Can't run serverless puresec gen-roles

mikeblanton commented 6 years ago

Hello! I'm trying to run serverless puresec gen-roles, but it's coming up with an error. I suspect it might be due to the fact that I'm also using the colocate serverless plugin. I can successfully deploy the app using serverless deploy. Any thoughts on what might be happening?

→ serverless puresec gen-roles
Serverless: Packaging service...
Serverless: Excluding development dependencies...
error: invalid CloudFormation template:
too many values to unpack (expected 2)

  Error --------------------------------------------------

     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless

  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           10.6.0
     Serverless Version:     1.26.1

odedniv commented 6 years ago

Hey @mikeblanton, thanks for the report!

The CLI uses the command serverless package, can you try to execute it and see if that fails?

It also looks like you don't have the latest version of Serverless. They have made some changes in the last versions regarding parsing the configuration which may fix the issue (if the problem is really with sls package).

mikeblanton commented 6 years ago

I didn't realize my serverless version was out of date! I've updated it, same result. serverless package appears to be working

→ serverless puresec gen-roles
Serverless: Packaging service...
Serverless: Excluding development dependencies...
error: invalid CloudFormation template:
too many values to unpack (expected 2)

  Error --------------------------------------------------

     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com

  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           10.6.0
     Serverless Version:     1.29.2

→ serverless package
Serverless: Packaging service...
Serverless: Excluding development dependencies...

mikeblanton commented 6 years ago

Also I've repackaged my app slightly and now I'm not using the colocate plugin anymore.

avish9 commented 6 years ago

Hi @mikeblanton ,

We suspect that the problem is in parsing one of the intrinsic functions (Fn::Join, Fun::Sub etc.) in your serverless.yml file.

Would you be able to send a gist of your serverless.yml (or the final generated CloudFormation) file while stripping any sensitive/important data?

Thanks, Avi

AnthonyWC commented 6 years ago

I got a similar error; in my case it is due to the serverless-pseudo-parameter changing region in Resource, e.g.

us-east-1 => ${AWS::Region}

For example, let's say you have any resource reference like:

  - Resources:
      SSMParameter2:
        Type: AWS::SSM::Parameter
        Properties:
          Name: "/${self:custom.ssm.config-key-prefix}/${self:custom.ssm.config-etlProcessID}/pg"
          Type: String
          Value: '{ "host" : "foo.us-east-1.rds.amazonaws.com", "database" : "cgplatform", "port" : 5432 }'

Do a serverless package:

Without plugin; good:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": "{ \"host\" : \"foo.hello.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
            }
          },

With plugin; bad:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": {
                "Fn::Sub": "{ \"host\" : \"foo.${AWS::Region}.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
              }
            }
          },

I am guessing the plugin doesn't understand ${AWS::Region}

chanmathew commented 4 years ago

I got a similar error; in my case it is due to the serverless-pseudo-parameter changing region in Resource, e.g.

us-east-1 => ${AWS::Region}

For example, let's say you have any resource reference like:

  - Resources:
      SSMParameter2:
        Type: AWS::SSM::Parameter
        Properties:
          Name: "/${self:custom.ssm.config-key-prefix}/${self:custom.ssm.config-etlProcessID}/pg"
          Type: String
          Value: '{ "host" : "foo.us-east-1.rds.amazonaws.com", "database" : "cgplatform", "port" : 5432 }'

Do a serverless package:

Without plugin; good:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": "{ \"host\" : \"foo.hello.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
            }
          },

With plugin; bad:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": {
                "Fn::Sub": "{ \"host\" : \"foo.${AWS::Region}.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
              }
            }
          },

I am guessing the plugin doesn't understand ${AWS::Region}

Did you ever get it working with psuedo params? if not what was your solution?

funkel1989 commented 4 years ago

I am also having this issue and can relate that when serverless psudo params is removed that it works.

puresec / serverless-puresec-cli

Can't run serverless puresec gen-roles #14