Skip to content

Commit

Permalink
fix generated invalid trigger role or policy names (#109)
Browse files Browse the repository at this point in the history 
* fix generated invalid trigger role or policy names

* update package version
  • Loading branch information
@tanhe123
tanhe123 authored Dec 17, 2018
1 parent a3f3bc8 commit 240977c
Show file tree
Hide file tree
Showing 6 changed files with 249 additions and 66 deletions.
14 changes: 5 additions & 9 deletions lib/deploy/deploy-by-tpl.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ let {
let {
makeRole,
attachPolicyToRole,
makeAndAttachPolicy
makeAndAttachPolicy,
normalizeRoleOrPoliceName
} = require('../ram');

function extractFcRole(role) {
Expand All @@ -42,10 +43,6 @@ function extractFcRole(role) {
return roleName;
}

function nomalizeRoleOrPoliceName(roleName) {
return roleName.replace(/_/g, '-');
}

async function deployFunction(baseDir, serviceName, functionName, functionDefinition) {
const properties = functionDefinition.Properties || {};

Expand Down Expand Up @@ -107,12 +104,11 @@ async function deployPolicy(serviceName, roleName, policy, curCount) {

const profile = await getProfile();

const policyName = nomalizeRoleOrPoliceName(`AliyunFcGeneratedServicePolicy-${profile.defaultRegion}-${serviceName}${curCount}`);
const policyName = normalizeRoleOrPoliceName(`AliyunFcGeneratedServicePolicy-${profile.defaultRegion}-${serviceName}${curCount}`);

await makeAndAttachPolicy(policyName, policy, roleName);

return curCount + 1;

}

async function deployPolicies(serviceName, roleName, policies) {
Expand Down Expand Up @@ -150,7 +146,7 @@ async function deployFcService(baseDir, serviceName, serviceDefinition) {
createRoleIfNotExist = false;
} else {
roleName = `aliyunfcgeneratedrole-${profile.defaultRegion}-${serviceName}`;
roleName = nomalizeRoleOrPoliceName(roleName);
roleName = normalizeRoleOrPoliceName(roleName);
createRoleIfNotExist = true;
}

Expand All @@ -166,7 +162,7 @@ async function deployFcService(baseDir, serviceName, serviceDefinition) {

if (logConfig.Logstore && logConfig.Project) {
if (!roleArn) {
const logPolicyName = nomalizeRoleOrPoliceName(`AliyunFcGeneratedLogPolicy-${profile.defaultRegion}-${serviceName}`);
const logPolicyName = normalizeRoleOrPoliceName(`AliyunFcGeneratedLogPolicy-${profile.defaultRegion}-${serviceName}`);
await makeAndAttachPolicy(logPolicyName, {
'Version': '1',
'Statement': [{
Expand Down
97 changes: 48 additions & 49 deletions lib/deploy/deploy-support.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,7 @@ const promiseRetry = require('../retry');

const funignore = require('../package/ignore');

let {
makeRole,
attachPolicyToRole,
makePolicy
} = require('../ram');
const ram = require('../ram');

const readFile = util.promisify(fs.readFile);

Expand Down Expand Up @@ -505,9 +501,10 @@ function getTriggerConfig(triggerType, triggerProperties) {

async function makeInvocationRole(serviceName, functionName, triggerType) {
if (triggerType === 'Log') {
const invocationRoleName = `AliyunFcGeneratedInvocationRole-${serviceName}-${functionName}`;

const invocationRole = await makeRole(invocationRoleName, true, 'Used for fc invocation', {
const invocationRoleName = ram.normalizeRoleOrPoliceName(`AliyunFcGeneratedInvocationRole-${serviceName}-${functionName}`);

const invocationRole = await ram.makeRole(invocationRoleName, true, 'Used for fc invocation', {
'Statement': [{
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
Expand All @@ -520,48 +517,49 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
'Version': '1'
});

const policyName = `AliyunFcGeneratedInvocationPolicy-${serviceName}-${functionName}`;
const policyName = ram.normalizeRoleOrPoliceName(`AliyunFcGeneratedInvocationPolicy-${serviceName}-${functionName}`);

await makePolicy(policyName, {
await ram.makePolicy(policyName, {
'Version': '1',
'Statement': [{
'Action': [
'fc:InvokeFunction'
],
'Resource': `acs:fc:*:*:services/${serviceName}/functions/*`,
'Effect': 'Allow'
},
{
'Action': [
'log:Get*',
'log:List*',
'log:PostLogStoreLogs',
'log:CreateConsumerGroup',
'log:UpdateConsumerGroup',
'log:DeleteConsumerGroup',
'log:ListConsumerGroup',
'log:ConsumerGroupUpdateCheckPoint',
'log:ConsumerGroupHeartBeat',
'log:GetConsumerGroupCheckPoint'
],
'Resource': '*',
'Effect': 'Allow'
}
'Action': [
'fc:InvokeFunction'
],
'Resource': `acs:fc:*:*:services/${serviceName}/functions/*`,
'Effect': 'Allow'
},
{
'Action': [
'log:Get*',
'log:List*',
'log:PostLogStoreLogs',
'log:CreateConsumerGroup',
'log:UpdateConsumerGroup',
'log:DeleteConsumerGroup',
'log:ListConsumerGroup',
'log:ConsumerGroupUpdateCheckPoint',
'log:ConsumerGroupHeartBeat',
'log:GetConsumerGroupCheckPoint'
],
'Resource': '*',
'Effect': 'Allow'
}
]
});

await attachPolicyToRole(policyName, invocationRoleName, 'Custom');
await ram.attachPolicyToRole(policyName, invocationRoleName, 'Custom');
return invocationRole.Role;

} else if (triggerType === 'RDS' || triggerType === 'MNSTopic') {
const invocationRoleName = `FunCreateRole-${serviceName}-${functionName}`;

const invocationRoleName = ram.normalizeRoleOrPoliceName(`FunCreateRole-${serviceName}-${functionName}`);
var tMap = {
'RDS': 'rds',
'MNSTopic': 'mns'
};
var principalService = util.format('%s.aliyuncs.com', tMap[triggerType]);

const invocationRole = await makeRole(invocationRoleName, true, 'Used for fc invocation', {
const invocationRole = await ram.makeRole(invocationRoleName, true, 'Used for fc invocation', {
'Statement': [{
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
Expand All @@ -574,9 +572,9 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
'Version': '1'
});

const policyName = `FunCreatePolicy-${serviceName}-${functionName}`;
const policyName = ram.normalizeRoleOrPoliceName(`FunCreatePolicy-${serviceName}-${functionName}`);

await makePolicy(policyName, {
await ram.makePolicy(policyName, {
'Version': '1',
'Statement': [{
'Action': [
Expand All @@ -587,14 +585,14 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
}]
});

await attachPolicyToRole(policyName, invocationRoleName, 'Custom');
await ram.attachPolicyToRole(policyName, invocationRoleName, 'Custom');

return invocationRole.Role;

} else if (triggerType === 'TableStore') {
const invocationRoleName = `FunCreateRole-${serviceName}-${functionName}`;
const invocationRoleName = ram.normalizeRoleOrPoliceName(`FunCreateRole-${serviceName}-${functionName}`);

const invocationRole = await makeRole(invocationRoleName, true, 'Used for fc invocation', {
const invocationRole = await ram.makeRole(invocationRoleName, true, 'Used for fc invocation', {
'Statement': [{
'Action': 'sts:AssumeRole',
'Effect': 'Allow',
Expand All @@ -607,9 +605,9 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
'Version': '1'
});

const invkPolicyName = `FunCreateInvkPolicy-${serviceName}-${functionName}`;
const invkPolicyName = ram.normalizeRoleOrPoliceName(`FunCreateInvkPolicy-${serviceName}-${functionName}`);

await makePolicy(invkPolicyName, {
await ram.makePolicy(invkPolicyName, {
'Version': '1',
'Statement': [{
'Action': [
Expand All @@ -620,11 +618,11 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
}]
});

await attachPolicyToRole(invkPolicyName, invocationRoleName, 'Custom');
await ram.attachPolicyToRole(invkPolicyName, invocationRoleName, 'Custom');

const otsReadPolicyName = `FunCreateOtsReadPolicy-${serviceName}-${functionName}`;
const otsReadPolicyName = ram.normalizeRoleOrPoliceName(`FunCreateOtsReadPolicy-${serviceName}-${functionName}`);

await makePolicy(otsReadPolicyName, {
await ram.makePolicy(otsReadPolicyName, {
'Version': '1',
'Statement': [{
'Action': [
Expand All @@ -638,7 +636,7 @@ async function makeInvocationRole(serviceName, functionName, triggerType) {
}]
});

await attachPolicyToRole(otsReadPolicyName, invocationRoleName, 'Custom');
await ram.attachPolicyToRole(otsReadPolicyName, invocationRoleName, 'Custom');

return invocationRole.Role;
}
Expand Down Expand Up @@ -971,7 +969,7 @@ async function makeApiTrigger({
restApiId
}) {
if (!restApiId) {
const role = await makeRole('apigatewayAccessFC');
const role = await ram.makeRole('apigatewayAccessFC');
debug('%j', role);

const apiGroup = await makeGroup({
Expand Down Expand Up @@ -1018,8 +1016,8 @@ async function makeOtsInstance(instanceName, clusterType, description) {
ClusterType: clusterType,
Description: description
}, {
method: 'POST'
});
method: 'POST'
});
} catch (ex) {
if (ex.code === 'InvalidParameter' || ex.code === 'QuotaExhausted') {
console.error(red(ex.message));
Expand Down Expand Up @@ -1092,5 +1090,6 @@ module.exports = {
makeLogstore,
makeLogstoreIndex,
makeCustomDomain,
makeMnsTopic
makeMnsTopic,
makeInvocationRole
};
7 changes: 6 additions & 1 deletion lib/ram.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ const getRamClient = async () => {
});
};

function normalizeRoleOrPoliceName(roleName) {
return roleName.replace(/_/g, '-');
}

async function deletePolicyNotDefaultVersion(ram, policyName) {
const listResponse = await ram.listPolicyVersions({
Expand Down Expand Up @@ -180,5 +183,7 @@ async function makeAndAttachPolicy(policyName, policyDocument, roleName) {
}

module.exports = {
makeRole, makePolicy, attachPolicyToRole, makeAndAttachPolicy
makeRole, makePolicy,
attachPolicyToRole, makeAndAttachPolicy,
normalizeRoleOrPoliceName
};
8 changes: 4 additions & 4 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@alicloud/fun",
"version": "2.7.0",
"version": "2.7.1",
"description": "(have)Fun with Serverless",
"engines": {
"node": ">=8.0.0"
Expand Down
Loading

0 comments on commit 240977c

Please sign in to comment.