Support S3 server side encryption (#65)

* Added support for CFN role. * Support S3 server side encryption * Added unit test for updateAlias. Fixed alias tag in create fallback. * Added tests for uploadAliasArtifacts
serverless-heaven · Jul 6, 2017 · 3213854 · 3213854
1 parent 2ae1e4c
commit 3213854
Show file tree

Hide file tree

Showing 4 changed files with 552 additions and 2 deletions.
diff --git a/lib/updateAliasStack.js b/lib/updateAliasStack.js
@@ -13,7 +13,7 @@ module.exports = {
 		this._serverless.cli.log('Creating alias stack...');
 
 		const stackName = `${this._provider.naming.getStackName()}-${this._alias}`;
-		let stackTags = { STAGE: this._options.stage };
+		let stackTags = { STAGE: this._options.stage, ALIAS: this._alias };
 		const templateUrl = `https://s3.amazonaws.com/${
 			this.bucketName
 			}/${
@@ -36,6 +36,10 @@ module.exports = {
 			Tags: _.map(_.keys(stackTags), key => ({ Key: key, Value: stackTags[key] })),
 		};
 
+		if (this.serverless.service.provider.cfnRole) {
+			params.RoleARN = this.serverless.service.provider.cfnRole;
+		}
+
 		return this._provider.request('CloudFormation',
 			'createStack',
 			params,
@@ -71,6 +75,10 @@ module.exports = {
 			Tags: _.map(_.keys(stackTags), key => ({ Key: key, Value: stackTags[key] })),
 		};
 
+		if (this.serverless.service.provider.cfnRole) {
+			params.RoleARN = this.serverless.service.provider.cfnRole;
+		}
+
 		// Policy must have at least one statement, otherwise no updates would be possible at all
 		if (this._serverless.service.provider.stackPolicy &&
 				this._serverless.service.provider.stackPolicy.length) {

diff --git a/lib/uploadAliasArtifacts.js b/lib/uploadAliasArtifacts.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const BbPromise = require('bluebird');
+const _ = require('lodash');
 
 module.exports = {
 	uploadAliasCloudFormationFile() {
@@ -10,13 +11,18 @@ module.exports = {
 
 		const fileName = 'compiled-cloudformation-template-alias.json';
 
-		const params = {
+		let params = {
 			Bucket: this.bucketName,
 			Key: `${this.serverless.service.package.artifactDirectoryName}/${fileName}`,
 			Body: body,
 			ContentType: 'application/json',
 		};
 
+		const deploymentBucketObject = this.serverless.service.provider.deploymentBucketObject;
+		if (deploymentBucketObject) {
+			params = setServersideEncryptionOptions(params, deploymentBucketObject);
+		}
+
 		return this.provider.request('S3',
 			'putObject',
 			params,
@@ -34,3 +40,23 @@ module.exports = {
 	},
 
 };
+
+function setServersideEncryptionOptions(putParams, deploymentBucketOptions) {
+	const encryptionFields = {
+		'serverSideEncryption': 'ServerSideEncryption',
+		'sseCustomerAlgorithm': 'SSECustomerAlgorithm',
+		'sseCustomerKey': 'SSECustomerKey',
+		'sseCustomerKeyMD5': 'SSECustomerKeyMD5',
+		'sseKMSKeyId': 'SSEKMSKeyId',
+	};
+
+	const params = putParams;
+
+	_.forOwn(encryptionFields, (value, field) => {
+		if (deploymentBucketOptions[field]) {
+			params[value] = deploymentBucketOptions[field];
+		}
+	});
+
+	return params;
+}