Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Don't call GetFunctionCodeSigningConfig or GetRuntimeManagementConfig on Lambdas packaged as Images (aws_lambda_functions) #14729

Merged
merged 4 commits into from Oct 20, 2023
Merged

fix: Don't call GetFunctionCodeSigningConfig or GetRuntimeManagementConfig on Lambdas packaged as Images (aws_lambda_functions) #14729

merged 4 commits into from Oct 20, 2023

Conversation

AshCorr
Copy link
Contributor

@AshCorr AshCorr commented Oct 19, 2023
edited

Summary

When syncing aws_lambda_functions Cloudquery has 2 resolvers for GetFunctionCodeSigningConfig and GetRuntimeManagementConfig. The AWS API does not support calling either of these APIs with Lambdas that use containerised images and this results in errors in Cloudquery.

Thankfully Cloudquery is great and doesn't panic when it encounters these errors and theres no loss in data, but it does log it as "something bad happening" when in reality this is expected behaviour from the AWS API.

It looks like there was an attempt to fix this before for GetFunctionCodeSigningConfig but it doesn't seem to be preventing the errors.

2:39PM ERR column resolver finished with error error="operation error Lambda: GetFunctionCodeSigningConfig, https response error StatusCode: 400, RequestID: (redacted), InvalidParameterValueException: Code signing is not supported for functions created with container images." client=(redacted) module=aws-src table=aws_lambda_functions
2:39PM ERR column resolver finished with error error="operation error Lambda: GetRuntimeManagementConfig, https response error StatusCode: 400, RequestID: (redacted), InvalidParameterValueException: Lambda couldn't get a runtime management configuration because (redacted) is a container image function." client=(redacted) module=aws-src table=aws_lambda_functions

Part of #14652

AshCorr
AshCorr commented Oct 19, 2023
View reviewed changes
plugins/source/aws/resources/services/lambda/functions.go
@@ -153,9 +152,7 @@ func resolveCodeSigningConfig(ctx context.Context, meta schema.ClientMeta, resou
svc := cl.Services(client.AWSServiceLambda).Lambda

// skip getting CodeSigningConfig since containerized lambda functions does not support this feature
// value can be nil if the caller doesn't have GetFunctionConfiguration permission and only has List*
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still the case but theres a nil check for r.Configuration on https://github.com/cloudquery/cloudquery/pull/14729/files#diff-93c24c91e5c0e22f86d6415f1b98b47062f7d8974b9337c0b13c01322b8df981L149

AshCorr
AshCorr commented Oct 19, 2023
View reviewed changes
plugins/source/aws/resources/services/lambda/functions.go
@@ -153,9 +152,7 @@ func resolveCodeSigningConfig(ctx context.Context, meta schema.ClientMeta, resou
svc := cl.Services(client.AWSServiceLambda).Lambda

// skip getting CodeSigningConfig since containerized lambda functions does not support this feature
// value can be nil if the caller doesn't have GetFunctionConfiguration permission and only has List*
lambdaType := resource.Get("code_repository_type").(*scalar.String)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not entirely sure why we previously relied on untyped resource.Get instead of directly accessing values from r.Configuration. Either way, this approach seemed to not be working for us as we were still getting errors from GetRuntimeManagementConfig.

@AshCorr AshCorr marked this pull request as ready for review October 19, 2023 14:29
@AshCorr
fix(aws): Don't call GetFunctionCodeSigningConfig or GetRuntimeManage…
05c9355 
…mentConfig on Lambdas packaged as Images (`aws_lambda_functions`)
@AshCorr AshCorr changed the title fix(aws): Don't call GetFunctionCodeSigningConfig or GetRuntimeManagementConfig on Lambdas packaged as Images (aws_lambda_functions) fix: Don't call GetFunctionCodeSigningConfig or GetRuntimeManagementConfig on Lambdas packaged as Images (aws_lambda_functions) Oct 19, 2023
@erezrokah erezrokah requested review from bbernays and removed request for hermanschaaf and yevgenypats October 19, 2023 14:58
bbernays
bbernays requested changes Oct 19, 2023
View reviewed changes
Copy link
Collaborator

@bbernays bbernays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great find!

plugins/source/aws/resources/services/lambda/functions.go Outdated Show resolved Hide resolved
plugins/source/aws/resources/services/lambda/functions.go Outdated Show resolved Hide resolved
@bbernays bbernays added the automerge Automatically merge once required checks pass label Oct 20, 2023
@kodiakhq kodiakhq bot merged commit 6fc30d3 into cloudquery:main Oct 20, 2023
13 checks passed
@cq-bot cq-bot mentioned this pull request Oct 20, 2023
Merged
kodiakhq bot pushed a commit that referenced this pull request Oct 23, 2023
@cq-bot
chore(main): Release plugins-source-aws v22.16.0 (#14775)
5e30089 
🤖 I have created a release *beep* *boop*
---


## [22.16.0](plugins-source-aws-v22.15.2...plugins-source-aws-v22.16.0) (2023-10-23)


### This Release has the Following Changes to Tables
- Table `aws_efs_filesystems`: column added with name `file_system_policy` and type `utf8`

### Features

* Add `policy` column to `aws_efs_filesystems` table ([#14672](#14672)) ([833b9c2](833b9c2))


### Bug Fixes

* Changed the condition to check for policies in policies table ([#13935](#13935)) ([f136331](f136331))
* **deps:** Update github.com/cloudquery/arrow/go/v14 digest to f46436f ([#14803](#14803)) ([f5248d7](f5248d7))
* **deps:** Update module github.com/cloudquery/codegen to v0.3.10 ([#14773](#14773)) ([98f3e2c](98f3e2c))
* **deps:** Update module github.com/cloudquery/codegen to v0.3.11 ([#14870](#14870)) ([4fa917d](4fa917d))
* Don't call GetFunctionCodeSigningConfig or GetRuntimeManagementConfig on Lambdas packaged as Images (`aws_lambda_functions`) ([#14729](#14729)) ([6fc30d3](6fc30d3))
* Handle `NotFound` error when syncing Subscriptions with deleted topic (`aws_sns_subscriptions`) ([#14771](#14771)) ([6fcf43d](6fcf43d))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbernays bbernays bbernays approved these changes

Assignees
No one assigned
Labels
area/plugin/source/aws automerge Automatically merge once required checks pass
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@AshCorr @bbernays @cq-bot