Develop Reference

Creating Managed Policy in CDK errors with MalformedPolicy

When I try to deploy a seemingly simple CDK stack, it fails with a strange error. I don't get this same behavior when I create a different iam.ManagedPolicy in a different file, and that one has a much more complicated policy with several actions, etc. What am I doing wrong?
import aws_cdk.core as core
from aws_cdk import aws_iam as iam
from constructs import Construct
from master_payer import ( env, myenv )
class FromStack(core.Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#myenv['pma'] = an account ID (12 digits)
#env = 'dev'
rolename = f"arn:aws:iam:{myenv['pma']}:role/CrossAccount{env.capitalize()}MpaAdminRole"
mpname = f"{env.capitalize()}MpaAdminPolicy"
pol = iam.ManagedPolicy(self, mpname, managed_policy_name = mpname,
document = iam.PolicyDocument(statements= [
iam.PolicyStatement(actions=["sts:AssumeRole"], effect=iam.Effect.ALLOW, resources=[rolename])
]))
grp = iam.Group(self, f"{env.capitalize()}MpaAdminGroup", managed_policies=[pol])
The cdk deploy output:
FromStack: deploying...
FromStack: creating CloudFormation changeset...
2:19:52 AM | CREATE_FAILED | AWS::IAM::ManagedPolicy | DevMpaAdminPolicyREDACTED
The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: REDACTED-GUID; Proxy: null)
new ManagedPolicy (/tmp/jsii-kernel-EfRyKw/node_modules/#aws-cdk/aws-iam/lib/managed-policy.js:39:26)
\_ /tmp/tmpxl5zxf8k/lib/program.js:8432:58
\_ Kernel._wrapSandboxCode (/tmp/tmpxl5zxf8k/lib/program.js:8860:24)
\_ Kernel._create (/tmp/tmpxl5zxf8k/lib/program.js:8432:34)
\_ Kernel.create (/tmp/tmpxl5zxf8k/lib/program.js:8173:29)
\_ KernelHost.processRequest (/tmp/tmpxl5zxf8k/lib/program.js:9757:36)
\_ KernelHost.run (/tmp/tmpxl5zxf8k/lib/program.js:9720:22)
\_ Immediate._onImmediate (/tmp/tmpxl5zxf8k/lib/program.js:9721:46)
\_ processImmediate (node:internal/timers:464:21)
❌ FromStack failed: Error: The stack named FromStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
at Object.waitForStackDeploy (/usr/local/lib/node_modules/aws-cdk/lib/api/util/cloudformation.ts:307:11)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at prepareAndExecuteChangeSet (/usr/local/lib/node_modules/aws-cdk/lib/api/deploy-stack.ts:351:26)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:194:24)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:267:9)
The stack named FromStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
And the cdk synth output, which cfn-lint is happy with (no warnings, errors, or informational violations):
{
"Resources": {
"DevMpaAdminPolicyREDACTED": {
"Type": "AWS::IAM::ManagedPolicy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": "arn:aws:iam:REDACTED-ACCOUNT-ID:role/CrossAccountDevMpaAdminRole"
}
],
"Version": "2012-10-17"
},
"Description": "",
"ManagedPolicyName": "DevMpaAdminPolicy",
"Path": "/"
},
"Metadata": {
"aws:cdk:path": "FromStack/DevMpaAdminPolicy/Resource"
}
},
"DevMpaAdminGroupREDACTED": {
"Type": "AWS::IAM::Group",
"Properties": {
"ManagedPolicyArns": [
{
"Ref": "DevMpaAdminPolicyREDACTED"
}
]
},
"Metadata": {
"aws:cdk:path": "FromStack/DevMpaAdminGroup/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:REDACTED-B64"
},
"Metadata": {
"aws:cdk:path": "FromStack/CDKMetadata/Default"
}
}
}
}
Environment Specs
$ cdk --version
2.2.0 (build 4f5c27c)
$ cat /etc/redhat-release
Red Hat Enterprise Linux releease 8.5 (Ootpa)
$ python --version
Python 3.6.8
$ node --version
v16.8.0

The role ARN rolename was incorrect; I was missing a colon after iam. So it's iam:: not iam:. I think I copied the single colon from a (wrong) example somewhere on the Internet. Gah...

