Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(lambda): provide support for AWS Parameters and Secrets Extension for Lambda #25725

Merged
merged 49 commits into from
Jun 8, 2023
Merged

feat(lambda): provide support for AWS Parameters and Secrets Extension for Lambda #25725

merged 49 commits into from
Jun 8, 2023

Conversation

colifran
Copy link
Contributor

@colifran colifran commented May 24, 2023
edited
Loading

This PR provides support for the AWS Parameters and Secrets Extension for Lambda functions. This extension will allow users to retrieve and cache AWS Secrets Manager secrets and AWS Parameter Store parameters in Lambda functions without using an SDK.

Note: Design was updated from previous PR which had a circular dependency causing go build to break.

Closes #23187

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@colifran
added interface for params and secrets extension configuration option…
ab0770a 
…s and added an enum for params and secrets logging level

Signed-off-by: Francis <colifran@amazon.com>
@colifran
created initial getter for params and secrets extension lambda arn
dc5a38f 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added some initial logic to create params and secrets layer and to ad…
36d4bb8 
…d environment variables based on config

Signed-off-by: Francis <colifran@amazon.com>
@colifran
moved params and secrets extension lambda arn table to region-build d…
93553ff 
…irectory

Signed-off-by: Francis <colifran@amazon.com>
@colifran
added readonly keyword to ParametersAndSecretsExtensionConfig interfa…
bba4e63 
…ce and added permissions to attachParametersAndSecretsExtension method

Signed-off-by: Francis <colifran@amazon.com>
@colifran
refactored code and added a params-and-secrets-layers file - separati…
a721460 
…on of concerns

Signed-off-by: Francis <colifran@amazon.com>
@colifran
initial implementation for _bind and some initial logic for configure…
d4ac1c5 
…ParamsAndSecretsExtension

Signed-off-by: Francis <colifran@amazon.com>
@colifran
refactor
762b2d3 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
created initial params and secrets fact table and added code for regi…
d705559 
…stering fact

Signed-off-by: Francis <colifran@amazon.com>
@colifran
registered params and secrets fact
a08b55b 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
completed registering fact and created getVersionArn logic
f8a22f1 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
made fromArchitecture static method and made lambda layern arn select…
7014351 
…able by architecture

Signed-off-by: Francis <colifran@amazon.com>
@colifran
added permissions to configure params and secrets method
a688ef4 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
small refactoring and added all arns to fact table
9614604 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
removed test and added attribute to abstract class
2def06d 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
wip - unit tests
f8e6f34 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
wip
a13cf75 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
updated naming and added unit tests
2361ff0 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
corrected unit test and added more description to getVersionArn error…
ab603de 
… message

Signed-off-by: Francis <colifran@amazon.com>
@colifran
docstrings and unit test logic
07c4d7d 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added an options property to allow users to configure environment var…
9fb3e49 
…iables as part of the extension

Signed-off-by: Francis <colifran@amazon.com>
@colifran
refactor
9759a41 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
wip
3e56c45 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit tests
c86d406 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added validation for configuration options, added unit tests, updated…
581a737 
… region-info to include version

Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit tests for bad configuration options
f15ba2d 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit test for arm64 in unsupported region
06ab452 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit test for kms:Decrypt in execution pole
c09bbd4 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit test for multiple secrets
a8c4b3c 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added some comments
8ae5edf 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
updated granting of permissions in function to just use grantRead, ma…
f8fa77c 
…de getVersionArn a class method, unit tests

Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit tests for fromVersion testing
2745e69 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit tests for secrets with and without encryption key
2e4a2af 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added unit tests for parameters
005d6fd 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
unit tests for configuration options
dd12ce5 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
added README section for parameters and secrets extension
4dfb29e 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
updated readme
c16d2d8 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
created integ test for params and secrets
f93ed5b 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
integ tests and snapshots
9cd452e 
Signed-off-by: Francis <colifran@amazon.com>
@aws-cdk-automation aws-cdk-automation dismissed their stale review May 30, 2023 17:03

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@colifran
Copy link
Contributor Author

@rix0rrr I can't directly respond to your first comment for some reason. That said, I made the initial design choice for several reasons:

  1. We use a similar design pattern for lambda insights and ADOT lambda extensions. My thinking was that maintaining a consistent user experience when we're adding support for different lambda extensions would be important.
  2. To me, it makes sense to add a lambda extension to a lambda function and then use _bind internally to bind the extension to the lambda. That said, I wonder if passing a function to a lambda extension would convey that the function is part of the extension vs. the extension being part of the lambda function.

I think you bring up a very valid point in considering making this an external construct rather than a built-in option. Do the two points I made above change your mind at all?

@colifran colifran marked this pull request as ready for review June 1, 2023 12:07
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jun 1, 2023
@colifran
updated version to correctly use 1.0.103
22cab5d 
Signed-off-by: Francis <colifran@amazon.com>
@colifran
updated integ test and snapshots for extension version 1.0.103
c9275e1 
Signed-off-by: Francis <colifran@amazon.com>
@mergify
Copy link
Contributor

mergify bot commented Jun 8, 2023

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 19f9cbb
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Jun 8, 2023

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 7a74513 into main Jun 8, 2023
@mergify mergify bot deleted the colifran/params-and-secrets-lambda-extension branch June 8, 2023 19:02
mrgrain added a commit that referenced this pull request Jun 9, 2023
@mrgrain
Revert "feat(lambda): provide support for AWS Parameters and Secrets …
56a8bd0 
…Extension for Lambda (#25725)"

This reverts commit 7a74513.
This was referenced Jun 9, 2023
Merged
Closed
mergify bot pushed a commit that referenced this pull request Jun 9, 2023
@mrgrain
chore: Revert "feat(lambda): provide support for AWS Parameters and S…
f89eb3f 
…ecrets Extension for Lambda" (#25919)

Reverts #25725

This breaks the go build

```


Error: Command (go build -modfile local.go.mod ./...) failed with status 1:
--
3592 | #STDERR> package github.com/aws/aws-cdk-go/awscdk/v2/awsapigateway
3593 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awscognito
3594 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awslambda
3595 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager
3596 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awslambda: import cycle not allowed
3597 | #STDERR> package github.com/aws/aws-cdk-go/awscdk/v2/awsapigateway
3598 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awscognito
3599 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awslambda
3600 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awssecretsmanager
3601 | #STDERR>    imports github.com/aws/aws-cdk-go/awscdk/v2/awslambda: import cycle not allowed
```


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jun 10, 2023
@filletofish filletofish mentioned this pull request Jul 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr left review comments

@otaviomacedo otaviomacedo otaviomacedo approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(lambda): Make it easy to use "AWS Parameters and Secrets Lambda Extension" with Lambda Functions
4 participants
@colifran @aws-cdk-automation @otaviomacedo @rix0rrr