feat: validate aws cn region not supported config

feat: patch aws cn lambda permission principal suffix

Author: cncolder

.travis.yml

@@ -0,0 +1,22 @@
+language: node_js
+node_js:
+  - node
+  - 8
+  - 6
+  - 4
+
+branches:
+  only:
+    - master
+    - /^greenkeeper/.*$/
+
+cache: yarn
+
+before_install:
+  - which npx || npm i -g npx
+
+after_success:
+  - npx codecov
+
+notifications:
+  email: false

README.md

@@ -1,2 +1,108 @@
 # serverless-aws-cn
 Serverless plugin compatible with aws cn
+
+[![License][ico-license]][link-license]
+[![NPM][ico-npm]][link-npm]
+[![Build Status][ico-build]][link-build]
+[![Coverage Status][ico-codecov]][link-codecov]
+
+## Example:
+
+```yml
+service:
+  name: demo
+plugins:
+  - serverless-aws-cn
+provider:
+  name: aws
+  region: cn-north-1
+  endpointType: REGIONAL
+functions:
+  hello:
+    handler: handler.hello
+    events:
+      - http:
+          method: get
+          path: hello
+```
+
+## Some tips about AWS China:
+
+1. Lambda supported in Beijing `cn-north-1` region only. [Ningxia](https://www.amazonaws.cn/about-aws/regional-product-services/) `cn-northwest-1` region is  not supported yet.
+
+2. If you have a function named `hello` with http event. You need patch Cloud Formation API Gateway Principal like this:
+
+```yml
+functions:
+  hello:
+    handler: handler.hello
+    events:
+      - http: GET hello
+
+resources:
+  Resources:
+    HelloLambdaPermissionApiGateway:
+      Properties:
+        Principal: apigateway.amazonaws.com
+```
+
+3. You cannot open your endpoint without [ICP Recordal](https://www.amazonaws.cn/en/about-aws/china/faqs/#new%20step). It always return `403 {"Message": null}`. Except your function authorize by IAM:
+
+```yml
+functions:
+  hello:
+    handler: handler.hello
+    events:
+      - http:
+          method: get
+          path: hello
+          authorizer: aws_iam
+```
+
+Consider try [postman](http://getpostman.com) for test your endpoint with AWS4 Authorization header.
+
+4. Don't set environment in your provider or functions. It's not supported in `cn-north-1` region.
+
+```yml
+provider:
+  name: aws
+  region: cn-north-1
+  endpointType: REGIONAL
+  runtime: nodejs6.10
+  # Lambda environment is not supported yet!
+  # environment:
+    # DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}
+functions:
+  hello:
+    # environment:
+    #   NODE_ENV: production
+```
+
+5. Don't waste time on Cognito User Pool (trigger or auth). Only [Federate Identities](http://docs.amazonaws.cn/en_us/aws/latest/userguide/cognito.html) available now.
+```yml
+functions:
+  preSignUp:
+    handler: preSignUp.handler
+    events:
+      - http:
+          path: posts/create
+          method: post
+          # This ARN is not exists. 
+          # authorizer: arn:aws-cn:cognito-idp:cn-north-1:xxx:userpool/cn-north-1_ZZZ
+      # This event trigger not work!
+      # - cognitoUserPool:
+      #     pool: MyUserPool
+      #     trigger: PreSignUp
+```
+
+6. The builtin `aws-sdk` version is `2.190.0`.  [Doc](https://docs.aws.amazon.com/zh_cn/lambda/latest/dg/current-supported-versions.html) expired.
+
+[ico-license]: https://img.shields.io/github/license/vitarn/serverless-aws-cn.svg
+[ico-npm]: https://img.shields.io/npm/v/serverless-aws-cn.svg
+[ico-build]: https://travis-ci.org/vitarn/serverless-aws-cn.svg?branch=master
+[ico-codecov]: https://codecov.io/gh/vitarn/serverless-aws-cn/branch/master/graph/badge.svg
+
+[link-license]: ./blob/master/LICENSE
+[link-npm]: https://www.npmjs.com/package/serverless-aws-cn
+[link-build]: https://travis-ci.org/vitarn/serverless-aws-cn
+[link-codecov]: https://codecov.io/gh/vitarn/serverless-aws-cn

lib/index.js

@@ -0,0 +1,77 @@
+'use strict'
+
+const chalk = require('chalk')
+
+/**
+ * Validate and tune AWS CN region config
+ * 
+ * * Assert provider.endpointType is regional
+ * * Prevent provider.environment
+ * * Prevent function.environment
+ * * Prevent function.awsKmsKeyArn
+ * * Replace YourFuncLambdaPermissionApiGateway.Properties.Principal with `apigateway.amazonaws.com`
+ * 
+ * @see https://github.com/serverless/serverless/pull/4665#issuecomment-365843810
+ */
+module.exports = function serverlessAWSCN(serverless, options) {
+    const service = serverless.service
+    const provider = service.provider
+    const name = provider.name
+    const region = options.region || provider.region || ''
+
+    const isAWSCN = name === 'aws' && region.substr(0, 3) === 'cn-'
+
+    if (!isAWSCN) return
+
+    const warn = (function (message) {
+        this.cli.consoleLog('Serverless: ' + chalk.redBright('FAILURE: ' + message))
+        return message
+    }).bind(serverless)
+
+    function fail(message) {
+        warn(message)
+        throw new Error(message)
+    }
+
+    this.hooks = {
+        'before:package:compileFunctions': function () {
+            if (provider.endpointType && provider.endpointType.toLowerCase() !== 'regional') {
+                fail(`AWS CN provider endpointType must be 'regional'!
+                    provider.endpointType: ${provider.endpointType}`)
+            }
+
+            if (provider.environment) {
+                fail(`AWS CN provider environment is not supported!
+                    provider.environment: ${provider.environment}`)
+            }
+
+            service.getAllFunctions().forEach(function (functionName) {
+                const functionObject = service.getFunction(functionName)
+
+                if (functionObject.environment) {
+                    fail(`AWS CN lambda function environment is not supported!
+                        functions.${functionName}.environment: ${functionObject.environment}`)
+                }
+
+                if (functionObject.awsKmsKeyArn) {
+                    fail(`AWS CN KMS service is not supported!
+                        functions.${functionName}.awsKmsKeyArn: ${functionObject.awsKmsKeyArn}`)
+                }
+            })
+        },
+
+        'before:aws:package:finalize:saveServiceState': function () {
+            const template = provider.compiledCloudFormationTemplate
+
+            Object.keys(template.Resources)
+                .forEach(key => {
+                    const res = template.Resources[key]
+
+                    if (res.Type === 'AWS::Lambda::Permission') {
+                        serverless.cli.log(`Replace ${key} Principal 'AWS::URLSuffix' to 'amazonaws.com'`)
+                        res.Properties.Principal['Fn::Join'][1][1] = 'amazonaws.com'
+                    }
+                })
+        },
+    }
+}

