fix: correctly resolve lambda function name from Arguments or Parameters

Author: edvaldoszy

lib/deploy/stepFunctions/compileIamRole.js

@@ -362,7 +362,7 @@ function getRedshiftDataPermissions(action, state) {
 function getLambdaPermissions(state) {
   // function name can be name-only, name-only with alias, full arn or partial arn
   // https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html#API_Invoke_RequestParameters
-  const functionName = state.Parameters.FunctionName;
+  const functionName = getParameterOrArgument(state, 'FunctionName');
   if (_.isString(functionName)) {
     const segments = functionName.split(':');
 
@@ -429,10 +429,11 @@ function getLambdaPermissions(state) {
     }];
   }
 
-  if (state.Parameters['FunctionName.$']) {
+  if (getParameterOrArgument(state, 'FunctionName.$')) {
+    const allowedFunctions = getParameterOrArgument(state, 'AllowedFunctions');
     return [{
       action: 'lambda:InvokeFunction',
-      resource: state.Parameters.AllowedFunctions ? state.Parameters.AllowedFunctions : '*',
+      resource: allowedFunctions || '*',
     }];
   }
 

lib/deploy/stepFunctions/compileIamRole.test.js

@@ -3587,6 +3587,41 @@ describe('#compileIamRole', () => {
     ]);
   });
 
+  it.only('should resolve FunctionName from the Arguments property when there is no Parameters property', () => {
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine1: {
+          id: 'StateMachine1',
+          definition: {
+            StartAt: 'A',
+            States: {
+              A: {
+                Type: 'Task',
+                Resource: 'arn:aws:states:::lambda:invoke',
+                Arguments: {
+                  FunctionName: 'arn:aws:lambda:us-west-2:1234567890:function:foo',
+                  Payload: '{% $states.input.Payload %}',
+                },
+                End: true,
+              },
+            },
+          },
+        },
+      },
+    };
+
+    serverlessStepFunctions.compileIamRole();
+    const statements = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources.StateMachine1Role
+      .Properties.Policies[0].PolicyDocument.Statement;
+    const lambdaPermissions = statements.filter(s => _.isEqual(s.Action, ['lambda:InvokeFunction']));
+    expect(lambdaPermissions).to.have.lengthOf(1);
+    expect(lambdaPermissions[0].Resource).to.deep.equal([
+      'arn:aws:lambda:us-west-2:1234567890:function:foo',
+      'arn:aws:lambda:us-west-2:1234567890:function:foo:*',
+    ]);
+  });
+
   it('should support variable FunctionName', () => {
     serverless.service.stepFunctions = {
       stateMachines: {