-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[lambda] lambda.Code.FromAsset Golang bundling permission denied at execution #10776
Comments
I just tried this on my Ubuntu machine and it works fine, the environment is as follows.
|
Hi @strongishllama! Unfortunately I WAS able to reproduce this on Windows and had no issues on OSX, so I think this is likely a bug with the way asset bundling works on Windows. I have changed the labels so that it gets the attention of the relevant dev. Are you able to run your builds on Ubuntu as mentioned above while this is pending? If not, the best other workaround would be to create a small secondary pipeline stack in CodePipeline to run the deployment from a Codebuild unix environment. Let me know if that workaround works for you! 😸 😷 |
My primary development device is Ubuntu so all good, but I'll keep that workaround in mind. Thanks! |
Related #7749 The issue ( most likely only on windows) is that files which are bundled will loose their permissions (like beeing executable). As long as seen from inside the container the permissions are correctly set within the After running the cdk bundling the permissions are gone: It seems to me that the files are actually "recreated" somehow since the seem to have a default mask applied to them. The permissions issue is already present on the output folder, hence it has nothing to do with the zip file creation. As docker volumes are tricky I suspect an issue with using volumes or the Note: I do use Docker engine v19.03.13 with WSL 2 on a Windows 10 AMD64 host @strongishllama what is your windows setup? |
Something I noticed: The permissions in Windows are different from the ones seen from inside the docker container. (Most likely due to filesystem differences), propably the permissions simply get lost when moving the file from the container to windows. One idea could be to require the user to zip inside the docker container (thats what I now do manually as a workaround) |
@eladb Since you are assigned to this, would it be possible to add an option like I guess this packaging will never work properly on windows since it will loose the permissions set inside the container. Besides that there should be a warning at https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-assets-readme.html#asset-bundling that bundling on windows might fail (if the file needs e.g. executable permissions). |
Would also be a good idea, I wonder if there should be an example in the docs how to create a zip archive
… Am 10.12.2020 um 09:56 schrieb Jonathan Goldwasser ***@***.***>:
@pfried sounds like a good direction. @jogold what do you think?
You still don't want to do this automagically if the content in /asset-output is a single archive file?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
I would like to get back to this, I would be fine with both approaches |
@jogold I am okay with doing this automatically if |
@eladb started the work in #13076, how would you call this option? |
If the bundling output contains a single archive file (zip or jar), upload it as-is to S3 without zipping it. Allow to customize this behavior with `bundling.packaging`: * `ALWAYS_ZIP`: The bundling output will always be zipped and uploaded to S3. * `NEVER_ZIP`: The bundling output will not be zipped. Bundling will fail if the bundling output doesn't contain a single file. * `AUTO`: If the bundling output contains a single archive file (zip or jar) it will not be zipped. Otherwise it will be zipped. Closes #10776 Closes #12651 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
If the bundling output contains a single archive file (zip or jar), upload it as-is to S3 without zipping it. Allow to customize this behavior with `bundling.packaging`: * `ALWAYS_ZIP`: The bundling output will always be zipped and uploaded to S3. * `NEVER_ZIP`: The bundling output will not be zipped. Bundling will fail if the bundling output doesn't contain a single file. * `AUTO`: If the bundling output contains a single archive file (zip or jar) it will not be zipped. Otherwise it will be zipped. Closes aws#10776 Closes aws#12651 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If the bundling output contains a single archive file (zip or jar), upload it as-is to S3 without zipping it. Allow to customize this behavior with `bundling.packaging`: * `ALWAYS_ZIP`: The bundling output will always be zipped and uploaded to S3. * `NEVER_ZIP`: The bundling output will not be zipped. Bundling will fail if the bundling output doesn't contain a single file. * `AUTO`: If the bundling output contains a single archive file (zip or jar) it will not be zipped. Otherwise it will be zipped. Closes #10776 Closes #12651 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
❓ General Issue
The Question
I've been trying to deploy a Lambda function written in Go using lambda.Code.fromAsset and the experimental BundlingOptions inside the AssetOptions parameter. I'm able to deploy the stack with no issues at all but I get a permission denied error on the Lambda when trying to execute it.
When I download the zipped source from S3 to look at the binaries permissions it should be able to execute it.
Here's the Lambda function snippet from CDK.
I've also tried building and zipping locally then uploading it manually to the existing Lambda function and it works as expected.
Any help would be appreciated. Thanks!
Environment
The text was updated successfully, but these errors were encountered: