Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix lambda function name validation for CreateFunction #9825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 11, 2023
Merged

Fix lambda function name validation for CreateFunction #9825

merged 2 commits into from
Dec 11, 2023

Conversation

joe4dev
Copy link
Member

@joe4dev joe4dev commented Dec 8, 2023
edited
Loading

Motivation

The FunctionName in the Lambda CreateFunction operation is currently not validated and cannot handle function ARNs.
The AWS API reference describes that the operation can accept the following options for FunctionName:

  • Function name – my-function.
  • Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
  • Partial ARN – 123456789012:function:my-function.

This issue came up in a support case where a function ARN crashed in the event_manager.py because it tried to create an SQS queue with an invalid name (containing :).

Changes

  • Add AWS-validated tests for exceptions and valid function ARNs
  • Fix validation of FunctionName for the Lambda CreateFunction operation

Testing

  • tests.aws.services.lambda_.test_lambda_api.TestLambdaFunction.test_function_arns

Notes

  • Other operations in the Lambda API also do not cover all validation implemented for CreateFunction now. However, they often use api_utils.get_name_and_qualifier, which supports function ARNs and handles some validations (i.e., qualified and region). If we want to improve server-side validations consistently, we need better boto-spec-based validation abstractions as suggested by @thrau here.
  • The FunctionName cannot be updated, so we don't need to consider renaming.

@joe4dev joe4dev added the semver: patch Non-breaking changes which can be included in patch releases label Dec 8, 2023
@joe4dev joe4dev self-assigned this Dec 8, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 8, 2023

LocalStack Community integration with Pro

       2 files  ±0         2 suites  ±0   1h 11m 23s ⏱️ - 1m 36s
2 399 tests +1  2 171 ✔️ +1  228 💤 ±0  0 ±0 
2 400 runs  +1  2 171 ✔️ +1  229 💤 ±0  0 ±0 

Results for commit 9267413. ± Comparison against base commit 40266a1.

@coveralls
Copy link

Coverage Status

coverage: 84.262% (-0.01%) from 84.274%
when pulling 9267413 on fix-lambda-function-name-validation
into 40266a1 on master.

@joe4dev joe4dev marked this pull request as ready for review December 8, 2023 14:06
dfangl
dfangl approved these changes Dec 11, 2023
View reviewed changes
Copy link
Member

@dfangl dfangl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Do you think it makes sense to put that logic in a separate function, just to preserve readability in the CreateFunction body?

@joe4dev
Copy link
Member Author

joe4dev commented Dec 11, 2023

Looks good! Do you think it makes sense to put that logic in a separate function, just to preserve readability in the CreateFunction body?

Possibly. It is rather minor as long as we cannot reuse it. However, if the validation creep continues, we could consider reviving the idea of server-side "boto-spec-based validation abstractions as suggested by Thomas #7675 (comment).":

I did a quick try but it didn't work so far (doesn't produce validation errors):

from localstack.aws.protocol.validate import ParamValidator
from localstack.aws.spec import load_service

service = load_service("lambda")
operation = service.operation_model("CreateFunction")
shape = operation.input_shape.members["FunctionName"]
params = "invalid:fun"
validator = ParamValidator()
validation_errors = validator.validate(params, shape)

print(str(validation_errors))

joe4dev
joe4dev commented Dec 11, 2023
View reviewed changes
tests/aws/services/lambda_/test_lambda_api.py
@@ -404,6 +404,113 @@ def test_lambda_code_location_s3(
== get_function_response_updated["Configuration"]["CodeSize"]
)

# TODO: fix type of AccessDeniedException yielding null
@markers.snapshot.skip_snapshot_verify(paths=["function_arn_other_account_exc..Error.Message"])
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would need some other type of AccessDeniedException to fix this tiny snapshot diff because AWS returns None but the exception translates the None message into an empty string:

/Error/Message None (type: <class 'NoneType'>) → '' (type: <class 'str'>)... (expected → actual)

@joe4dev joe4dev merged commit 4733a9b into master Dec 11, 2023
@joe4dev joe4dev deleted the fix-lambda-function-name-validation branch December 11, 2023 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dfangl dfangl dfangl approved these changes

@dominikschubert dominikschubert Awaiting requested review from dominikschubert dominikschubert is a code owner

Assignees

@joe4dev joe4dev

Labels
semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joe4dev @coveralls @dfangl