package.json

@@ -0,0 +1,23 @@
+{
+  "name": "serverless-aws-cn",
+  "version": "0.0.1",
+  "description": "Serverless plugin compatible with aws cn",
+  "main": "lib",
+  "repository": "https://github.com/vitarn/serverless-aws-cn.git",
+  "author": "colder <[email protected]>",
+  "license": "MIT",
+  "scripts": {
+    "test": "tap --cov test"
+  },
+  "dependencies": {
+    "chalk": "^2.0.0",
+    "lodash": "^4.13.1"
+  },
+  "devDependencies": {
+    "standard-version": "^4.3.0",
+    "tap": "^11.1.3"
+  },
+  "files": [
+    "lib"
+  ]
+}

test/basic.js

@@ -0,0 +1,28 @@
+const tap = require('tap')
+const Plugin = require('../lib')
+
+const test = tap.test
+
+test('do nothing if non aws cn region', t => {
+    let plugin = new Plugin({
+        service: {
+            provider: {}
+        }
+    }, {})
+
+    t.is(plugin.hooks, undefined)
+    t.end()
+})
+
+test('create plugin if in aws cn region', t => {
+    let plugin = new Plugin({
+        service: {
+            provider: {
+                name: 'aws'
+            }
+        }
+    }, { region: 'cn-north-1' })
+
+    t.ok(plugin.hooks)
+    t.end()
+})

test/compileFunctionsHook.js

@@ -0,0 +1,124 @@
+const tap = require('tap')
+const Plugin = require('../lib')
+const template = require('./template.json')
+
+const test = tap.test
+
+test('before:package:compileFunctions', t => {
+    let serverless = {
+        service: {
+            provider: {
+                name: 'aws'
+            },
+            getAllFunctions() {
+                return ['test']
+            },
+            getFunction(name) {
+                return {}
+            }
+        },
+        cli: {
+            consoleLog: () => { }
+        }
+    }
+    let options = { region: 'cn-north-1' }
+    let plugin = new Plugin(serverless, options)
+    let hook = plugin.hooks['before:package:compileFunctions']
+
+    t.notThrow(hook)
+    t.end()
+})
+
+test('provider endpointType', t => {
+    let serverless = {
+        service: {
+            provider: {
+                name: 'aws',
+                endpointType: 'edge'
+            }
+        },
+        cli: {
+            consoleLog: () => { }
+        }
+    }
+    let options = { region: 'cn-north-1' }
+    let plugin = new Plugin(serverless, options)
+    let hook = plugin.hooks['before:package:compileFunctions']
+
+    t.throws(hook, `provider endpointType must be 'regional'`)
+    t.end()
+})
+
+test('provider environment', t => {
+    let serverless = {
+        service: {
+            provider: {
+                name: 'aws',
+                environment: {}
+            }
+        },
+        cli: {
+            consoleLog: () => { }
+        }
+    }
+    let options = { region: 'cn-north-1' }
+    let plugin = new Plugin(serverless, options)
+    let hook = plugin.hooks['before:package:compileFunctions']
+
+    t.throws(hook, 'provider environment is not supported')
+    t.end()
+})
+
+test('function environment', t => {
+    let serverless = {
+        service: {
+            provider: {
+                name: 'aws'
+            },
+            getAllFunctions() {
+                return ['test']
+            },
+            getFunction(name) {
+                return {
+                    environment: {}
+                }
+            }
+        },
+        cli: {
+            consoleLog: () => { }
+        }
+    }
+    let options = { region: 'cn-north-1' }
+    let plugin = new Plugin(serverless, options)
+    let hook = plugin.hooks['before:package:compileFunctions']
+
+    t.throws(hook, 'function environment is not supported')
+    t.end()
+})
+
+test('function environment', t => {
+    let serverless = {
+        service: {
+            provider: {
+                name: 'aws'
+            },
+            getAllFunctions() {
+                return ['test']
+            },
+            getFunction(name) {
+                return {
+                    awsKmsKeyArn: 'arn:'
+                }
+            }
+        },
+        cli: {
+            consoleLog: () => { }
+        }
+    }
+    let options = { region: 'cn-north-1' }
+    let plugin = new Plugin(serverless, options)
+    let hook = plugin.hooks['before:package:compileFunctions']
+
+    t.throws(hook, 'KMS service is not supported')
+    t.end()
+})