From c7220e27ac992c8057ba2b4887851c68015d0a21 Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Wed, 20 Jan 2021 01:03:41 -0500 Subject: [PATCH 1/2] only call GetFunctionCodeSigningConfig for zip type funcs --- aws/data_source_aws_lambda_function.go | 29 ++++++------ aws/data_source_aws_lambda_function_test.go | 50 +++++++++++++++++++++ 2 files changed, 66 insertions(+), 13 deletions(-) diff --git a/aws/data_source_aws_lambda_function.go b/aws/data_source_aws_lambda_function.go index 5174f9e9bd01..2079a23b30c1 100644 --- a/aws/data_source_aws_lambda_function.go +++ b/aws/data_source_aws_lambda_function.go @@ -313,23 +313,26 @@ func dataSourceAwsLambdaFunctionRead(d *schema.ResourceData, meta interface{}) e return nil } - // Get Code Signing Config Output - // If code signing config output exists, set it to that value, otherwise set it empty. - codeSigningConfigInput := &lambda.GetFunctionCodeSigningConfigInput{ - FunctionName: aws.String(d.Get("function_name").(string)), - } + // Get Code Signing Config Output. + // Code Signing is only supported on zip packaged lambda functions. + var codeSigningConfigArn string - getCodeSigningConfigOutput, err := conn.GetFunctionCodeSigningConfig(codeSigningConfigInput) - if err != nil { - return fmt.Errorf("error getting Lambda Function (%s) Code Signing Config: %w", aws.StringValue(function.FunctionName), err) - } + if aws.StringValue(function.PackageType) == lambda.PackageTypeZip { + codeSigningConfigInput := &lambda.GetFunctionCodeSigningConfigInput{ + FunctionName: function.FunctionName, + } + getCodeSigningConfigOutput, err := conn.GetFunctionCodeSigningConfig(codeSigningConfigInput) + if err != nil { + return fmt.Errorf("error getting Lambda Function (%s) Code Signing Config: %w", aws.StringValue(function.FunctionName), err) + } - if getCodeSigningConfigOutput == nil || getCodeSigningConfigOutput.CodeSigningConfigArn == nil { - d.Set("code_signing_config_arn", "") - } else { - d.Set("code_signing_config_arn", getCodeSigningConfigOutput.CodeSigningConfigArn) + if getCodeSigningConfigOutput != nil { + codeSigningConfigArn = aws.StringValue(getCodeSigningConfigOutput.CodeSigningConfigArn) + } } + d.Set("code_signing_config_arn", codeSigningConfigArn) + d.SetId(aws.StringValue(function.FunctionName)) return nil diff --git a/aws/data_source_aws_lambda_function_test.go b/aws/data_source_aws_lambda_function_test.go index 4a2557ba05af..a39366c13d11 100644 --- a/aws/data_source_aws_lambda_function_test.go +++ b/aws/data_source_aws_lambda_function_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "os" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" @@ -180,6 +181,27 @@ func TestAccDataSourceAWSLambdaFunction_fileSystemConfig(t *testing.T) { }) } +func TestAccDataSourceAWSLambdaFunction_imageConfig(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + dataSourceName := "data.aws_lambda_function.test" + resourceName := "aws_lambda_function.test" + + imageLatestID := os.Getenv("AWS_LAMBDA_IMAGE_LATEST_ID") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccDataSourceLambdaImagePreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceAWSLambdaFunctionConfigImageConfig(rName, imageLatestID), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "code_signing_config_arn", resourceName, "code_signing_config_arn"), + ), + }, + }, + }) +} + func testAccDataSourceAWSLambdaFunctionConfigBase(rName string) string { return fmt.Sprintf(` resource "aws_iam_role" "lambda" { @@ -495,3 +517,31 @@ data "aws_lambda_function" "test" { } `, rName) } + +func testAccDataSourceAWSLambdaFunctionConfigImageConfig(rName, imageID string) string { + return composeConfig( + testAccDataSourceAWSLambdaFunctionConfigBase(rName), + fmt.Sprintf(` +resource "aws_lambda_function" "test" { + image_uri = %q + function_name = %q + role = aws_iam_role.lambda.arn + package_type = "Image" + image_config { + entry_point = ["/bootstrap-with-handler"] + command = ["app.lambda_handler"] + working_directory = "/var/task" + } +} + +data "aws_lambda_function" "test" { + function_name = aws_lambda_function.test.function_name +} +`, imageID, rName)) +} + +func testAccDataSourceLambdaImagePreCheck(t *testing.T) { + if os.Getenv("AWS_LAMBDA_IMAGE_LATEST_ID") == "" { + t.Skip("AWS_LAMBDA_IMAGE_LATEST_ID env var must be set for Lambda Function Data Source Image Support acceptance tests.") + } +} From 1abeba0b065e8db197fed8b92604ec15578950aa Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Wed, 20 Jan 2021 17:46:33 -0500 Subject: [PATCH 2/2] document lambda image related env vars in guide --- docs/MAINTAINING.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/MAINTAINING.md b/docs/MAINTAINING.md index 696f8574ded6..f315205fd013 100644 --- a/docs/MAINTAINING.md +++ b/docs/MAINTAINING.md @@ -404,6 +404,9 @@ Environment variables (beyond standard AWS Go SDK ones) used by acceptance testi | `AWS_EC2_EIP_PUBLIC_IPV4_POOL` | Identifier for EC2 Public IPv4 Pool for EC2 EIP testing. | | `AWS_GUARDDUTY_MEMBER_ACCOUNT_ID` | Identifier of AWS Account for GuardDuty Member testing. **DEPRECATED:** Should be replaced with standard alternate account handling for tests. | | `AWS_GUARDDUTY_MEMBER_EMAIL` | Email address for GuardDuty Member testing. **DEPRECATED:** It may be possible to use a placeholder email address instead. | +| `AWS_LAMBDA_IMAGE_LATEST_ID` | ECR repository image URI (tagged as `latest`) for Lambda container image acceptance tests. +| `AWS_LAMBDA_IMAGE_V1_ID` | ECR repository image URI (tagged as `v1`) for Lambda container image acceptance tests. +| `AWS_LAMBDA_IMAGE_V2_ID` | ECR repository image URI (tagged as `v2`) for Lambda container image acceptance tests. | `DX_CONNECTION_ID` | Identifier for Direct Connect Connection testing. | | `DX_VIRTUAL_INTERFACE_ID` | Identifier for Direct Connect Virtual Interface testing. | | `EC2_SECURITY_GROUP_RULES_PER_GROUP_LIMIT` | EC2 Quota for Rules per Security Group. Defaults to 50. **DEPRECATED:** Can be augmented or replaced with Service Quotas lookup. |