aws-toolkit-azure-devops
aws-toolkit-azure-devops copied to clipboard
The LambdaDeployFunction task suppresses permission errors
Describe the bug The LambdaDeployFunction task currently suppresses permission issues, which can mislead the user to the true cause of the error.
To reproduce
Use the following task with a role that does not have permission to work with Lambda's
- task: LambdaDeployFunction@1
displayName:
inputs:
functionName: my-function
codeLocation: s3object
s3Bucket: bucket
s3ObjectKey: key
You will receive the error: ##[error]Error: Function:my-function does not exist, cannot update code only
Using the aws-cli
to mimic what the function is trying to do with aws lambda get-function
you would see:
An error occurred (AccessDeniedException) when calling the GetFunction operation: User: arn:aws:sts::myrole is not authorized to perform: lambda:GetFunction on resource: my-function
Expected behavior The permission error should be shown to the user, ideally printed to the console.
Your Environment
- AWS Toolkit for Azure DevOps version: 1.7.0
Additional context The function testFunctionExists currently suppresses all errors: https://github.com/aws/aws-toolkit-azure-devops/blob/5c3ea378838f82e7aa81842404d944138f033ed3/Tasks/LambdaDeployFunction/TaskOperations.ts#L212
Thanks for pointing this out, we can definitely provide better messaging here.
I'm still getting this same behavior...
@rli any update on this?