Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is Marshmellow<3 required to function? #101

Open
benjamin-hering opened this issue Sep 20, 2019 · 4 comments
Open

Is Marshmellow<3 required to function? #101

benjamin-hering opened this issue Sep 20, 2019 · 4 comments

Comments

@benjamin-hering
Copy link

I've started messing around with spinning up BLESS internally, but after a few iterations I got stuck on the following error popping up when I ran the lambda:

{
  "errorMessage": "__init__() got an unexpected keyword argument 'strict'",
  "errorType": "TypeError",
  "stackTrace": [
    "  File \"/var/task/bless_lambda_user.py\", line 68, in lambda_handler_user\n    schema = BlessUserSchema(strict=True)\n"
  ]
}

Anyway after a bunch of random Google-fu and stumbling through code. I ran across this comment by Jeremy Stott:

Screen Shot 2019-09-20 at 3 00 50 PM

So (like any trained security professional) I simply blindly followed suggestions from random internet comments to try and get what I hope to be a critical security control for my org to work. Low and behold it works! s/'marshmallow',/'marshmallow<3',/ got things back to a happy state. Here's my current setup.py

import os

from setuptools import setup, find_packages

ROOT = os.path.realpath(os.path.join(os.path.dirname(__file__)))

about = {}
with open(os.path.join(ROOT, "bless", "__about__.py")) as f:
    exec(f.read(), about)

setup(
    name=about["__title__"],
    version=about["__version__"],
    author=about["__author__"],
    author_email=about["__email__"],
    url=about["__uri__"],
    description=about["__summary__"],
    license=about["__license__"],
    packages=find_packages(exclude=["test*"]),
    install_requires=[
        'boto3',
        'cryptography',
        'ipaddress',
        'marshmallow<3',
        'kmsauth'
    ],
    extras_require={
        'tests': [
            'coverage',
            'flake8',
            'pyflakes',
            'pytest',
            'pytest-mock'
        ]
    }
)

I've just started to familiarize myself with Bless, so I feel like I'm pretty strongly lacking in context for the full implications of this change here. Is this workaround of pinning to an earlier version of marshmellow the correct way forward?
@benjamin-hering
Copy link
Author

Ah, interesting. Looks like there's already a PR that would similarly solve my particular issue already in the works: https://github.com/Netflix/bless/pull/99/files

@ghost
Copy link

ghost commented Sep 28, 2019

Same here, thanks for this, it works

@PastNullInfinity
Copy link

@benjamin-hering I'm the guy that posed the question, glad that it helped.

And yes, This PR fixes completely the issue, if we could fast-track the approval it would be great, also because as it stands the Lambda is broken and will not work at all without that fix.

@stoggi
Copy link

stoggi commented Nov 4, 2019

So (like any trained security professional) I simply blindly followed suggestions from random internet comments to try and get what I hope to be a critical security control for my org to work.

😂 haha so relatable.

gdamjan-h4 pushed a commit to TokyoFarmer/bless that referenced this issue May 13, 2020
@gdamjan
fix issue Netflix#101
3d3ff38 
Netflix#101

wrong marshmallow was installed in the lambda zip file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stoggi @benjamin-hering @PastNullInfinity