Importing AWS Lambda function can fail to validate #2392
Comments
Fuuzetsu
added
kind/bug
|
I notice same problem with custom deployment packages. I guess it just needs to validate if |
|
Hi @Fuuzetsu and thanks for reporting this. I was able to reproduce this issue and it looks like we could improve the client side validation on these fields. |
rquitales
added
kind/enhancement
|
I have this occurring on lambda functions that were already imported and have its code deployed separately with |
|
hi @rquitales any update on this? running into the same issue. |
|
I found a workaround to this issue, for my usecase on already imported lambdas. You have to manually edit state and as long as you add something for one of the the ignore_changes keys I mentioned above, you'll be able to actually run the pulumi program again. |
mikhailshilkov
added
kind/bug
mikhailshilkov
added
the
area/import
|
Hi all, sorry you are having this issue. Currently investigating, here are exact repro steps: # __main__.py
"""An AWS Python Pulumi program"""
import pulumi
import pulumi_aws as aws
import pulumi_archive as archive
assume_role = aws.iam.get_policy_document(
statements=[
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[
aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["lambda.amazonaws.com"],
)
],
actions=["sts:AssumeRole"],
)
]
)
iam_for_lambda = aws.iam.Role("iamForLambda", assume_role_policy=assume_role.json)
lambda_ = archive.get_file(
type="zip", source_file="lambda.js", output_path="lambda_function_payload.zip"
)
test_lambda = aws.lambda_.Function(
"testLambda",
code=pulumi.FileArchive("lambda_function_payload.zip"),
role=iam_for_lambda.arn,
handler="index.test",
runtime="nodejs18.x",
environment=aws.lambda_.FunctionEnvironmentArgs(
variables={
"foo": "bar",
},
),
)
pulumi.export("lambdaArn", test_lambda.name)// lambda.js
console.log("lambda")#! /bin/sh
set -x
pulumi stack init original
pulumi up --stack original --yes
mv __main__.py __main__.original.py
eval "$(pulumi stack output --stack original --shell)"
pulumi stack init imported
pulumi import aws:lambda/function:Function mylambda "$lambdaArn" --stack imported --out __main__.py --yes
pulumi up --stack imported --yesI'm still digging into this but it looks to me like the upstream provider doesn't support specifying a lambda via a The |
|
Could you paste the code generated by |
|
Generated code: Discussion in the PR. Another thing to note is that the error message is slightly misleading - we don't have a |
|
I'm bit concerned that the import doesn't actually import the source code back at all it seems, that'd be very unfortunate. Double-checking... |
|
After discussing with the user, it sounds like they were actually using the The use case is that they configure properties of lambdas in pulumi and manage the source code outside of pulumi. They have a component resource which handles creating or importing a lambda. I am trying to repro the issue with that now. Not sure that #3371 is still relevant. |
|
#3420 contains a test which reproduces the problem. It works in 5.28, before we picked up upstream https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.51.0 with https://github.com/hashicorp/terraform-provider-aws/pull/28963/files, which introduces the Unfortunately it does not work now and #3371 does not fix it either. |
|
I dumped the GRPC logs and it looks like on the old version the provider was fine to create the lambda without any of the code-related properties: This now fails validation since, the code-related properties have The Found some relevant documentation on imports as @t0yv0 suggested: https://pulumi-developer-docs.readthedocs.io/en/latest/architecture/import.html#import-resource-option, these confirm that |
Should address #2392 We regressed in our handling of imported lambdas in 5.28, when we picked up upstream https://github.com/hashicorp/terraform-provider-aws/releases/tag/v4.51.0 with https://github.com/hashicorp/terraform-provider-aws/pull/28963/files, which introduces the `ExactlyOneOf` constraints in the lambda resource. This PR reverts the upstream `ExactlyOneOf` constraints and replaces them with the previously applied `ConflictsWith`. This in turn allows imports of lambdas via `pulumi import` and the `import` resource option to work properly. I've added a GRPC test for a lambda imported via `pulumi import` as well as an integration test for a lambda imported via the `import` resource option and a test which checks that we still fail to create lambdas without any code-related properties (which should be the only case that now passes the validation step which previously didn't). Note that this slightly worsens the behaviour in the case when none of the code-related properties are specified. Previously that'd tirgger a failure during `Check` and print a sensible error message but now we will fail during `Create` with the following much less legible error: ``` aws:lambda:Function (testLambda): error: 1 error occurred: * creating Lambda Function (testLambda-e9e5e22): operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: 88b5f9d7-42d6-4a3b-becc-96cdf954f596, api error ValidationException: 2 validation errors detected: Value '' at 'code.s3Key' failed to satisfy constraint: Member must have length greater than or equal to 1; Value '' at 'code.s3Bucket' failed to satisfy constraint: Member must have length greater than or equal to 3 ``` I don't see a sensible way around it though and I think the change is still worthwhile. Summary of effects: | | <5.28 | 5.28-6.22 | This PR | | :------------- | :-------: | :----:| :-------:| | pulumi import | works? | doesn't work | works| | import option | works |doesn't work | works| | no code lambda| errors during update?| errors during validation | errors during update | | other lambdas| works| works | works |
|
This was fixed in #3420 and released in https://github.com/pulumi/pulumi-aws/releases/tag/v6.22.2 Please let us know if you are still having trouble with this. |
What happened?
I ran the below. It is some existing Lambda function we had since our terraform days that has been imported into pulumi. I've updated pulumi and now it fails to work.
Expected Behavior
It should not complain as long as there is
sourceCodeHashI guess.Steps to reproduce
I think one has to create a Lambda function in some non-pulumi way (such as in AWS console or terraform) with inline code (i.e. not pointing to S3 or OCI) then try to import it into pulumi.
Output of
pulumi aboutAdditional context
Used to work fine in pulumi 3.3 or so, just trying to upgrade...
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: