search

sst / ion

❍ — a new engine for SST
https://ion.sst.dev
MIT License
1.07k stars 118 forks source link

0.0.393 errors trying to set environment variables #489

Closed mattkinnersley closed 3 weeks ago

mattkinnersley commented 4 weeks ago

On sst dev, updating the authenticator function config fails. This only happened after doing an sst upgrade from version 0.0.361 ➜ 0.0.393

Full error (redacted my private and public keys):

|  Error       AuthAuthenticator sst:aws:Function → AuthAuthenticatorFunction aws:lambda:Function updating urn:pulumi:mattkinnersley::vestia::sst:aws:Function$aws:lambda/function:Function::AuthAuthenticatorFunction: 1 error occurred:
|  
|  Lambda: UpdateFunctionConfiguration, https response error StatusCode: 400, RequestID: f12940e2-75e2-45fb-97fb-63286949438a, InvalidParameterValueException: Lambda was unable to configure your environment variables because the environment variables you have provided exceeded the 4KB limit. String measured: {"SST_STAGE":"mattkinnersley","SST_FUNCTION_ID":"AuthAuthenticator","SST_APP":"vestia","SST_RESOURCE_App":"{\"name\":\"vestia\",\"stage\":\"mattkinnersley\"}","AUTH_PRIVATE_KEY":"-----BEGIN PRIVATE KEY-----REDACTED-----END PRIVATE KEY-----\n","SST_LINK":"Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee https://www.pulumi.com/docs/concepts/inputs-outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.,Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee https://www.pulumi.com/docs/concepts/inputs-outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.,Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee https://www.pulumi.com/docs/concepts/inputs-outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.,Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee https://www.pulumi.com/docs/concepts/inputs-outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.,Calling [toString] on an [Output<T>] is not supported.\n\nTo get the value of an Output<T> as an Output<string> consider either:\n1: o.apply(v => `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee https://www.pulumi.com/docs/concepts/inputs-outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.","AUTH_PUBLIC_KEY":"-----BEGIN PUBLIC KEY-----REDACTED-----END PUBLIC KEY-----\n"}
nicholasgubbins commented 3 weeks ago

Facing the same issue - seems to be the way the outputs are fetched from secrets i'm linking in to the authenticator function

nicholasgubbins commented 3 weeks ago

it seems to be to do with linking secrets on my side 

import { AccountsTable, WorkspacesTable } from "./api";

const Secrets = {
    GoogleClientId: new sst.Secret("GoogleClientId"),
    GoogleClientSecret: new sst.Secret("GoogleClientSecret")
}

export const auth = new sst.aws.Auth("Auth", {
    authenticator: {
        link: [AccountsTable, WorkspacesTable, Secrets.GoogleClientId, Secrets.GoogleClientSecret],
        handler: "packages/auth/src/authenticator.handler",
        nodejs: {
            loader: {
                ".pem": "text",
            },
        },
        environment: {
            IS_LOCAL: $dev,
            EMAIL_DOMAIN: domainConfig.baseDomain,
            MARKETING_SITE_DOMAIN: MarketingSite,
            FRONTEND_APP_DOMAIN: FrontendApp
        },
        url: true
    },
});

export const authRouter = new sst.aws.Router("AuthRouter", {
    routes: {
        "/auth/*": auth.authenticator.url,
    },
    domain: {
        name: AuthDomain
    }
});

if I remove the linked secrets the error disappears. Also, it's irregular, sometimes it has the error, sometimes it doesnt. looks like it's something with the way that secrets are loaded and injected into the env

thdxr commented 3 weeks ago

should be fixed in 0.0.398