serverless-iam-roles-per-function - npm Package Compare versions

Comparing version 3.0.2-fb28ee6 to 3.1.0-d68046e

CHANGELOG.md

		@@ -5,2 +5,9 @@ # Changelog

		## [3.1.0](https://github.com/functionalone/serverless-iam-roles-per-function/compare/v3.0.2...v3.1.0) (2020-12-17)


		### Features

		* Permission boundary [PR#68](https://github.com/functionalone/serverless-iam-roles-per-function/pull/68)

		## [3.0.2](https://github.com/functionalone/serverless-iam-roles-per-function/compare/v3.0.1...v3.0.2) (2020-12-04)
		@@ -7,0 +14,0 @@

dist/lib/index.js

		@@ -29,5 +29,4 @@ "use strict";
		properties: {
		defaultInherit: {
		type: 'boolean',
		},
		defaultInherit: { type: 'boolean' },
		iamGlobalPermissionsBoundary: { $ref: '#/definitions/awsArnString' },
		},
		@@ -46,2 +45,3 @@ additionalProperties: false,
		iamRoleStatementsName: { type: 'string' },
		iamPermissionsBoundary: { $ref: '#/definitions/awsArnString' },
		iamRoleStatements: { $ref: '#/definitions/awsIamPolicyStatements' },
		@@ -331,2 +331,15 @@ },
		}
		// add iamPermissionsBoundary
		const iamPermissionsBoundary = functionObject.iamPermissionsBoundary;
		const iamGlobalPermissionsBoundary = lodash_1.default.get(this.serverless.service, `custom.${PLUGIN_NAME}.iamGlobalPermissionsBoundary`);
		if (iamPermissionsBoundary \|\| iamGlobalPermissionsBoundary) {
		functionIamRole.Properties.PermissionsBoundary = {
		'Fn::Sub': iamPermissionsBoundary \|\| iamGlobalPermissionsBoundary,
		};
		}
		if (iamGlobalPermissionsBoundary) {
		globalIamRole.Properties.PermissionsBoundary = {
		'Fn::Sub': iamGlobalPermissionsBoundary,
		};
		}
		functionIamRole.Properties.RoleName = functionObject.iamRoleStatementsName
		@@ -333,0 +346,0 @@ \|\| this.getFunctionRoleName(functionName);

package.json

		{
		"name": "serverless-iam-roles-per-function",
		"private": false,
		"version": "3.0.2-fb28ee6",
		"version": "3.1.0-d68046e",
		"engines": {
		@@ -6,0 +6,0 @@ "node": ">=10"

README.md

		@@ -128,2 +128,31 @@ # Serverless IAM Roles Per Function Plugin

		## Permissions boundaries

		Define iamPermissionsBoundary definitions at the function level:

		```yaml
		functions:
		func1:
		handler: handler.get
		iamPermissionsBoundary: arn:aws:iam::xxxxx:policy/your_permissions_boundary_policy
		iamRoleStatementsName: my-custom-role-name
		iamRoleStatements:
		- Effect: "Allow"
		Action:
		- sqs:*
		Resource: "*"
		...
		```

		You can set permissionsBoundary for all roles with iamGlobalPermissionsBoundary in custom:

		```yaml
		custom:
		serverless-iam-roles-per-function:
		iamGlobalPermissionsBoundary: arn:aws:iam::xxxx:policy/permissions-boundary-policy
		```

		For more information, see [Permissions Boundaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html).


		## Contributing
		@@ -147,2 +176,12 @@ Contributions are welcome and appreciated.

		## Publishing a Production Release (Maintainers)
		Once a contributed PR (or multiple PRs) have been merged into `master`, there is need to publish a production release, after we are sure that the release is stable. Maintainers with commit access to the repository can publish a release by merging into the `release` branch. Steps to follow:
		* Verify that the current deployed pre-release version under the `next` tag in npmjs is working properly. Usually, it is best to allow the `next` version to gain traction a week or two before releasing. Also, if the version solves a specific reported issue, ask the community on the issue to test out the `next` version.
		* Make sure the version being used in master hasn't been released. This can happen if a PR was merged without bumping the version by running `npm run release`. If the version needs to be advanced, open a PR to advance the version as specified [here](#contributing).
		* Open a PR to merge into the `release` branch. Use as a base the `release` branch and compare the `tag` version to `release`. For example:
		![Example PR](https://user-images.githubusercontent.com/1395797/101236848-1866e180-36dd-11eb-9281-6c726d15e4f1.png)

		* Once approved by another maintainer, merge the PR.
		* Make sure to check after the Travis CI build completes that the release has been published to the `latest` tag on [nmpjs](https://www.npmjs.com/package/serverless-iam-roles-per-function?activeTab=versions).

