Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add option to disable queue policy #715

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Add option to disable queue policy #715

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ functions:
kmsDataKeyReusePeriodSeconds: 600 # optional - AWS default is 300 seconds
deadLetterMessageRetentionPeriodSeconds: 1209600 # optional - AWS default is 345600 secs (4 days)
deadLetterQueueEnabled: true # optional - default is true
lambdaSqsPermissionsEnabled: true # optional - default is true
visibilityTimeout: 120 # optional (in seconds) - AWS default is 30 secs
rawMessageDelivery: true # Optional - default value is true
enabled: true # Optional - default value is true
Expand Down
307 changes: 307 additions & 0 deletions lib/__snapshots__/serverless-sns-sqs-lambda.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2479,6 +2479,313 @@ Object {
}
`;

exports[`Test Serverless SNS SQS Lambda when the provider is specified via a command line option when queue policy is disabled should not produce IAM queue policy in the CF template 1`] = `
Object {
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The AWS CloudFormation template for this Serverless application",
"Outputs": Object {
"ServerlessDeploymentBucketName": Object {
"Export": Object {
"Name": "sls-test-service-dev-test-ServerlessDeploymentBucketName",
},
"Value": Object {
"Ref": "ServerlessDeploymentBucket",
},
},
"TestDashfunctionLambdaFunctionQualifiedArn": Object {
"Description": "Current Lambda function version",
"Export": Object {
"Name": "sls-test-service-dev-test-TestDashfunctionLambdaFunctionQualifiedArn",
},
"Value": Object {
"Ref": "TestDashfunctionLambdaVersionA6M23sE6AN9SgN5IQgI9bd1tqh7YgxtybZ9LOhkLY4",
},
},
},
"Resources": Object {
"IamRoleLambdaExecution": Object {
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sts:AssumeRole",
],
"Effect": "Allow",
"Principal": Object {
"Service": Array [
"lambda.amazonaws.com",
],
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogStream",
"logs:CreateLogGroup",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Sub": "arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:/aws/lambda/test-service-dev-test*:*",
},
],
},
Object {
"Action": Array [
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Sub": "arn:\${AWS::Partition}:logs:\${AWS::Region}:\${AWS::AccountId}:log-group:/aws/lambda/test-service-dev-test*:*:*",
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": Object {
"Fn::Join": Array [
"-",
Array [
"test-service",
"dev-test",
"lambda",
],
],
},
},
],
"RoleName": Object {
"Fn::Join": Array [
"-",
Array [
"test-service",
"dev-test",
Object {
"Ref": "AWS::Region",
},
"lambdaRole",
],
],
},
},
"Type": "AWS::IAM::Role",
},
"ServerlessDeploymentBucket": Object {
"Properties": Object {
"BucketEncryption": Object {
"ServerSideEncryptionConfiguration": Array [
Object {
"ServerSideEncryptionByDefault": Object {
"SSEAlgorithm": "AES256",
},
},
],
},
},
"Type": "AWS::S3::Bucket",
},
"ServerlessDeploymentBucketPolicy": Object {
"Properties": Object {
"Bucket": Object {
"Ref": "ServerlessDeploymentBucket",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": false,
},
},
"Effect": "Deny",
"Principal": "*",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::",
Object {
"Ref": "ServerlessDeploymentBucket",
},
"/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::",
Object {
"Ref": "ServerlessDeploymentBucket",
},
],
],
},
],
},
],
},
},
"Type": "AWS::S3::BucketPolicy",
},
"Subscribesome-nameTopic": Object {
"Properties": Object {
"Endpoint": Object {
"Fn::GetAtt": Array [
"some-nameQueue",
"Arn",
],
},
"Protocol": "sqs",
"RawMessageDelivery": false,
"TopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
},
"Type": "AWS::SNS::Subscription",
},
"Test-functionEventSourceMappingSQSsome-nameQueue": Object {
"Properties": Object {
"BatchSize": 10,
"Enabled": "True",
"EventSourceArn": Object {
"Fn::GetAtt": Array [
"some-nameQueue",
"Arn",
],
},
"FunctionName": Object {
"Fn::GetAtt": Array [
"Test-functionLambdaFunction",
"Arn",
],
},
"MaximumBatchingWindowInSeconds": 0,
},
"Type": "AWS::Lambda::EventSourceMapping",
},
"TestDashfunctionLambdaFunction": Object {
"DependsOn": Array [
"TestDashfunctionLogGroup",
],
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Ref": "ServerlessDeploymentBucket",
},
"S3Key": Any<String>,
},
"FunctionName": "test-service-dev-test-test-function",
"Handler": "handler.handler",
"MemorySize": 1024,
"Role": Object {
"Fn::GetAtt": Array [
"IamRoleLambdaExecution",
"Arn",
],
},
"Runtime": "nodejs14.x",
"Timeout": 6,
},
"Type": "AWS::Lambda::Function",
},
"TestDashfunctionLambdaVersionA6M23sE6AN9SgN5IQgI9bd1tqh7YgxtybZ9LOhkLY4": Object {
"DeletionPolicy": "Retain",
"Properties": Object {
"CodeSha256": "gxQ2/ARVAXYSjz4OF5PnsOiOB+yUlXG8z5y5h6bNs7U=",
"FunctionName": Object {
"Ref": "TestDashfunctionLambdaFunction",
},
},
"Type": "AWS::Lambda::Version",
},
"TestDashfunctionLogGroup": Object {
"Properties": Object {
"LogGroupName": "/aws/lambda/test-service-dev-test-test-function",
},
"Type": "AWS::Logs::LogGroup",
},
"some-nameDeadLetterQueue": Object {
"Properties": Object {
"QueueName": "test-service-dev-test-Test-functionsome-nameDeadLetterQueue",
},
"Type": "AWS::SQS::Queue",
},
"some-nameQueue": Object {
"Properties": Object {
"QueueName": "test-service-dev-test-Test-functionsome-nameQueue",
"RedrivePolicy": Object {
"deadLetterTargetArn": Object {
"Fn::GetAtt": Array [
"some-nameDeadLetterQueue",
"Arn",
],
},
"maxReceiveCount": 5,
},
},
"Type": "AWS::SQS::Queue",
},
"some-nameQueuePolicy": Object {
"Properties": Object {
"PolicyDocument": Object {
"Id": "test-service-dev-test-Test-functionsome-nameQueue",
"Statement": Array [
Object {
"Action": "SQS:SendMessage",
"Condition": Object {
"ArnEquals": Object {
"aws:SourceArn": Array [
"arn:aws:sns:us-east-2:123456789012:MyTopic",
],
},
},
"Effect": "Allow",
"Principal": Object {
"Service": "sns.amazonaws.com",
},
"Resource": Object {
"Fn::GetAtt": Array [
"some-nameQueue",
"Arn",
],
},
"Sid": "test-service-dev-test-Test-functionsome-nameSid",
},
],
"Version": "2012-10-17",
},
"Queues": Array [
Object {
"Ref": "some-nameQueue",
},
],
},
"Type": "AWS::SQS::QueuePolicy",
},
},
}
`;

exports[`Test Serverless SNS SQS Lambda when the provider is specified via a config option in serverless.yml when fifo is true should produce valid fifo queues 1`] = `
Object {
"Resources": Object {
Expand Down
36 changes: 36 additions & 0 deletions lib/serverless-sns-sqs-lambda.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,7 @@ describe("Test Serverless SNS SQS Lambda", () => {
kmsDataKeyReusePeriodSeconds: 200,
deadLetterMessageRetentionPeriodSeconds: 1209600,
deadLetterQueueEnabled: true,
lambdaSqsPermissionsEnabled: true,
enabled: false,
visibilityTimeout: 999,
rawMessageDelivery: true,
Expand Down Expand Up @@ -301,6 +302,41 @@ describe("Test Serverless SNS SQS Lambda", () => {
});
});

describe("when queue policy is disabled", () => {
it("should not produce IAM queue policy in the CF template", async () => {
const { cfTemplate } = await runServerless(serverlessPath, {
command: "package",
config: {
...baseConfig,
functions: {
["test-function"]: {
handler: "handler.handler",
events: [
{
snsSqs: {
name: "some-name",
topicArn: "arn:aws:sns:us-east-2:123456789012:MyTopic",
lambdaSqsPermissionsEnabled: false
}
}
]
}
}
}
});

expect(cfTemplate).toMatchSnapshot({
Resources: {
TestDashfunctionLambdaFunction: {
Properties: {
Code: { S3Key: expect.any(String) }
}
}
}
});
});
});

describe("when encryption parameters are not provided", () => {
it("should produce valid SQS CF template items", async () => {
const { cfTemplate } = await runServerless(serverlessPath, {
Expand Down
Loading