search

Sceptre / sceptre-sam-handler

A Sceptre template handler for AWS Serverless Application Model (SAM)
Apache License 2.0
7 stars 2 forks source link

Error using --signing-profiles with external AWS CloudFormation Template #13

Open nando2301 opened 2 months ago

nando2301 commented 2 months ago

Subject of the issue

When I try to add package_args like this sam package --signing-profiles HelloWorld=MySigningProfile... it generateas a type error, please help me to found my issue. I don't know how to add this parameters and I have 9 lambdas to run with sam cli. Thanks in advanced.

Your environment

Steps to reproduce

Parameters file:

region: us-west-2
project_code: iac_auto
ClientPrefixUpper: AMX
ClientPrefixLower: amx
AppPrefixUpper: PI
AppPrefixLower: pi
environment: DE
EnvironmentLower: de
environmentLowercase: de
AppPrefix_Uppercase: AMX-PI
AppPrefix_Lowercase: amx-pi
AppName_Uppercase: PI
AppName_Lowercase: pi
#29 - Lambda 09
Lambda09_LambdaDescription: Lambda para ordenar los parametros para uso de stepfunctions
#arm64|x86_64
Lambda09_Architecture: x86_64
Lambda09_Handler: lambda_function.parameter_ordering
Lambda09_Runtime: python3.12
Lambda09_Tracing: Active
Lambda09_MemorySize: 128
Lambda09_Timeout: 60
Lambda09_ReservedConcurrentExecutions: 1
Lambda09_CodeSigningEnabled: "true"

Template used

stack_name: {{var.PROJECT_PREFIX_NAME}}-LMBD-09
template: 
  path: templates/infra/PI_IaC/templates/AMX-PLA-LMBD-09-sam.yaml
  type: sam
  artifact_bucket_name: {{var.AppPrefix_Lowercase}}-{{var.environmentLowercase}}-{{var.region}}-sceptre-artifacts-{{var.AWS_Account_ID}}
  artifact_prefix: sam
  skip_jinja_cleanup: True
  package_args: --signing-profiles !stack_output_external {{var.PROJECT_PREFIX_NAME}}-SFC::FunctionCodeSigningProfileName:{{var.ClientPrefixUpper}}-LMBD-FAILOVER-DB-{{var.AppPrefixUpper}}-{{var.environment}}
parameters:
  ClientPrefixUpper: {{var.ClientPrefixUpper}}
  ClientPrefixLower: {{var.ClientPrefixLower}}
  AppPrefixUpper: {{var.AppPrefixUpper}}
  AppPrefixLower: {{var.AppPrefixLower}}
  Environment: {{var.environment}}
  LambdaDescription: {{var.Lambda09_LambdaDescription}}
  Architecture: {{var.Lambda09_Architecture}}
  Handler: {{var.Lambda09_Handler}}
  Runtime: {{var.Lambda09_Runtime}}
  Tracing: {{var.Lambda09_Tracing}}
  MemorySize: "{{var.Lambda09_MemorySize}}"
  Timeout: "{{var.Lambda09_Timeout}}"
  ReservedConcurrentExecutions: "{{var.Lambda09_ReservedConcurrentExecutions}}"
  CodeSigningEnabled: "{{var.Lambda09_CodeSigningEnabled}}"

hooks:
  after_create:
    - !cmd "python hooks/protect_stack.py {{var.PROJECT_PREFIX_NAME}}-LMBD-09"
  after_update:
    - !cmd "python hooks/protect_stack.py {{var.PROJECT_PREFIX_NAME}}-LMBD-09"
  before_delete:
    - !cmd "python hooks/unprotect_stack.py {{var.PROJECT_PREFIX_NAME}}-LMBD-09"

Command:

sceptre --var-file=envs/dev-us-west-2.yaml launch infra/PI_IaC/oregon/29-lambda09-ordering

Expected behaviour

I need to deploy a signed lambda to AWS

Actual behaviour

SAM Template sends this error:

[2024-04-17 12:58:30] - infra/PI_IaC/oregon/29-lambda09-ordering/AMX-PLA-LMBD-09-sam - Creating Stack
"'--signing-profiles !stack_output_external AMX-PLA-SFC::FunctionCodeSigningProfileName:AMX-LMBD-FAILOVER-DB-PI-DE' is not of type 'object'\n\nFailed validating 'type' in schema['properties']['package_args']:\n    {'type': 'object'}\n\nOn instance['package_args']:\n    ('--signing-profiles !stack_output_external '\n     'AMX-PLA-SFC::FunctionCodeSigningProfileName:AMX-LMBD-FAILOVER-DB-PI-DE')"
nando2301 commented 2 months ago

Making some changes to the package_args configuration, I able to resolve external stack values but the error is the same. I only add !sub to resolve the values.

  package_args: !sub
    - "--signing-profiles {function_profile}={lambda_name}"
    - function_profile: !stack_output_external {{var.PROJECT_PREFIX_NAME}}-SFC::FunctionCodeSigningProfileName
      lambda_name: {{var.ClientPrefixUpper}}-LMBD-FAILOVER-DB-{{var.AppPrefixUpper}}-{{var.environment}}

Error:

[2024-04-17 13:43:20] - infra/PI_IaC/oregon/29-lambda09-ordering/AMX-PLA-LMBD-09-sam - Creating Stack
"'--signing-profiles FunctionCodeSigningProfile_9JEbVbBjhBio=AMX-LMBD-FAILOVER-DB-PI-DE' is not of type 'object'\n\nFailed validating 'type' in schema['properties']['package_args']:\n    {'type': 'object'}\n\nOn instance['package_args']:\n    ('--signing-profiles '\n     'FunctionCodeSigningProfile_9JEbVbBjhBio=AMX-LMBD-FAILOVER-DB-PI-DE')"