Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[lambda_event] Aws SSO with function Name Invalid ARN #1859

Closed
1 task done
rvResolving opened this issue Nov 15, 2023 · 1 comment · Fixed by #1970
Closed
1 task done

[lambda_event] Aws SSO with function Name Invalid ARN #1859

rvResolving opened this issue Nov 15, 2023 · 1 comment · Fixed by #1970
Assignees
@abikouo
Labels
bug This issue/PR relates to a bug jira

Comments

@rvResolving
Copy link

Summary

As we can only pass function name and not arn like i see in documentation we can't deploy using AWS sso because the creation of the ARN from the function name say Validation Error:

[lambda_event](fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error retrieving stream event notification configuration: An error occurred (ValidationException) when calling the ListEventSourceMappings operation: 1 validation error detected: Value 'arn:aws:lambda:eu-west-3::function:function-name' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?"})

Issue Type

Bug Report

Component Name

lambda_event

Ansible Version

$ ansible --version
ansible [core 2.13.13]
  config file = None
  configured module search path = ['/home/rvolpi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages/ansible
  ansible collection location = /home/rvolpi/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]
  jinja version = 3.1.2
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /home/rvolpi/.ansible/collections/ansible_collections
Collection               Version
------------------------ -------
amazon.aws               7.0.0  
ansible.posix            1.5.4  
community.aws            7.0.0  
community.crypto         2.15.0 
community.general        8.0.2  
community.mysql          3.7.2  
community.vmware         4.0.0  
devsec.hardening         8.8.0  
serdigital64.application 2.1.1  
serdigital64.automation  3.2.2  
serdigital64.backup      2.1.1  
serdigital64.development 2.1.2  
serdigital64.devops      2.1.3  
serdigital64.security    2.1.2  
serdigital64.system      2.1.2  

# /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0  
ansible.netcommon             3.1.3  
ansible.posix                 1.4.0  
ansible.utils                 2.8.0  
ansible.windows               1.12.0 
arista.eos                    5.0.1  
awx.awx                       21.10.0
azure.azcollection            1.14.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.3.1  
cisco.aci                     2.3.0  
cisco.asa                     3.1.0  
cisco.dnac                    6.6.1  
cisco.intersight              1.0.22 
cisco.ios                     3.3.2  
cisco.iosxr                   3.3.1  
cisco.ise                     2.5.9  
cisco.meraki                  2.13.0 
cisco.mso                     2.1.0  
cisco.nso                     1.0.3  
cisco.nxos                    3.2.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.3  
community.aws                 3.6.0  
community.azure               1.1.0  
community.ciscosmb            1.0.5  
community.crypto              2.9.0  
community.digitalocean        1.22.0 
community.dns                 2.4.2  
community.docker              2.7.3  
community.fortios             1.0.0  
community.general             5.8.3  
community.google              1.0.0  
community.grafana             1.5.3  
community.hashi_vault         3.4.0  
community.hrobot              1.6.0  
community.libvirt             1.2.0  
community.mongodb             1.4.2  
community.mysql               3.5.1  
community.network             4.0.2  
community.okd                 2.2.0  
community.postgresql          2.3.1  
community.proxysql            1.4.0  
community.rabbitmq            1.2.3  
community.routeros            2.5.0  
community.sap                 1.0.0  
community.sap_libs            1.4.0  
community.skydive             1.0.0  
community.sops                1.5.0  
community.vmware              2.10.2 
community.windows             1.11.1 
community.zabbix              1.9.0  
containers.podman             1.10.1 
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.14 
dellemc.enterprise_sonic      1.1.2  
dellemc.openmanage            5.5.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.21.0 
fortinet.fortimanager         2.1.7  
fortinet.fortios              2.2.1  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.9.0  
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.10.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.4.1  
inspur.ispim                  1.2.0  
inspur.sm                     2.3.0  
junipernetworks.junos         3.1.0  
kubernetes.core               2.3.2  
lowlydba.sqlserver            1.2.0  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.21.0
netapp.elementsw              21.7.0 
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.1  
netbox.netbox                 3.9.0  
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.2  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.4.1  
purestorage.flasharray        1.15.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.2.0  
sensu.sensu_go                1.13.1 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.31.4 
theforeman.foreman            3.7.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.3.1  
vyos.vyos                     3.0.1  
wti.remote                    1.0.4

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: mitch@garnaat.com
License: MIT
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: 
Required-by: 
---
Name: boto3
Version: 1.29.0
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: checkov, cloudsplaining
---
Name: botocore
Version: 1.32.0
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, cloudsplaining, s3transfer

Configuration

$ ansible-config dump --only-changed
(None)

OS / Environment

Ubuntu 22.04

Steps to Reproduce

Using AWS SSO Systeme

  community.aws.lambda_event:
    region: "{{ region }}"
    profile: '{{ profile }}'
    state: present
    event_source: sqs
    function_name: "function-name"
    source_params:
      source_arn: "{{ queue_arn }}"
      enabled: True

Expected Results

TASK [functions : map queue events to lambda] **********************************
ok: [localhost]

Actual Results

TASK [functions : map queue events to lambda] **********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error retrieving stream event notification configuration: An error occurred (ValidationException) when calling the ListEventSourceMappings operation: 1 validation error detected: Value 'arn:aws:lambda:eu-west-3::function:function-name' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?"}

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@hakbailey hakbailey added needs_verified Some one might want to take a look at this and reproduce it to confirm jira and removed needs_triage labels Nov 21, 2023
@abikouo abikouo self-assigned this Feb 8, 2024
@abikouo abikouo mentioned this issue Feb 9, 2024
Merged
@abikouo
Copy link
Contributor

abikouo commented Feb 9, 2024

@rvResolving The pull request #1970 update the module adding the call the get_function API to build the function ARN.
However, just so you know, you can specify the function name as ARN with the current version.
Please test and give feedback. Thanks

@abikouo abikouo added bug This issue/PR relates to a bug and removed needs_verified Some one might want to take a look at this and reproduce it to confirm labels Feb 9, 2024
softwarefactory-project-zuul bot pushed a commit that referenced this issue Feb 21, 2024
@abikouo
Fixing issue when lambda function name is specified and the user is u…
275b736 
…sing AWS SSO (#1970)

[lambda_event] Fix issue when function name is specified and user is using AWS SSO

SUMMARY

Fixes #1859
When the user specifies function name (not ARN), the module builds the using the AWS account identifier, however as this information is missing when using AWS SSO, the function ARN results in an invalid string.
This fix introduces the get_function API to retrieve the function ARN.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

lambda_event

Reviewed-by: Helen Bailey <hebailey@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abikouo abikouo

Labels
bug This issue/PR relates to a bug jira
Projects
None yet
Milestone
No milestone
3 participants
@hakbailey @rvResolving @abikouo