Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Remove requirement for an existing AWS profile on sls package command #6564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
medikoo merged 2 commits into from
Sep 11, 2019
Merged

Remove requirement for an existing AWS profile on sls package command #6564

medikoo merged 2 commits into from
Sep 11, 2019

Conversation

@drexler
Copy link
Contributor

@drexler drexler commented Aug 20, 2019

What did you implement:

Closes #6536

How did you implement it:

#6427 indirectly enforced a profile check on the sls package command. This removes the check since a profile not is needed by that command

How can we verify it:

Todos:

Note: Run npm run test-ci to run all validation checks on proposed changes

  • Write tests and confirm existing functionality is not broken.
    Validate via npm test
  • Write documentation
  • Ensure there are no lint errors.
    Validate via npm run lint-updated
    Note: Some reported issues can be automatically fixed by running npm run lint:fix
  • Ensure introduced changes match Prettier formatting.
    Validate via npm run prettier-check-updated
    Note: All reported issues can be automatically fixed by running npm run prettify-updated
  • Make sure code coverage hasn't dropped
  • Provide verification config / commands / resources
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: Yes
Is it a breaking change?: NO

medikoo
medikoo reviewed Aug 20, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drexler Great thanks for that PR.

Still that issue was supposedly fixed with #6447 (published with v1.49.0)

Are you sure that AWS profile validation still happens on package command?

/cc @dschep

@drexler
Copy link
Contributor Author

drexler commented Aug 21, 2019

@medikoo #6447 addresses a problem slightly different from this. Here, if the given serverless.yml file contains profile property, the package command will attempt to validate that. This PR is to make it unnecessary for the command - whether the profile exists or not.

serverless.yml:

provider:
  name: aws
  runtime: nodejs10.x
  profile: test_profile

medikoo
medikoo suggested changes Aug 21, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drexler great thanks for PR!

Still implementation as proposed removes validation step in its entirety, and we don't want to do that.

As I looked into code, the problem lies in this logic:

serverless/lib/plugins/aws/lib/validate.js

Lines 18 to 30 in babc140

const creds = Object.assign({}, this.provider.getCredentials());
delete creds.region;
delete creds.signatureVersion;
if (
Object.keys(creds).length === 0 &&
!process.env.ECS_CONTAINER_METADATA_FILE &&
!process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI &&
!process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI &&
['logs', 'info', 'deploy', 'remove', 'rollback', 'metrics', 'invoke'].includes(
this.serverless.processedInput.commands[0]
) &&
this.serverless.processedInput.commands[1] !== 'local'
) {

Where first we check whether some AWS credentials are set (and eventually validate specified profile) and aftewards that we check does this validation step should occur for given command at all.

Real fix would be to check if command applies (and aborting eventually), before trying to retrieve AWS creds (with this.provider.getCredentials() involved)

Anyway I've also posted question here: #6536 (comment)
As I'd like to understand well, why we want to support keeping and invalid provider.profile setting in serverless.yml

@medikoo medikoo mentioned this pull request Aug 22, 2019
Closed
@medikoo medikoo added this to the 1.51.0 milestone Aug 22, 2019
@pmuens pmuens modified the milestones: 1.51.0, 1.52.0 Aug 27, 2019
@drexler
Copy link
Contributor Author

drexler commented Aug 28, 2019

@medikoo thought of that approach before i reached for the chainsaw solution... i'll update this PR

@drexler drexler force-pushed the credentials-check branch 2 times, most recently from 6359a4b to fbbbb2b Compare September 4, 2019 12:22
@drexler
Copy link
Contributor Author

drexler commented Sep 5, 2019

@medikoo updated the PR per your feedback

medikoo
medikoo suggested changes Sep 5, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drexler great that for update! Still it's not exactly best approach

Current situation is that we have folllowing logic(in simplified form):

creds = resolveEnvCreds()
if (hasCreds(creds) & isAppicableCommand()) ensureAwsCreds();

And resolveEnvCreds() crashes for us (while isAppicableCommand() returns false). So valid solution is to improve logic seems as follows:

if (!isAppicableCommand()) return;
creds = resolveEnvCreds()
if (hasCreds(creds)) ensureAwsCreds();

While what you propsed is:

if (!isAppicableCommandPartially()) return;
creds = resolveEnvCreds()
if (hasCreds(creds) & isAppicableCommand()) ensureAwsCreds();

And that's not very clean (and prone to maintenance issues)

isAppicableCommand() is

serverless/lib/plugins/aws/lib/validate.js

Lines 26 to 29 in c4b7726

['logs', 'info', 'deploy', 'remove', 'rollback', 'metrics', 'invoke'].includes(
this.serverless.processedInput.commands[0]
) &&
this.serverless.processedInput.commands[1] !== 'local'

@pmuens pmuens requested a review from medikoo September 9, 2019 09:15
pmuens
pmuens reviewed Sep 9, 2019
View reviewed changes
Copy link
Contributor

@pmuens pmuens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @drexler thanks for working on that problem!

@medikoo is already deep in the trenches with this PR so I think that he's the best to do the final code review.

I just wanted to add that we should add a regression test once the implementation looks good.

medikoo
medikoo reviewed Sep 9, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@drexler thank you, looks great! Just one minor remark

lib/plugins/aws/lib/validate.js Outdated Show resolved Hide resolved
@pmuens pmuens modified the milestones: 1.52.0, 1.53.0 Sep 10, 2019
medikoo
medikoo approved these changes Sep 11, 2019
View reviewed changes
Copy link
Contributor

@medikoo medikoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @drexler !

We're taking this in

@medikoo medikoo merged commit d2e75e1 into serverless:master Sep 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@pmuens pmuens pmuens left review comments

@medikoo medikoo medikoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@drexler drexler

Labels

bug cat/packaging

Projects

None yet

Milestone

1.53.0

Development

Successfully merging this pull request may close these issues.

sls package requires AWS profile to exist

3 participants

@drexler @medikoo @pmuens
Morty Proxy This is a proxified and sanitized view of the page, visit original site.