Develop Reference

Creating Managed Policy in CDK errors with MalformedPolicy

When I try to deploy a seemingly simple CDK stack, it fails with a strange error. I don't get this same behavior when I create a different iam.ManagedPolicy in a different file, and that one has a much more complicated policy with several actions, etc. What am I doing wrong?
import aws_cdk.core as core
from aws_cdk import aws_iam as iam
from constructs import Construct
from master_payer import ( env, myenv )
class FromStack(core.Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
#myenv['pma'] = an account ID (12 digits)
#env = 'dev'
rolename = f"arn:aws:iam:{myenv['pma']}:role/CrossAccount{env.capitalize()}MpaAdminRole"
mpname = f"{env.capitalize()}MpaAdminPolicy"
pol = iam.ManagedPolicy(self, mpname, managed_policy_name = mpname,
document = iam.PolicyDocument(statements= [
iam.PolicyStatement(actions=["sts:AssumeRole"], effect=iam.Effect.ALLOW, resources=[rolename])
]))
grp = iam.Group(self, f"{env.capitalize()}MpaAdminGroup", managed_policies=[pol])
The cdk deploy output:
FromStack: deploying...
FromStack: creating CloudFormation changeset...
2:19:52 AM | CREATE_FAILED | AWS::IAM::ManagedPolicy | DevMpaAdminPolicyREDACTED
The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: REDACTED-GUID; Proxy: null)
new ManagedPolicy (/tmp/jsii-kernel-EfRyKw/node_modules/#aws-cdk/aws-iam/lib/managed-policy.js:39:26)
\_ /tmp/tmpxl5zxf8k/lib/program.js:8432:58
\_ Kernel._wrapSandboxCode (/tmp/tmpxl5zxf8k/lib/program.js:8860:24)
\_ Kernel._create (/tmp/tmpxl5zxf8k/lib/program.js:8432:34)
\_ Kernel.create (/tmp/tmpxl5zxf8k/lib/program.js:8173:29)
\_ KernelHost.processRequest (/tmp/tmpxl5zxf8k/lib/program.js:9757:36)
\_ KernelHost.run (/tmp/tmpxl5zxf8k/lib/program.js:9720:22)
\_ Immediate._onImmediate (/tmp/tmpxl5zxf8k/lib/program.js:9721:46)
\_ processImmediate (node:internal/timers:464:21)
❌ FromStack failed: Error: The stack named FromStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
at Object.waitForStackDeploy (/usr/local/lib/node_modules/aws-cdk/lib/api/util/cloudformation.ts:307:11)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at prepareAndExecuteChangeSet (/usr/local/lib/node_modules/aws-cdk/lib/api/deploy-stack.ts:351:26)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:194:24)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:267:9)
The stack named FromStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
And the cdk synth output, which cfn-lint is happy with (no warnings, errors, or informational violations):
{
"Resources": {
"DevMpaAdminPolicyREDACTED": {
"Type": "AWS::IAM::ManagedPolicy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": "arn:aws:iam:REDACTED-ACCOUNT-ID:role/CrossAccountDevMpaAdminRole"
}
],
"Version": "2012-10-17"
},
"Description": "",
"ManagedPolicyName": "DevMpaAdminPolicy",
"Path": "/"
},
"Metadata": {
"aws:cdk:path": "FromStack/DevMpaAdminPolicy/Resource"
}
},
"DevMpaAdminGroupREDACTED": {
"Type": "AWS::IAM::Group",
"Properties": {
"ManagedPolicyArns": [
{
"Ref": "DevMpaAdminPolicyREDACTED"
}
]
},
"Metadata": {
"aws:cdk:path": "FromStack/DevMpaAdminGroup/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:REDACTED-B64"
},
"Metadata": {
"aws:cdk:path": "FromStack/CDKMetadata/Default"
}
}
}
}
Environment Specs
$ cdk --version
2.2.0 (build 4f5c27c)
$ cat /etc/redhat-release
Red Hat Enterprise Linux releease 8.5 (Ootpa)
$ python --version
Python 3.6.8
$ node --version
v16.8.0

The role ARN rolename was incorrect; I was missing a colon after iam. So it's iam:: not iam:. I think I copied the single colon from a (wrong) example somewhere on the Internet. Gah...

Serilog - RollingFile Sink rolling fails based on the size

I am using Serilog.Sinks.File with version 3.2.0. and I would like to roll-over logs based on the size. Currently, my 'fileSizeLimitBytes' is set 2000 bytes. When the log file size reaches the limit set in 'fileSizeLimitBytes', it does not roll-over fails and fails to log the messages. How can I roll-over the log file based on the size?
logging.json
"WriteTo": [
{
"Name": "Console",
"Args": {
"outputTemplate": "[{Timestamp:HH:mm:ss} {Level}][{ThreadId}] {SourceContext}{NewLine}{Message:lj}{NewLine}{Exception}{NewLine}"
}
},
{
"Name": "File",
"Args": {
"path": "Logs\\Test.log",
"formatter":"Serilog.Formatting.Json.JsonFormatter, Serilog",
"rollingInterval": "Day",
"restrictedToMinimumLevel": "Debug",
"retainedFileCountLimit": 5 ,
"fileSizeLimitBytes": 2000
}
}

I believe you also need to specify rollOnFileSizeLimit: true.

Unit Testing JavaScript in ASP.NET MVC with Jasmine and Karma

I am writing a sample ASP .NET MVC application, which has karma and requirejs to test the scripts. I see below error Uncaught (in promise) Error: No tests were run.
I see below error in command prompt
Chrome 77.0.3865 (Windows 10.0.0): Executed 0 of 0 ERROR (0.012 secs / 0 secs)
Package.json
{
"name": "karmawebapp",
"version": "1.0.0",
"description": "test application for karma tests",
"main": "index.js",
"scripts": {
"test": "karma start"
},
"author": "",
"license": "ISC",
"devDependencies": {
"babel-core": "^6.26.3",
"babel-preset-es2015": "^6.24.1",
"karma": "^4.3.0",
"karma-chrome-launcher": "^3.1.0",
"karma-qunit": "^4.0.0",
"karma-requirejs": "^1.1.0",
"protractor": "^5.4.2",
"qunit": "^2.9.3",
"requirejs": "^2.3.6"
}
}
My karma.conf.js
// Karma configuration
// Generated on Tue Oct 15 2019 13:51:47 GMT-0500 (Central Daylight Time)
module.exports = function(config) {
config.set({
// base path that will be used to resolve all patterns (eg. files, exclude)
basePath: '',
// frameworks to use
// available frameworks: https://npmjs.org/browse/keyword/karma-adapter
frameworks: ['requirejs', 'qunit'],
// list of files / patterns to load in the browser
files: [
'test-main.js',
{ pattern: './Scripts/tests/*.specs.js', included: false }
],
// list of files / patterns to exclude
exclude: [
],
// preprocess matching files before serving them to the browser
// available preprocessors: https://npmjs.org/browse/keyword/karma-preprocessor
preprocessors: {
},
// test results reporter to use
// possible values: 'dots', 'progress'
// available reporters: https://npmjs.org/browse/keyword/karma-reporter
reporters: ['progress'],
// web server port
port: 9876,
// enable / disable colors in the output (reporters and logs)
colors: true,
// level of logging
// possible values: config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
logLevel: config.LOG_INFO,
// enable / disable watching file and executing tests whenever any file changes
autoWatch: true,
// start these browsers
// available browser launchers: https://npmjs.org/browse/keyword/karma-launcher
browsers: ['Chrome'],
// Continuous Integration mode
// if true, Karma captures browsers, runs the tests and exits
singleRun: false,
// Concurrency level
// how many browser should be started simultaneous
concurrency: Infinity
})
}
My test-main.js
var allTestFiles = [];
var TEST_REGEXP = /(spec|test)\.js$/i;
// Get a list of all the test files to include
Object.keys(window.__karma__.files).forEach(function(file) {
if (TEST_REGEXP.test(file)) {
// Normalize paths to RequireJS module names.
// If you require sub-dependencies of test files to be loaded as-is (requiring file extension)
// then do not normalize the paths
var normalizedTestModule = file.replace(/^\/base\/|\.js$/g, '');
allTestFiles.push(normalizedTestModule)
};
});
require.config({
// Karma serves files under /base, which is the basePath from your config file
baseUrl: '/base',
// dynamically load all test files
deps: allTestFiles,
path: {
qunit: 'qunit',
jquery: 'jquery.3.3.1'
},
// we have to kickoff jasmine, as it is asynchronous
callback: window.__karma__.start
});
my test.specs.js
define(['qunit'], function (qunit) {
qunit.test("Second test", function (assert) {
assert.ok(true, "Passed!");
});
});

Use the debug set up to open devtools on the browser:
http://karma-runner.github.io/4.0/intro/troubleshooting.html

I was able to run these test cases. Looks whenever their is error in your specs file No tests were run message will come. You need make sure you specs file syntax is correct

Having trouble accessing /dev/serial0 on a Raspi from within a Module in Azure IoT Edge

I'm trying to set up a Module which will interact with /dev/serial0 on a Raspberry Pi B+ running Raspian Stretch. I've used dtoverlay=pi3-miniuart-bt in /boot/config.txtto restore UART0/ttyAMA0 to GPIOs 14 and 15 (which is what my Raspi-based HW needs me to do).
I have attempted to make that device accessible to the Module using the following Container Create Options:
{
"HostConfig": {
"PortBindings": {
"1880/tcp": [
{
"HostPort": "1880"
}
]
},
"Privileged": true,
"Devices": [
{
"PathOnHost": "/dev/serial0",
"PathInContainer": "/dev/serial0",
"CgroupPermissions": "rwm"
},
{
"PathOnHost": "/dev/ttyAMA0",
"PathInContainer": "/dev/ttyAMA0",
"CgroupPermissions": "rwm"
},
{
"PathOnHost": "/dev/ttyS0",
"PathInContainer": "/dev/ttyS0",
"CgroupPermissions": "rwm"
}
]
}
}
I can see /dev/serial0 when I ssh in, but I can't see it from within the running Module:
pi#azure-iot-test:~ $ ls -l /dev/ser*
lrwxrwxrwx 1 root root 7 Sep 24 21:17 /dev/serial0 -> ttyAMA0
lrwxrwxrwx 1 root root 5 Sep 24 21:17 /dev/serial1 -> ttyS0
pi#azure-iot-test:~ $ sudo docker exec hub-nodered ls -l /dev/ser*
ls: /dev/serial0: No such file or directory
ls: /dev/serial1: No such file or directory
Any ideas?
Followup:
Additional things I have tried the following ideas gleaned from here:
Adding "User": "node-red" to the root of the Container Create Options
Adding "User": "root" to the root of the Container Create Options
Adding "GroupAdd": "dialout" to "HostConfig": {...} in the Container Create Options
Followup #2
While I still can't interact with /dev/serial0, I am able to interact with /dev/ttyAMA0 using the following Container Create Options:
{
"HostConfig": {
"GroupAdd": [
"dialout"
],
"PortBindings": {
"1880/tcp": [
{
"HostPort": "80"
}
]
},
"Devices": [
{
"PathOnHost": "/dev/serial0",
"PathInContainer": "/dev/serial0",
"CgroupPermissions": "rwm"
},
{
"PathOnHost": "/dev/ttyAMA0",
"PathInContainer": "/dev/ttyAMA0",
"CgroupPermissions": "rwm"
}
]
}
}
The noteworthy items appear to be:
I didn't need "Privileged": true in "HostConfig"
I don't seem to need a "User" added
I needed "GroupAdd": ["dialout"] in "HostConfig"
So, while it's satisfying that I can interact with a serial device as I wanted to, it seems odd that I can't interact with /dev/serial0, which seems like it's "the recommended way" from the reading I've done.

Thanks to help and insight from Raymond Mouthaan over on the very helpful Node-RED Slack channel, I found my way to this Container Create Options providing me access to /dev/serial0:
{
"User": "node-red:dialout",
"HostConfig": {
"PortBindings": {
"1880/tcp": [
{
"HostPort": "80"
}
]
},
"Devices": [
{
"PathOnHost": "/dev/serial0",
"PathInContainer": "/dev/serial0",
"CgroupPermissions": "rwm"
}
]
}
}
This is different than the partial solution I found in "Followup #2" above in that I now do get access to /dev/serial0 as desired.
UPDATE: I originally posted this answer using "User": "root:dialout" rather than the "User": "node-red:dialout" you currently see above.
The first working solution was with "User": "root:root", but it seemed good to me to constrain to just the devices that are called out in Devices, which root:dialout seemed to do.
But I wondered whether I should be concerned security-wise with running as root at all.
Then I tried using node-red:dialout and it seems to be working perfectly, so I've updated the Container Create Options above to be what I think is the best answer.

TimeBasedTriggeringPolicy log4j2 not rolling over when new day happens

I have configured Log4j2 with the following configuration, but TimeBasedTriggeringPolicy is not working, I am getting new day logs in older day's logs, can you please help. It is rolling over properly with size and it is also creating any number of files since I have specified "nomax" attribute for DefaultRollOverStrategy, only TimeBasedTriggeringPolicy is not working. It writes logs of a day in the previous day's log file. It does create the new log file with the latest date, but some logs have been logged in to the previous day's log. May be getting problem in naming the files properly I do not know.
{
"Configuration": {
"Properties": {
"Property": [
{
"name": "application",
"value": "myapp"
}
]
},
"Appenders": {
"Console": {
"name": "Console-Appender",
"target": "SYSTEM_OUT",
"PatternLayout": {
"pattern": "%d{yyyy-MM-dd HH:mm:ss,SSS} ${application} %-5level %marker %t %c{5} %msg%n"
},
"ThresholdFilter": { "level": "error" }
},
"RollingFile": [
{
"name": "File-Appender",
"fileName":"${sys:log.path}/${application}.log",
"filePattern":"${sys:log.path}/${application}-%d{yyyy-MM-dd}-%i.log",
"PatternLayout": {
"pattern": "%d{yyyy-MM-dd HH:mm:ss,SSS} ${application} %-5level %marker %t %c{5} %msg%n"
},
"Policies": {
"TimeBasedTriggeringPolicy": {"interval":"1", "modulate":"true" },
"SizeBasedTriggeringPolicy": { "size": "5 KB" }
},
"DefaultRolloverStrategy": {"fileIndex":"nomax"}
}
]
},
"loggers": {
"logger":{
"name": "com.mycompany",
"level": "${sys:log.level}",
"AppenderRef": { "ref": "File-Appender"}
},
"root": {
"level": "error",
"AppenderRef": { "ref": "Console-Appender" }
}
}
}
}

How about the CronTriggeringPolicy? This will trigger a rollover for you every day at 12AM:
{"CronTriggeringPolicy": {"schedule": "0 0 0,12 * * ?"}
That way, it won't rely on the file pattern and should definitely roll your logs over per your cron interval. I also don't know how you determined that the previous days logs were included in the rollover, but make sure your system time is in sync.

Adding :
"OnStartupTriggeringPolicy": {"minSize":"0"}
to the policies solved the problem.
From log4j2 documentation:
The OnStartupTriggeringPolicy policy causes a rollover if the log file is older than the current JVM's start time and the minimum file size is met or exceeded.
OnStartupTriggeringPolicy Parameters:
minSize: long: The minimum size the file must have to roll over. A size of zero will cause a roll over no matter what the file size is. The default value is 1, which will prevent rolling over an empty file