1 | var AWS = require('aws-sdk'),
|
2 | async = require('async');
|
3 |
|
4 | function getMethodID(method) {
|
5 | return method && method.data &&
|
6 | method.data['x-amazon-apigateway-integration'] &&
|
7 | method.data['x-amazon-apigateway-integration'].uri;
|
8 | }
|
9 |
|
10 | module.exports = {
|
11 | deployRestAPIAccessPolicies: function deployRestAPIAccessPolicies(done) {
|
12 | var _ = this;
|
13 |
|
14 | async.each(_.APIDeploy.methods, function(method, done) {
|
15 | _.deployRestAPIAccessPolicy(method, done);
|
16 | }, done);
|
17 | },
|
18 |
|
19 | updateRestAPIAccessPolicies: function updateRestAPIAccessPolicies(ids, done) {
|
20 | var _ = this;
|
21 |
|
22 | _.APIDeploy.findMethods(ids);
|
23 |
|
24 | async.each(_.APIDeploy.methods, function(method, done) {
|
25 | _.createRestAPIAccessPolicy(method, done);
|
26 | }, done);
|
27 | },
|
28 |
|
29 | deployRestAPIAccessPolicy: function deployRestAPIAccessPolicy(method, done) {
|
30 | var _ = this;
|
31 |
|
32 | if (getMethodID(method)) {
|
33 | _.updateRestAPIAccessPolicy(method, done);
|
34 | } else {
|
35 | _.createRestAPIAccessPolicy(method, done);
|
36 | }
|
37 | },
|
38 |
|
39 | createRestAPIAccessPolicy: function createRestAPIAccessPolicy(method, done) {
|
40 | var _ = this,
|
41 | lambda = new AWS.Lambda(),
|
42 | accountNumber = _.lambda.role.replace(/[^\d]+/g, ''),
|
43 | StatementId = 'api-deploy-access';
|
44 |
|
45 | _.APIDeploy.logger.log('Creating Access Policy - ' + method._path + ' (' + method._method + ')');
|
46 |
|
47 | lambda.removePermission({
|
48 | FunctionName: method.data.operationId,
|
49 | StatementId: StatementId
|
50 | }, function(err, data) {
|
51 | lambda.addPermission({
|
52 | Action: 'lambda:InvokeFunction',
|
53 | FunctionName: method.data.operationId,
|
54 | Principal: 'apigateway.amazonaws.com',
|
55 | StatementId: StatementId,
|
56 | SourceArn:
|
57 | 'arn:aws:execute-api:' +
|
58 | _.aws.region + ':' +
|
59 | accountNumber + ':' +
|
60 | _.APIDeploy.swagger.data['x-amazon-apigateway-restapi'].id + '/*/' +
|
61 | method._method +
|
62 | method._path.replace(/\/$/, '')
|
63 | }, function(err, data) {
|
64 | if (err) return done(err);
|
65 |
|
66 | _.APIDeploy.logger.log('Created Access Policy - ' + method._path + ' (' + method._method + ')');
|
67 |
|
68 | done(err, data);
|
69 | });
|
70 | });
|
71 | },
|
72 |
|
73 | updateRestAPIAccessPolicy: function updateRestAPIAccessPolicy(method, done) {
|
74 | var _ = this;
|
75 |
|
76 | _.APIDeploy.logger.log('Updating Access Policy - ' + method._path + ' (' + method._method + ')');
|
77 | _.APIDeploy.logger.log('Updated Access Policy - ' + method._path + ' (' + method._method + ')');
|
78 |
|
79 | done();
|
80 | }
|
81 | };
|