aws-extensions-for-dotnet-cli icon indicating copy to clipboard operation
aws-extensions-for-dotnet-cli copied to clipboard

Published 20 hours ago verified publisher icon aws

dotnet lambda deploy-function fails when *** No policy, add permissions later *** is chosen

Open bjhogan opened this issue 1 year ago • 1 comments

Describe the bug

When deploying a Lambda function using dotnet lambda deploy-function, an error occurs if the option *** No policy, add permissions later *** is chosen.

21) *** No policy, add permissions later ***
21
Unknown error executing command: Object reference not set to an instance of an object.
   at Amazon.Common.DotNetCli.Tools.RoleHelper.ExpandManagedPolicyName(IAmazonIdentityManagementService iamClient, String managedPolicy) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 112
   at Amazon.Common.DotNetCli.Tools.RoleHelper.CreateRole(IAmazonIdentityManagementService iamClient, String roleName, String assumeRolePolicy, String[] managedPolicies) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 144
   at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 432
   at Amazon.Common.DotNetCli.Tools.RoleHelper.SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList`1 existingRoles) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 393
   at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 370
   at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.GetRoleValueOrDefault(String propertyValue, CommandOption option, String assumeRolePrincipal, String awsManagedPolicyPrefix, Dictionary`2 knownManagedPolicyDescription, Boolean required) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 368
   at Amazon.Lambda.Tools.Commands.DeployFunctionCommand.PerformActionAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Lambda.Tools\Commands\DeployFunctionCommand.cs:line 271
   at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.ExecuteAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 46

Expected Behavior

The function deploys with a role that has no policy attached.

Current Behavior

Unknown error executing command: Object reference not set to an instance of an object.
   at Amazon.Common.DotNetCli.Tools.RoleHelper.ExpandManagedPolicyName(IAmazonIdentityManagementService iamClient, String managedPolicy) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 112
   at Amazon.Common.DotNetCli.Tools.RoleHelper.CreateRole(IAmazonIdentityManagementService iamClient, String roleName, String assumeRolePolicy, String[] managedPolicies) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 144
   at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptToCreateRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 432
   at Amazon.Common.DotNetCli.Tools.RoleHelper.SelectFromExisting(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo, IList`1 existingRoles) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 393
   at Amazon.Common.DotNetCli.Tools.RoleHelper.PromptForRole(IAmazonIdentityManagementService iamClient, PromptRoleInfo promptInfo) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\RoleHelper.cs:line 370
   at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.GetRoleValueOrDefault(String propertyValue, CommandOption option, String assumeRolePrincipal, String awsManagedPolicyPrefix, Dictionary`2 knownManagedPolicyDescription, Boolean required) in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 368
   at Amazon.Lambda.Tools.Commands.DeployFunctionCommand.PerformActionAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Lambda.Tools\Commands\DeployFunctionCommand.cs:line 271
   at Amazon.Common.DotNetCli.Tools.Commands.BaseCommand`1.ExecuteAsync() in C:\codebuild\tmp\output\src455250883\src\src\Amazon.Common.DotNetCli.Tools\Commands\BaseCommand.cs:line 46

Reproduction Steps

Create a Lambda function with the lambda.EmptyFunction template.

Run dotnet lambda deploy-function -fn SomeFunction

When asked to "Select IAM Role", choose *** Create new IAM Role ***. Enter a role name.

When asked to "Select IAM Policy to attach", choose *** No policy, add permissions later ***.

Exception occurs.

Possible Solution

Guard for null or empty managedPolicy in RoleHelper.cs CreateRole(..)

Additional Information/Context

No response

Targeted .NET platform

.NET 6

CLI extension version

amazon.lambda.tools 5.4.4 dotnet-lambda (error output is from this version) amazon.lambda.tools 5.0.1 dotnet-lambda

Environment details (OS name and version, etc.)

Windows 10, Ubuntu 18.04

bjhogan avatar Aug 11 '22 14:08 bjhogan

Reproducible.

Possible fix: Handle null while iterating through managed policies at RoleHelper.CreateRole() and calling ExpandManagedPolicyName(). Also handle null while trying to attach policy later before trying to execute IamClient.AttachRolePolicyAsync().

ashishdhingra avatar Aug 11 '22 18:08 ashishdhingra

Fixed in Amazon.Lambda.Tools version 5.4.5.

ashishdhingra avatar Aug 18 '22 19:08 ashishdhingra

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] avatar Aug 18 '22 19:08 github-actions[bot]