search

KiraLT / certbot-lambda

Run Certbot on AWS Lambda/Cloud Functions and upload certs to AWS Secrets Manager.
MIT License
16 stars 8 forks source link

Use MaxResults/pagination for list_secrets in AWS Secrets Manager - or switch to describe_secret instead #107

Open lancenz opened 1 year ago

lancenz commented 1 year ago

In services/aws.py:list_secret_names() there is no MaxResults nor any pagination code - so in any account with a lot of secrets, it may not return the secret being used - which will then cause create_or_update_secret() to fail creating a new secret instead of updating the existing one.

Alternatively, could refactor the code to call describe_secret instead of list_secrets as this would reduce the IAM policy requirements and also fix pagination issues at the same time.

Thanks, this tool is really helpful :)

lancenz commented 1 year ago

@KiraLT - Thanks for the update - but... the v0.4.0 build zip file seems to be a bit broken. After upgrading I get this error in AWS Lambda.

{
  "errorMessage": "Failed to resolve requirements from PEX environment @ /var/task.\nNeeded cp39-cp39-manylinux_2_26_x86_64 compatible dependencies for:\n 1: cryptography>=2.5.0\n    Required by:\n      acme 2.1.0\n      certbot 2.1.0\n    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.\n 2: cryptography>=1.5\n    Required by:\n      josepy 1.13.0\n    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.\n 3: cryptography<39,>=38.0.0\n    Required by:\n      pyOpenSSL 22.1.0\n    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.\n 4: cryptography>=2\n    Required by:\n      dns-lexicon 3.11.7\n    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.",
  "errorType": "ResolveError",
  "requestId": "",
  "stackTrace": [
    "  File \"/var/lang/lib/python3.9/importlib/__init__.py\", line 127, in import_module\n    return _bootstrap._gcd_import(name[level:], package, level)\n",
    "  File \"<frozen importlib._bootstrap>\", line 1030, in _gcd_import\n",
    "  File \"<frozen importlib._bootstrap>\", line 1007, in _find_and_load\n",
    "  File \"<frozen importlib._bootstrap>\", line 986, in _find_and_load_unlocked\n",
    "  File \"<frozen importlib._bootstrap>\", line 680, in _load_unlocked\n",
    "  File \"<frozen importlib._bootstrap_external>\", line 850, in exec_module\n",
    "  File \"<frozen importlib._bootstrap>\", line 228, in _call_with_frames_removed\n",
    "  File \"/var/task/main.py\", line 34, in <module>\n    bootstrap_pex_env(__entry_point__)\n",
    "  File \"/var/task/.bootstrap/pex/pex_bootstrapper.py\", line 684, in bootstrap_pex_env\n    PEXEnvironment.mount(entry_point, pex_info).activate()\n",
    "  File \"/var/task/.bootstrap/pex/environment.py\", line 321, in activate\n    self._activated_dists = self._activate()\n",
    "  File \"/var/task/.bootstrap/pex/environment.py\", line 671, in _activate\n    resolved = self.resolve()\n",
    "  File \"/var/task/.bootstrap/pex/environment.py\", line 502, in resolve\n    for fingerprinted_distribution in self.resolve_dists(all_reqs)\n",
    "  File \"/var/task/.bootstrap/pex/environment.py\", line 589, in resolve_dists\n    raise ResolveError(\n"
  ]
}
Foovanadil commented 1 year ago

FYI I am also getting this Failed to resolve PEX error with the .40 zip. I downgraded to the .30 zip and still get the problem? Hopefully this is helpful.

Thanks for the work, this saved me a bunch of time :)