gradle-aws-plugin
gradle-aws-plugin copied to clipboard
classmethod
Support for CAPABILITY_NAMED_IAM
AWS now has the ability to name IAM users groups and roles, but you need to declare CAPABILITY_NAMED_IAM, which is not currently possible with this plugin
I have begun some work on this issue but have run into problems that I could use some support with (not to mention feedback on implementation approach and naming).
https://github.com/classmethod/gradle-aws-plugin/pull/81
Thank you for integrating the work I tried to do to support named IAM capabilities. I'm a little worried that this integration might have been a little premature. As I mentioned in the pull request and on this issue, I've been having trouble getting it to work properly. At the moment, when I run against version 0.32 I am getting a null-pointer error when trying to use named capabilities.
I believe this is related to the problem I was having when I was trying to debug and was seeking assistance. As near as I can tell I've done everything I could to implement the setting of the new useCapabilityIam properties of the cloudformation plugin, however when executed the new variables are not being set.
I could use some assistance trying to diagnose what went wrong.
Would you post a stack trace for null-pointer, please? I've just fixed a null pointer in the d5aa7461c8eb4e2077cb17e4eee6bfda2104caa5, I'm wondering if it's the same problem as you experience.
Yes it looks like it is the cause. I suppose the work around is to create a policy file... Thanks.
- Exception is: org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':cform:restapi:awsCfnMigrateStack'. at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:69) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:46) at org.gradle.api.internal.tasks.execution.PostExecutionAnalysisTaskExecuter.execute(PostExecutionAnalysisTaskExecuter.java:35) at org.gradle.api.internal.tasks.execution.SkipUpToDateTaskExecuter.execute(SkipUpToDateTaskExecuter.java:64) at org.gradle.api.internal.tasks.execution.ValidatingTaskExecuter.execute(ValidatingTaskExecuter.java:58) at org.gradle.api.internal.tasks.execution.SkipEmptySourceFilesTaskExecuter.execute(SkipEmptySourceFilesTaskExecuter.java:52) at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:52) at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:53) at org.gradle.api.internal.tasks.execution.ExecuteAtMostOnceTaskExecuter.execute(ExecuteAtMostOnceTaskExecuter.java:43) at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:233) at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:215) at org.gradle.execution.taskgraph.AbstractTaskPlanExecutor$TaskExecutorWorker.processTask(AbstractTaskPlanExecutor.java:74) at org.gradle.execution.taskgraph.AbstractTaskPlanExecutor$TaskExecutorWorker.run(AbstractTaskPlanExecutor.java:55) at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor.process(DefaultTaskPlanExecutor.java:32) at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter.execute(DefaultTaskGraphExecuter.java:113) at org.gradle.execution.SelectedTaskExecutionAction.execute(SelectedTaskExecutionAction.java:37) at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:37) at org.gradle.execution.DefaultBuildExecuter.access$000(DefaultBuildExecuter.java:23) at org.gradle.execution.DefaultBuildExecuter$1.proceed(DefaultBuildExecuter.java:43) at org.gradle.execution.DryRunBuildExecutionAction.execute(DryRunBuildExecutionAction.java:32) at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:37) at org.gradle.execution.DefaultBuildExecuter.execute(DefaultBuildExecuter.java:30) at org.gradle.initialization.DefaultGradleLauncher$4.run(DefaultGradleLauncher.java:186) at org.gradle.internal.Factories$1.create(Factories.java:22) at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:91) at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:53) at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:183) at org.gradle.initialization.DefaultGradleLauncher.access$200(DefaultGradleLauncher.java:33) at org.gradle.initialization.DefaultGradleLauncher$1.create(DefaultGradleLauncher.java:112) at org.gradle.initialization.DefaultGradleLauncher$1.create(DefaultGradleLauncher.java:106) at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:91) at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:63) at org.gradle.initialization.DefaultGradleLauncher.doBuild(DefaultGradleLauncher.java:106) at org.gradle.initialization.DefaultGradleLauncher.run(DefaultGradleLauncher.java:92) at org.gradle.launcher.exec.GradleBuildController.run(GradleBuildController.java:66) at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:28) at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35) at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:41) at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:26) at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:79) at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:51) at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:59) at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:47) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:26) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:34) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:74) at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:72) at org.gradle.util.Swapper.swap(Swapper.java:38) at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:72) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:60) at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:72) at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.HintGCAfterBuild.execute(HintGCAfterBuild.java:44) at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120) at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:50) at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:293) at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:54) at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:40) Caused by: java.lang.NullPointerException at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:129) at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1102) at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1120) at jp.classmethod.aws.gradle.cloudformation.AmazonCloudFormationMigrateStackTask.updateStack(AmazonCloudFormationMigrateStackTask.java:176) at jp.classmethod.aws.gradle.cloudformation.AmazonCloudFormationMigrateStackTask.createOrUpdateStack(AmazonCloudFormationMigrateStackTask.java:123) at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:75) at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.doExecute(DefaultTaskClassInfoStore.java:136) at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:129) at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:118) at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:623) at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:606) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:80) at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:61) ... 68 more
On Mon, Jan 9, 2017 at 2:24 PM, Ilya Silvestrov [email protected] wrote:
Would you post a stack trace for null-pointer, please? I've just fixed a null pointer in the d5aa746 https://github.com/classmethod/gradle-aws-plugin/commit/d5aa7461c8eb4e2077cb17e4eee6bfda2104caa5
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/classmethod/gradle-aws-plugin/issues/50#issuecomment-271427254, or mute the thread https://github.com/notifications/unsubscribe-auth/ASVwPKUmBAkuDLqmXOiRwcG0gq-R4WsXks5rQrO2gaJpZM4JVa-e .
