aws-toolkit-azure-devops icon indicating copy to clipboard operation
aws-toolkit-azure-devops copied to clipboard

Published 20 hours ago verified publisher icon aws

The LambdaDeployFunction task suppresses permission errors

Open ralphwillgoss opened this issue 3 years ago • 3 comments

Describe the bug The LambdaDeployFunction task currently suppresses permission issues, which can mislead the user to the true cause of the error.

To reproduce

Use the following task with a role that does not have permission to work with Lambda's

- task: LambdaDeployFunction@1
            displayName: 
            inputs:
              functionName: my-function
              codeLocation: s3object
              s3Bucket: bucket
              s3ObjectKey: key

You will receive the error: ##[error]Error: Function:my-function does not exist, cannot update code only

Using the aws-cli to mimic what the function is trying to do with aws lambda get-function you would see: An error occurred (AccessDeniedException) when calling the GetFunction operation: User: arn:aws:sts::myrole is not authorized to perform: lambda:GetFunction on resource: my-function

Expected behavior The permission error should be shown to the user, ideally printed to the console.

Your Environment

  • AWS Toolkit for Azure DevOps version: 1.7.0

Additional context The function testFunctionExists currently suppresses all errors: https://github.com/aws/aws-toolkit-azure-devops/blob/5c3ea378838f82e7aa81842404d944138f033ed3/Tasks/LambdaDeployFunction/TaskOperations.ts#L212

ralphwillgoss avatar Sep 11 '20 08:09 ralphwillgoss

Thanks for pointing this out, we can definitely provide better messaging here.

rli avatar Sep 11 '20 18:09 rli

I'm still getting this same behavior...

adamb924 avatar Mar 06 '24 17:03 adamb924

@rli any update on this?

ralphwillgoss avatar Mar 06 '24 20:03 ralphwillgoss