@adobe/helix-deploy 11.0.4 → 11.0.6

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [11.0.6](https://github.com/adobe/helix-deploy/compare/v11.0.5...v11.0.6) (2024-02-24)
+
+
+### Bug Fixes
+
+* **deps:** update external fixes ([#671](https://github.com/adobe/helix-deploy/issues/671)) ([3731730](https://github.com/adobe/helix-deploy/commit/373173029b1d7457361dd7197d5113ec2f4733c4))
+
+## [11.0.5](https://github.com/adobe/helix-deploy/compare/v11.0.4...v11.0.5) (2024-02-20)
+
+
+### Bug Fixes
+
+* **aws:** allow extra permissions to optionally include an alias ([#666](https://github.com/adobe/helix-deploy/issues/666)) ([bed38d3](https://github.com/adobe/helix-deploy/commit/bed38d3732de306827712f627520127d0a2a1f35))
+
 ## [11.0.4](https://github.com/adobe/helix-deploy/compare/v11.0.3...v11.0.4) (2024-02-17)
 
 

package/README.md

@@ -132,7 +132,7 @@ AWS Deployment Options
       --aws-log-format            The lambda log format. Can be either "JSON" or "Text". [string]
       --aws-layers                List of layers ARNs to attach to the lambda function.  [array]
       --aws-tracing-mode          The lambda tracing mode. Can be either "Active" or "PassThrough". [string]
-      --aws-extra-permissions     A list of additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>. [array]
+      --aws-extra-permissions     A list of additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>. Optionally, you can use <SourceARN>@<Principal>:<Alias> if you want to scope the permission to a specific alias. [array]
       --aws-tags                  A list of additional tags to attach to the lambda function in the form key=value. To remove a tag, use key= (i.e. without a value).[array]
 
 Google Deployment Options

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-deploy",
-  "version": "11.0.4",
+  "version": "11.0.6",
   "description": "Library and Commandline Tools to build and deploy OpenWhisk Actions",
   "license": "Apache-2.0",
   "homepage": "https://github.com/adobe/helix-deploy#readme",
@@ -40,13 +40,13 @@
     "@adobe/fastly-native-promises": "3.0.6",
     "@adobe/fetch": "4.1.1",
     "@adobe/helix-shared-process-queue": "3.0.1",
-    "@aws-sdk/client-apigatewayv2": "3.515.0",
-    "@aws-sdk/client-lambda": "3.516.0",
-    "@aws-sdk/client-s3": "3.515.0",
-    "@aws-sdk/client-secrets-manager": "3.515.0",
-    "@aws-sdk/client-ssm": "3.515.0",
-    "@aws-sdk/client-sts": "3.515.0",
-    "@fastly/js-compute": "3.8.2",
+    "@aws-sdk/client-apigatewayv2": "3.521.0",
+    "@aws-sdk/client-lambda": "3.521.0",
+    "@aws-sdk/client-s3": "3.521.0",
+    "@aws-sdk/client-secrets-manager": "3.521.0",
+    "@aws-sdk/client-ssm": "3.521.0",
+    "@aws-sdk/client-sts": "3.521.0",
+    "@fastly/js-compute": "3.8.3",
     "@google-cloud/functions": "3.2.0",
     "@google-cloud/secret-manager": "5.1.0",
     "@google-cloud/storage": "7.7.0",
@@ -58,14 +58,14 @@
     "archiver": "6.0.1",
     "chalk-template": "1.1.0",
     "constants-browserify": "1.0.0",
-    "dotenv": "16.4.4",
+    "dotenv": "16.4.5",
     "form-data": "4.0.0",
     "fs-extra": "11.2.0",
-    "isomorphic-git": "1.25.5",
+    "isomorphic-git": "1.25.6",
     "openwhisk": "3.21.8",
     "semver": "7.6.0",
     "tar": "6.2.0",
-    "webpack": "5.90.2",
+    "webpack": "5.90.3",
     "yargs": "17.7.2"
   },
   "devDependencies": {
@@ -75,15 +75,15 @@
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "c8": "9.1.0",
-    "eslint": "8.56.0",
+    "eslint": "8.57.0",
     "husky": "9.0.11",
     "lint-staged": "15.2.2",
     "mocha": "10.3.0",
     "mocha-junit-reporter": "2.2.1",
     "mocha-multi-reporters": "1.5.1",
-    "nock": "13.5.1",
+    "nock": "13.5.3",
     "semantic-release": "22.0.12",
-    "yauzl": "2.10.0"
+    "yauzl": "3.1.0"
   },
   "engines": {
     "node": ">=12.0"

package/src/deploy/AWSConfig.js

@@ -255,7 +255,7 @@ export default class AWSConfig {
         type: 'string',
       })
       .option('aws-extra-permissions', {
-        description: 'A list of additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>.',
+        description: 'A list of additional invoke permissions to add to the lambda function in the form <SourceARN>@<Principal>. Optionally, you can use <SourceARN>@<Principal>:<Alias> if you want to scope the permission to a specific alias.',
         type: 'string',
         array: true,
       })

package/src/deploy/AWSDeployer.js

@@ -1044,16 +1044,19 @@ export default class AWSDeployer extends BaseDeployer {
 
     if (this._cfg.extraPermissions) {
       await Promise.allSettled(this._cfg.extraPermissions.map(async (extraPermission) => {
-        const [sourceArn, principal] = extraPermission.split('@', 2);
+        const [sourceArn, principalAndOptionalAlias] = extraPermission.split('@', 2);
+        const [principal, alias] = principalAndOptionalAlias.split(':', 2);
+        const functionNameForPermission = alias ? `${functionName}:${alias}` : functionName;
+
         try {
           await this._lambda.send(new AddPermissionCommand({
-            FunctionName: functionName,
+            FunctionName: functionNameForPermission,
             Action: 'lambda:InvokeFunction',
             SourceArn: sourceArn,
             Principal: principal,
             StatementId: crypto.createHash('sha256').update(functionName + sourceArn).digest('hex'),
           }));
-          this.log.info(chalk`{green ok:} added invoke permissions for ${sourceArn}`);
+          this.log.info(chalk`{green ok:} added invoke permissions for ${sourceArn} on ${functionNameForPermission}`);
         } catch (e) {
           // ignore, most likely the permission already exists
         }