Executing WDIO-Test locally in a docker container throws error: #wdio/cli:utils: A service failed in the 'onPrepare' hook

I'm executing a headless e2e-test locally in a docker-container like so:
docker-compose up
yarn test
I get this error-message at the beginning:
ERROR #wdio/cli:utils: A service failed in the 'onPrepare' hook
TypeError: Cannot read property 'args' of undefined
at DockerLauncher.onPrepare (C:\myProgs\myWDIOTest\node_modules\wdio-docker-service\lib\launcher.js:30:9)
at C:\myWDIOTest\myWDIOTest\node_modules\#wdio\cli\build\utils.js:24:40
at Array.map (<anonymous>)
at Object.runServiceHook (C:\myProgs\myWDIOTest\node_modules\#wdio\cli\build\utils.js:21:33)
at Launcher.run (C:\myProgs\myWDIOTest\node_modules\#wdio\cli\build\launcher.js:61:27)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
I'm not using the onPrepare-Hook the wdio-configuration-file (see below).
The test carries on and actually finishes successfully every time, just like it's supposed to. At this point simply suppressing this error-message would be a viable solution for me (since this error doesn't compromise the test-results).
There exists a solution here for tests run on saucelabs, however that won't work for me. But this makes me wonder if I have to look for the solution in my docker-compose-file:
version: "3"
services:
chrome:
image: selenium/node-chrome:4.0.0-rc-1-prerelease-20210713
shm_size: 2gb
depends_on:
- selenium-hub
environment:
- SE_EVENT_BUS_HOST=selenium-hub
- SE_EVENT_BUS_PUBLISH_PORT=4442
- SE_EVENT_BUS_SUBSCRIBE_PORT=4443
ports:
- "6900:5900"
selenium-hub:
image: selenium/hub:4.0.0-rc-1-prerelease-20210713
container_name: selenium-hub
ports:
- "4442:4442"
- "4443:4443"
- "4444:4444"
This is the contents of my wdio-configuration-file:
import BrowserOptions from "./browserOpts";
import CucumberOptions from "./cucumberOpts";
const fs = require('fs');
const wdioParallel = require('wdio-cucumber-parallel-execution');
const reporter = require('cucumber-html-reporter');
const currentTime = new Date().toJSON().replace(/:/g, "-");
const jsonTmpDirectory = `reports/json/tmp/`;
let featureFilePath = `featureFiles/*.feature`;
let timeout = 30000;
exports.config = {
hostname: 'localhost',
port: 4444,
sync: true,
specs: [
featureFilePath
],
maxInstances: 1,
capabilities: [{
maxInstances: 1,
browserName: "chrome",
'goog:chromeOptions': BrowserOptions.getChromeOpts(),
}],
logLevel: 'error',
bail: 0,
baseUrl: 'http://localhost',
waitforTimeout: timeout,
connectionRetryTimeout: timeout * 3,
connectionRetryCount: 3,
services: ['docker'],
framework: 'cucumber',
reporters: [
['cucumberjs-json', {
jsonFolder: jsonTmpDirectory,
language: 'de'
}]
],
cucumberOpts: CucumberOptions.getDefaultSettings(),
before: function (capabilities, specs) {
browser._setWindowSize(1024, 768)
},
beforeSuite: function (suite) {
console.log(`Suite "${suite.fullTitle}" from file "${suite.file}" starts`);
},
beforeTest: function (test) {
console.log(`Test "${test.title}" starts`);
},
afterTest: function (test) {
console.log(`Test "${test.title}" finished`);
},
onComplete: () => {
console.log('<<< E2E-TEST COMPLETED >>>\n\n');
try {
let consolidatedJsonArray = wdioParallel.getConsolidatedData({
parallelExecutionReportDirectory: jsonTmpDirectory
});
let jsonFile = `${jsonTmpDirectory}report.json`;
fs.writeFileSync(jsonFile, JSON.stringify(consolidatedJsonArray));
let options = {
theme: 'bootstrap',
jsonFile: jsonFile,
output: `reports/html/report-${currentTime}.html`,
reportSuiteAsScenarios: true,
scenarioTimestamp: true,
launchReport: true,
ignoreBadJsonFile: true
};
reporter.generate(options);
} catch (err) {
console.log('err', err);
}
}
};

Your docker-compose.yml should work with Webdriverio if you remove services: ['docker'], from wdio.conf.js.
Based on a comment in this video, services: ['docker'] is needed if you want wdio to instantiate it's own containers.

To get rid of this error message specify separate configuration file for wdio docker and leave services with empty array - for me it worked and wdio knows that it should run tests on the container, hope it helped
services: [],

Localstack Lambda Invoke fails on Windows

I have a problem similar to Unable to invoke lambda function from localstack via aws cli, but with a different symptom. The solution described in that SO does not work for me.
I am running on Windows 10, with the latest versions of Docker, Terraform and LocalStack (as of April/May 2021). All commands are typed into an Windows cmd window with Administrator permissions, set to the correct working folder.
I start local stack using docker-compose up -d, with the following docker-compose.yml
version: '3.2'
services:
localstack:
image: localstack/localstack-full:latest
container_name: localstack_serverless1
ports:
- '4566:4566'
- '8055:8080'
environment:
# - HOSTNAME_EXTERNAL=localstack
- COMPOSE_CONVERT_WINDOWS_PATHS=1
- DEBUG=1
- DATA_DIR=/tmp/localstack/data
- LAMBDA_EXECUTOR=docker
- START_WEB=1
#- DOCKER_HOST=unix:///var/run/docker.sock
volumes:
- './.localstack:/tmp/localstack'
- '/var/run/docker.sock:/var/run/docker.sock'
#- './docker.sock:/var/run/docker.sock'
The lines commented out are things I have tried that didn't make a difference.
I then run terraform init, and terraform apply, with the following input:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
required_version = ">= 0.14.9"
}
provider "aws" {
access_key = "mock_access_key"
region = "us-east-1"
s3_force_path_style = true
secret_key = "mock_secret_key"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
# AWS Provider version held back for this issue:
# https://github.com/localstack/localstack/issues/1818
# (localstack's fix not released yet)
# version = "2.39.0"
endpoints {
apigateway = "http://localhost:4566"
cloudformation = "http://localhost:4566"
cloudwatch = "http://localhost:4566"
dynamodb = "http://localhost:4566"
ec2 = "http://localhost:4566"
es = "http://localhost:4566"
firehose = "http://localhost:4566"
iam = "http://localhost:4566"
kinesis = "http://localhost:4566"
lambda = "http://localhost:4566"
route53 = "http://localhost:4566"
redshift = "http://localhost:4566"
s3 = "http://localhost:4566"
secretsmanager = "http://localhost:4566"
ses = "http://localhost:4566"
sns = "http://localhost:4566"
sqs = "http://localhost:4566"
ssm = "http://localhost:4566"
stepfunctions = "http://localhost:4566"
sts = "http://localhost:4566"
}
}
resource "aws_s3_bucket" "serverless1_bucket1" {
bucket = "serverless1-bucket1"
acl = "private"
}
resource "aws_s3_bucket_object" "upload_code_lambda1" {
bucket = "serverless1-bucket1"
key = "v1.0.0/lambda1.zip"
source = "lambda1.zip"
depends_on = [aws_s3_bucket.serverless1_bucket1]
}
resource "aws_lambda_function" "serverless1_lambda1" {
function_name = "serverless1-lambda1"
# The bucket name as created earlier with "aws s3api create-bucket"
s3_bucket = "serverless1-bucket1"
s3_key = "v1.0.0/lambda1.zip"
# "lambda1" is the filename within the zip file (lambda1.js) and "handler"
# is the name of the property under which the handler function was
# exported in that file.
handler = "lambda1.handler"
runtime = "nodejs10.x"
role = aws_iam_role.lambda_exec.arn
# Ant Waters: I have added this to make lambda creation wait until the code has been uploaded. I'm not sure if it is needed or not.
depends_on = [aws_s3_bucket_object.upload_code_lambda1]
}
# IAM role which dictates what other AWS services the Lambda function
# may access.
resource "aws_iam_role" "lambda_exec" {
name = "serverless_example_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_api_gateway_rest_api" "example" {
name = "ServerlessExample1"
description = "Terraform Serverless Application Example"
}
resource "aws_api_gateway_resource" "proxy" {
rest_api_id = aws_api_gateway_rest_api.example.id
parent_id = aws_api_gateway_rest_api.example.root_resource_id
path_part = "{proxy+}"
}
resource "aws_api_gateway_method" "proxy" {
rest_api_id = aws_api_gateway_rest_api.example.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = "ANY"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "lambda" {
rest_api_id = aws_api_gateway_rest_api.example.id
resource_id = aws_api_gateway_method.proxy.resource_id
http_method = aws_api_gateway_method.proxy.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = aws_lambda_function.serverless1_lambda1.invoke_arn
}
resource "aws_api_gateway_method" "proxy_root" {
rest_api_id = aws_api_gateway_rest_api.example.id
resource_id = aws_api_gateway_rest_api.example.root_resource_id
http_method = "ANY"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "lambda_root" {
rest_api_id = aws_api_gateway_rest_api.example.id
resource_id = aws_api_gateway_method.proxy_root.resource_id
http_method = aws_api_gateway_method.proxy_root.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = aws_lambda_function.serverless1_lambda1.invoke_arn
}
resource "aws_api_gateway_deployment" "example" {
depends_on = [
aws_api_gateway_integration.lambda,
aws_api_gateway_integration.lambda_root,
]
rest_api_id = aws_api_gateway_rest_api.example.id
stage_name = "test"
}
resource "aws_lambda_permission" "apigw" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.serverless1_lambda1.function_name
principal = "apigateway.amazonaws.com"
# The "/*/*" portion grants access from any method on any resource
# within the API Gateway REST API.
source_arn = "${aws_api_gateway_rest_api.example.execution_arn}/*/*"
}
output "base_url" {
value = aws_api_gateway_deployment.example.invoke_url
}
The gateway stuff is copied from a tutorial, and I don't understand it yet.
I can then see the lambda in "https://app.localstack.cloud/resources" and "https://app.localstack.cloud/resources/gateway", and there is an Invoke button on the gateway page.
However, when I press this nothing seems to happen, except an error log in CloudWatch:
Similarly, I can see the function using the AWS CLI, with the call:
aws lambda get-function --function-name "serverless1-lambda1" --endpoint-url=http://localhost:4566
which returns:
{
"Configuration": {
"FunctionName": "serverless1-lambda1",
"FunctionArn": "arn:aws:lambda:us-east-1:000000000000:function:serverless1-lambda1",
"Runtime": "nodejs10.x",
"Role": "arn:aws:iam::000000000000:role/serverless_example_lambda",
"Handler": "lambda1.handler",
"CodeSize": 342,
"Description": "",
"Timeout": 3,
"MemorySize": 128,
"LastModified": "2021-05-07T10:17:32.305+0000",
"CodeSha256": "qoP7ORF4AUC8VJWLR0bGGRRKGtNrQwRj2hCa1n+3wk4=",
"Version": "$LATEST",
"VpcConfig": {},
"TracingConfig": {
"Mode": "PassThrough"
},
"RevisionId": "ea163f0f-81ce-4b3a-a0d1-7b44379c6492",
"State": "Active",
"LastUpdateStatus": "Successful",
"PackageType": "Zip"
},
"Code": {
"Location": "http://localhost:4566/2015-03-31/functions/serverless1-lambda1/code"
},
"Tags": {}
}
However, when I try to invoke it using:
aws --endpoint-url=http://localhost:4566 lambda invoke --function-name "serverless1-lambda1" output.json
The return is:
{
"errorMessage": "Lambda process returned error status code: 1. Result: . Output:\nUnable to find image 'lambci/lambda:nodejs10.x' locally\nError response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)\nmust specify at least one container source\njson: cannot unmarshal array into Go value of type types.ContainerJSON",
"errorType": "InvocationException",
"stackTrace": [
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_api.py\", line 602, in run_lambda\n result = LAMBDA_EXECUTOR.execute(func_arn, func_details, event, context=context,\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 176, in execute\n return do_execute()\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 168, in do_execute\n return _run(func_arn=func_arn)\n",
" File \"/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py\", line 149, in wrapped\n raise e\n",
" File \"/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py\", line 145, in wrapped\n result = func(*args, **kwargs)\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 159, in _run\n raise e\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 147, in _run\n result = self._execute(func_arn, func_details, event, context, version)\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 325, in _execute\n result = self.run_lambda_executor(cmd, stdin, env_vars=environment, func_details=func_details)\n",
" File \"/opt/code/localstack/localstack/services/awslambda/lambda_executors.py\", line 231, in run_lambda_executor\n raise InvocationException('Lambda process returned error status code: %s. Result: %s. Output:\\n%s' %\n"
]
}
and the Docker window trace shows:
localstack_serverless1 | 2021-05-07T10:59:50:WARNING:localstack.services.awslambda.lambda_executors: Empty event body specified for invocation of Lambda "arn:aws:lambda:us-east-1:000000000000:function:serverless1-lambda1"
localstack_serverless1 | 2021-05-07T10:59:50:INFO:localstack.services.awslambda.lambda_executors: Running lambda cmd: CONTAINER_ID="$(docker create -i -e AWS_REGION="$AWS_REGION" -e DOCKER_LAMBDA_USE_STDIN="$DOCKER_LAMBDA_USE_STDIN" -e LOCALSTACK_HOSTNAME="$LOCALSTACK_HOSTNAME" -e EDGE_PORT="$EDGE_PORT" -e _HANDLER="$_HANDLER" -e AWS_LAMBDA_FUNCTION_TIMEOUT="$AWS_LAMBDA_FUNCTION_TIMEOUT" -e AWS_LAMBDA_FUNCTION_NAME="$AWS_LAMBDA_FUNCTION_NAME" -e AWS_LAMBDA_FUNCTION_VERSION="$AWS_LAMBDA_FUNCTION_VERSION" -e AWS_LAMBDA_FUNCTION_INVOKED_ARN="$AWS_LAMBDA_FUNCTION_INVOKED_ARN" -e AWS_LAMBDA_COGNITO_IDENTITY="$AWS_LAMBDA_COGNITO_IDENTITY" -e NODE_TLS_REJECT_UNAUTHORIZED="$NODE_TLS_REJECT_UNAUTHORIZED" --rm "lambci/lambda:nodejs10.x" "lambda1.handler")";docker cp "/tmp/localstack/zipfile.9cb3ff88/." "$CONTAINER_ID:/var/task"; docker start -ai "$CONTAINER_ID";
localstack_serverless1 | 2021-05-07T11:00:05:DEBUG:localstack.services.awslambda.lambda_executors: Lambda arn:aws:lambda:us-east-1:000000000000:function:serverless1-lambda1 result / log output:
localstack_serverless1 |
localstack_serverless1 | > Unable to find image 'lambci/lambda:nodejs10.x' locally
localstack_serverless1 | > Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
localstack_serverless1 | > must specify at least one container source
localstack_serverless1 | > json: cannot unmarshal array into Go value of type types.ContainerJSON
localstack_serverless1 | 2021-05-07T11:00:05:INFO:localstack.services.awslambda.lambda_api: Error executing Lambda function arn:aws:lambda:us-east-1:000000000000:function:serverless1-lambda1: Lambda process returned error status code: 1. Result: . Output:
localstack_serverless1 | Unable to find image 'lambci/lambda:nodejs10.x' locally
localstack_serverless1 | Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
localstack_serverless1 | must specify at least one container source
localstack_serverless1 | json: cannot unmarshal array into Go value of type types.ContainerJSON Traceback (most recent call last):
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_api.py", line 602, in run_lambda
localstack_serverless1 | result = LAMBDA_EXECUTOR.execute(func_arn, func_details, event, context=context,
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 176, in execute
localstack_serverless1 | return do_execute()
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 168, in do_execute
localstack_serverless1 | return _run(func_arn=func_arn)
localstack_serverless1 | File "/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py", line 149, in wrapped
localstack_serverless1 | raise e
localstack_serverless1 | File "/opt/code/localstack/localstack/utils/cloudwatch/cloudwatch_util.py", line 145, in wrapped
localstack_serverless1 | result = func(*args, **kwargs)
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 159, in _run
localstack_serverless1 | raise e
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 147, in _run
localstack_serverless1 | result = self._execute(func_arn, func_details, event, context, version)
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 325, in _execute
localstack_serverless1 | result = self.run_lambda_executor(cmd, stdin, env_vars=environment, func_details=func_details)
localstack_serverless1 | File "/opt/code/localstack/localstack/services/awslambda/lambda_executors.py", line 231, in run_lambda_executor
localstack_serverless1 | raise InvocationException('Lambda process returned error status code: %s. Result: %s. Output:\n%s' %
localstack_serverless1 | localstack.services.awslambda.lambda_executors.InvocationException: Lambda process returned error status code: 1. Result: . Output:
localstack_serverless1 | Unable to find image 'lambci/lambda:nodejs10.x' locally
localstack_serverless1 | Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
localstack_serverless1 | must specify at least one container source
localstack_serverless1 | json: cannot unmarshal array into Go value of type types.ContainerJSON
localstack_serverless1 |

I got this working by changing docker-compose.yml to the following:
version: '3.2'
services:
localstack:
image: localstack/localstack-full:latest
container_name: localstack_serverless1
ports:
- '4566:4566'
- '4571:4571'
- '8055:8080'
environment:
# - HOSTNAME_EXTERNAL=localstack
- COMPOSE_CONVERT_WINDOWS_PATHS=1
- DEBUG=1
- DATA_DIR=/tmp/localstack/data
- LAMBDA_EXECUTOR=docker
- START_WEB=1
- DOCKER_HOST=unix:///var/run/docker.sock
- HOST_TMP_FOLDER=./.localstack
volumes:
- './.localstack:/tmp/localstack'
- '/var/run/docker.sock:/var/run/docker.sock' # I don't understand what this corresponds to on my PC? But it is the only option I can get to work!
The last line is very curious, as I don't understand what that maps to on my windows PC?

How do I change the expires_in value for an authentication token?

I tried following all the steps in the blog whose URL is mentioned below.
https://blogs.sap.com/2019/04/29/sap-cloud-platform-backend-service-tutorial-13-api-called-from-external-tool/
While I am getting the authentication token and the entire flow is running properly, I just cannot change the value of expires_in which is 43199 by default.
How do I change that to some other value, let's say 5 minutes (300 seconds) ?

You can include this in the UAA configuration in the xs-security.json or manually update the uaa using cf update-service <uaa_instance_name> -c <json_file | inline-JSON object>
"oauth2-configuration": {
"token-validity": 7200
}
For fullness, here's a sample UAA JSON
{
"xsappname": "example_uaa",
"tenant-mode": "dedicated",
"description": "Security profile of called application",
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
}
],
"oauth2-configuration":{
"token-validity": 7200
},
"role-templates": [
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user"
]
}
]
}

Parse-Dashboard: Server Not Reachable: unable to connect server Error

I have parse-server and parse-dashboard installed with pm2 in docker container in my synology nas as below:
+------+ +-------------+
| +NIC1 (192.168.1.100) <--> Router <--> (192.168.1.2) NIC1 + |
| PC | | DSM |
| +NIC2 (10.10.0.100) <--Peer-2-Peer---> (10.10.0.2) NIC2 + |
+------+ | [DOCKER] |
|(172.17.0.2) |
+-------------+
for reference: for pm2 setup, i'm following: this tutorial
here is my parse-server and parse-dashboard pm2 ecosystem (defined in pm2's ecosystem.json):
{
"apps" : [{
"name" : "parse-wrapper",
"script" : "/usr/bin/parse-server",
"watch" : true,
"merge_logs" : true,
"cwd" : "/home/parse",
"args" : "--serverURL http://localhost:1337/parse",
"env": {
"PARSE_SERVER_CLOUD_CODE_MAIN": "/home/parse/cloud/main.js",
"PARSE_SERVER_DATABASE_URI": "mongodb://localhost/test",
"PARSE_SERVER_APPLICATION_ID": "aeb932b93a9125c19df2fcaf3fd69fcb",
"PARSE_SERVER_MASTER_KEY": "358898112f354f8db593ea004ee88fed",
}
},{
"name" : "parse-dashboard-wrapper",
"script" : "/usr/bin/parse-dashboard",
"watch" : true,
"merge_logs" : true,
"cwd" : "/home/parse/parse-dashboard",
"args" : "--config /home/parse/parse-dashboard/config.json --allowInsecureHTTP=1"
}]
}
here is my parse-dashboard config: /home/parse/parse-dashboard/config.json
{
"apps": [{
"serverURL": "http://172.17.0.2:1337/parse",
"appId": "aeb932b93a9125c19df2fcaf3fd69fcb",
"masterKey": "358898112f354f8db593ea004ee88fed",
"appName": "Parse Server",
"iconName": "",
"primaryBackgroundColor": "",
"secondaryBackgroundColor": ""
}],
"users": [{
"user": "user",
"pass": "1234"
}],
"iconsFolder": "icons"
}
once you run: pm2 start ecosystem.json
here is parse-server log: pm2 logs 0
masterKey: ***REDACTED***
serverURL: http://localhost:1337/parse
masterKeyIps: []
logsFolder: ./logs
databaseURI: mongodb://localhost/test
userSensitiveFields: ["email"]
enableAnonymousUsers: true
allowClientClassCreation: true
maxUploadSize: 20mb
customPages: {}
sessionLength: 31536000
expireInactiveSessions: true
revokeSessionOnPasswordReset: true
schemaCacheTTL: 5000
cacheTTL: 5000
cacheMaxSize: 10000
objectIdSize: 10
port: 1337
host: 0.0.0.0
mountPath: /parse
scheduledPush: false
collectionPrefix:
verifyUserEmails: false
preventLoginWithUnverifiedEmail: false
enableSingleSchemaCache: false
jsonLogs: false
verbose: false
level: undefined
[1269] parse-server running on http://localhost:1337/parse
here is parse-dashboard log: pm2 logs 1
The dashboard is now available at http://0.0.0.0:4040/
once it's run, i can access 192.168.1.2:1337/parse (which will return {"error":"unauthorized"})
and i can access 192.168.1.2:4040
but it return:
Server not reachable: unable to connect to server
i see a lot of this issue can be solve by changing parse-dashboard config "serverURL": "http://localhost:1337/parse" to "serverURL": "http://172.17.0.2:1337/parse"
but to me, it's still no luck...
any idea what i've been missing here?

so apparently, my /home/parse/parse-dashboard/config.json:
"serverURL": "http://172.17.0.2:1337/parse"
should point to my DSM machine which is:
"serverURL": "http://192.168.1.2:1337/parse"