Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-lambda: from_security_group_id returns object of invalid type #4669

Closed
1 task
jcmonteiro opened this issue Oct 15, 2024 · 6 comments
Closed
1 task

aws-lambda: from_security_group_id returns object of invalid type #4669

jcmonteiro opened this issue Oct 15, 2024 · 6 comments
Labels
bug This issue is a bug. p1

Comments

@jcmonteiro
Copy link

Describe the bug

The returned object from SecurityGroup.from_security_group_id when used in DockerImageFunction fails to pass the typeguard check in the check_type function.

This error wasn't present when using typeguard version 4.0.0. It used to throw warnings but not errors. The warning is pasted below.

<redacted-path>/lib/python3.12/site-packages/aws_cdk/aws_lambda/__init__.py:1526: UserWarning: Typeguard cannot check the ISecurityGroup protocol because it is a non-runtime protocol. If you would like to type check this protocol, please use @typing.runtime_checkable
  typeguard.check_type(value=value, expected_type=expected_type, collection_check_strategy=typeguard.CollectionCheckStrategy.ALL_ITEMS) # type:ignore

The error appears with typeguard version 4.3.0. The error message is pasted below.

Sequence[aws_cdk.aws_ec2.ISecurityGroup]: item 0 is not compatible with the ISecurityGroup protocol because it has no method named '__jsii_proxy_class__'
NoneType: is not an instance of NoneType

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The type check should succeed.

Current Behavior

The type check fails and so does cdk deploy or cdk synth.

Reproduction Steps

  1. Install typeguard version 4.3.0 in your environment.
  2. Try to cdk synth the Stack defined below.
import os

from aws_cdk import App, Environment, Stack
from aws_cdk.aws_ec2 import SecurityGroup, Vpc
from aws_cdk.aws_lambda import DockerImageCode, DockerImageFunction
from constructs import Construct


class AppStack(Stack):
    def __init__(self, scope: Construct, id: str, env: Environment) -> None:
        super().__init__(scope=scope, id=id, env=env)

        sec_group = SecurityGroup.from_security_group_id(
            scope=self,
            id="LambdaSecurityGroup",
            security_group_id="sg-123456",
        )

        vpc = Vpc.from_lookup(
            scope=self,
            id="LambdaVPC",
            vpc_name="MyVPC",
        )

        self.lambda_function = DockerImageFunction(
            scope=self,
            id="AppLambda",
            function_name="AppLambda",
            description="Handles requests for the Design Brief API",
            memory_size=1024,
            code=DockerImageCode.from_image_asset(
                directory=".",
                file="./lambda.Dockerfile",
                build_secrets={"GITHUB_TOKEN": "type=env"},
            ),
            security_groups=[sec_group],
            vpc=vpc,
        )


app = App()
AppStack(
    scope=app,
    id="DummyStack",
    env=Environment(account=os.getenv("CDK_DEFAULT_ACCOUNT"), region="eu-west-1"),
)

app.synth()

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.162.1

Framework Version

No response

Node.js Version

v22.9.0

OS

Mac

Language

Python

Language Version

Python 3.12.4

Other information

No response
@jcmonteiro jcmonteiro added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 15, 2024
@pahud
Copy link
Contributor

pahud commented Oct 15, 2024

related to #4658

moving to JSII repo.

@pahud pahud transferred this issue from aws/aws-cdk Oct 15, 2024
@pahud pahud added p1 and removed needs-triage This issue or PR still needs to be triaged. labels Oct 15, 2024
@mrgrain
Copy link
Contributor

mrgrain commented Oct 15, 2024
edited
Loading

typeguard-4.3.0 is not currently supported due to an issue with how protocols are now checked in the latest version. We will are investigating this, but cannot currently provide an ETA.

Our main priority is that users are not unintentionally blocked by this. @jcmonteiro From your description ot sounds like you were explicitly declaring a dependency on typeguard 4.3.0 (as opposed to automatically receiving this version as a transitive dependency). Can you confirm this if this was the case?

@jcmonteiro
Copy link
Author

I actually got the dependency via transitivity. I mentioned explicitly stating the version to make it easier to reproduce.

In fact, upon checking the changes to my Poetry lock file, I noticed that a particular commit caused "typeguard" to bump from 2.13 to 4.3. That was due to a cascade of upgrades allowed by the fact that aws-cdk-asset-kubectl-v20 declared support for typeguard = ">=2.13.3,<5.0.0"

@mrgrain
Copy link
Contributor

mrgrain commented Oct 21, 2024

Thanks @jcmonteiro Looks like there are a few more packages that need their version constraint updated.

@mrgrain
Copy link
Contributor

mrgrain commented Oct 21, 2024

But will close this here as a duplicate of #4658 and track it over there.

@mrgrain mrgrain closed this as completed Oct 21, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pahud @mrgrain @jcmonteiro and others