Skip to content

Commit b25dcbb

Browse files
a-hilalya-hilaly
committed
Prevent the controller from calling GetFunctionCodeSigningConfig when a functions packageType is Image
Functions code signing config should only be called when a function is created using an s3bucket and a key. Functions created using a container image cannot get a code signing configuration.
1 parent 1c4761e commit b25dcbb

File tree

15 files changed

+229
-36
lines changed

15 files changed

+229
-36
lines changed

apis/v1alpha1/ack-generate-metadata.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
ack_generate_info:
2-
build_date: "2022-03-31T20:47:20Z"
3-
build_hash: c4516f46370293aa38f56d01393b7216f5902886
4-
go_version: go1.17.5
5-
version: v0.18.2
2+
build_date: "2022-05-06T16:31:27Z"
3+
build_hash: 141cb9db73f881228ea20e572de3ba9df19d5b6f
4+
go_version: go1.18.1
5+
version: v0.18.4-4-g141cb9d-dirty
66
api_directory_checksum: a704674d4df0400198d5a11035a2099240bccf80
77
api_version: v1alpha1
88
aws_sdk_go_version: v1.42.0
99
generator_config_info:
10-
file_checksum: f04b298afa1fd7fd3980226d52412de9ca1523d4
10+
file_checksum: 64116ddc3a8abec393a5e08aaff75b6a7d848ad0
1111
original_file_name: generator.yaml
1212
last_modification:
1313
reason: API generation

apis/v1alpha1/generator.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ ignore:
88
- LayerList
99
resources:
1010
Function:
11+
exceptions:
12+
terminal_codes:
13+
- InvalidParameterValueException
1114
fields:
1215
Name:
1316
is_primary_key: true

cmd/controller/main.go

Lines changed: 8 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

generator.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@ ignore:
88
- LayerList
99
resources:
1010
Function:
11+
exceptions:
12+
terminal_codes:
13+
- InvalidParameterValueException
1114
fields:
1215
Name:
1316
is_primary_key: true

go.mod

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,11 @@ require (
1313
sigs.k8s.io/controller-runtime v0.11.0
1414
)
1515

16+
replace github.com/aws-controllers-k8s/runtime => ../runtime
17+
1618
require (
1719
github.com/beorn7/perks v1.0.1 // indirect
20+
github.com/cenkalti/backoff/v4 v4.1.2 // indirect
1821
github.com/cespare/xxhash/v2 v2.1.1 // indirect
1922
github.com/davecgh/go-spew v1.1.1 // indirect
2023
github.com/evanphx/json-patch v4.12.0+incompatible // indirect

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,6 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
6464
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
6565
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
6666
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
67-
github.com/aws-controllers-k8s/runtime v0.18.1 h1:eHmW7ObuGqnz/QpOKnZqHY2QuZmk8uROyXOvqKc7WjY=
68-
github.com/aws-controllers-k8s/runtime v0.18.1/go.mod h1:pK+LlQRxxWKC9mRHnGz8/WRI8Dcvjg4ZGmK8rVwb51Y=
6967
github.com/aws/aws-sdk-go v1.42.0 h1:BMZws0t8NAhHFsfnT3B40IwD13jVDG5KerlRksctVIw=
7068
github.com/aws/aws-sdk-go v1.42.0/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
7169
github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
@@ -79,6 +77,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
7977
github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
8078
github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
8179
github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
80+
github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
81+
github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
8282
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
8383
github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=
8484
github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA=

pkg/resource/alias/sdk.go

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/resource/code_signing_config/sdk.go

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/resource/event_source_mapping/sdk.go

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/resource/function/hooks.go

Lines changed: 25 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,15 @@ import (
1818
"errors"
1919
"time"
2020

21-
svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1"
2221
ackcompare "github.com/aws-controllers-k8s/runtime/pkg/compare"
22+
ackrtcondition "github.com/aws-controllers-k8s/runtime/pkg/condition"
2323
ackrequeue "github.com/aws-controllers-k8s/runtime/pkg/requeue"
2424
ackrtlog "github.com/aws-controllers-k8s/runtime/pkg/runtime/log"
2525
"github.com/aws/aws-sdk-go/aws"
2626
svcsdk "github.com/aws/aws-sdk-go/service/lambda"
27+
corev1 "k8s.io/api/core/v1"
28+
29+
svcapitypes "github.com/aws-controllers-k8s/lambda-controller/apis/v1alpha1"
2730
)
2831

2932
var (
@@ -500,17 +503,27 @@ func (rm *resourceManager) setResourceAdditionalFields(
500503
}
501504
ko.Spec.ReservedConcurrentExecutions = getFunctionConcurrencyOutput.ReservedConcurrentExecutions
502505

503-
var getFunctionCodeSigningConfigOutput *svcsdk.GetFunctionCodeSigningConfigOutput
504-
getFunctionCodeSigningConfigOutput, err = rm.sdkapi.GetFunctionCodeSigningConfigWithContext(
505-
ctx,
506-
&svcsdk.GetFunctionCodeSigningConfigInput{
507-
FunctionName: ko.Spec.Name,
508-
},
509-
)
510-
rm.metrics.RecordAPICall("GET", "GetFunctionCodeSigningConfig", err)
511-
if err != nil {
512-
return err
506+
if ko.Spec.PackageType != nil && *ko.Spec.PackageType == "Zip" {
507+
var getFunctionCodeSigningConfigOutput *svcsdk.GetFunctionCodeSigningConfigOutput
508+
getFunctionCodeSigningConfigOutput, err = rm.sdkapi.GetFunctionCodeSigningConfigWithContext(
509+
ctx,
510+
&svcsdk.GetFunctionCodeSigningConfigInput{
511+
FunctionName: ko.Spec.Name,
512+
},
513+
)
514+
rm.metrics.RecordAPICall("GET", "GetFunctionCodeSigningConfig", err)
515+
if err != nil {
516+
return err
517+
}
518+
ko.Spec.CodeSigningConfigARN = getFunctionCodeSigningConfigOutput.CodeSigningConfigArn
519+
}
520+
if ko.Spec.PackageType != nil && *ko.Spec.PackageType == "Image" && ko.Spec.CodeSigningConfigARN != nil {
521+
ackrtcondition.SetTerminal(
522+
&resource{ko},
523+
corev1.ConditionTrue,
524+
aws.String("Cannot set function code signing config when package type is Image"),
525+
nil,
526+
)
513527
}
514-
ko.Spec.CodeSigningConfigARN = getFunctionCodeSigningConfigOutput.CodeSigningConfigArn
515528
return nil
516529
}

0 commit comments

Comments
 (0)