aws-extensions-for-dotnet-cli
aws-extensions-for-dotnet-cli copied to clipboard
dotnet lambda deploy-function fails when *** No policy, add permissions later *** is chosen
Describe the bug
When deploying a Lambda function using dotnet lambda deploy-function
, an error occurs if the option *** No policy, add permissions later *** is chosen.
21) *** No policy, add permissions later ***
21
Unknown error executing command: Object reference not set to an instance of an object.
at Amazon.Common.DotNetCli.Tools.RoleHelper.ExpandManagedPolicyName(IAmazonIdentityManagementService iamClient, String managedPolicy) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 112
at Amazon.Common.DotNetCli.Tools.RoleHelper.CreateRole(IAmazonIdentityManagementService iamClient, String roleName, String assumeRolePolicy, String[] managedPolicies) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 144
at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 432
at Amazon.Common.DotNetCli.Tools.RoleHelper.SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList`1 existingRoles) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 393
at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 370
at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.GetRoleValueOrDefault(String propertyValue, CommandOption option, String assumeRolePrincipal, String awsManagedPolicyPrefix, Dictionary`2 knownManagedPolicyDescription, Boolean required) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 368
at Amazon.Lambda.Tools.Commands.DeployFunctionCommand.PerformActionAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Lambda.Tools\Commands\DeployFunctionCommand.cs:line 271
at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.ExecuteAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 46
Expected Behavior
The function deploys with a role that has no policy attached.
Current Behavior
Unknown error executing command: Object reference not set to an instance of an object.
at Amazon.Common.DotNetCli.Tools.RoleHelper.ExpandManagedPolicyName(IAmazonIdentityManagementService iamClient, String managedPolicy) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 112
at Amazon.Common.DotNetCli.Tools.RoleHelper.CreateRole(IAmazonIdentityManagementService iamClient, String roleName, String assumeRolePolicy, String[] managedPolicies) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 144
at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 432
at Amazon.Common.DotNetCli.Tools.RoleHelper.SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList`1 existingRoles) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 393
at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 370
at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.GetRoleValueOrDefault(String propertyValue, CommandOption option, String assumeRolePrincipal, String awsManagedPolicyPrefix, Dictionary`2 knownManagedPolicyDescription, Boolean required) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 368
at Amazon.Lambda.Tools.Commands.DeployFunctionCommand.PerformActionAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Lambda.Tools\Commands\DeployFunctionCommand.cs:line 271
at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.ExecuteAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 46
Reproduction Steps
Create a Lambda function with the lambda.EmptyFunction
template.
Run dotnet lambda deploy-function -fn SomeFunction
When asked to "Select IAM Role", choose *** Create new IAM Role ***. Enter a role name.
When asked to "Select IAM Policy to attach", choose *** No policy, add permissions later ***.
Exception occurs.
Possible Solution
Guard for null or empty managedPolicy
in RoleHelper.cs CreateRole(..)
Additional Information/Context
No response
Targeted .NET platform
.NET 6
CLI extension version
amazon.lambda.tools 5.4.4 dotnet-lambda (error output is from this version) amazon.lambda.tools 5.0.1 dotnet-lambda
Environment details (OS name and version, etc.)
Windows 10, Ubuntu 18.04
Reproducible.
Possible fix:
Handle null
while iterating through managed policies at RoleHelper.CreateRole() and calling ExpandManagedPolicyName()
. Also handle null
while trying to attach policy later before trying to execute IamClient.AttachRolePolicyAsync().
Fixed in Amazon.Lambda.Tools version 5.4.5.
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.