feat: Legacy naming and failurePolicy (#1)

José Lucas Chociai · edaniszewski · web-flow · commit c03dc2344eda · 2020-07-01T17:59:07.000-03:00
* feat: Add support for allowUnauthenticated and custom IAM definitions (PR serverless#219) * feat: preserve function name * added failurePolicy Co-authored-by: Erick Daniszewski <edaniszewski@gmail.com>
diff --git a/info/lib/displayServiceInfo.js b/info/lib/displayServiceInfo.js
@@ -50,7 +50,7 @@ module.exports = {
           const region = this.options.region;
           const project = this.serverless.service.provider.project;
           const baseUrl = `https://${region}-${project}.cloudfunctions.net`;
-          const path = serviceFunc.name; // NOTE this might change
+          const path = serviceFunc.useLegacyNaming ? serviceFunc.handler : serviceFunc.name;
           funcResource = `${baseUrl}/${path}`;
         }
 
diff --git a/package/lib/compileFunctions.js b/package/lib/compileFunctions.js
@@ -24,6 +24,7 @@ module.exports = {
       validateHandlerProperty(funcObject, functionName);
       validateEventsProperty(funcObject, functionName);
       validateVpcConnectorProperty(funcObject, functionName);
+      validateIamProperty(funcObject, functionName);
 
       const funcTemplate = getFunctionTemplate(
         funcObject,
@@ -51,6 +52,11 @@ module.exports = {
         _.get(this, 'serverless.service.provider.environment'),
         funcObject.environment // eslint-disable-line comma-dangle
       );
+      funcTemplate.accessControl.gcpIamPolicy.bindings = _.unionBy(
+        _.get(funcObject, 'iam.bindings'),
+        _.get(this, 'serverless.service.provider.iam.bindings'),
+        'role'
+      );
 
       if (!funcTemplate.properties.serviceAccountEmail) {
         delete funcTemplate.properties.serviceAccountEmail;
@@ -83,16 +89,30 @@ module.exports = {
 
         funcTemplate.properties.httpsTrigger = {};
         funcTemplate.properties.httpsTrigger.url = url;
+
+        if (funcObject.allowUnauthenticated) {
+          funcTemplate.accessControl.gcpIamPolicy.bindings = _.unionBy(
+            [{ role: 'roles/cloudfunctions.invoker', members: ['allUsers'] }],
+            funcTemplate.accessControl.gcpIamPolicy.bindings,
+            'role'
+          );
+        }
       }
       if (eventType === 'event') {
         const type = funcObject.events[0].event.eventType;
         const path = funcObject.events[0].event.path; //eslint-disable-line
         const resource = funcObject.events[0].event.resource;
+        const failurePolicy = funcObject.events[0].event.failurePolicy;
 
         funcTemplate.properties.eventTrigger = {};
         funcTemplate.properties.eventTrigger.eventType = type;
         if (path) funcTemplate.properties.eventTrigger.path = path;
         funcTemplate.properties.eventTrigger.resource = resource;
+        if (failurePolicy) funcTemplate.properties.eventTrigger.failurePolicy = failurePolicy;
+      }
+
+      if (!funcTemplate.accessControl.gcpIamPolicy.bindings.length) {
+        delete funcTemplate.accessControl;
       }
 
       this.serverless.service.provider.compiledConfigurationTemplate.resources.push(funcTemplate);
@@ -157,6 +177,29 @@ const validateVpcConnectorProperty = (funcObject, functionName) => {
   }
 };
 
+const validateIamProperty = (funcObject, functionName) => {
+  if (_.get(funcObject, 'iam.bindings') && funcObject.iam.bindings.length > 0) {
+    funcObject.iam.bindings.forEach((binding) => {
+      if (!binding.role) {
+        const errorMessage = [
+          `The function "${functionName}" has no role specified for an IAM binding.`,
+          ' Each binding requires a role. For details on supported roles, see the documentation',
+          ' at: https://cloud.google.com/iam/docs/understanding-roles',
+        ].join('');
+        throw new Error(errorMessage);
+      }
+      if (!Array.isArray(binding.members) || !binding.members.length) {
+        const errorMessage = [
+          `The function "${functionName}" has no members specified for an IAM binding.`,
+          ' Each binding requires at least one member to be assigned. See the IAM documentation',
+          ' for details on configuring members: https://cloud.google.com/iam/docs/overview',
+        ].join('');
+        throw new Error(errorMessage);
+      }
+    });
+  }
+};
+
 const getFunctionTemplate = (funcObject, projectName, region, sourceArchiveUrl) => {
   //eslint-disable-line
   return {
@@ -168,8 +211,13 @@ const getFunctionTemplate = (funcObject, projectName, region, sourceArchiveUrl)
       runtime: 'nodejs8',
       timeout: '60s',
       entryPoint: funcObject.handler,
-      function: funcObject.name,
+      function:  funcObject.useLegacyNaming ? funcObject.handler : funcObject.name,
       sourceArchiveUrl,
     },
+    accessControl: {
+      gcpIamPolicy: {
+        bindings: [],
+      },
+    },
   };
 };
diff --git a/package/lib/compileFunctions.test.js b/package/lib/compileFunctions.test.js

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ module.exports = {`
`50`	`50`	`const region = this.options.region;`
`51`	`51`	`const project = this.serverless.service.provider.project;`
`52`	`52`	const baseUrl = `https://${region}-${project}.cloudfunctions.net`;
`53`		`- const path = serviceFunc.name; // NOTE this might change`
	`53`	`+ const path = serviceFunc.useLegacyNaming ? serviceFunc.handler : serviceFunc.name;`
`54`	`54`	funcResource = `${baseUrl}/${path}`;
`55`	`55`	`}`
`56`	`56`