NEWKYCSIX-1119: Adding layers to lambda module

main.tf

@@ -15,6 +15,7 @@ resource "aws_lambda_function" "lambda_function" {
   reserved_concurrent_executions = var.reserved_concurrent_executions
   tags                           = var.tags
   package_type                   = var.image_uri != "" ? "Image" : "Zip"
+  layers                         = var.layers
 
   vpc_config {
     subnet_ids         = var.subnet_ids

test/files/create_lambda.json

@@ -109,7 +109,7 @@
                     "image_config": [],
                     "image_uri": null,
                     "kms_key_arn": null,
-                    "layers": null,
+                    "layers": [],
                     "memory_size": 128,
                     "package_type": "Zip",
                     "publish": false,
@@ -139,6 +139,7 @@
                     "image_config": [],
                     "invoke_arn": true,
                     "last_modified": true,
+                    "layers": [],
                     "qualified_arn": true,
                     "role": true,
                     "signing_job_arn": true,

test/files/create_lambda_container.json

@@ -109,7 +109,7 @@
                     "image_config": [],
                     "image_uri": "image",
                     "kms_key_arn": null,
-                    "layers": null,
+                    "layers": [],
                     "memory_size": 128,
                     "package_type": "Image",
                     "publish": false,
@@ -139,6 +139,7 @@
                     "image_config": [],
                     "invoke_arn": true,
                     "last_modified": true,
+                    "layers": [],
                     "qualified_arn": true,
                     "role": true,
                     "signing_job_arn": true,

test/files/create_lambda_in_vpc.json

@@ -131,7 +131,7 @@
                     "image_config": [],
                     "image_uri": null,
                     "kms_key_arn": null,
-                    "layers": null,
+                    "layers": [],
                     "memory_size": 128,
                     "package_type": "Zip",
                     "publish": false,
@@ -167,6 +167,7 @@
                     "image_config": [],
                     "invoke_arn": true,
                     "last_modified": true,
+                    "layers": [],
                     "qualified_arn": true,
                     "role": true,
                     "signing_job_arn": true,

test/files/create_lambda_with_layers.json

@@ -0,0 +1,160 @@
+{
+    "resource_changes": [
+        {
+            "address": "module.lambda.aws_cloudwatch_log_group.lambda_loggroup",
+            "module_address": "module.lambda",
+            "mode": "managed",
+            "type": "aws_cloudwatch_log_group",
+            "name": "lambda_loggroup",
+            "provider_name": "aws",
+            "change": {
+                "actions": [
+                    "create"
+                ],
+                "before": null,
+                "after": {
+                    "kms_key_id": null,
+                    "name": "/aws/lambda/check_lambda_function",
+                    "name_prefix": null,
+                    "retention_in_days": 7,
+                    "tags": null
+                },
+                "after_unknown": {
+                    "arn": true,
+                    "id": true
+                }
+            }
+        },
+        {
+            "address": "module.lambda.aws_iam_role.iam_for_lambda",
+            "module_address": "module.lambda",
+            "mode": "managed",
+            "type": "aws_iam_role",
+            "name": "iam_for_lambda",
+            "provider_name": "aws",
+            "change": {
+                "actions": [
+                    "create"
+                ],
+                "before": null,
+                "after": {
+                    "assume_role_policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": \"lambda.amazonaws.com\"\n      },\n      \"Effect\": \"Allow\"\n    }\n  ]\n}\n",
+                    "description": null,
+                    "force_detach_policies": false,
+                    "max_session_duration": 3600,
+                    "name_prefix": "check_lambda_function",
+                    "path": "/",
+                    "permissions_boundary": null,
+                    "tags": null
+                },
+                "after_unknown": {
+                    "arn": true,
+                    "create_date": true,
+                    "id": true,
+                    "inline_policy": true,
+                    "managed_policy_arns": true,
+                    "name": true,
+                    "unique_id": true
+                }
+            }
+        },
+        {
+            "address": "module.lambda.aws_iam_role_policy.lambda_policy",
+            "module_address": "module.lambda",
+            "mode": "managed",
+            "type": "aws_iam_role_policy",
+            "name": "lambda_policy",
+            "provider_name": "aws",
+            "change": {
+                "actions": [
+                    "create"
+                ],
+                "before": null,
+                "after": {
+                    "name": "policy",
+                    "name_prefix": null,
+                    "policy": "{\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": \"arn:aws:logs:*:*:*\"\n    }\n  ]\n}\n"
+                },
+                "after_unknown": {
+                    "id": true,
+                    "role": true
+                }
+            }
+        },
+        {
+            "address": "module.lambda.aws_lambda_function.lambda_function",
+            "module_address": "module.lambda",
+            "mode": "managed",
+            "type": "aws_lambda_function",
+            "name": "lambda_function",
+            "provider_name": "aws",
+            "change": {
+                "actions": [
+                    "create"
+                ],
+                "before": null,
+                "after": {
+                    "code_signing_config_arn": null,
+                    "dead_letter_config": [],
+                    "description": null,
+                    "environment": [
+                        {
+                            "variables": null
+                        }
+                    ],
+                    "file_system_config": [],
+                    "filename": null,
+                    "function_name": "check_lambda_function",
+                    "handler": "some_handler",
+                    "image_config": [],
+                    "image_uri": null,
+                    "kms_key_arn": null,
+                    "layers": [ "arn:aws:lambda:eu-west-1:aws:r1" ],
+                    "memory_size": 128,
+                    "package_type": "Zip",
+                    "publish": false,
+                    "reserved_concurrent_executions": -1,
+                    "runtime": "python3.7",
+                    "s3_bucket": "cdflow-lambda-releases",
+                    "s3_key": "s3key.zip",
+                    "s3_object_version": null,
+                    "tags": null,
+                    "timeout": 3,
+                    "timeouts": null,
+                    "vpc_config": [
+                        {
+                            "security_group_ids": null,
+                            "subnet_ids": null
+                        }
+                    ]
+                },
+                "after_unknown": {
+                    "arn": true,
+                    "dead_letter_config": [],
+                    "environment": [
+                        {}
+                    ],
+                    "file_system_config": [],
+                    "id": true,
+                    "image_config": [],
+                    "invoke_arn": true,
+                    "last_modified": true,
+                    "layers": [ false ],
+                    "qualified_arn": true,
+                    "role": true,
+                    "signing_job_arn": true,
+                    "signing_profile_version_arn": true,
+                    "source_code_hash": true,
+                    "source_code_size": true,
+                    "tracing_config": true,
+                    "version": true,
+                    "vpc_config": [
+                        {
+                            "vpc_id": true
+                        }
+                    ]
+                }
+            }
+        }
+    ]
+}

