Skip to content

Commit

Permalink
feat: Deprecate awsKmsKeyArn in favor of kmsKeyArn (#8277)
Browse files Browse the repository at this point in the history
  • Loading branch information
@fredericbarthelet
fredericbarthelet committed Sep 24, 2020
1 parent e43c889 commit a55009e
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 7 deletions.
6 changes: 6 additions & 0 deletions docs/deprecations.md
View file
Expand Up @@ -73,3 +73,9 @@ Please use `onUnauthenticatedRequest` instead. `allowUnauthenticated` will be re
## `bin/serverless`

Please use `bin/serverless.js` instead. `bin/serverless` will be removed with v2.0.0

<a name="AWS_KMS_KEY_ARN"><div>&nbsp;</div></a>

## awsKmsKeyArn references

Plase use `provider.kmsKeyArn` and `functions[].kmsKeyArn`. `service.awsKmsKeyArn` and `functions[].awsKmsKeyArn` will be removed with v3.0.0
2 changes: 1 addition & 1 deletion lib/configSchema.js
View file
Expand Up @@ -125,7 +125,7 @@ const schema = {
additionalProperties: false,
required: ['provider', 'service'],
definitions: {
// TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn moved to provider.awsKmsKeyArn, see https://github.com/serverless/serverless/issues/8261
// TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn removed with v3.0.0, see https://github.com/serverless/serverless/issues/8261
// TODO: awsKmsArn to include #/definitions/awsCfFunction instead of type: object as one of the possible definition, see https://github.com/serverless/serverless/issues/8261
awsKmsArn: {
anyOf: [{ type: 'object' }, { type: 'string', pattern: '^arn:aws[a-z-]*:kms' }],
Expand Down
32 changes: 26 additions & 6 deletions lib/plugins/aws/package/compile/functions/index.js
View file
Expand Up @@ -210,12 +210,32 @@ class AwsCompileFunctions {
}
}

let kmsKeyArn;
const serviceObj = this.serverless.service.serviceObject;
if (functionObject.awsKmsKeyArn || (serviceObj && serviceObj.awsKmsKeyArn)) {
const arn = functionObject.awsKmsKeyArn || (serviceObj && serviceObj.awsKmsKeyArn);
if (serviceObj && serviceObj.awsKmsKeyArn) {
this.serverless._logDeprecation(
'AWS_KMS_KEY_ARN',
'Starting with next major version, awsKmsKeyArn service property will be replaced by provider.kmsKeyArn'
);
kmsKeyArn = serviceObj.awsKmsKeyArn;
}
if (this.serverless.service.provider.kmsKeyArn) {
kmsKeyArn = this.serverless.service.provider.kmsKeyArn;
}
if (functionObject.awsKmsKeyArn) {
this.serverless._logDeprecation(
'AWS_KMS_KEY_ARN',
'Starting with next major version, awsKmsKeyArn function property will be replaced by kmsKeyArn'
);
kmsKeyArn = functionObject.awsKmsKeyArn;
}
if (functionObject.kmsKeyArn) {
kmsKeyArn = functionObject.kmsKeyArn;
}

if (typeof arn === 'string') {
functionResource.Properties.KmsKeyArn = arn;
if (kmsKeyArn) {
if (typeof kmsKeyArn === 'string') {
functionResource.Properties.KmsKeyArn = kmsKeyArn;

// update the PolicyDocument statements (if default policy is used)
const iamRoleLambdaExecution = cfTemplate.Resources.IamRoleLambdaExecution;
Expand All @@ -226,14 +246,14 @@ class AwsCompileFunctions {
{
Effect: 'Allow',
Action: ['kms:Decrypt'],
Resource: [arn],
Resource: [kmsKeyArn],
},
],
_.isEqual
);
}
} else {
functionResource.Properties.KmsKeyArn = arn;
functionResource.Properties.KmsKeyArn = kmsKeyArn;
}
}

Expand Down
2 changes: 2 additions & 0 deletions lib/plugins/aws/provider/awsProvider.js
View file
Expand Up @@ -386,6 +386,7 @@ class AwsProvider {
},
additionalProperties: false,
},
kmsKeyArn: { $ref: '#/definitions/awsKmsArn' },
layers: { $ref: '#/definitions/awsLambdaLayers' },
logs: {
type: 'object',
Expand Down Expand Up @@ -470,6 +471,7 @@ class AwsProvider {
required: ['localMountPath', 'arn'],
},
handler: { type: 'string' },
kmsKeyArn: { $ref: '#/definitions/awsKmsArn' },
layers: { $ref: '#/definitions/awsLambdaLayers' },
memorySize: { $ref: '#/definitions/awsLambdaMemorySize' },
onError: {
Expand Down

0 comments on commit a55009e

Please sign in to comment.