Skip to content

chore: Updates Project CFN resource handler to accept Lambda Proxy ARN as input & use as Http transport in Atlas SDK client #1300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

chore: Updates Project CFN resource handler to accept Lambda Proxy ARN as input & use as Http transport in Atlas SDK client #1300

wants to merge 3 commits into from

Conversation

maastha
Copy link
Collaborator

@maastha maastha commented Mar 8, 2025
edited
Loading

Proposed changes

Jira ticket: CLOUDP-303001

Please include a summary of the fix/feature/change, including any relevant motivation and context.

Link to any related issue(s):

Type of change:

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as
    expected)
  • This change requires a documentation update
  • If changes include removal or addition of 3rd party GitHub actions, I updated our internal document. Reach out to the APIx Integration slack channel to get access to the internal document.

Manual QA performed:

  • cfn invoke for each of CRUDL/cfn test
  • Updated resource in example
  • Published to AWS private registry
  • Used the template in example to create and update a stack in AWS
  • Deleted stack to ensure resources are deleted
  • Created multiple resources in same stack
  • Validated in Atlas UI
  • Included screenshots

Required Checklist:

  • I have signed the MongoDB CLA
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that this change does not generate any credentials and that they are NOT accidentally logged anywhere.
  • I have added any necessary documentation (if appropriate)
  • I have run make fmt and formatted my code
  • For CFN Resources: I have released by changes in the private registry and proved by change
    works in Atlas

Further comments

@maastha maastha requested a review from a team as a code owner March 8, 2025 20:00
@maastha maastha marked this pull request as draft March 8, 2025 20:00
maastha
maastha commented Mar 10, 2025
View reviewed changes
cfn-resources/project/mongodb-atlas-project.json
@@ -127,6 +127,10 @@
"description": "Profile used to provide credentials information, (a secret with the cfn/atlas/profile/{Profile}, is required), if not provided default is used",
"default": "default"
},
"LambdaProxyArn": {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, LambdaArn may be taken as an input in the Profile

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would definitely have it in the Profile so we don't need to change every single resource

maastha
maastha commented Mar 10, 2025
View reviewed changes
cfn-resources/util/atlasLambdaClient.go
}

// This method currently uses extensive logging for POC purpose which should be reduced
func newAtlasV2ClientWithLambdaProxySupport(req *handler.Request, profileName *string, profileNamePrefixRequired bool, lambdaArn *string) (*MongoDBClient, *handler.ProgressEvent) {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Temporarily added this new method for the POC but this logic could simply be added to existing newAtlasV2Client() method

maastha
maastha commented Mar 10, 2025
View reviewed changes
cfn-resources/util/atlasLambdaClient.go
lambdaTransport := newLambdaForwardingTransport(req, *lambdaArn)
digestTransport := digest.NewTransport(prof.PublicKey, prof.PrivateKey)
// Set the underlying transport to our Lambda transport
digestTransport.Transport = lambdaTransport
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alternatively can use NewTransportWithHTTPRoundTripper()

@maastha maastha changed the title chore: Spike lambda vpc ipaddr chore: Updates Project CFN resource handler to accept Lambda Proxy ARN as input & use as Http transport in Atlas SDK client Mar 10, 2025
marcosuma
marcosuma reviewed Mar 11, 2025
View reviewed changes
cfn-resources/util/atlasLambdaClient.go
c := Config{BaseURL: prof.BaseURL, DebugClient: prof.UseDebug()}
log.Printf("Config initialized: %+v", c)

sdk20231115002Client, err := c.NewSDKv20231115002Client(client)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if I read this correctly.. in the CFN implementation we are still going use the SDK. The SDK is instantiated using a different client that passes through the lambda invocation. Am I right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right.

marcosuma
marcosuma reviewed Mar 11, 2025
View reviewed changes
cfn-resources/project/lambdaproxy/lambda.py
raise ValueError("EC2_PROXY_ENDPOINT is not set")
logger.debug(f"EC2_PROXY_ENDPOINT: {EC2_PROXY_ENDPOINT}")

def lambda_handler(event, context):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is how customer should define the lambda function in their own AWS Account. right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

EspenAlbert
EspenAlbert reviewed Mar 11, 2025
View reviewed changes
cfn-resources/util/atlasLambdaClient.go

var client *http.Client
if lambdaArn != nil && *lambdaArn != "" {
log.Printf("Using chained digest transport with Lambda forwarding. Lambda ARN: %s", *lambdaArn)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool!

@github-actions GitHub Actions
Copy link
Contributor

This PR has gone 30 days without any activity and meets the project’s definition of "stale". This will be auto-closed if there is no new activity over the next 30 days. If the issue is still relevant and active, you can simply comment with a "bump" to keep it open, or add the label "not_stale". Thanks for keeping our repository healthy!

@github-actions github-actions bot added the stale label Apr 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lantoli lantoli lantoli left review comments

@EspenAlbert EspenAlbert EspenAlbert left review comments

@marcosuma marcosuma marcosuma left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maastha @lantoli @EspenAlbert @marcosuma