-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shorten the S3 Bucket for SLS Deployment information #2791
Comments
I think it's not a bug. I'm not saying that we shouldn't change that but the problem is that it's a breaking change (correct me if I'm wrong) but it will require existing services to redeploy. 23 chars is pretty long though. |
True, if there are other plugins that are relying on the bucket being named a particular way this change would break them. For a user of Serverless, it should be rather seamless as the 'next' deploy would create the new bucket to hold the code before it's given to Lambda. That could be a fault in my understanding, but I saw the S3 bucket as a temporary staging area before Lambda has the code. If that bucket was removed the Lambda would continue to function as the code has been transferred from the bucket.
It's actually 40 right now, this PR would make it 23 😉 It's an improvement, but I agree, it's still long. Perhaps |
I'd also vote to shorten it to avoid the issue I hit in dancrumb/generator-serverless-policy#1 |
@brendo thanks for the excellent write up - was running in circles trying to figure out where I was
Thanks to this post, I realized I needed to shorten my service name from I too vote to shorten it. |
First of all, I'm also for changing the default bucket name to allow for longer service names. Imo there are multiple ways to achieve this (one of them is the shortening of the default name prefix, mentioned above). Here are my thoughts with their resp. pros/cons (and a section about these breaking changes in general): Shorten name prefixShortening the name prefix as above will extend the service name length, but still leaves it restricted. E.g. CF allows for stack-names of 255 characters, which theoretically would allow service names of much bigger length. Even the shortened prefix would not even come near this maximum limit. Use hash to represent service nameThe auto-generated name could create a hash (e.g. MD5) from the service name and use that instead in the bucket name generator. This would extend the service name length to infinite - only limited by the CF stack name restrictions. The obvious con is, that you cannot see the service name anymore when inspecting your buckets in S3. Keep it as isWe also could keep the auto-generated name as is, and tell users to use the Breaking change - How to handle itChanging the bucket name is in general a breaking change. There are some caveats that have to be addressed:
Possible solution to overcome breaking changesThe Serverless framework should only apply the new name semantics to newly created projects (i.e. projects that create a new CF stack). Old projects should continue to use their old bucket names and the framework should not enforce any change there. |
Sorry, I didn't consider rollbacks with my idea at all, nice pickup. Also CF might be happy with 255 chars, S3 buckets are strongly recommended to be less than 63. Using We agree though, it'd be nice to implement something for SLS2 |
That's exactly why I mentioned the hash solution. It will allow to have service names as long as the 255 character limit 😄 |
Does anyone actually have a reproducible use case for this issue? I've tried to redo the PR with the feedback given here and in #2801 with a contrived use case, but I've actually found that CloudFormation appears to truncate S3 bucket names now, so I can't get it to exceed 63 characters (eg. In fact the error I run into instead is to do with my Role name (which can be solved by custom role statements).
I'm going to start a bisect to see if this is something that's been fixed accidentally along the way, or perhaps it's something that has been fixed in the AWS SDK (or CloudFormation) since Nov 2016? Any ideas? |
The role name has a maximum length of 64 characters too (see http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). So we run into the same issue there with lengthy service names. Maybe a complete service name length fix would also need the same name generation/transformation when creating the IAM role names? |
Right now, I haven't been able to determine who is responsible for this behaviour, but I agree, the concept discussed for the bucket name could likely be rolled out for the Role Name as well. |
@brendo thanks for trying to reproduce this 👍 and thanks @HyperBrain for providing feedback 👍 @brendo What if you have a suuuuuper long service name (which itself has like 60 chars or smth. like that)? (Here's some history on how the bucket naming has evolved over time) We started by generating the deployment bucket name based on the service name in Serverless core and passed it as the name parameter to the S3 bucket resource which is used in the core CloudFormation template to create the stack. However we removed this naming functionality later on (because we had different issues to ensure the uniqueness of the bucket name) and left the name property of the S3 bucket untouched / empty. That causes AWS to generate a name automatically. |
I tried, Overall, deployment failed though:
So I guess the question is, should we truncate the service name to prevent this issue? |
One possible proposal is to check here if the role is going to exceed 64 chars. If so, truncate the service name until it won't fail. Likewise for policyName, truncate service if the policy name is going to exceed 128 chars. I think this would maintain backwards compatibility because if you are already hitting the length limits, you're not able to deploy anyway. Thoughts? |
@brendo I'd favor generating a hash of the service name instead of truncating it. The problem with truncating is, that you might end up with ambiguous names, in case multiple services start with the same prefix or appendix (depending on wich side you truncate). Sample:
If you would use a MD5 hash of the service name integrated in the resource names (role name, policy name, etc.), it would be completely unambiguous. |
Good point. I guess once you hash, even though each name is unambiguous, you absolutely have no context of what you are looking at from the AWS console 😄 Still, that's better than the current state, which is nothing at all. @oren-sarid is reporting reproducing that CF fails with the S3 bucket name in two versions of SLS, but I haven't been able to replicate yet. I'm going to try a couple of different regions to see if this 'auto truncate S3 name' behaviour is region dependent. |
Yes, hashed names are unexpressive. But isn't there a "description" property for nearly all resources or at least for the stack, where the clear-text name could be put into? |
One thought here would be to truncate to the name to `64 - hashlength`.
