Expected behaviour: When you deploy a lambda function with the --role tag, Claudia uses that role for the function instead of generating it's own. It should then set config.lambda.sharedRole = true in claudia.json, which is used by claudia destroy to avoid deleting a role that is being used by other AWS resources.
What actually happens: claudia create never writes sharedRole to file. The output after a successful create looks like:
zipping package
initialising IAM role
creating Lambda
creating Lambda lambda.createFunction FunctionName=tilegarden-predefined-role2-mdelsordo
creating Lambda lambda.setupRequestListeners
creating version alias
creating version alias lambda.updateAlias FunctionName=tilegarden-predefined-role2-mdelsordo Name=latest
creating version alias lambda.setupRequestListeners
creating version alias lambda.createAlias FunctionName=tilegarden-predefined-role2-mdelsordo Name=latest
creating version alias lambda.setupRequestListeners
creating REST API
creating REST API apigateway.createRestApi name=tilegarden-predefined-role2-mdelsordo
creating REST API apigateway.setupRequestListeners
creating REST API apigateway.setAcceptHeader
[...]
creating REST API apigateway.setAcceptHeader
saving configuration
{
"lambda": {
"role": "arn:aws:iam::279682201306:role/tilegarden-predefined-role-mdelsordo-executor",
"name": "tilegarden-predefined-role2-mdelsordo",
"region": "us-east-1",
"sharedRole": true
},
"api": {
"id": "yz6j6o5v25",
"module": "bin/api",
"url": "https://yz6j6o5v25.execute-api.us-east-1.amazonaws.com/latest"
}
}
As a result, the check for !lambdaConfig.sharedRole in destroy.js always succeeds, and the role associated with the function that's being destroyed is also destroyed, regardless of what else it's attached to. Manually adding sharedRole to the file causes the expected behavior.
Link to a minimal, executable project that demonstrates the problem: Any project that is created with an existing role set by the --role flag in claudia create.
Steps to install the project: install node modules and run claudia create.
Steps to reproduce the problem: Deploy the project, and compare the console output to what is actually saved into claudia.json.
Possible solution: It looks to me like the issue is in create.js. sharedRole is added to the config by the function formatResult, which is then called as part of the promise chain that sets up all the AWS resources:
It looks like the file gets formatted AFTER it is saved, so certain fields like sharedRole and s3key are only shown to the user and not actually included in claudia.json.
Expected behaviour: When you deploy a lambda function with the
--role
tag, Claudia uses that role for the function instead of generating it's own. It should then setconfig.lambda.sharedRole = true
inclaudia.json
, which is used byclaudia destroy
to avoid deleting a role that is being used by other AWS resources.What actually happens:
claudia create
never writessharedRole
to file. The output after a successfulcreate
looks like:but the actual
claudia.json
looks like:As a result, the check for
!lambdaConfig.sharedRole
indestroy.js
always succeeds, and the role associated with the function that's being destroyed is also destroyed, regardless of what else it's attached to. Manually addingsharedRole
to the file causes the expected behavior.Link to a minimal, executable project that demonstrates the problem: Any project that is created with an existing role set by the
--role
flag inclaudia create
.Steps to install the project: install node modules and run
claudia create
.Steps to reproduce the problem: Deploy the project, and compare the console output to what is actually saved into
claudia.json
.create.js
.sharedRole
is added to the config by the functionformatResult
, which is then called as part of the promise chain that sets up all the AWS resources:It looks like the file gets formatted AFTER it is saved, so certain fields like
sharedRole
ands3key
are only shown to the user and not actually included inclaudia.json
.