Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(lambda-event-sources): cannot add sqs event source to an imported function #21970

Merged
merged 3 commits into from
Sep 9, 2022
Merged

fix(lambda-event-sources): cannot add sqs event source to an imported function #21970

merged 3 commits into from
Sep 9, 2022

Conversation

corymhall
Copy link
Contributor

If an SQS event sources is added to an imported function it will throw an error if the function is not imported with an IAM role.

This PR updates the logic to only attempt to add permissions to the principal if the role exists, otherwise it will add a warning indicating that permissions were not added.

fixes #12607


All Submissions:

Adding new Unconventional Dependencies:

  • This PR adds new unconventional dependencies following the process described here

New Features

  • Have you added the new feature to an integration test?
    • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

… function

If an SQS event sources is added to an imported function it will throw
an error if the function is not imported with an IAM role.

This PR updates the logic to only attempt to add permissions to the
principal if the role exists, otherwise it will add a warning indicating
that permissions were not added.

fixes #12607
@gitpod-io
Copy link

gitpod-io bot commented Sep 8, 2022

@aws-cdk-automation aws-cdk-automation requested a review from a team September 8, 2022 18:17
@github-actions github-actions bot added bug This issue is a bug. effort/medium Medium work item – several days of effort p1 labels Sep 8, 2022
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Sep 8, 2022
Comment on lines +84 to +85
Annotations.of(target).addWarning(`Function '${target.node.path}' was imported without an IAM role `+
`so it was not granted access to consume messages from '${this.queue.node.path}'`);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is already causing an error to be thrown on synth, what is the benefit of adding a warning as well? Aren't these emitted on synth as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the grantConsumeMessages that causes an error to be thrown. So this PR essentially changes the error to a warning.

@mergify
Copy link
Contributor

mergify bot commented Sep 9, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: e7a2ca9
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Sep 9, 2022

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit c33bb81 into aws:main Sep 9, 2022
@corymhall corymhall deleted the corymhall/lambda-sources/fix-queue branch September 9, 2022 13:38
Kruspe pushed a commit to DavidSchwarz2/aws-cdk that referenced this pull request Sep 13, 2022
… function (aws#21970)

If an SQS event sources is added to an imported function it will throw an error if the function is not imported with an IAM role.

This PR updates the logic to only attempt to add permissions to the principal if the role exists, otherwise it will add a warning indicating that permissions were not added.

fixes aws#12607


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue is a bug. contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort p1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(iam): cdk synth Throws Error When Adding SQS Event Source to Imported Lambda Function
3 participants