search

serverless-heaven / serverless-aws-alias

Alias support for Serverless 1.x
MIT License
189 stars 66 forks source link

Policy count should be 1 #21

Closed SantourA closed 7 years ago

SantourA commented 7 years ago

Getting the following error when trying to execute my initial deploy using "sls deploy -s dev -r us-east-1"

Error --------------------------------------------------

 Policy count should be 1! Please report this error to
 the alias plugin owner.

 For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

Stack Trace --------------------------------------------

Error: Policy count should be 1! Please report this error to the alias plugin owner. at AwsAlias.aliasHandleLambdaRole (C:\Apps\Workspaces\Development\Services\development\Services\apitest\nodejs\node_modules\serverless-aws-alias\lib\aliasRestructureStack.js:396:28) at runCallback (timers.js:649:20) at tryOnImmediate (timers.js:622:5) at processImmediate [as _immediateCallback] (timers.js:594:5) From previous event: at PluginManager.run (C:\Users\xxxxx\AppData\Roaming\npm\node_modules\serverless\lib\classes\PluginManager.js:156:22) at Serverless.run (C:\Users\xxxxx\AppData\Roaming\npm\node_modules\serverless\lib\Serverless.js:95:31) at serverless.init.then (C:\Users\xxxxx\AppData\Roaming\npm\node_modules\serverless\bin\serverless:23:50)

Get Support -------------------------------------------- Docs: docs.serverless.com Bugs: github.com/serverless/serverless/issues

 Please report this error. We think it might be a bug.

Your Environment Information ----------------------------- OS: win32 Node Version: 6.9.4

HyperBrain commented 7 years ago

Which Serverless version and which alias plugin version are you using? I had a bug in the plugin where upgrading from Serverless 1.6 to 1.8/1.9 led to an error. Should be fixed in the 0.3.4 plugin version. Please check that, and in case it does not work, can you share some information about your service YAML file? Especially if you customized something in regards to the IAM role/policy configurations.

SantourA commented 7 years ago

Frank,

We’re using Serverless 1.9 with serverless-aws-alias version 0.3.4-alpha1.  Below is a complete copy of our test yaml.

serverless.yml <<<<<<<<<<<

service: apitest

frameworkVersion: ">=1.5.0"

custom:

defaultStage: dev

defaultRegion: us-east-1

versionPath: v1

profiles:

   dev: default

   prod: default

package:

  individually: true

  exclude:

provider:

  name: aws

  profile: ${self:custom.profiles.${self:provider.stage}}

  runtime: nodejs4.3

  stage: ${opt:stage, self:custom.defaultStage}

  region: ${opt:region, self:custom.defaultRegion}

  timeout: 30

  memorySize: 128

  apiKeys:

  role: arn:aws:iam::xxxxxx:role/LambdaExecute

  deploymentBucket: serverless.${self:provider.region}.serverless-xxxxxx.com

  stackTags:

    Environment: ${self:provider.stage}

    Application: Services

   

functions:

  apitest:

    name: ${self:service}-${self:provider.stage}

    description: Sample function for apitest

    handler: handler.handler

    vpc: ${file(./serverless-${self:provider.stage}.yml):vpc}

    environment:

      dbname: ${self:provider.stage}DB

    package:

      include:

      exclude:

    events:

      - http:

          method: get

          path:  ${self:custom.versionPath}/

          cors: true

          private: true

          authorizer:

            identitySource: method.request.header.Authorization

resultTtlInSeconds: 0

            arn: arn:aws:lambda:us-east-1:xxxxxx:function:security-userguidauth-${self:provider.stage}

resources:

plugins:

  - serverless-mocha-plugin

  - serverless-aws-alias

From: Frank Schmid notifications@github.com Reply-To: HyperBrain/serverless-aws-alias reply@reply.github.com Date: Monday, March 27, 2017 at 1:28 AM To: HyperBrain/serverless-aws-alias serverless-aws-alias@noreply.github.com Cc: SantourA armen@isdeveloper.com, Author author@noreply.github.com Subject: Re: [HyperBrain/serverless-aws-alias] Policy count should be 1 (#21)

Which Serverless version and which alias plugin version are you using. I had a bug in the plugin where upgrading from Serverless 1.6 to 1.8/1.9 led to an error. Should be fixed in the 0.3.4 plugin version. Please check that, and in case it does not work, can you share some information about your service YAML file? Especially if you customized something in regards to the IAM role/policy configurations.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

HyperBrain commented 7 years ago

Thanks for the YAML. I will investigate the issue with the given file. Hopefully I can reproduce it and find the bug soon.

HyperBrain commented 7 years ago

Update: I have the assumption that it has something to do with the custom authorizer. I think I missed that while implementing the stack transforms.

SantourA commented 7 years ago

That’s great news.  Would you have a patch version soon?  Looking forward to it, thank you.

From: Frank Schmid notifications@github.com Reply-To: HyperBrain/serverless-aws-alias reply@reply.github.com Date: Monday, March 27, 2017 at 8:52 AM To: HyperBrain/serverless-aws-alias serverless-aws-alias@noreply.github.com Cc: SantourA armen@isdeveloper.com, Author author@noreply.github.com Subject: Re: [HyperBrain/serverless-aws-alias] Policy count should be 1 (#21)

Update: I have the assumption that it has something to do with the custom authorizer. I think I missed that while implementing the stack transforms.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

HyperBrain commented 7 years ago

Yes. Will start working on it right now 😄

HyperBrain commented 7 years ago

I had to restructure the APIG handling first as I found a semantic flaw in there. This is fixed now and I will continue on the authorizer stuff now.

HyperBrain commented 7 years ago

I just tried plain Serverless with this declaration:

functions:
  testfct1:
    description: 'Echo function echoes alias'
    handler: handlers/testfct1/handler.handle
    events:
      - http:
          method: GET
          path: /func1
          authorizer:
            identitySource: method.request.header.Authorization
            resultTtlInSeconds: 0
            arn: arn:aws:lambda:us-east-1:XXXXXXX:profile-access-token-auth:dev

The authorizer resource is not created in the serverless CF file.

@SantourA Did you try custom authorizers with plain Serverless? Did it create a CF resource?

HyperBrain commented 7 years ago

Debugged the Serverless code. It seems that the name property in the authorizer is mandatory - otherwise it won't merge the resource properly.

HyperBrain commented 7 years ago

Ran into an issue in Serverless: https://github.com/serverless/serverless/issues/3413

mgstigler commented 7 years ago

Hi, has this been resolved? I am not using authorizers and I am still getting the policy error.

HyperBrain commented 7 years ago

The fix committed to master - was an additional error in the IAM policy handling - custom authorizers still won't work, but the policy count error is gone. I'll try to release a version soon.

SantourA commented 7 years ago

Will you have a new build soon?

HyperBrain commented 7 years ago

Sorry for the delay. I worked hard to get Serverless have the new event model, so unfortunately I did not spend much time on the plugin. Now I will switch back to this project and see that I can release the fixes in the upcoming week.

HyperBrain commented 7 years ago

@SantourA Did you check if master works and resolves the issue for you? Be careful, as the APIG changes I did might need you to remove the alias stacks before deploying with the new version. Additionally I'd propose that you use it with a test project first, in case you use the new SLS 1.12.x version.

HyperBrain commented 7 years ago

@SantourA Just released 0.4.0.