-
-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
default_iam_policy does not correctly include VPC related actions on resource creation #499
Comments
I dug into this a little more. The problem has to do with a race condition in my configuration
The problem that I just realized is that calling I'm currently looking for other ways to cleanly append to |
Got something that I think works. The goal is to cleanly append to
It wasn't obvious how to use prepend with a class method. Took a bit of searching and experimentation to make this work. Might be useful for the docs? |
… without race condition; fixes rubyonjets#499
Thanks for reporting this. This was handled by #457 Tested specifically your examples. Thanks! |
Checklist
jets upgrade
command that makes this a simple task. There's also an Upgrading Guide: http://rubyonjets.com/docs/upgrading/My Environment
I have a
vpc_config
defined in the production environment only. Inproduction.rb
:Expected Behaviour
jets deploy
should be able to create a new Lambda resource and connect it to the configured VPCCurrent Behavior
Resource creation fails in CloudFormation with an error related to missing the
ec2:CreateNetworkInterface
pemission.Step-by-step reproduction instructions
Define
Jets.config.function.vpc_config
inproduction.rb
or in a specific environment and deploy a new Lambda resource (such as a Jets controller) usingjets deploy
. Resource creation will fail.Code Sample
Solution Suggestion
The problem seems to originate from:
https://github.com/tongueroo/jets/blob/master/lib/jets/application/defaults.rb#L33-L47
When running the
jets deploy
task, this section of code gets executed twice. It appears that on the first execution, the conditional does not return true, so these VPC related actions are not added to the default policies. I couldn't figure out why this occurs. My presumption is that theproduction.rb
environment is not loaded locally when thejets deploy
task is creating a new resource.Workaround: comment out the conditional
if Jets.config.function.vpc_config ... end
in the above code block locally, then deploy.I'd be happy to try to propose a fix, but I'm not sure why this is being loaded twice, once without the production environment variables loaded. Any guidance would be appreciated!
The text was updated successfully, but these errors were encountered: