feat: implemented intrinsic functions

theburningmonk · theburningmonk · commit 1f593ddf6ed0 · 2019-04-30T22:04:07.000+01:00
Closes #178
diff --git a/README.md b/README.md
@@ -15,12 +15,13 @@ plugins:
 ```
 
 ## Setup
-Specifies your statemachine definition using Amazon States Language in a `definition` statement in serverless.yml.
-We recommend to use [serverless-pseudo-parameters](https://www.npmjs.com/package/serverless-pseudo-parameters) plugin together so that it makes it easy to set up `Resource` section under `definition`.
+Specifies your statemachine definition using Amazon States Language in a `definition` statement in serverless.yml. You can use CloudFormation intrinsic functions such as `Ref` and `Fn::GetAtt` to reference Lambda functions, SNS topics, SQS queues and DynamoDB tables declared in the same `serverless.yml`.
+
+Alternatively, you can also provide the raw ARN, or SQS queue URL, or DynamoDB table name as a string. If you need to construct the ARN by hand, then we recommend to use the [serverless-pseudo-parameters](https://www.npmjs.com/package/serverless-pseudo-parameters) plugin together to make your life easier.
 
 ```yml
 functions:
-  hellofunc:
+  hello:
     handler: handler.hello
 
 stepFunctions:
@@ -45,7 +46,8 @@ stepFunctions:
         States:
           HelloWorld1:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+            Resource:
+              Ref: HelloLambdaFunction
             End: true
       dependsOn: CustomIamRole
       tags:
@@ -68,7 +70,8 @@ stepFunctions:
         States:
           HelloWorld2:
             Type: Task
-            Resource: arn:aws:states:#{AWS::Region}:#{AWS::AccountId}:activity:myTask
+            Resource:
+              Ref: HelloLambdaFunction
             End: true
       dependsOn:
         - DynamoDBTable
@@ -515,7 +518,8 @@ functions:
             States:
               HelloWorld1:
                 Type: Task
-                Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+                Resource:
+                  Ref: HelloLambdaFunction
                 End: true
 
 
@@ -824,7 +828,8 @@ stepFunctions:
         States:
           FirstState:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+            Resource:
+              Ref: HelloLambdaFunction
             Next: wait_using_seconds
           wait_using_seconds:
             Type: Wait
@@ -844,7 +849,8 @@ stepFunctions:
             Next: FinalState
           FinalState:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+            Resource:
+              Ref: HelloLambdaFunction
             End: true
 plugins:
   - serverless-step-functions
@@ -866,7 +872,8 @@ stepFunctions:
         States:
           HelloWorld:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+            Resource:
+              Ref: HelloLambdaFunction
             Retry:
             - ErrorEquals:
               - HandledError
@@ -946,7 +953,8 @@ stepFunctions:
         States:
           HelloWorld:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello
+            Resource:
+              Ref: HelloLambdaFunction
             Catch:
             - ErrorEquals: ["HandledError"]
               Next: CustomErrorFallback
@@ -994,7 +1002,8 @@ stepFunctions:
         States:
           FirstState:
             Type: Task
-            Resource: arn:aws:lambda:${opt:region}:${self:custom.accountId}:function:${self:service}-${opt:stage}-hello1
+            Resource:
+              Ref: Hello1LambdaFunction
             Next: ChoiceState
           ChoiceState:
             Type: Choice
@@ -1008,18 +1017,21 @@ stepFunctions:
             Default: DefaultState
           FirstMatchState:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello2
+            Resource:
+              Ref: Hello2LambdaFunction
             Next: NextState
           SecondMatchState:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello3
+            Resource:
+              Ref: Hello3LambdaFunction
             Next: NextState
           DefaultState:
             Type: Fail
             Cause: "No Matches!"
           NextState:
             Type: Task
-            Resource: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:${self:service}-${opt:stage}-hello4
+            Resource:
+              Ref: Hello4LambdaFunction
             End: true
 plugins:
   - serverless-step-functions
diff --git a/lib/deploy/stepFunctions/compileIamRole.js b/lib/deploy/stepFunctions/compileIamRole.js
@@ -2,6 +2,7 @@
 const _ = require('lodash');
 const BbPromise = require('bluebird');
 const path = require('path');
+const { isIntrinsic } = require('../../utils/aws');
 
 function getTaskStates(states) {
   return _.flatMap(states, state => {
@@ -28,6 +29,12 @@ function sqsQueueUrlToArn(serverless, queueUrl) {
     const accountId = match[2];
     const queueName = match[3];
     return `arn:aws:sqs:${region}:${accountId}:${queueName}`;
+  } else if (isIntrinsic(queueUrl) && queueUrl.Ref) {
+    // most likely we'll see a { Ref: LogicalId }, which we need to map to
+    // { Fn::GetAtt: [ LogicalId, Arn ] } to get the ARN
+    return {
+      'Fn::GetAtt': [queueUrl.Ref, 'Arn'],
+    };
   }
   serverless.cli.consoleLog(`Unable to parse SQS queue url [${queueUrl}]`);
   return [];
@@ -58,6 +65,14 @@ function getSnsPermissions(serverless, state) {
 }
 
 function getDynamoDBArn(tableName) {
+  if (isIntrinsic(tableName) && tableName.Ref) {
+    // most likely we'll see a { Ref: LogicalId }, which we need to map to
+    // { Fn::GetAtt: [ LogicalId, Arn ] } to get the ARN
+    return {
+      'Fn::GetAtt': [tableName.Ref, 'Arn'],
+    };
+  }
+
   return {
     'Fn::Join': [
       ':',
@@ -197,7 +212,7 @@ function getIamPermissions(serverless, taskStates) {
         return getEcsPermissions();
 
       default:
-        if (state.Resource.startsWith('arn:aws:lambda')) {
+        if (isIntrinsic(state.Resource) || state.Resource.startsWith('arn:aws:lambda')) {
           return [{
             action: 'lambda:InvokeFunction',
             resource: state.Resource,
diff --git a/lib/deploy/stepFunctions/compileIamRole.test.js b/lib/deploy/stepFunctions/compileIamRole.test.js
@@ -900,4 +900,103 @@ describe('#compileIamRole', () => {
       .Properties.Policies[0];
     expectDenyAllPolicy(policy);
   });
+
+  it('should respect CloudFormation intrinsic functions for Resource', () => {
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        myStateMachine: {
+          name: 'stateMachine',
+          definition: {
+            StartAt: 'Lambda',
+            States: {
+              Lambda: {
+                Type: 'Task',
+                Resource: {
+                  Ref: 'MyFunction',
+                },
+                Next: 'Sns',
+              },
+              Sns: {
+                Type: 'Task',
+                Resource: 'arn:aws:states:::sns:publish',
+                Parameters: {
+                  Message: {
+                    'Fn::GetAtt': ['MyTopic', 'TopicName'],
+                  },
+                  TopicArn: {
+                    Ref: 'MyTopic',
+                  },
+                },
+                Next: 'Sqs',
+              },
+              Sqs: {
+                Type: 'Task',
+                Resource: 'arn:aws:states:::sqs:sendMessage',
+                Parameters: {
+                  QueueUrl: {
+                    Ref: 'MyQueue',
+                  },
+                  MessageBody: 'This is a static message',
+                },
+                Next: 'DynamoDB',
+              },
+              DynamoDB: {
+                Type: 'Task',
+                Resource: 'arn:aws:states:::dynamodb:putItem',
+                Parameters: {
+                  TableName: {
+                    Ref: 'MyTable',
+                  },
+                },
+                Next: 'Parallel',
+              },
+              Parallel: {
+                Type: 'Parallel',
+                End: true,
+                Branches: [
+                  {
+                    StartAt: 'Lambda2',
+                    States: {
+                      Lambda2: {
+                        Type: 'Task',
+                        Resource: {
+                          Ref: 'MyFunction2',
+                        },
+                        End: true,
+                      },
+                    },
+                  },
+                ],
+              },
+            },
+          },
+        },
+      },
+    };
+
+    serverlessStepFunctions.compileIamRole();
+    serverlessStepFunctions.compileStateMachines();
+    const policy = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources.IamRoleStateMachineExecution
+      .Properties.Policies[0];
+
+    const statements = policy.PolicyDocument.Statement;
+
+    const lambdaPermissions = statements.find(x => x.Action[0] === 'lambda:InvokeFunction');
+    expect(lambdaPermissions.Resource).to.be.deep.equal([
+      { Ref: 'MyFunction' }, { Ref: 'MyFunction2' }]);
+
+    const snsPermissions = statements.find(x => x.Action[0] === 'sns:Publish');
+    expect(snsPermissions.Resource).to.be.deep.equal([{ Ref: 'MyTopic' }]);
+
+    const sqsPermissions = statements.find(x => x.Action[0] === 'sqs:SendMessage');
+    expect(sqsPermissions.Resource).to.be.deep.equal([{
+      'Fn::GetAtt': ['MyQueue', 'Arn'],
+    }]);
+
+    const dynamodbPermissions = statements.find(x => x.Action[0] === 'dynamodb:PutItem');
+    expect(dynamodbPermissions.Resource).to.be.deep.equal([{
+      'Fn::GetAtt': ['MyTable', 'Arn'],
+    }]);
+  });
 });
diff --git a/lib/deploy/stepFunctions/compileStateMachines.js b/lib/deploy/stepFunctions/compileStateMachines.js
@@ -1,10 +1,12 @@
 'use strict';
 const _ = require('lodash');
 const BbPromise = require('bluebird');
+const { isIntrinsic } = require('../../utils/aws');
 
