You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've written an asynchronous policy that returns a promise and it works, but I'm wondering whether I've implemented it correctly because serverless deploy seems to continue running while the plugin is evaluating its condition.
Is there something I've missed in documentation about writing async policies, or does the safeguards plugin itself not await them?
The good news is the policy works. But the bad news is serverless continues to run while it's evaluating.
Here's an example output.
Summary --------------------------------------------------
passed - No secrets in lambda ENV VARs
passed - no secret ENV vars
running - No deploy to blocked accountsServerless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service hello-fullstack.zip file to S3 (23.68 MB)...
passed - No deploy to blocked accounts
Serverless: Safeguards Summary: 3 passed, 0 warnings, 0 errors, 0 skipped
You can see the two lines from my plugin:
running - No deploy to blocked accounts
passed - No deploy to blocked accounts
But before it passes, you can also see serverless begin to upload my stack.
My plugin looks like this:
constAWS=require('aws-sdk');/** * Denies deploying this project to the blocked AWS accounts. * * @param policy * @param service * @param options */module.exports=asyncfunctionnoDeployToBlockedAccountPolicy(policy,service,options){// @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#getCallerIdentity-propertyconststs=newAWS.STS();if(!Array.isArray(options.accountIds)){policy.fail(`The policy no-deploy-to-blocked-accounts is missing a 'config.accountIds' array.`);}try{constdata=awaitsts.getCallerIdentity({}).promise();if(options.accountIds.includes((parseInt(data.Account)))){policy.fail(`Your current AWS account ${data.Account} is blocked from deployment. `+`Switch to another account and try again.`);return;}policy.approve();}catch(err){console.error(err,err.stack);policy.fail(`An error occurred`);}};
And it's configured as follows:
custom:
safeguards:
- title: No deploy to blocked accountssafeguard: no-deploy-to-blocked-accountspath: ./policiesconfig:
accountIds:
- XXXXX
- YYYYY
Is there a way to make the safeguards plugin await my policy?
Thanks in advance... Scott
The text was updated successfully, but these errors were encountered:
Hi,
I've written an asynchronous policy that returns a promise and it works, but I'm wondering whether I've implemented it correctly because
serverless deploy
seems to continue running while the plugin is evaluating its condition.Is there something I've missed in documentation about writing async policies, or does the safeguards plugin itself not await them?
The good news is the policy works. But the bad news is serverless continues to run while it's evaluating.
Here's an example output.
You can see the two lines from my plugin:
But before it passes, you can also see
serverless
begin to upload my stack.My plugin looks like this:
And it's configured as follows:
Is there a way to make the safeguards plugin await my policy?
Thanks in advance... Scott
The text was updated successfully, but these errors were encountered: