feat: support intrinsic funcs

Author: theburningmonk

lib/deploy/stepFunctions/compileNotifications.js

@@ -11,6 +11,19 @@ const executionStatuses = [
   'ABORTED', 'FAILED', 'RUNNING', 'SUCCEEDED', 'TIMED_OUT',
 ];
 
+const supportedTargets = [
+  'sns', 'sqs', 'kinesis', 'firehose', 'lambda', 'stepFunctions',
+];
+
+const targetPermissions = {
+  sns: 'sns:Publish',
+  sqs: 'sqs:SendMessage',
+  kinesis: 'kinesis:PutRecord',
+  firehose: 'firehose:PutRecord',
+  lambda: 'lambda:InvokeFunction',
+  stepFunctions: 'states:StartExecution',
+};
+
 function randomTargetId(stateMachineName, status) {
   const suffix = chance.string({
     length: 5,
@@ -21,100 +34,53 @@ function randomTargetId(stateMachineName, status) {
 }
 
 function compileTarget(stateMachineName, status, targetObj) {
-  if (targetObj.sns) {
-    return {
-      Arn: targetObj.sns,
-      Id: randomTargetId(stateMachineName, status),
-    };
-  } else if (targetObj.sqs && _.isString(targetObj.sqs)) {
-    return {
-      Arn: targetObj.sqs,
-      Id: randomTargetId(stateMachineName, status),
-    };
-  } else if (targetObj.sqs) {
+  // SQS and Kinesis are special cases as they can have additional props
+  if (_.has(targetObj, 'sqs.arn')) {
     return {
       Arn: targetObj.sqs.arn,
       Id: randomTargetId(stateMachineName, status),
       SqsParameters: {
         MessageGroupId: targetObj.sqs.messageGroupId,
       },
     };
-  } else if (targetObj.kinesis && _.isString(targetObj.kinesis)) {
-    return {
-      Arn: targetObj.kinesis,
-      Id: randomTargetId(stateMachineName, status),
-    };
-  } else if (targetObj.kinesis) {
+  } else if (_.has(targetObj, 'kinesis.arn')) {
     return {
       Arn: targetObj.kinesis.arn,
       Id: randomTargetId(stateMachineName, status),
       KinesisParameters: {
         PartitionKeyPath: targetObj.kinesis.partitionKeyPath,
       },
     };
-  } else if (targetObj.firehose) {
-    return {
-      Arn: targetObj.firehose,
-      Id: randomTargetId(stateMachineName, status),
-    };
-  } else if (targetObj.lambda) {
-    return {
-      Arn: targetObj.lambda,
-      Id: randomTargetId(stateMachineName, status),
-    };
-  } else if (targetObj.stepFunctions) {
-    return {
-      Arn: targetObj.stepFunctions,
-      Id: randomTargetId(stateMachineName, status),
-    };
   }
-  return undefined;
+  const targetType = supportedTargets.find(t => _.has(targetObj, t));
+  const arn = _.get(targetObj, targetType);
+  return {
+    Arn: arn,
+    Id: randomTargetId(stateMachineName, status),
+  };
 }
 
 function compileIamPermission(targetObj) {
-  if (targetObj.sns) {
-    return {
-      action: 'sns:Publish',
-      resource: targetObj.sns,
-    };
-  } else if (targetObj.sqs && _.isString(targetObj.sqs)) {
-    return {
-      action: 'sqs:SendMessage',
-      resource: targetObj.sqs,
-    };
-  } else if (targetObj.sqs) {
-    return {
-      action: 'sqs:SendMessage',
-      resource: targetObj.sqs.arn,
-    };
-  } else if (targetObj.kinesis && _.isString(targetObj.kinesis)) {
-    return {
-      action: 'kinesis:PutRecord',
-      resource: targetObj.kinesis,
-    };
-  } else if (targetObj.kinesis) {
-    return {
-      action: 'kinesis:PutRecord',
-      resource: targetObj.kinesis.arn,
-    };
-  } else if (targetObj.firehose) {
-    return {
-      action: 'firehose:PutRecord',
-      resource: targetObj.firehose,
-    };
-  } else if (targetObj.lambda) {
+  const targetType = supportedTargets.find(t => _.has(targetObj, t));
+  const action = targetPermissions[targetType];
+
+  // SQS and Kinesis are special cases as they can have additional props
+  if (_.has(targetObj, 'sqs.arn')) {
     return {
-      action: 'lambda:InvokeFunction',
-      resource: targetObj.lambda,
+      action,
+      resource: _.get(targetObj, 'sqs.arn'),
     };
-  } else if (targetObj.stepFunctions) {
+  } else if (_.has(targetObj, 'kinesis.arn')) {
     return {
-      action: 'states:StartExecution',
-      resource: targetObj.stepFunctions,
+      action,
+      resource: _.get(targetObj, 'kinesis.arn'),
     };
   }
 
