search

pulumi / pulumi-policy-aws

A policy pack of rules to enforce AWS best practices for security, reliability, cost, and more!
https://www.pulumi.com
Apache License 2.0
33 stars 6 forks source link

lambda.getFunction does not fetch tags for resource #87

Closed arwilczek90 closed 1 year ago

arwilczek90 commented 1 year ago

What happened?

In typescript if you call the provider function lambda.getFunction() it will not fetch the tags for the lambda. It returns seemingly all other configuration values except for tags with 5.14.0.

Steps to reproduce

import * as aws from "@pulumi/aws";

const existing = await aws.lambda.getFunction({
  functionName: "someLambda"
});

pulumi.log.error(JSON.stringify(existing));

Expected Behavior

The function should return an object that has tags if tags are set.

Actual Behavior

The function returns a result with an empty 'tags' object.

Output of pulumi about

❯ pulumi about                                                                                                      
CLI          
Version      3.40.1
Go Version   go1.19.1
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown

Host     
OS       darwin
Version  12.6
Arch     x86_64

This project is written in nodejs: executable='/Users/$USER/.nvm/versions/node/v14.18.2/bin/node' version='v14.18.2'

Backend :

Pulumi locates its logs in /var/folders/j9/l65qzcys16b5h0wchg3xyw4m0000gn/T/ by default
warning: Failed to get information about the Pulumi program's dependencies: Could not find either /Users/$USER/yarn.lock or /Users/$USER/package-lock.json
warning: Failed to get information about the current stack: No current stack

pulumi package versions from monorepo yarn.lock > @pulumi/aws@5.14.0 @pulumi/pulumi@3.40.1

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

danielrbradley commented 1 year ago

I've been unable to reproduce this issue. When loading a function with aws.lambda.getFunction or aws.lambda.getFunctionOutput or new aws.lambda.Function("my-func-getted", {...}, { id: 'MY_ARN' }), they all return tags.

Please could you provide any more detail or a runnable reproduction of the issue?

arwilczek90 commented 1 year ago

@danielrbradley I've done some more digging this morning and it seems it is the policies interfering with the main code's functionality. I had 2 aws based policies one that implemented @pulumi/awsguard and one that had the latest version of this library in it. Once I disabled the one based on @pulumi/awsguard it started working again. Looking at it the awsguard library is still using ^4.0.0 in its requirements which seems to be causing some interference. If desired I can close the issue here and reopen in the awsguard repo.

danielrbradley commented 1 year ago

Great, thanks for the extra investigation. I'll transfer this issue over to the awsguard repository so we maintain the conversation so-far.

justinvp commented 1 year ago

@arwilczek90, we've updated @pulumi/awsguard to depend on @pulumi/aws ^5.0.0 and released a new version of @pulumi/awsguard (0.4.0). I'm going to close this issue, but feel free to re-open or open a new issue if you're still running into issues. Thanks!