPath) {
       _this.CloudWatchEvents = require('../utils/aws/CloudWatchEvents')(awsConfig);
       _this.Lambda = require('../utils/aws/Lambda')(awsConfig);
 
+      SUtils.sDebug(`Putting CloudWatchEvents Rule ${ruleName}`);
+
       var params = {
         Name: ruleName,
         ScheduleExpression: populatedEvent.config.schedule,
         State: populatedEvent.config.enabled
       };
 
       return _this.CloudWatchEvents.putRuleAsync(params)
-        .then(function (data) {
 
+        .then(function (data) {
           // First remove permissions so we can set them again
           let params = {
             FunctionName: lambdaArn,
@@ -85,19 +87,18 @@ module.exports = function (SPlugin, serverlessPath) {
           };
           return _this.Lambda.removePermissionPromised(params)
             .then(function(data) {
-
-              SUtils.sDebug(
-                '"'
-                + _this.evt.options.stage + ' - '
-                + _this.evt.options.region
-                + ' - ' + ruleName + '": '
-                + 'removed existing lambda access policy statement');
+               SUtils.sDebug(
+                    '"'
+                    + _this.evt.options.stage + ' - '
+                    + _this.evt.options.region
+                    + ' - ' + ruleName + '": '
+                    + 'removed existing lambda access policy statement');
             })
-            .catch(function(error) {});
+            .catch(function(error) {})
         })
         .then(function (data) {
 
-          SUtils.sDebug(`Add Permissions for Event Rule ${ruleName}`);
+          SUtils.sDebug(`Adding Permissions for Event Rule ${ruleName}`);
 
           let params = {
             FunctionName: lambdaArn,
@@ -110,7 +111,7 @@ module.exports = function (SPlugin, serverlessPath) {
         })
         .then(function (data) {
 
-          SUtils.sDebug(`Put CloudWatchEvents Rule ${ruleName}`);
+          SUtils.sDebug(`Setting lambda ${lambdaArn}:${stage} as target for rule ${ruleName} for lambda ${functionName}`);
 
           let params = {
             Rule: ruleName,
@@ -121,15 +122,26 @@ module.exports = function (SPlugin, serverlessPath) {
               }
             ]
           };
-          return _this.CloudWatchEvents.putTargetsAsync(params);
-        })
-        .then(function (data) {
-          SUtils.sDebug(`Set lambda ${lambdaArn}:${stage} as target for rule ${ruleName} for lambda ${functionName}`);
-
-          return BbPromise.resolve(data);
+          return _this.CloudWatchEvents.putTargetsAsync(params)
+            .then(function(data){
+              return BbPromise.resolve(data);
+            });
         });
     }
   }
 
   return ( EventDeployScheduledLambda );
-};
+};
+
+/*
+ aws lambda add-permission \
+ --function-name serverless-v193k-js-fun \
+ --qualifier dev \
+ --region us-east-1 \
+ --statement-id qwertyjmb \
+ --action "lambda:InvokeFunction" \
+ --principal events.amazonaws.com \
+ --source-arn arn:aws:events:us-east-1:552750238299:rule/serverless-v193k-js-fun-schedule \
+ --source-account 552750238299 \
+ --profile default
+ */

tests/all.js

@@ -15,22 +15,22 @@ describe('All Tests', function() {
   require('./tests/classes/ServerlessComponentTest');
   require('./tests/classes/ServerlessFunctionTest');
   require('./tests/classes/ServerlessEndpointTest');
-  //require('./tests/actions/TestPluginCustom');
-  //require('./tests/actions/TestDefaultActionHook');
-  //require('./tests/actions/StageCreate');
-  //require('./tests/actions/RegionCreate');
-  //require('./tests/actions/ComponentCreate');
-  //require('./tests/actions/FunctionCreate');
-  //require('./tests/actions/EnvList');
-  //require('./tests/actions/EnvGet');
-  //require('./tests/actions/EnvSetUnset');
-  //require('./tests/actions/ResourcesDeploy');
-  //require('./tests/actions/FunctionRun');
-  //require('./tests/actions/FunctionLogs');
-  //require('./tests/actions/FunctionDeploy');
-  //require('./tests/actions/EndpointDeploy');
-  //require('./tests/actions/EventDeploy');
-  //require('./tests/actions/ProjectInit');
-  //require('./tests/actions/ProjectInstall');
-  //require('./tests/actions/ProjectLifeCycle.js');
+  require('./tests/actions/TestPluginCustom');
+  require('./tests/actions/TestDefaultActionHook');
+  require('./tests/actions/StageCreate');
+  require('./tests/actions/RegionCreate');
+  require('./tests/actions/ComponentCreate');
+  require('./tests/actions/FunctionCreate');
+  require('./tests/actions/EnvList');
+  require('./tests/actions/EnvGet');
+  require('./tests/actions/EnvSetUnset');
+  require('./tests/actions/ResourcesDeploy');
+  require('./tests/actions/FunctionRun');
+  require('./tests/actions/FunctionLogs');
+  require('./tests/actions/FunctionDeploy');
+  require('./tests/actions/EndpointDeploy');
+  require('./tests/actions/EventDeploy');
+  require('./tests/actions/ProjectInit');
+  require('./tests/actions/ProjectInstall');
+  require('./tests/actions/ProjectLifeCycle.js');
 });

tests/test-prj/nodejscomponent/group1/function1/s-function.json

@@ -27,7 +27,7 @@
       "name": "sns",
       "type": "sns",
       "config": {
-        "topicArn": "${topicArn}"
+        "topicName": "test-event-source"
       }
     },
     {