-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ImportValue handling in existing S3 buckets #6416 #6417
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again for working on this @quassnoi 👍
We just merged our bigger refactorings into master
. As expected the merge introduced some conflicts with your PR (sorry for that).
Would it be possible to introduce support for multiple different AWS reference types (Arn, GetAtt, Ref, etc.)? We could even create a global helper function which automatically parses such usages of AWS magic (see #3212 and the SQS / SNS event source). What do you think?
@pmuens I've fixed the PR. As for the #3212 you've mentioned, I think that issue is not quite the same. The one that I'm addressing here deals with the ARN not being generated correctly from the parameter. You have #3212 is the other way around: you have the ARN on input, from a template parameter (possibly a string, possibly a CloudFormation function, possibly something else), and you want to extract the last part of this ARN. This would require implementing a full-fledged CloudFormation template parser, and ideally the real access to CloudFormation. This is somewhat out of scope of what I was trying to fix here (honestly, I just wanted to make my existing bucket events work!), but let's see what we can do with that. What if (just theorizing here) someone passes something like So why not let CloudFormation deal with that on the AWS side? Instead of trying to reimplement the CloudFormation logic, we could just use something like I'm not really familiar with whatever exactly serverless needs this name for, but unless serverless absolutely needs it as a string on the client side, there is no reason CloudFormation can't deal with it on the AWS side. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @quassnoi thanks for updating this PR 👍
I really like the simplicity! Tested it today and it works just fine
Also a big "thank you" for taking a look into the Global Arn parser idea. Apparently I missed something when reading through the PR description / title here.
What if (just theorizing here) someone passes something like Fn::Join: ["", [Fn::GetAtt: SomeExport, "MyFunction"]] and SomeExport would actually contain arn:aws:lambda:${region}:${account}:function as a hardcoded string value? CloudFormation would not have any problem with this, but to build the ARN on the serverless side you'd have to import SomeExport first which is not a trivial task and probably not something we would want to do in the first place.
So why not let CloudFormation deal with that on the AWS side? Instead of trying to reimplement the CloudFormation logic, we could just use something like Fn::Select : [ 5, Fn::Split: [":", ${arn}]], substituting whatever crazy definition the $arn has, as is, right into the template, and use if wherever we need to use the function name.
I'm not really familiar with whatever exactly serverless needs this name for, but unless serverless absolutely needs it as a string on the client side, there is no reason CloudFormation can't deal with it on the AWS side.
Yes, I agree with you. It would be way more beneficial to let AWS do the heavy lifting. Thanks for leaving some pointers here on how we could tackle that problem (I'll cross-reference your comment in the issue thread)!
What did you implement:
Closes #6416
How did you implement it:
Currently, bucket ARN for the permissions is being generated using string concatenation, even if the bucket name is not a string.
I changed the policy generating code to use
Fn::Join
if the bucket name is not a string but a CloudFormation function (or anything other than a string).If the bucket name is a string, then the ARN is still being generated using string concatenation on Serverless side (for backwards compatibility and to keep the template simpler)
How can we verify it:
, substituting the exported value from the previously created stack
Todos:
Note: Run
npm run test-ci
to run all validation checks on proposed changesValidate via
npm test
Validate via
npm run lint-updated
Note: Some reported issues can be automatically fixed by running
npm run lint:fix
Validate via
npm run prettier-check-updated
Note: All reported issues can be automatically fixed by running
npm run prettify-updated
Is this ready for review?: YES
Is it a breaking change?: NO