-function isIntrinsic(obj) {
-  const isObject = typeof obj === 'object';
-  return isObject && Object.keys(obj).some((k) => k.startsWith('Fn::') || k.startsWith('Ref'));
+function randomName() {
+  const chars = 'abcdefghijklmnopqrstufwxyzABCDEFGHIJKLMNOPQRSTUFWXYZ1234567890';
+  const pwd = _.sampleSize(chars, 10);
+  return pwd.join('');
 }
 
 function toTags(obj, serverless) {
@@ -26,8 +28,40 @@ function toTags(obj, serverless) {
   return tags;
 }
 
+// return an iterable of
+// [ ParamName,  IntrinsicFunction ]
+// e.g. [ 'mptFnX05Fb', { Ref: 'MyTopic' } ]
+// this makes it easy to use _.fromPairs to construct an object afterwards
+function* getIntrinsicFunctions(obj) {
+  // eslint-disable-next-line no-restricted-syntax
+  for (const key in obj) {
+    if (Object.prototype.hasOwnProperty.call(obj, key)) {
+      const value = obj[key];
+
+      if (Array.isArray(value)) {
+        // eslint-disable-next-line guard-for-in, no-restricted-syntax
+        for (const idx in value) {
+          const innerFuncs = Array.from(getIntrinsicFunctions(value[idx]));
+          for (const x of innerFuncs) {
+            yield x;
+          }
+        }
+      } else if (isIntrinsic(value)) {
+        const paramName = randomName();
+        // eslint-disable-next-line no-param-reassign
+        obj[key] = `\${${paramName}}`;
+        yield [paramName, value];
+      } else if (typeof value === 'object') {
+        const innerFuncs = Array.from(getIntrinsicFunctions(value));
+        for (const x of innerFuncs) {
+          yield x;
+        }
+      }
+    }
+  }
+}
+
 module.exports = {
-  isIntrinsic,
   compileStateMachines() {
     if (this.isStateMachines()) {
       this.getAllStateMachines().forEach((stateMachineName) => {
@@ -42,7 +76,17 @@ module.exports = {
             DefinitionString = JSON.stringify(stateMachineObj.definition)
               .replace(/\\n|\\r|\\n\\r/g, '');
           } else {
-            DefinitionString = JSON.stringify(stateMachineObj.definition, undefined, 2);
+            const functionMappings = Array.from(getIntrinsicFunctions(stateMachineObj.definition));
+            if (_.isEmpty(functionMappings)) {
+              DefinitionString = JSON.stringify(stateMachineObj.definition, undefined, 2);
+            } else {
+              DefinitionString = {
+                'Fn::Sub': [
+                  JSON.stringify(stateMachineObj.definition, undefined, 2),
+                  _.fromPairs(functionMappings),
+                ],
+              };
+            }
           }
         } else {
           const errorMessage = [
diff --git a/lib/deploy/stepFunctions/compileStateMachines.test.js b/lib/deploy/stepFunctions/compileStateMachines.test.js
diff --git a/lib/utils/aws.js b/lib/utils/aws.js
