New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DX: Throw if missing RoleName in Custom function role #8219
Conversation
If rolename missing this passes through `undefined` and single `sls deploy -f funcNames` fail ``` Serverless: [AWS lambda 400 0.417s 0 retries] updateFunctionConfiguration({ FunctionName: 'service-dev-addNewUser', Description: 'Add user test function. Gated by imported Managed policy', Handler: 'examples/new-user.handler', Role: 'arn:aws:iam::01200101001:role/undefined' }) ```
Codecov Report
@@ Coverage Diff @@
## master #8219 +/- ##
==========================================
- Coverage 88.16% 88.16% -0.01%
==========================================
Files 248 250 +2
Lines 9430 9393 -37
==========================================
- Hits 8314 8281 -33
+ Misses 1116 1112 -4
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DavidWells great thanks for stepping in. Still it's not clear to me what exactly why is the issue.
Why exactly we should require RoleName
to be defined on custom defined role? (It's not required on AWS side)
Also note that change you propose introduce ReferenceError
(roleProperties
variable is used before it actually is defined)
Without a
Example yml to reproduce. If you remove service: xyz
provider:
name: aws
runtime: nodejs12.x
functions:
# Function with role assigned
myFunc:
handler: func.handler
role: { Fn::GetAtt: [ MyCustomRole, Arn ] }
resources:
Resources:
MyCustomRole:
Type: AWS::IAM::Role
Properties:
RoleName: MyCustomRole-${self:provider.stage}
Description: IAM function for function
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole |
Great thanks @DavidWells for explanations, all clear now! Intention looks legitimate. Still patch is placed at wrong line (producing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @DavidWells !
If
RoleName
is missing in a custom function role this passes throughundefined
and singlesls deploy -f funcName
fails with a hard to decipher error:After turning on SLS_DEBUG I found the issue where the IAM role name was
undefined
This PR will throw an error if this value is missing (aka
undefined
) & theupdateFunctionConfiguration
won't be called with incorrect values