diff --git a/README.md b/README.md index 765eb65..788a568 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ custom: prefix: signed- # Prefix to be added to the name of the signed archive profileName: signing-profile # AWS Signing Profle name. Currently needs to be created separately signingPolicy: Enforce # Whether to disallow code updated signed improperly or just fire a warning + description: signing-description # Description of the signing profile displayed in AWS package: indvidually: true # Plugin works with both individually and commonly packaged functions @@ -52,6 +53,7 @@ All parameters except for source S3 bucket and Signing profile can be ommitted. * `signer.destination.s3.prefix` - defaults to `signed-` * `signingPolicy` - defaults to `Enforce` * `retain` - defaults to `true` +* `description` - defaults to `Not set` ## Default behavior diff --git a/index.js b/index.js index 2573eae..8a967e2 100644 --- a/index.js +++ b/index.js @@ -22,6 +22,7 @@ class ServerlessPlugin { '(e.g. "--function main or "-f secondary")', required: true, shortcut: 'f', + type: 'string', }, }, }, @@ -62,7 +63,9 @@ class ServerlessPlugin { } }, profileName: {"type": "string"}, - signingPolicy: {"type": "string"} + signingPolicy: { "type": "string" }, + description: {"type": "string"}, + retain: { "type": "boolean" }, }; const functionConfigSchemaProperties = { @@ -73,11 +76,9 @@ class ServerlessPlugin { type: 'object', properties: { signer: { - '.*': { type: 'object', properties: globalConfigSchemaProperties, additionalProperties: false - }, }, }, }); @@ -85,11 +86,9 @@ class ServerlessPlugin { serverless.configSchemaHandler.defineFunctionProperties('aws', { properties: { signer: { - '.*': { type: 'object', properties: globalConfigSchemaProperties, additionalProperties: false - }, }, }, }); @@ -112,7 +111,8 @@ class ServerlessPlugin { }, profileName: this.serverless.service.service, signingPolicy: "Enforce", - retain: true + description: 'Not set', + retain: true, } const lambda_functions = this.serverless.service.functions; @@ -187,6 +187,7 @@ class ServerlessPlugin { }, profileName: this.serverless.service.service, signingPolicy: "Enforce", + description: "Not set", retain: true } @@ -285,8 +286,9 @@ class ServerlessPlugin { // Update configuration with a version of the uploaded S3 object signItem.signerConfiguration.source.s3.version = S3Response.VersionId if (signItem.signerConfiguration.signingPolicy) { - delete signItem.signerConfiguration.signingPolicy - delete signItem.signerConfiguration.retain + delete signItem.signerConfiguration.signingPolicy; + delete signItem.signerConfiguration.retain; + delete signItem.signerConfiguration.description; } // Start signing job @@ -334,8 +336,9 @@ class ServerlessPlugin { // Update configuration with a version of the uploaded S3 object signItem.signerConfiguration.source.s3.version = S3Response.VersionId if (signItem.signerConfiguration.signingPolicy) { - delete signItem.signerConfiguration.signingPolicy - delete signItem.signerConfiguration.retain + delete signItem.signerConfiguration.signingPolicy; + delete signItem.signerConfiguration.retain; + delete signItem.signerConfiguration.description; } // Start signing job @@ -420,23 +423,23 @@ class ServerlessPlugin { for (let lambda in signerProcesses) { const profileName = signerProcesses[lambda].signerConfiguration.profileName; const signingPolicy = signerProcesses[lambda].signerConfiguration.signingPolicy; + const description = signerProcesses[lambda].signerConfiguration.description; const resourceName = normalizeResourceName(lambda) + "CodeSigningConfig"; // Copy deployment artifact to S3 - var profileArn = await signersMethods.getProfileParamByName(profileName, 'profileVersionArn', this.serverless) + var profileArn = await signersMethods.getProfileParamByName(profileName, 'profileVersionArn', this.serverless); // TODO: Remove this check with proper validation if (!profileArn) { throw new Error("Signing profile not found") } - - const signingCFTemplate=cloudFormationGenerator.codeSigningConfig(profileArn, signingPolicy) + const signingCFTemplate = cloudFormationGenerator.codeSigningConfig(profileArn, signingPolicy, description); cloudFormationResources[resourceName] = signingCFTemplate for (let resource in cloudFormationResources){ if (cloudFormationResources[resource].Type === 'AWS::Lambda::Function') { - cloudFormationResources[resource].Properties.CodeSigningConfigArn = {"Ref": resourceName} + cloudFormationResources[resource].Properties.CodeSigningConfigArn = { "Ref": resourceName }; } } } @@ -449,8 +452,8 @@ class ServerlessPlugin { for (let lambda in signerProcesses) { var signItem = signerProcesses[lambda]; if (!signItem.signerConfiguration.retain) { - await this.removeS3Bucket(signItem.signerConfiguration.source.s3.bucketName) - await this.removeS3Bucket(signItem.signerConfiguration.destination.s3.bucketName) + await this.removeS3Bucket(signItem.signerConfiguration.source.s3.bucketName); + await this.removeS3Bucket(signItem.signerConfiguration.destination.s3.bucketName); } } diff --git a/src/CloudFormationGenerator.js b/src/CloudFormationGenerator.js index a770cc5..1c4c064 100644 --- a/src/CloudFormationGenerator.js +++ b/src/CloudFormationGenerator.js @@ -1,18 +1,18 @@ -exports.codeSigningConfig = (profileArn, signingPolicy) => { +exports.codeSigningConfig = (profileArn, signingPolicy, description) => { - template={ - "Type" : "AWS::Lambda::CodeSigningConfig", - "Properties" : { - "AllowedPublishers" : { - "SigningProfileVersionArns" : [ profileArn ] - }, - "CodeSigningPolicies" : { - "UntrustedArtifactOnDeployment" : signingPolicy - }, - "Description" : "blabla" - } - } + template = { + "Type": "AWS::Lambda::CodeSigningConfig", + "Properties": { + "AllowedPublishers": { + "SigningProfileVersionArns": [profileArn] + }, + "CodeSigningPolicies": { + "UntrustedArtifactOnDeployment": signingPolicy + }, + "Description": description + } + }; - return template + return template; } \ No newline at end of file