-  return undefined;
+  return {
+    action,
+    resource: targetObj[targetType],
+  };
 }
 
 function bootstrapIamRole() {

lib/deploy/stepFunctions/compileNotifications.schema.js

@@ -1,22 +1,32 @@
 const Joi = require('@hapi/joi');
 
+const arn = Joi.alternatives().try(
+  Joi.string(),
+  Joi.object().keys({
+    Ref: Joi.string(),
+  }),
+  Joi.object().keys({
+    'Fn::GetAtt': Joi.array().items(Joi.string()),
+  })
+);
+
 const sqsWithParams = Joi.object().keys({
-  arn: Joi.string().required(),
+  arn: arn.required(),
   messageGroupId: Joi.string().required(),
 });
 
 const kinesisWithParams = Joi.object().keys({
-  arn: Joi.string().required(),
+  arn: arn.required(),
   partitionKeyPath: Joi.string(),
 });
 
 const target = Joi.object().keys({
-  sns: Joi.string(),
-  sqs: Joi.alternatives().try(sqsWithParams, Joi.string()),
-  kinesis: Joi.alternatives().try(kinesisWithParams, Joi.string()),
-  firehose: Joi.string(),
-  lambda: Joi.string(),
-  stepFunctions: Joi.string(),
+  sns: arn,
+  sqs: Joi.alternatives().try(sqsWithParams, arn),
+  kinesis: Joi.alternatives().try(kinesisWithParams, arn),
+  firehose: arn,
+  lambda: arn,
+  stepFunctions: arn,
 });
 
 const targets = Joi.array().items(target);

lib/deploy/stepFunctions/compileNotifications.test.js

@@ -27,16 +27,21 @@ describe('#compileNotifications', () => {
     serverlessStepFunctions = new ServerlessStepFunctions(serverless, options);
   });
 
-  const validateCloudWatchEvent = (event, status) => {
+  const validateCloudWatchEvent = (resources, logicalId, status) => {
+    expect(resources).to.haveOwnProperty(logicalId);
+    const event = resources[logicalId];
     expect(event.Type).to.equal('AWS::Events::Rule');
     expect(event.Properties.EventPattern.source).to.deep.equal(['aws.states']);
     expect(event.Properties.EventPattern.detail.status).to.deep.equal([status]);
     expect(event.Properties.Targets).to.have.lengthOf(8);
 
     for (const target of event.Properties.Targets) {
-      expect(_.isString(target.Arn)).to.equal(true);
-      expect(typeof target.Arn).to.equal('string');
-      expect(_.isString(target.Id)).to.equal(true);
+      const isStringOrFn =
+        _.isString(target.Arn) ||
+        (target.Arn.Ref && _.isString(target.Arn.Ref)) ||
+        (target.Arn['Fn::GetAtt'] && _.isArray(target.Arn['Fn::GetAtt']));
+
+      expect(isStringOrFn).to.equal(true);
     }
 
     const sqsWithParam = event.Properties.Targets.find(t => t.SqsParameters);
@@ -47,33 +52,22 @@ describe('#compileNotifications', () => {
 
   const validateHasPermission = (iamRole, action, resource) => {
     const statements = iamRole.Properties.Policies[0].PolicyDocument.Statement;
-    expect(statements.find(x => x.Action === action && x.Resource === resource))
+    expect(statements.find(x => x.Action === action && _.isEqual(x.Resource, resource)))
       .to.not.equal(undefined);
   };
 
-  const validateCloudWatchIamRole = (iamRole) => {
-    // 8 targets, 5 event rules = 5 * 8 = 40 statements
-    expect(iamRole.Properties.Policies[0].PolicyDocument.Statement).to.have.lengthOf(40);
-    validateHasPermission(iamRole, 'sns:Publish', 'SNS_TOPIC_ARN');
-    validateHasPermission(iamRole, 'sqs:SendMessage', 'SQS_QUEUE_ARN');
-    validateHasPermission(iamRole, 'kinesis:PutRecord', 'KINESIS_STREAM_ARN');
-    validateHasPermission(iamRole, 'firehose:PutRecord', 'FIREHOSE_STREAM_ARN');
-    validateHasPermission(iamRole, 'lambda:InvokeFunction', 'LAMBDA_FUNCTION_ARN');
-    validateHasPermission(iamRole, 'states:StartExecution', 'STATE_MACHINE_ARN');
-  };
+  it('should generate CloudWatch Event Rules with strig ARNs', () => {
+    const targets = [
+      { sns: 'SNS_TOPIC_ARN' },
+      { sqs: 'SQS_QUEUE_ARN' },
+      { sqs: { arn: 'SQS_QUEUE_ARN', messageGroupId: '12345' } },
+      { lambda: 'LAMBDA_FUNCTION_ARN' },
+      { kinesis: 'KINESIS_STREAM_ARN' },
+      { kinesis: { arn: 'KINESIS_STREAM_ARN', partitionKeyPath: '$.id' } },
+      { firehose: 'FIREHOSE_STREAM_ARN' },
+      { stepFunctions: 'STATE_MACHINE_ARN' },
+    ];
 
-  const targets = [
-    { sns: 'SNS_TOPIC_ARN' },
-    { sqs: 'SQS_QUEUE_ARN' },
-    { sqs: { arn: 'SQS_QUEUE_ARN', messageGroupId: '12345' } },
-    { lambda: 'LAMBDA_FUNCTION_ARN' },
-    { kinesis: 'KINESIS_STREAM_ARN' },
-    { kinesis: { arn: 'KINESIS_STREAM_ARN', partitionKeyPath: '$.id' } },
-    { firehose: 'FIREHOSE_STREAM_ARN' },
-    { stepFunctions: 'STATE_MACHINE_ARN' },
-  ];
-
-  it('should generate CloudWatch Event Rules', () => {
     const genStateMachine = (name) => ({
       id: name,
       name,
@@ -105,18 +99,109 @@ describe('#compileNotifications', () => {
     serverlessStepFunctions.compileNotifications();
     const resources = serverlessStepFunctions.serverless.service
       .provider.compiledCloudFormationTemplate.Resources;
-    validateCloudWatchEvent(resources.Beta1NotificationsABORTEDEventRule, 'ABORTED');
-    validateCloudWatchEvent(resources.Beta1NotificationsFAILEDEventRule, 'FAILED');
-    validateCloudWatchEvent(resources.Beta1NotificationsRUNNINGEventRule, 'RUNNING');
-    validateCloudWatchEvent(resources.Beta1NotificationsSUCCEEDEDEventRule, 'SUCCEEDED');
-    validateCloudWatchEvent(resources.Beta1NotificationsTIMEDOUTEventRule, 'TIMED_OUT');
-    validateCloudWatchIamRole(resources.Beta1NotificationsIamRole);
-    validateCloudWatchEvent(resources.Beta2NotificationsABORTEDEventRule, 'ABORTED');
-    validateCloudWatchEvent(resources.Beta2NotificationsFAILEDEventRule, 'FAILED');
-    validateCloudWatchEvent(resources.Beta2NotificationsRUNNINGEventRule, 'RUNNING');
-    validateCloudWatchEvent(resources.Beta2NotificationsSUCCEEDEDEventRule, 'SUCCEEDED');
-    validateCloudWatchEvent(resources.Beta2NotificationsTIMEDOUTEventRule, 'TIMED_OUT');
-    validateCloudWatchIamRole(resources.Beta2NotificationsIamRole);
+
+    const validateCloudWatchEvents = (prefix) => {
+      validateCloudWatchEvent(resources, `${prefix}NotificationsABORTEDEventRule`, 'ABORTED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsFAILEDEventRule`, 'FAILED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsRUNNINGEventRule`, 'RUNNING');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsSUCCEEDEDEventRule`, 'SUCCEEDED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsTIMEDOUTEventRule`, 'TIMED_OUT');
+    };
+
+    validateCloudWatchEvents('Beta1');
+    validateCloudWatchEvents('Beta2');
+
+    const validateIamRole = (iamRole) => {
+      // 8 targets, 5 event rules = 5 * 8 = 40 statements
+      expect(iamRole.Properties.Policies[0].PolicyDocument.Statement).to.have.lengthOf(40);
+      validateHasPermission(iamRole, 'sns:Publish', 'SNS_TOPIC_ARN');
+      validateHasPermission(iamRole, 'sqs:SendMessage', 'SQS_QUEUE_ARN');
+      validateHasPermission(iamRole, 'kinesis:PutRecord', 'KINESIS_STREAM_ARN');
+      validateHasPermission(iamRole, 'firehose:PutRecord', 'FIREHOSE_STREAM_ARN');
+      validateHasPermission(iamRole, 'lambda:InvokeFunction', 'LAMBDA_FUNCTION_ARN');
+      validateHasPermission(iamRole, 'states:StartExecution', 'STATE_MACHINE_ARN');
+    };
+
+    validateIamRole(resources.Beta1NotificationsIamRole);
+    validateIamRole(resources.Beta2NotificationsIamRole);
+
+    expect(consoleLogSpy.callCount).equal(0);
+  });
+
+  it('should generate CloudWatch Event Rules with Ref ang Fn::GetAtt', () => {
+    const snsArn = { Ref: 'MyTopic' };
+    const sqsArn = { 'Fn::GetAtt': ['MyQueue', 'Arn'] };
+    const lambdaArn = { 'Fn::GetAtt': ['MyFunction', 'Arn'] };
+    const kinesisArn = { 'Fn::GetAtt': ['MyStream', 'Arn'] };
+    const firehoseArn = { 'Fn::GetAtt': ['MyDeliveryStream', 'Arn'] };
+    const stepFunctionsArn = { Ref: 'MyStateMachine' };
+    const targets = [
+      { sns: snsArn },
+      { sqs: sqsArn },
+      { sqs: { arn: sqsArn, messageGroupId: '12345' } },
+      { lambda: lambdaArn },
+      { kinesis: kinesisArn },
+      { kinesis: { arn: kinesisArn, partitionKeyPath: '$.id' } },
+      { firehose: firehoseArn },
+      { stepFunctions: stepFunctionsArn },
+    ];
+
+    const genStateMachine = (name) => ({
+      id: name,
+      name,
+      definition: {
+        StartAt: 'A',
+        States: {
+          A: {
+            Type: 'Pass',
+            End: true,
+          },
+        },
+      },
+      notifications: {
+        ABORTED: targets,
+        FAILED: targets,
+        RUNNING: targets,
+        SUCCEEDED: targets,
+        TIMED_OUT: targets,
+      },
+    });
+
+    serverless.service.stepFunctions = {
+      stateMachines: {
+        beta1: genStateMachine('Beta1'),
+        beta2: genStateMachine('Beta2'),
+      },
+    };
+
+    serverlessStepFunctions.compileNotifications();
+    const resources = serverlessStepFunctions.serverless.service
+      .provider.compiledCloudFormationTemplate.Resources;
+
+    const validateCloudWatchEvents = (prefix) => {
+      validateCloudWatchEvent(resources, `${prefix}NotificationsABORTEDEventRule`, 'ABORTED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsFAILEDEventRule`, 'FAILED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsRUNNINGEventRule`, 'RUNNING');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsSUCCEEDEDEventRule`, 'SUCCEEDED');
+      validateCloudWatchEvent(resources, `${prefix}NotificationsTIMEDOUTEventRule`, 'TIMED_OUT');
+    };
+
+    validateCloudWatchEvents('Beta1');
+    validateCloudWatchEvents('Beta2');
+
+    const validateIamRole = (iamRole) => {
+      // 8 targets, 5 event rules = 5 * 8 = 40 statements
+      expect(iamRole.Properties.Policies[0].PolicyDocument.Statement).to.have.lengthOf(40);
+      validateHasPermission(iamRole, 'sns:Publish', snsArn);
+      validateHasPermission(iamRole, 'sqs:SendMessage', sqsArn);
+      validateHasPermission(iamRole, 'kinesis:PutRecord', kinesisArn);
+      validateHasPermission(iamRole, 'firehose:PutRecord', firehoseArn);
+      validateHasPermission(iamRole, 'lambda:InvokeFunction', lambdaArn);
+      validateHasPermission(iamRole, 'states:StartExecution', stepFunctionsArn);
+    };
+
+    validateIamRole(resources.Beta1NotificationsIamRole);
+    validateIamRole(resources.Beta2NotificationsIamRole);
 
     expect(consoleLogSpy.callCount).equal(0);
   });
@@ -217,6 +302,9 @@ describe('#compileNotifications', () => {
   });
 
   it('should log the validation errors if notifications contains non-existent status', () => {
+    const targets = [
+      { sns: 'SNS_TOPIC_ARN' },
+    ];
     const genStateMachine = (name) => ({
       id: name,
       name,