test/files/create_lambda_with_reserved_concurrent_executions.json

@@ -109,7 +109,7 @@
                     "image_config": [],
                     "image_uri": null,
                     "kms_key_arn": null,
-                    "layers": null,
+                    "layers": [],
                     "memory_size": 128,
                     "package_type": "Zip",
                     "publish": false,
@@ -139,6 +139,7 @@
                     "image_config": [],
                     "invoke_arn": true,
                     "last_modified": true,
+                    "layers": [],
                     "qualified_arn": true,
                     "role": true,
                     "signing_job_arn": true,

test/files/create_lambda_with_tags.json

@@ -109,7 +109,7 @@
                     "image_config": [],
                     "image_uri": null,
                     "kms_key_arn": null,
-                    "layers": null,
+                    "layers": [],
                     "memory_size": 128,
                     "package_type": "Zip",
                     "publish": false,
@@ -142,6 +142,7 @@
                     "image_config": [],
                     "invoke_arn": true,
                     "last_modified": true,
+                    "layers": [],
                     "qualified_arn": true,
                     "role": true,
                     "signing_job_arn": true,

test/infra/main.tf

@@ -27,6 +27,7 @@ module "lambda" {
   security_group_ids             = var.security_group_ids
   reserved_concurrent_executions = var.reserved_concurrent_executions
   tags                           = var.tags
+  layers                         = var.layers
 }
 
 variable "subnet_ids" {
@@ -58,6 +59,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "layers" {
+  type        = list(string)
+  description = "ARNs of the layers to attach to the lambda function in order"
+  default     = []
+}
+
 output "lambda_function_arn" {
   value = module.lambda.lambda_arn
 }

test/test_lambda.py

@@ -133,3 +133,25 @@ def test_create_lambda_with_tags(self):
             'create_lambda_with_tags',
             resource_changes
         )
+
+    def test_create_lambda_with_layers(self):
+        # Given When
+        check_call([
+            'terraform',
+            'plan',
+            '-out=plan.out',
+            '-var', 'layers=["arn:aws:lambda:eu-west-1:aws:r1"]',
+            '-no-color',
+            'test/infra'
+        ])
+
+        resource_changes = self.get_resource_changes()
+
+        # Then
+        assert len(resource_changes) == 4
+        self.assert_resource_changes_action(resource_changes, 'create', 4)
+        self.assert_resource_changes(
+            'create_lambda_with_layers',
+            resource_changes
+        )    
+

variables.tf

@@ -93,3 +93,9 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "layers" {
+  type        = list(string)
+  description = "ARNs of the layers to attach to the lambda function in order"
+  default     = []
+}