search

awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
512 stars 175 forks source link

Change NoValue psuedo-parameters to references #160

Closed troyready closed 8 months ago

troyready commented 8 months ago

Description of changes:

This changes the instances of the NoValue pseudo-parameter to use the Ref intrinsic function, so that the key is omitted instead of the literal string AWS::NoValue being used.

Without this change, attempting to deploy the stack without a specified FunctionName results in an error:

Resource handler returned message: "1 validation error detected: Value 'AWS::NoValue' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_\.]+)(:(\$LATEST|[a-zA-Z0-9-_]+))? (Service: Lambda, Status Code: 400, Request ID: UUID)" (RequestToken: UUID, HandlerErrorCode: GeneralServiceException)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

ChrisPates commented 8 months ago

As per the comments and regex, leave ‘unspecified’ parameters empty. Previously we have tried using AWS::NoValue however the lack of being able to specify case insensitivity in Cloudformation parameter regex and a lack of user familiarity made it unworkable.

Please leave the functionName field empty for default naming behavior.

Chris

On 30 Dec 2023, at 02:48, Troy Ready @.***> wrote:



Description of changes:

This changes the instances of the NoValue pseudo-parameter https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html to use the Ref intrinsic function https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html , so that the key is omitted instead of the literal string `` being used.

Without this change, attempting to deploy the stack without a specified FunctionName results in an error:

Resource handler returned message: "1 validation error detected: Value 'AWS::NoValue' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-.]+)(:(\$LATEST|[a-zA-Z0-9-]+))? (Service: Lambda, Status Code: 400, Request ID: UUID)" (RequestToken: UUID, HandlerErrorCode: GeneralServiceException)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

You can view, comment on, or merge this pull request online at:

  https://github.com/awslabs/ssosync/pull/160 https://github.com/awslabs/ssosync/pull/160

Commit Summary

File Changes

(1 file https://github.com/awslabs/ssosync/pull/160/files )

Patch Links:

— Reply to this email directly, view it on GitHub https://github.com/awslabs/ssosync/pull/160 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ABVULYLIF4YO7YT7GV4RWU3YL56IPAVCNFSM6AAAAABBHGSHIOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DANJTG4ZDCMQ . You are receiving this because you are subscribed to this thread. https://github.com/notifications/beacon/ABVULYPOJ7LRHBNUETZ4LALYL56IPA5CNFSM6AAAAABBHGSHIOWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHHVUKNPQ.gif Message ID: @.***>

ChrisPates commented 8 months ago

I’ll look to add clear feedback to the regex, in the next release.

Chris

On 30 Dec 2023, at 09:48, Chris Pates @.***> wrote:

 As per the comments and regex, leave ‘unspecified’ parameters empty. Previously we have tried using AWS::NoValue however the lack of being able to specify case insensitivity in Cloudformation parameter regex and a lack of user familiarity made it unworkable.

Please leave the functionName field empty for default naming behavior.

Chris

On 30 Dec 2023, at 02:48, Troy Ready @.***> wrote:



Description of changes:

This changes the instances of the NoValue pseudo-parameter https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html to use the Ref intrinsic function https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html , so that the key is omitted instead of the literal string `` being used.

Without this change, attempting to deploy the stack without a specified FunctionName results in an error:

Resource handler returned message: "1 validation error detected: Value 'AWS::NoValue' at 'functionName' failed to satisfy constraint: Member must satisfy regular expression pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-.]+)(:(\$LATEST|[a-zA-Z0-9-]+))? (Service: Lambda, Status Code: 400, Request ID: UUID)" (RequestToken: UUID, HandlerErrorCode: GeneralServiceException)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

You can view, comment on, or merge this pull request online at:

  https://github.com/awslabs/ssosync/pull/160 https://github.com/awslabs/ssosync/pull/160

Commit Summary

File Changes

(1 file https://github.com/awslabs/ssosync/pull/160/files )

Patch Links:

— Reply to this email directly, view it on GitHub https://github.com/awslabs/ssosync/pull/160 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ABVULYLIF4YO7YT7GV4RWU3YL56IPAVCNFSM6AAAAABBHGSHIOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DANJTG4ZDCMQ . You are receiving this because you are subscribed to this thread. https://github.com/notifications/beacon/ABVULYPOJ7LRHBNUETZ4LALYL56IPA5CNFSM6AAAAABBHGSHIOWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHHVUKNPQ.gif Message ID: @.***>

troyready commented 8 months ago

@ChrisPates Thanks for the prompt feedback.

I don't think I was clear enough in the description: this isn't a regex issue, that's just the error that comes up.

Any user omitting the FunctionName parameter (that's what I was attempting to do) will experience this error, because the condition on the name parameter for the function resource has a bad "else" value -- instead of allowing the name to be automatically generated it tries to pass the name AWS::NoValue.