From 15db8f5a43b21ddef0e0ac5627635fed328c07b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Barthelet?= Date: Wed, 23 Sep 2020 11:39:45 +0200 Subject: [PATCH 1/3] Deprecate awsKmsKeyArn for provider and functoin kmsKeyArn --- docs/deprecations.md | 6 +++++ lib/configSchema.js | 2 +- .../aws/package/compile/functions/index.js | 27 ++++++++++++++----- lib/plugins/aws/provider/awsProvider.js | 2 ++ 4 files changed, 30 insertions(+), 7 deletions(-) diff --git a/docs/deprecations.md b/docs/deprecations.md index e734d9f9567..cd61ace38a8 100644 --- a/docs/deprecations.md +++ b/docs/deprecations.md @@ -73,3 +73,9 @@ Please use `onUnauthenticatedRequest` instead. `allowUnauthenticated` will be re ## `bin/serverless` Please use `bin/serverless.js` instead. `bin/serverless` will be removed with v2.0.0 + +
 
 + +## awsKmsKeyArn references + +Plase use `provider.kmsKeyArn` and `functions[].kmsKeyArn`. `service.awsKmsKeyArn` and `functions[].awsKmsKeyArn` will be removed with v2.0.0 diff --git a/lib/configSchema.js b/lib/configSchema.js index 4fb47304729..b823b3513c2 100644 --- a/lib/configSchema.js +++ b/lib/configSchema.js @@ -125,7 +125,7 @@ const schema = { additionalProperties: false, required: ['provider', 'service'], definitions: { - // TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn moved to provider.awsKmsKeyArn, see https://github.com/serverless/serverless/issues/8261 + // TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn removed with v2.0.0, see https://github.com/serverless/serverless/issues/8261 // TODO: awsKmsArn to include #/definitions/awsCfFunction instead of type: object as one of the possible definition, see https://github.com/serverless/serverless/issues/8261 awsKmsArn: { anyOf: [{ type: 'object' }, { type: 'string', pattern: '^arn:aws[a-z-]*:kms' }], diff --git a/lib/plugins/aws/package/compile/functions/index.js b/lib/plugins/aws/package/compile/functions/index.js index 57bdec54204..54b81f7700b 100644 --- a/lib/plugins/aws/package/compile/functions/index.js +++ b/lib/plugins/aws/package/compile/functions/index.js @@ -210,12 +210,27 @@ class AwsCompileFunctions { } } + let kmsKeyArn; const serviceObj = this.serverless.service.serviceObject; - if (functionObject.awsKmsKeyArn || (serviceObj && serviceObj.awsKmsKeyArn)) { - const arn = functionObject.awsKmsKeyArn || (serviceObj && serviceObj.awsKmsKeyArn); + if (functionObject.kmsKeyArn || this.serverless.service.provider.kmsKeyArn) { + kmsKeyArn = functionObject.kmsKeyArn || this.serverless.service.provider.kmsKeyArn; + } else if (functionObject.awsKmsKeyArn) { + this.serverless._logDeprecation( + 'FUNCTION_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', + 'Starting with next major version, awsKmsKeyArn function property will be replaced by kmsKeyArn.' + ); + kmsKeyArn = functionObject.awsKmsKeyArn; + } else if (serviceObj && serviceObj.awsKmsKeyArn) { + this.serverless._logDeprecation( + 'SERVICE_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', + 'Starting with next major version, awsKmsKeyArn service property will be replaced by provider.kmsKeyArn.' + ); + kmsKeyArn = serviceObj.awsKmsKeyArn; + } - if (typeof arn === 'string') { - functionResource.Properties.KmsKeyArn = arn; + if (kmsKeyArn) { + if (typeof kmsKeyArn === 'string') { + functionResource.Properties.KmsKeyArn = kmsKeyArn; // update the PolicyDocument statements (if default policy is used) const iamRoleLambdaExecution = cfTemplate.Resources.IamRoleLambdaExecution; @@ -226,14 +241,14 @@ class AwsCompileFunctions { { Effect: 'Allow', Action: ['kms:Decrypt'], - Resource: [arn], + Resource: [kmsKeyArn], }, ], _.isEqual ); } } else { - functionResource.Properties.KmsKeyArn = arn; + functionResource.Properties.KmsKeyArn = kmsKeyArn; } } diff --git a/lib/plugins/aws/provider/awsProvider.js b/lib/plugins/aws/provider/awsProvider.js index 7371766d409..1934851821e 100644 --- a/lib/plugins/aws/provider/awsProvider.js +++ b/lib/plugins/aws/provider/awsProvider.js @@ -385,6 +385,7 @@ class AwsProvider { }, additionalProperties: false, }, + kmsKeyArn: { $ref: '#/definitions/awsKmsArn' }, layers: { $ref: '#/definitions/awsLambdaLayers' }, logs: { type: 'object', @@ -469,6 +470,7 @@ class AwsProvider { required: ['localMountPath', 'arn'], }, handler: { type: 'string' }, + kmsKeyArn: { $ref: '#/definitions/awsKmsArn' }, layers: { $ref: '#/definitions/awsLambdaLayers' }, memorySize: { $ref: '#/definitions/awsLambdaMemorySize' }, onError: { From 1c927bc530890be93698043a5a0a9a1ac692f213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Barthelet?= Date: Wed, 23 Sep 2020 13:53:30 +0200 Subject: [PATCH 2/3] Show depreciation warning unconditionnally --- lib/configSchema.js | 2 +- .../aws/package/compile/functions/index.js | 25 +++++++++++-------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/lib/configSchema.js b/lib/configSchema.js index b823b3513c2..f035a16f011 100644 --- a/lib/configSchema.js +++ b/lib/configSchema.js @@ -125,7 +125,7 @@ const schema = { additionalProperties: false, required: ['provider', 'service'], definitions: { - // TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn removed with v2.0.0, see https://github.com/serverless/serverless/issues/8261 + // TODO: awsKmsArn definition to be moved to lib/plugins/aws/provider/awsProvider.js once service.awsKmsKeyArn removed with v3.0.0, see https://github.com/serverless/serverless/issues/8261 // TODO: awsKmsArn to include #/definitions/awsCfFunction instead of type: object as one of the possible definition, see https://github.com/serverless/serverless/issues/8261 awsKmsArn: { anyOf: [{ type: 'object' }, { type: 'string', pattern: '^arn:aws[a-z-]*:kms' }], diff --git a/lib/plugins/aws/package/compile/functions/index.js b/lib/plugins/aws/package/compile/functions/index.js index 54b81f7700b..a834ca8cb7d 100644 --- a/lib/plugins/aws/package/compile/functions/index.js +++ b/lib/plugins/aws/package/compile/functions/index.js @@ -212,21 +212,26 @@ class AwsCompileFunctions { let kmsKeyArn; const serviceObj = this.serverless.service.serviceObject; - if (functionObject.kmsKeyArn || this.serverless.service.provider.kmsKeyArn) { - kmsKeyArn = functionObject.kmsKeyArn || this.serverless.service.provider.kmsKeyArn; - } else if (functionObject.awsKmsKeyArn) { - this.serverless._logDeprecation( - 'FUNCTION_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', - 'Starting with next major version, awsKmsKeyArn function property will be replaced by kmsKeyArn.' - ); - kmsKeyArn = functionObject.awsKmsKeyArn; - } else if (serviceObj && serviceObj.awsKmsKeyArn) { + if (serviceObj && serviceObj.awsKmsKeyArn) { this.serverless._logDeprecation( 'SERVICE_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', - 'Starting with next major version, awsKmsKeyArn service property will be replaced by provider.kmsKeyArn.' + 'Starting with next major version, awsKmsKeyArn service property will be replaced by provider.kmsKeyArn' ); kmsKeyArn = serviceObj.awsKmsKeyArn; } + if (this.serverless.service.provider.kmsKeyArn) { + kmsKeyArn = this.serverless.service.provider.kmsKeyArn; + } + if (functionObject.awsKmsKeyArn) { + this.serverless._logDeprecation( + 'FUNCTION_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', + 'Starting with next major version, awsKmsKeyArn function property will be replaced by kmsKeyArn' + ); + kmsKeyArn = functionObject.awsKmsKeyArn; + } + if (functionObject.kmsKeyArn) { + kmsKeyArn = functionObject.kmsKeyArn; + } if (kmsKeyArn) { if (typeof kmsKeyArn === 'string') { From 5aba3dcabf836da12c76c0728a57048f11798e0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Barthelet?= Date: Wed, 23 Sep 2020 17:07:25 +0200 Subject: [PATCH 3/3] Rename depreciation message --- docs/deprecations.md | 4 ++-- lib/plugins/aws/package/compile/functions/index.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/deprecations.md b/docs/deprecations.md index cd61ace38a8..d5d5b5102c1 100644 --- a/docs/deprecations.md +++ b/docs/deprecations.md @@ -74,8 +74,8 @@ Please use `onUnauthenticatedRequest` instead. `allowUnauthenticated` will be re Please use `bin/serverless.js` instead. `bin/serverless` will be removed with v2.0.0 -
 
 +
 
 ## awsKmsKeyArn references -Plase use `provider.kmsKeyArn` and `functions[].kmsKeyArn`. `service.awsKmsKeyArn` and `functions[].awsKmsKeyArn` will be removed with v2.0.0 +Plase use `provider.kmsKeyArn` and `functions[].kmsKeyArn`. `service.awsKmsKeyArn` and `functions[].awsKmsKeyArn` will be removed with v3.0.0 diff --git a/lib/plugins/aws/package/compile/functions/index.js b/lib/plugins/aws/package/compile/functions/index.js index a834ca8cb7d..712f68c3b7c 100644 --- a/lib/plugins/aws/package/compile/functions/index.js +++ b/lib/plugins/aws/package/compile/functions/index.js @@ -214,7 +214,7 @@ class AwsCompileFunctions { const serviceObj = this.serverless.service.serviceObject; if (serviceObj && serviceObj.awsKmsKeyArn) { this.serverless._logDeprecation( - 'SERVICE_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', + 'AWS_KMS_KEY_ARN', 'Starting with next major version, awsKmsKeyArn service property will be replaced by provider.kmsKeyArn' ); kmsKeyArn = serviceObj.awsKmsKeyArn; @@ -224,7 +224,7 @@ class AwsCompileFunctions { } if (functionObject.awsKmsKeyArn) { this.serverless._logDeprecation( - 'FUNCTION_DEPRECATED_PROPERTY_AWS_KMS_KEY_ARN', + 'AWS_KMS_KEY_ARN', 'Starting with next major version, awsKmsKeyArn function property will be replaced by kmsKeyArn' ); kmsKeyArn = functionObject.awsKmsKeyArn;