--
Rafe Kaplan
Senior Engineer
O: 650.494.1645
M: 415.309.0526 http://www.delphix.com
Having fixed the null pointer problem I am back to the original issue that the value of useCapabilityIam is not being passed along to the API call to Cloudformation. I could use some assistance diagnosing this problem.
I've identified the problem. I was directly accessing the attribute useCapabilityIam. It works properly when retrieved via accessors. Will send over a fix, plus implementation for create-change-set.
Hi,
I am using 0.35 version of plugin.
I have a template which is creating an aws role with RoleName parameter but i can't migrate stack becouse of CAPABILITY_NAMED_IAM problem
i have configured capabilityIam true on my gradle cloudFormation settings but it didn't work.
I tested aws cli command with --capabilities CAPABILITY_NAMED_IAM param and it works fine.
rafe-delphix you said you identified a problem - please help me out :)
best regards
I'm not really able to grant access to create IAM resources as it poses a serious security issue (and though things remain iffy, we're trying to improve conditions).
You said you are able to run the aws cli and modify IAM resources? What credentials do you already have?
On Fri, Sep 15, 2017 at 7:45 AM, iwanskit [email protected] wrote:
Hi,
I am using 0.35 version of plugin.
I have a template which is creating an aws role with RoleName parameter but i can't migrate stack becouse of CAPABILITY_NAMED_IAM problem
i have configured capabilityIam true on my gradle cloudFormation settings but it didn't work.
I tested aws cli command with --capabilities CAPABILITY_NAMED_IAM param and it works fine.
rafe-delphix you said you identified a problem - please help me out :)
best regards
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/classmethod/gradle-aws-plugin/issues/50#issuecomment-329803549, or mute the thread https://github.com/notifications/unsubscribe-auth/ASVwPJM0z-xkOrD5QQdTUvwLYFWMJledks5sio2egaJpZM4JVa-e .
--
http://delphix.com RAFE KAPLAN Software Engineer (Developer Operations) M: 415.309.0526 Delphix.com http://delphix.com [image: Twitter] https://twitter.com/delphix [image: LinkedIn] https://www.linkedin.com/company-beta/236924/ [image: Facebook] https://facebook.com/delphixcorp [image: Instagram] https://www.instagram.com/delphixcorp/ [image: YouTube] https://www.youtube.com/user/MarketingDelphix
I have AdministratorAccess policy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "", "Resource": "" } ] }
i think it just need createRole action in policy but i will test it tomorrow.
My issue has been solved. useCapabilityIam 'CAPABILITY_NAMED_IAM' on gradle cloudFormation settings fixed my problem. Thx!
Where are you using gradle with cloud formation?
On Mon, Sep 18, 2017 at 5:25 AM, iwanskit [email protected] wrote:
My issue has been solved. useCapabilityIam 'CAPABILITY_NAMED_IAM' on gradle cloudFormation settings fixed my problem. Thx!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/classmethod/gradle-aws-plugin/issues/50#issuecomment-330168445, or mute the thread https://github.com/notifications/unsubscribe-auth/ASVwPKV-M7stSPGGLrd4hpBz3FZo-CXUks5sjjb-gaJpZM4JVa-e .
--
http://delphix.com RAFE KAPLAN Software Engineer (Developer Operations) M: 415.309.0526 Delphix.com http://delphix.com [image: Twitter] https://twitter.com/delphix [image: LinkedIn] https://www.linkedin.com/company-beta/236924/ [image: Facebook] https://facebook.com/delphixcorp [image: Instagram] https://www.instagram.com/delphixcorp/ [image: YouTube] https://www.youtube.com/user/MarketingDelphix