Skip to content

Commit

Permalink
fix(lambda): expose underlying function's role on the alias (#2024)
Browse files Browse the repository at this point in the history
  • Loading branch information
Sam Goodwin authored Mar 19, 2019
1 parent 942f938 commit de296de
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 1 deletion.
1 change: 1 addition & 0 deletions packages/@aws-cdk/aws-lambda/lib/alias.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ export class Alias extends FunctionBase {
super(scope, id);

this.underlyingLambda = props.version.lambda;
this.role = this.underlyingLambda.role;

new CfnAlias(this, 'Resource', {
name: props.aliasName,
Expand Down
59 changes: 58 additions & 1 deletion packages/@aws-cdk/aws-lambda/test/test.alias.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { beASupersetOfTemplate, expect, haveResource } from '@aws-cdk/assert';
import { AccountPrincipal } from '@aws-cdk/aws-iam';
import { AccountPrincipal, PolicyStatement } from '@aws-cdk/aws-iam';
import { Stack } from '@aws-cdk/cdk';
import { Test } from 'nodeunit';
import lambda = require('../lib');
Expand Down Expand Up @@ -127,6 +127,63 @@ export = {
Principal: "123456"
}));

test.done();
},

'alias exposes real Lambdas role'(test: Test) {
const stack = new Stack();

// GIVEN
const fn = new lambda.Function(stack, 'MyLambda', {
code: new lambda.InlineCode('hello()'),
handler: 'index.hello',
runtime: lambda.Runtime.NodeJS610,
});

const version = fn.addVersion('1');
const alias = new lambda.Alias(stack, 'Alias', { aliasName: 'prod', version });

// THEN
test.equals(alias.role, fn.role);

test.done();
},

'addToRolePolicy on alias forwards to real Lambda'(test: Test) {
const stack = new Stack();

// GIVEN
const fn = new lambda.Function(stack, 'MyLambda', {
code: new lambda.InlineCode('hello()'),
handler: 'index.hello',
runtime: lambda.Runtime.NodeJS610,
});

const version = fn.addVersion('1');
const alias = new lambda.Alias(stack, 'Alias', { aliasName: 'prod', version });

// WHEN
alias.addToRolePolicy(new PolicyStatement()
.addAction('s3:GetObject')
.addAllResources());
test.equals(alias.role, fn.role);

// THEN
expect(stack).to(haveResource('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [{
Action: "s3:GetObject",
Effect: "Allow",
Resource: "*"
}],
Version: "2012-10-17"
},
PolicyName: "MyLambdaServiceRoleDefaultPolicy5BBC6F68",
Roles: [{
Ref: "MyLambdaServiceRole4539ECB6"
}]
}));

test.done();
}
};

0 comments on commit de296de

Please sign in to comment.