From 2260de8de9b017fdc22849e2a0604ed478383abc Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Tue, 16 Nov 2021 19:11:29 +0900 Subject: [PATCH 1/5] fix(iot): Unable to bind two TopicRule with the same action of a lambda function --- .../lib/lambda-function-action.ts | 3 ++- .../lambda/lambda-function-action.test.ts | 23 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts index 8296e112e8be5..afc0e8a2862bd 100644 --- a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts +++ b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts @@ -1,6 +1,7 @@ import * as iam from '@aws-cdk/aws-iam'; import * as iot from '@aws-cdk/aws-iot'; import * as lambda from '@aws-cdk/aws-lambda'; +import { Names } from '@aws-cdk/core'; /** * The action to invoke an AWS Lambda function, passing in an MQTT message. @@ -12,7 +13,7 @@ export class LambdaFunctionAction implements iot.IAction { constructor(private readonly func: lambda.IFunction) {} bind(topicRule: iot.ITopicRule): iot.ActionConfig { - this.func.addPermission('invokedByAwsIotRule', { + this.func.addPermission(`${Names.nodeUniqueId(topicRule.node)}:Permission`, { action: 'lambda:InvokeFunction', principal: new iam.ServicePrincipal('iot.amazonaws.com'), sourceAccount: topicRule.env.account, diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts index 76263f5fa5e5c..0f8c3f64f6e23 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts @@ -55,3 +55,26 @@ test('create a topic rule with lambda action and a lambda permission to be invok }, }); }); + +test('When two topic rules have the same action, it should not throw a error', () => { + // GIVEN + const stack = new cdk.Stack(); + const func = new lambda.Function(stack, 'MyFunction', { + runtime: lambda.Runtime.NODEJS_14_X, + handler: 'index.handler', + code: lambda.Code.fromInline('console.log("foo")'), + }); + const action = new actions.LambdaFunctionAction(func); + + // WHEN + new iot.TopicRule(stack, 'MyTopicRule1', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + }); + + // THEN + expect(() => new iot.TopicRule(stack, 'MyTopicRule2', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + })).not.toThrow(); +}); From 8e96c15d6b53d0630d7166897b2a148d13206f7d Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Tue, 16 Nov 2021 21:17:56 +0900 Subject: [PATCH 2/5] fix snapshot --- .../test/lambda/integ.lambda-function-action.expected.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json index 345ead052c921..37d256b4d9f5c 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json @@ -50,7 +50,7 @@ "MyFunctionServiceRole3C357FF2" ] }, - "MyFunctioninvokedByAwsIotRule5581F304": { + "MyFunctionteststackTopicRule1CB8242FPermission62920382": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", From b1baa7259b39e7c24a64352667e9c42b1a6ad231 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Wed, 17 Nov 2021 22:47:52 +0900 Subject: [PATCH 3/5] address a comment --- packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts | 2 +- .../test/lambda/integ.lambda-function-action.expected.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts index afc0e8a2862bd..60cf056d6e5ba 100644 --- a/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts +++ b/packages/@aws-cdk/aws-iot-actions/lib/lambda-function-action.ts @@ -13,7 +13,7 @@ export class LambdaFunctionAction implements iot.IAction { constructor(private readonly func: lambda.IFunction) {} bind(topicRule: iot.ITopicRule): iot.ActionConfig { - this.func.addPermission(`${Names.nodeUniqueId(topicRule.node)}:Permission`, { + this.func.addPermission(`${Names.nodeUniqueId(topicRule.node)}:IotLambdaFunctionAction`, { action: 'lambda:InvokeFunction', principal: new iam.ServicePrincipal('iot.amazonaws.com'), sourceAccount: topicRule.env.account, diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json index 37d256b4d9f5c..4c619dff4cf84 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/integ.lambda-function-action.expected.json @@ -50,7 +50,7 @@ "MyFunctionServiceRole3C357FF2" ] }, - "MyFunctionteststackTopicRule1CB8242FPermission62920382": { + "MyFunctionteststackTopicRule1CB8242FIotLambdaFunctionAction37A1A89F": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", From d36ed2c0232b48130aa6070866d6965f7d138055 Mon Sep 17 00:00:00 2001 From: Tatsuya Yamamoto Date: Wed, 17 Nov 2021 22:48:26 +0900 Subject: [PATCH 4/5] Update packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts Co-authored-by: Adam Ruka --- .../test/lambda/lambda-function-action.test.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts index 0f8c3f64f6e23..7c3b8a5d53992 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts @@ -73,8 +73,10 @@ test('When two topic rules have the same action, it should not throw a error', ( }); // THEN - expect(() => new iot.TopicRule(stack, 'MyTopicRule2', { - sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), - actions: [action], - })).not.toThrow(); + expect(() => { + new iot.TopicRule(stack, 'MyTopicRule2', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + }); + }).not.toThrow(); }); From 1a8aea6c887a8f277698b372da8d0ea979019a50 Mon Sep 17 00:00:00 2001 From: yamatatsu Date: Wed, 17 Nov 2021 23:03:17 +0900 Subject: [PATCH 5/5] address a comment --- .../test/lambda/lambda-function-action.test.ts | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts index 7c3b8a5d53992..88974ae613d44 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts +++ b/packages/@aws-cdk/aws-iot-actions/test/lambda/lambda-function-action.test.ts @@ -56,7 +56,7 @@ test('create a topic rule with lambda action and a lambda permission to be invok }); }); -test('When two topic rules have the same action, it should not throw a error', () => { +test('create two different permissions, when two topic rules have the same action', () => { // GIVEN const stack = new cdk.Stack(); const func = new lambda.Function(stack, 'MyFunction', { @@ -71,12 +71,11 @@ test('When two topic rules have the same action, it should not throw a error', ( sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), actions: [action], }); + new iot.TopicRule(stack, 'MyTopicRule2', { + sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), + actions: [action], + }); // THEN - expect(() => { - new iot.TopicRule(stack, 'MyTopicRule2', { - sql: iot.IotSql.fromStringAsVer20160323("SELECT topic(2) as device_id FROM 'device/+/data'"), - actions: [action], - }); - }).not.toThrow(); + Template.fromStack(stack).resourceCountIs('AWS::Lambda::Permission', 2); });