search

anantab / serverless-plugin-ifelse

A Serverless Plugin to write If Else conditions in serverless YAML file
69 stars 19 forks source link

Removing array items leaves nulls in cf json file #44

Open akzincsystems opened 3 months ago

akzincsystems commented 3 months ago

Given I have a function definition:

functions:
  DataEnricher:
    iamRoleStatements:
      - Effect: Allow
        Action:
          - apigateway:GET
        Resource:
          - !Sub 'arn:aws:apigateway:${AWS::Region}::/foobar*'
      - Effect: Allow
        Action:
          - ssm:GetParameter
          - ssm:GetParametersByPath
        Resource:
          - Fn::Sub: 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/foo/bar'
          - Fn::Sub: 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/foo/bar*'
      - Effect: Allow
        Action:
          - lambda:InvokeFunction
        Resource: ${cf:my-service.MyServiceLambdaArn, ''}

and I have an serverlessIfElse recipe:

custom:
  env: ${env:SLS_ENV, 'development'}
  serverlessIfElse:
    - If: '"${self:custom.env}" == "staging"'
      Exclude:
        - functions.DataEnricher.iamRoleStatements.1
        - functions.DataEnricher.iamRoleStatements.2

The plugin will remove the 2 IAM statements if custom.env == 'staging' BUT leaves null in their place: from cloudformation-template-update-stack.json, irrelevant parts omitted:

[
    "DataEnricherIamRoleLambdaExecution": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "lambda.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Policies": [
          {
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "apigateway:GET"
                  ],
                  "Resource": [
                    {
                      "Fn::Sub": "arn:aws:apigateway:${AWS::Region}::/foobar*"
                    }
                  ]
                },
                null,
                null
              ]
            }
          }

]

This breaks deployments with error:

The CloudFormation template is invalid: [/Resources/DataEnricherIamRoleLambdaExecution/Type/Policies/0/PolicyDocument/Statement/3] 'null' values are not allowed in templates

akzincsystems commented 3 months ago

There is already a PR to fix this: 42. It's been sitting around for some time. Can it be merged?