feat: intrinsic funcs for dynamodb iam

theburningmonk · theburningmonk · commit ef0c14970b7c · 2019-04-30T21:16:18.000+01:00
diff --git a/lib/deploy/stepFunctions/compileIamRole.js b/lib/deploy/stepFunctions/compileIamRole.js
@@ -65,6 +65,14 @@ function getSnsPermissions(serverless, state) {
 }
 
 function getDynamoDBArn(tableName) {
+  if (isIntrinsic(tableName) && tableName.Ref) {
+    // most likely we'll see a { Ref: LogicalId }, which we need to map to
+    // { Fn::GetAtt: [ LogicalId, Arn ] } to get the ARN
+    return {
+      'Fn::GetAtt': [tableName.Ref, 'Arn'],
+    };
+  }
+
   return {
     'Fn::Join': [
       ':',
diff --git a/lib/deploy/stepFunctions/compileIamRole.test.js b/lib/deploy/stepFunctions/compileIamRole.test.js
@@ -938,6 +938,16 @@ describe('#compileIamRole', () => {
                   },
                   MessageBody: 'This is a static message',
                 },
+                Next: 'DynamoDB',
+              },
+              DynamoDB: {
+                Type: 'Task',
+                Resource: 'arn:aws:states:::dynamodb:putItem',
+                Parameters: {
+                  TableName: {
+                    Ref: 'MyTable',
+                  },
+                },
                 Next: 'Parallel',
               },
               Parallel: {
@@ -971,14 +981,22 @@ describe('#compileIamRole', () => {
       .Properties.Policies[0];
 
     const statements = policy.PolicyDocument.Statement;
+
     const lambdaPermissions = statements.find(x => x.Action[0] === 'lambda:InvokeFunction');
     expect(lambdaPermissions.Resource).to.be.deep.equal([
       { Ref: 'MyFunction' }, { Ref: 'MyFunction2' }]);
+
     const snsPermissions = statements.find(x => x.Action[0] === 'sns:Publish');
     expect(snsPermissions.Resource).to.be.deep.equal([{ Ref: 'MyTopic' }]);
+
     const sqsPermissions = statements.find(x => x.Action[0] === 'sqs:SendMessage');
     expect(sqsPermissions.Resource).to.be.deep.equal([{
       'Fn::GetAtt': ['MyQueue', 'Arn'],
     }]);
+
+    const dynamodbPermissions = statements.find(x => x.Action[0] === 'dynamodb:PutItem');
+    expect(dynamodbPermissions.Resource).to.be.deep.equal([{
+      'Fn::GetAtt': ['MyTable', 'Arn'],
+    }]);
   });
 });
