Can't run serverless puresec gen-roles

[mikeblanton]

Hello! I'm trying to run serverless puresec gen-roles, but it's coming up with an error. I suspect it might be due to the fact that I'm also using the colocate serverless plugin. I can successfully deploy the app using serverless deploy. Any thoughts on what might be happening?

→ serverless puresec gen-roles
Serverless: Packaging service...
Serverless: Excluding development dependencies...
error: invalid CloudFormation template:
too many values to unpack (expected 2)
 
  Error --------------------------------------------------
 
 
     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
 
  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless
 
  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           10.6.0
     Serverless Version:     1.26.1

[odedniv]

Hey @mikeblanton, thanks for the report!

The CLI uses the command serverless package, can you try to execute it and see if that fails?

It also looks like you don't have the latest version of Serverless. They have made some changes in the last versions regarding parsing the configuration which may fix the issue (if the problem is really with sls package).

[mikeblanton]

I didn't realize my serverless version was out of date! I've updated it, same result. serverless package appears to be working

→ serverless puresec gen-roles
Serverless: Packaging service...
Serverless: Excluding development dependencies...
error: invalid CloudFormation template:
too many values to unpack (expected 2)
 
  Error --------------------------------------------------
 
 
     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
 
  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com
 
  Your Environment Information -----------------------------
     OS:                     darwin
     Node Version:           10.6.0
     Serverless Version:     1.29.2

→ serverless package
Serverless: Packaging service...
Serverless: Excluding development dependencies...

[mikeblanton]

Also I've repackaged my app slightly and now I'm not using the colocate plugin anymore.

[avish9]

Hi @mikeblanton ,

We suspect that the problem is in parsing one of the intrinsic functions (Fn::Join, Fun::Sub etc.) in your serverless.yml file.

Would you be able to send a gist of your serverless.yml (or the final generated CloudFormation) file while stripping any sensitive/important data?

Thanks, Avi

[AnthonyWC]

I got a similar error; in my case it is due to the serverless-pseudo-parameter changing region in Resource, e.g.

us-east-1 => ${AWS::Region}

For example, let's say you have any resource reference like:

  - Resources:
      SSMParameter2:
        Type: AWS::SSM::Parameter
        Properties:
          Name: "/${self:custom.ssm.config-key-prefix}/${self:custom.ssm.config-etlProcessID}/pg"
          Type: String
          Value: '{ "host" : "foo.us-east-1.rds.amazonaws.com", "database" : "cgplatform", "port" : 5432 }'       

Do a serverless package:

Without plugin; good:


          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": "{ \"host\" : \"foo.hello.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
            }
          },

With plugin; bad:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": {
                "Fn::Sub": "{ \"host\" : \"foo.${AWS::Region}.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
              }
            }
          },

I am guessing the plugin doesn't understand ${AWS::Region}

[chanmathew]

I got a similar error; in my case it is due to the serverless-pseudo-parameter changing region in Resource, e.g.

us-east-1 => ${AWS::Region}

For example, let's say you have any resource reference like:

  - Resources:
      SSMParameter2:
        Type: AWS::SSM::Parameter
        Properties:
          Name: "/${self:custom.ssm.config-key-prefix}/${self:custom.ssm.config-etlProcessID}/pg"
          Type: String
          Value: '{ "host" : "foo.us-east-1.rds.amazonaws.com", "database" : "cgplatform", "port" : 5432 }'       

Do a serverless package:

Without plugin; good:


          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": "{ \"host\" : \"foo.hello.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
            }
          },

With plugin; bad:

          "SSMParameter2": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dataeng/att-voice-call-detail/pg",
              "Type": "String",
              "Value": {
                "Fn::Sub": "{ \"host\" : \"foo.${AWS::Region}.rds.amazonaws.com\", \"database\" : \"cgplatform\", \"port\" : 5432 }"
              }
            }
          },

I am guessing the plugin doesn't understand ${AWS::Region}

Did you ever get it working with psuedo params? if not what was your solution?

[funkel1989]

I am also having this issue and can relate that when serverless psudo params is removed that it works.