		## More Info
		@@ -160,4 +199,4 @@
		[sls-url]:http://www.serverless.com
		[travis-image]:https://travis-ci.org/functionalone/serverless-iam-roles-per-function.svg?branch=master
		[travis-url]:https://travis-ci.org/functionalone/serverless-iam-roles-per-function
		[travis-image]:https://travis-ci.com/functionalone/serverless-iam-roles-per-function.svg?branch=master
		[travis-url]:https://travis-ci.com/functionalone/serverless-iam-roles-per-function
		[david-image]:https://david-dm.org/functionalone/serverless-iam-roles-per-function/status.svg
		@@ -164,0 +203,0 @@ [david-url]:https://david-dm.org/functionalone/serverless-iam-roles-per-function

src/lib/index.ts

		@@ -42,5 +42,4 @@ import _ from 'lodash';
		properties: {
		defaultInherit: {
		type: 'boolean',
		},
		defaultInherit: { type: 'boolean' },
		iamGlobalPermissionsBoundary: { $ref: '#/definitions/awsArnString' },
		},
		@@ -60,2 +59,3 @@ additionalProperties: false,
		iamRoleStatementsName: { type: 'string' },
		iamPermissionsBoundary: { $ref: '#/definitions/awsArnString' },
		iamRoleStatements: { $ref: '#/definitions/awsIamPolicyStatements' },
		@@ -360,2 +360,20 @@ },
		}

		// add iamPermissionsBoundary
		const iamPermissionsBoundary = functionObject.iamPermissionsBoundary;
		const iamGlobalPermissionsBoundary =
		_.get(this.serverless.service, `custom.${PLUGIN_NAME}.iamGlobalPermissionsBoundary`);

		if (iamPermissionsBoundary \|\| iamGlobalPermissionsBoundary) {
		functionIamRole.Properties.PermissionsBoundary = {
		'Fn::Sub': iamPermissionsBoundary \|\| iamGlobalPermissionsBoundary,
		}
		}

		if (iamGlobalPermissionsBoundary) {
		globalIamRole.Properties.PermissionsBoundary = {
		'Fn::Sub': iamGlobalPermissionsBoundary,
		}
		}

		functionIamRole.Properties.RoleName = functionObject.iamRoleStatementsName
		@@ -362,0 +380,0 @@ \|\| this.getFunctionRoleName(functionName);

src/test/funcs-with-iam.json

		@@ -109,2 +109,10 @@ {
		}
		},
		"helloPermissionsBoundary": {
		"handler": "handler.permissionsBoundary",
		"iamRoleStatements": [],
		"iamPermissionsBoundary": "arn:aws:iam::xxxxx:policy/your_permissions_boundary_policy",
		"events": [],
		"name": "test-permissions-boundary-hello",
		"package": {}
		}
		@@ -111,0 +119,0 @@ },

src/test/index.test.ts

		@@ -420,2 +420,21 @@ import {assert} from 'chai';
		});

		it('should add permission policy arn when there is iamPermissionsBoundary defined', () => {
		const compiledResources = serverless.service.provider.compiledCloudFormationTemplate.Resources;
		plugin.createRolesPerFunction();
		const helloPermissionsBoundaryIamRole = compiledResources.HelloPermissionsBoundaryIamRoleLambdaExecution;
		const policyName = helloPermissionsBoundaryIamRole.Properties.PermissionsBoundary['Fn::Sub'];
		assert.equal(policyName, 'arn:aws:iam::xxxxx:policy/your_permissions_boundary_policy');
		})

		it('should add permission policy arn when there is iamGlobalPermissionsBoundary defined', () => {
		const compiledResources = serverless.service.provider.compiledCloudFormationTemplate.Resources;
		serverless.service.custom['serverless-iam-roles-per-function'] = {
		iamGlobalPermissionsBoundary: 'arn:aws:iam::xxxxx:policy/permissions_boundary',
		};
		plugin.createRolesPerFunction();
		const defaultIamRoleLambdaExecution = compiledResources.IamRoleLambdaExecution;
		const policyName = defaultIamRoleLambdaExecution.Properties.PermissionsBoundary['Fn::Sub'];
		assert.equal(policyName, 'arn:aws:iam::xxxxx:policy/permissions_boundary');
		})
		});
		@@ -422,0 +441,0 @@ });

dist/lib/index.js.map

Sorry, the diff of this file is not supported yet

serverless-iam-roles-per-function - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics