Fix permissions for serverless functions #6555
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This pull request addresses permissions issues for serverless functions and improves file access handling. Key changes include:
- Introduced ServerlessFunctionInterceptor to add signed tokens to sourceCodeFullPath, enhancing authentication for function details access
- Updated file path structure in ServerlessFunctionService to include workspace IDs, improving isolation and organization of serverless functions
- Modified FileController to provide more specific error messages for unauthorized access, aiding in debugging
- Added new environment variables (SERVERLESS_TYPE, SERVERLESS_LAMBDA_REGION, SERVERLESS_LAMBDA_ROLE) for expanded serverless capabilities
- Applied ServerlessFunctionInterceptor to key mutation methods in ServerlessFunctionResolver, enhancing security and data processing
7 file(s) reviewed, 4 comment(s)
Edit PR Review Bot Settings
| ); | ||
| } | ||
|
|
||
| private async processItem(item: any): Promise<any> { |
There was a problem hiding this comment.
style: Add type annotation for 'item' parameter
Comment on lines
+4
to
9
| import { SortDirection } from '@ptc-org/nestjs-query-core'; | ||
| import { | ||
| NestjsQueryGraphQLModule, | ||
| PagingStrategies, | ||
| } from '@ptc-org/nestjs-query-graphql'; | ||
| import { SortDirection } from '@ptc-org/nestjs-query-core'; | ||
| import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm'; |
There was a problem hiding this comment.
style: Consider grouping related imports together for better organization
Comment on lines
+177
to
+178
| const sourceCodeFullPath = | ||
| fileFolderWithoutWorkspace + '/' + SOURCE_FILE_NAME; |
There was a problem hiding this comment.
logic: The sourceCodeFullPath now uses fileFolderWithoutWorkspace, which might cause issues if other parts of the system expect the full path including the workspace
| <ArticleTable options={[ | ||
| ['SERVERLESS_TYPE', 'local', "Functions can either be executed through Lambda or directly by the main node process"], | ||
| ['SERVERLESS_LAMBDA_REGION', 'us-east-1', 'If you use the Lambda driver, region of the Lambda function'], | ||
| ['SERVERLESS_LAMBDA_ROLE', 'arn:aws:iam::121334:role/lambda-execution-role', "If you use the Lambda drive, name of the IAM role with the right permissions"], |
There was a problem hiding this comment.
syntax: Typo in 'Lambda drive', should be 'Lambda driver'
Weiko
approved these changes
Aug 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #6525
(@martmull fyi it was not related to AWS but linked to the fact that we recently enforced passing a token to access files)