Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only add merged IAM policies for Lambda when they will be used (#6262) #6534

Merged
merged 1 commit into from Aug 13, 2019
Merged

Only add merged IAM policies for Lambda when they will be used (#6262) #6534

merged 1 commit into from Aug 13, 2019

Conversation

onebytegone
Copy link
Contributor

@onebytegone onebytegone commented Aug 13, 2019
edited

What did you implement:

Closes #6262

How did you implement it:

Made serverless only add the wildcard IAM policy for canonically named functions if there are actually canonically named functions in the service.

How can we verify it:

Full source: log-group-policy.zip

service: log-group-policy

provider:
   name: aws
   runtime: nodejs8.10

functions:
   testFunction:
      name: ${self:service}-custom-named-fn
      handler: index.handler
mkdir /tmp/test-packaging-for-6262
cd /tmp/test-packaging-for-6262
unzip log-group-policy.zip
cd log-group-policy
echo '{}' > package.json
npm i serverless@1.44.1
./node_modules/.bin/sls package
cp .serverless/cloudformation-template-update-stack.json cf-update-stack-v1.44.1.json
${PATH_TO_SERVERLESS_CLONE}/bin/serverless package
cp .serverless/cloudformation-template-update-stack.json cf-update-stack-using-PR.json
diff cf-update-stack-v1.44.1.json cf-update-stack-using-PR.json

The above is based on tests from #6262.

Expected: There should be no change to the IAM policies for the example stack.

Todos:

Note: Run npm run test-ci to run all validation checks on proposed changes

  • Write tests and confirm existing functionality is not broken.
    Validate via npm test
  • Write documentation
    • Does this need to be documented? If so, where does it belong?
  • Ensure there are no lint errors.
    Validate via npm run lint-updated
    Note: Some reported issues can be automatically fixed by running npm run lint:fix
  • Ensure introduced changes match Prettier formatting.
    Validate via npm run prettier-check-updated
    Note: All reported issues can be automatically fixed by running npm run prettify-updated
  • Make sure code coverage hasn't dropped
  • Provide verification config / commands / resources
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO

@onebytegone onebytegone force-pushed the fix-remove-extra-lambda-policy-6262 branch from 221b5fa to 56d96c4 Compare August 13, 2019 17:12
@onebytegone
Copy link
Contributor Author

⬆️ rebase was to pull in the CI fix from #6535. Hopefully the tests will pass now...

medikoo
medikoo approved these changes Aug 13, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thank you @onebytegone !

@medikoo medikoo merged commit 4f43bfd into serverless:master Aug 13, 2019
@medikoo medikoo added this to the 1.50.0 milestone Aug 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@medikoo medikoo medikoo approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.50.0
2 participants
@onebytegone @medikoo