search

ansible-collections / amazon.aws

Ansible Collection for Amazon AWS
GNU General Public License v3.0
285 stars 333 forks source link

[lambda_event] Aws SSO with function Name Invalid ARN #1859

Closed rvResolving closed 6 months ago

rvResolving commented 9 months ago

Summary

As we can only pass function name and not arn like i see in documentation we can't deploy using AWS sso because the creation of the ARN from the function name say Validation Error:

[lambda_event](fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error retrieving stream event notification configuration: An error occurred (ValidationException) when calling the ListEventSourceMappings operation: 1 validation error detected: Value 'arn:aws:lambda:eu-west-3::function:function-name' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?"})

Issue Type

Bug Report

Component Name

lambda_event

Ansible Version

$ ansible --version
ansible [core 2.13.13]
  config file = None
  configured module search path = ['/home/rvolpi/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages/ansible
  ansible collection location = /home/rvolpi/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/bin/ansible
  python version = 3.10.12 (main, Jun 11 2023, 05:26:28) [GCC 11.4.0]
  jinja version = 3.1.2
  libyaml = True

Collection Versions

$ ansible-galaxy collection list

# /home/rvolpi/.ansible/collections/ansible_collections
Collection               Version
------------------------ -------
amazon.aws               7.0.0  
ansible.posix            1.5.4  
community.aws            7.0.0  
community.crypto         2.15.0 
community.general        8.0.2  
community.mysql          3.7.2  
community.vmware         4.0.0  
devsec.hardening         8.8.0  
serdigital64.application 2.1.1  
serdigital64.automation  3.2.2  
serdigital64.backup      2.1.1  
serdigital64.development 2.1.2  
serdigital64.devops      2.1.3  
serdigital64.security    2.1.2  
serdigital64.system      2.1.2  

# /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    3.5.0  
ansible.netcommon             3.1.3  
ansible.posix                 1.4.0  
ansible.utils                 2.8.0  
ansible.windows               1.12.0 
arista.eos                    5.0.1  
awx.awx                       21.10.0
azure.azcollection            1.14.0 
check_point.mgmt              2.3.0  
chocolatey.chocolatey         1.3.1  
cisco.aci                     2.3.0  
cisco.asa                     3.1.0  
cisco.dnac                    6.6.1  
cisco.intersight              1.0.22 
cisco.ios                     3.3.2  
cisco.iosxr                   3.3.1  
cisco.ise                     2.5.9  
cisco.meraki                  2.13.0 
cisco.mso                     2.1.0  
cisco.nso                     1.0.3  
cisco.nxos                    3.2.0  
cisco.ucs                     1.8.0  
cloud.common                  2.1.2  
cloudscale_ch.cloud           2.2.3  
community.aws                 3.6.0  
community.azure               1.1.0  
community.ciscosmb            1.0.5  
community.crypto              2.9.0  
community.digitalocean        1.22.0 
community.dns                 2.4.2  
community.docker              2.7.3  
community.fortios             1.0.0  
community.general             5.8.3  
community.google              1.0.0  
community.grafana             1.5.3  
community.hashi_vault         3.4.0  
community.hrobot              1.6.0  
community.libvirt             1.2.0  
community.mongodb             1.4.2  
community.mysql               3.5.1  
community.network             4.0.2  
community.okd                 2.2.0  
community.postgresql          2.3.1  
community.proxysql            1.4.0  
community.rabbitmq            1.2.3  
community.routeros            2.5.0  
community.sap                 1.0.0  
community.sap_libs            1.4.0  
community.skydive             1.0.0  
community.sops                1.5.0  
community.vmware              2.10.2 
community.windows             1.11.1 
community.zabbix              1.9.0  
containers.podman             1.10.1 
cyberark.conjur               1.2.0  
cyberark.pas                  1.0.14 
dellemc.enterprise_sonic      1.1.2  
dellemc.openmanage            5.5.0  
dellemc.os10                  1.1.1  
dellemc.os6                   1.0.7  
dellemc.os9                   1.0.4  
f5networks.f5_modules         1.21.0 
fortinet.fortimanager         2.1.7  
fortinet.fortios              2.2.1  
frr.frr                       2.0.0  
gluster.gluster               1.0.2  
google.cloud                  1.0.2  
hetzner.hcloud                1.9.0  
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.10.0 
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.4.1  
inspur.ispim                  1.2.0  
inspur.sm                     2.3.0  
junipernetworks.junos         3.1.0  
kubernetes.core               2.3.2  
lowlydba.sqlserver            1.2.0  
mellanox.onyx                 1.0.0  
netapp.aws                    21.7.0 
netapp.azure                  21.10.0
netapp.cloudmanager           21.21.0
netapp.elementsw              21.7.0 
netapp.ontap                  21.24.1
netapp.storagegrid            21.11.1
netapp.um_info                21.8.0 
netapp_eseries.santricity     1.3.1  
netbox.netbox                 3.9.0  
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.0.0  
ngine_io.vultr                1.1.2  
openstack.cloud               1.10.0 
openvswitch.openvswitch       2.1.0  
ovirt.ovirt                   2.4.1  
purestorage.flasharray        1.15.0 
purestorage.flashblade        1.10.0 
purestorage.fusion            1.2.0  
sensu.sensu_go                1.13.1 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.31.4 
theforeman.foreman            3.7.0  
vmware.vmware_rest            2.2.0  
vultr.cloud                   1.3.1  
vyos.vyos                     3.0.1  
wti.remote                    1.0.4

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto
Version: 2.49.0
Summary: Amazon Web Services Library
Home-page: https://github.com/boto/boto/
Author: Mitch Garnaat
Author-email: mitch@garnaat.com
License: MIT
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: 
Required-by: 
---
Name: boto3
Version: 1.29.0
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: checkov, cloudsplaining
---
Name: botocore
Version: 1.32.0
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /home/rvolpi/.local/share/virtualenvs/ops-njY6lVi6/lib/python3.10/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, cloudsplaining, s3transfer

Configuration

$ ansible-config dump --only-changed
(None)

OS / Environment

Ubuntu 22.04

Steps to Reproduce

Using AWS SSO Systeme

  community.aws.lambda_event:
    region: "{{ region }}"
    profile: '{{ profile }}'
    state: present
    event_source: sqs
    function_name: "function-name"
    source_params:
      source_arn: "{{ queue_arn }}"
      enabled: True

Expected Results

TASK [functions : map queue events to lambda] **********************************
ok: [localhost]

Actual Results

TASK [functions : map queue events to lambda] **********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Error retrieving stream event notification configuration: An error occurred (ValidationException) when calling the ListEventSourceMappings operation: 1 validation error detected: Value 'arn:aws:lambda:eu-west-3::function:function-name' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?"}

Code of Conduct

abikouo commented 6 months ago

@rvResolving The pull request #1970 update the module adding the call the get_function API to build the function ARN. However, just so you know, you can specify the function name as ARN with the current version. Please test and give feedback. Thanks