Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cirrus Lambda Fixes #88

Merged
merged 4 commits into from
Jan 28, 2025
Merged

Cirrus Lambda Fixes #88

merged 4 commits into from
Jan 28, 2025

Conversation

cvangerpen
Copy link
Contributor

@cvangerpen cvangerpen commented Jan 10, 2025
edited
Loading

This feature addresses some minor permission issues with the current Cirrus Lambda code and adds the ability to use custom Cirrus Lambda Dist ZIPs.

Related issue(s)

  • None

Proposed Changes

  1. An optional input variable cirrus_lambda_dist_zip_filepath was added to allow a custom ZIP to be used for all cirrus lambdas (API, process, update-state, pre-batch, and post-batch). This change enables compatibility testing and/or version pinning of a specific cirrus build rather than always using the default version included with this repository. If a custom ZIP is not provided, the default is used.
  2. Minor permission changes for compatibility with cirrus v1.0.0a0
    • The update-state lambda is granted sns:Publish permissions for both the publish topic and the workflow_event topic.
    • The update-state lambda is granted s3:PutObject in addition to the existing s3:GetObject permissions on the Cirrus payload bucket (necessary for uploading a process payload to S3 if it is not already there).
    • Workflow state machines are granted events:PutEvents permissions in order to push state transition events.
    • The cirrus_update_state CloudWatch event rule had an invalid prefix ARN that prevented events from workflow state machines being captured.

Testing

This change was validated by the following observations:

  1. An existing FilmDrop deployment was updated to use this branch and then deployed without specifying a custom Cirrus dist ZIP. This resulted in no changes to the lambdas that use this ZIP as they continued to use the default version provided in this repository.
  2. That same deployment was then updated to use a version of the cirrus lambda dist ZIP I built locally and specified via cirrus_inputs.lambda_dist_zip_filepath. Deploying this change resulted in each cirrus lambda being updated accordingly.
  3. A cirrus workflow was then tested end-to-end against the updated lambdas. Upon state machine completion, the state transition event successfully triggered the EventBridge rule that invoked the cirrus update-state lambda.
    • image
  4. The update-state lambda executed successfully, resulting in a push to the cirrus publish SNS topic.
    • image
    • image

Checklist

  • I have deployed and validated this change
  • Changelog
    • I have added my changes to the changelog
    • No changelog entry is necessary
  • README migration
    • I have added any migration steps to the Readme
    • No migration is necessary

@cvangerpen
Cirrus update-state permission fixes
9dea045 
Fixed permissions necessary for workflows triggering the update-state
Lambda. Added permissions for update-state that are necessary in Cirrus
v1.0.0a0 and beyond. Added Cirrus Publish SNS topic env var to lambda.
@cvangerpen
Added cirrus lambda dist zip override variable
0e6669c 
Custom cirrus lambda dist zips may now be used instead of the provided
version. Fixed hardcoded default filepath in sns module.
@cvangerpen
Updated changelog
473619d
@cvangerpen cvangerpen marked this pull request as ready for review January 10, 2025 16:34
@cvangerpen cvangerpen merged commit 1bddd7f into main Jan 28, 2025
4 checks passed
@cvangerpen cvangerpen deleted the cvg/cirrus-lambda-fixes branch January 28, 2025 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectormachin hectormachin hectormachin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cvangerpen @hectormachin