Then generate a hash from the removed portion of the name and appended it
to the remaining portion.
This is both backwards compatible as well as relatively certain to be
unique.
…On Sun, Jul 30, 2017 at 7:52 AM Frank Schmid ***@***.***> wrote:
Yes, hashed names are unexpressive. But isn't there a "description"
property for nearly all resources or at least for the stack, where the
clear-text name could be put into?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2791 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABZ15Fdhx37vC6JNCS5SPXdnc79fjczvks5sTG6ZgaJpZM4K8FQR>
.
|
I'm afraid this is a bit like pandora's box! Enforcing the From what I tell by looking through the code, Functions have two "names", one acts like a key, which and is defined in the serverless config (eg. I'm not really sure how to best modify the latter, it's exposed through via |
My bucket is in Frankfurt (eu-central-1), if it matters. |
Seems this missed the 1.19.0 release as well. Any idea on when will the fix reach us? Thanks |
Hey @oren-sarid thanks for your comment 👍 This feature is currently still |
I should add that right now I don't know how to continue the work to have a fix, see this comment. The original of having a bad bucket name I cannot reproduce. In all the tests I have done through multiple regions, CloudFormation truncates the bucket name and I cannot reproduce the failure. We're going to need more detail to be able to reproduce. I tried to create a test case, but it passed for me. |
Oh yes, I missed that! Thanks for pointing that out again @brendo 👍 So any help to reproduce (and of course fix) this bug is greatly appreciated! I'll update the labels to reflect that. |
I think I may of stumbled across a way to reproduce it. It seems to be that if you have the deployment bucket, and then it is removed, but the stack still think the bucket exists, than the "Missing required key 'Bucket' in params" error occurs. More tests to come! (and yes, still face this on a semi regular basis!) #4285 seems to hint I might be onto something. |
I have the same problem. And as with #4285 the first error was Access denied. No idea yet how to fix it though. |
When getting the
https://github.com/serverless/serverless/blob/master/lib/plugins/aws/provider/awsProvider.js#L248 |
Interesting! Having a look through the code I can't see any scenarios to handle @pmuens any ideas on how you want to handle this? It looks like I guess, what experience do we want? Should the bucket be recreated and things carry on? Or just error with a more obvious message? |
Closing since this is quite and old issue and will result in a potential breaking change. We'll definitely re-visit this when working on |
This is a Bug Report
Description
I believe the default template for creating a serverless deployment bucket is this and therefore the resulting bucket name will be at least 40 characters,
serverlessdeploymentbucket-abc123def456g
. This leaves projects 23 characters before it hits S3 naming length.May I suggest the template be revised from
serverlessdeploymentbucket
toslsdeploy
?serverless
is commonly abbreviated tosls
, in docs and even in CLI usagedeployment
is commonly abbreviated todeploy
in the IT industrybucket
is superfluous, we know it's going to be a bucket.This would mean Serverless uses 23 characters and gives projects 40 characters of freedom :)
For bug reports:
Additional Data
The text was updated successfully, but these errors were encountered: