From 922e6f21005e3dd151ab2a3405227cb8f99088f6 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Fri, 19 Nov 2021 05:53:20 +0900 Subject: [PATCH] fix(iot): unable to add the same lambda function to two TopicRule Actions (#17521) fix: #17508 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../lib/lambda-function-action.ts | 3 ++- ...integ.lambda-function-action.expected.json | 2 +- .../lambda/lambda-function-action.test.ts | 24 +++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts index 8296e112e8be5..60cf056d6e5ba 100644 --- a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts +++ b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts @@ -1,6 +1,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as iot from '@aws-cdk/aws-iot'; import * as lambda from '@aws-cdk/aws-lambda'; +import { Names } from '@aws-cdk/core'; /** * The action to invoke an AWS Lambda function, passing in an MQTT message. @@ -12,7 +13,7 @@ export class LambdaFunctionAction implements iot.IAction { constructor(private readonly func: lambda.IFunction) {} bind(topicRule: iot.ITopicRule): iot.ActionConfig { - this.func.addPermission('invokedByAwsIotRule', { + this.func.addPermission(`${Names.nodeUniqueId(topicRule.node)}:IotLambdaFunctionAction`, { action: 'lambda:InvokeFunction', principal: new iam.ServicePrincipal('iot.amazonaws.com'), sourceAccount: topicRule.env.account, diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json index 345ead052c921..4c619dff4cf84 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json @@ -50,7 +50,7 @@ "MyFunctionServiceRole3C357FF2" ] }, - "MyFunctioninvokedByAwsIotRule5581F304": { + "MyFunctionteststackTopicRule1CB8242FIotLambdaFunctionAction37A1A89F": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts index 76263f5fa5e5c..88974ae613d44 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts @@ -55,3 +55,27 @@ test('create a topic rule with lambda action and a lambda permission to be invok }, }); }); + +test('create two different permissions, when two topic rules have the same action', () => { + // GIVEN + const stack = new cdk.Stack(); + const func = new lambda.Function(stack, 'MyFunction', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromInline('console.log("foo")'), + }); + const action = new actions.LambdaFunctionAction(func); + + // WHEN + new iot.TopicRule(stack, 'MyTopicRule1', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + }); + new iot.TopicRule(stack, 'MyTopicRule2', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + }); + + // THEN + Template.fromStack(stack).resourceCountIs('AWS::Lambda::Permission', 2); +});