Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(Role): Class Role incorrectly implements interface IRole (Python) (CDK v2) #20278

Closed
BwL1289 opened this issue May 10, 2022 · 5 comments
Closed

(Role): Class Role incorrectly implements interface IRole (Python) (CDK v2) #20278

BwL1289 opened this issue May 10, 2022 · 5 comments
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. needs-reproduction This issue needs reproduction. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@BwL1289
Copy link

BwL1289 commented May 10, 2022
edited
Loading

Describe the bug

This issue is in reference to this issue and my comment on it.

Error (using PyLance):

Argument of type "Role" cannot be assigned to parameter "role" of type "IRole | None" in function "__init__"
  Type "Role" cannot be assigned to type "IRole | None"
    "Role" is incompatible with protocol "IRole"
      "grant_pass_role" is an incompatible type
        Type "(identity: IPrincipal) -> Grant" cannot be assigned to type "(grantee: IPrincipal) -> Grant"
          Parameter name mismatch: "grantee" versus "identity"
    Type cannot be assigned to type

Steps I've taken to mitigate, given feedback above:

  1. Deactivate and delete my virtual environment
  2. Updated my constraints.txt file with the following versions:
pytest==6.2.5
boto3==1.20.37
aws-cdk-lib==2.23.0
constructs==10.1.5
cdk8s==2.2.85
cfnresponse==1.1.2
  1. Updated npm: npm update
  2. Updated aws CLI: npm i -g aws-cdk
  3. Created new virtual environment: python3 -m venv .venv
  4. Activated my virtual environment: . .venv/bin/activate
  5. Install requirements: pip install -r requirements.txt -r requirements-dev.txt -c constraints.txt

I'm not sure how the Pipfile plays into this, but would appreciate any clarification possible.

Expected Behavior

No error to be thrown.

Current Behavior

Error thrown.

Reproduction Steps

role_name = "API Function Role"
self._lambda_function_role = iam.Role(
	self, role_name, assumed_by=lambda_service_principal, role_name=role_name
)

zips_bucket = ZipsBucket(self, "zips_bucket").bucket
func_name = "APIFunction"
self._api_function = lambda_.Function(
            self,
            func_name,
            description="Geoflo account API",
            function_name=func_name,
            code=lambda_.Code.from_bucket(bucket=zips_bucket, key='functions/packages/instance-profile/lambda.zip'),
            runtime=typing.cast(lambda_.Runtime, lambda_.Runtime.PYTHON_3_9), # Bug in CDK; use cast to mitigate for now
            timeout=Duration.seconds(900),
            handler="rest_client.handler",
            role=self.lambda_function_role,
        )

Possible Solution

Seems that incompatible dependencies has caused this issue. I have tried to update dependencies, but have not been successful in solving.

Additional Information/Context

No response

CDK CLI Version

2.23.0 (build 50444aa)

Framework Version

2.23.0

Node.js Version

v14.17.4

OS

Mac

Language

Python

Language Version

Python 3.9.6

Other information

No response
@BwL1289 BwL1289 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 10, 2022
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label May 10, 2022
@tejasmr
Copy link
Contributor

tejasmr commented May 12, 2022

Can you try npm i -g aws-cdk@2.23.0?

@peterwoodworth
Copy link
Contributor

Unfortunately there's likely not much we will be able to do to help unless you are able to link us a repository which you can clone and consistently reproduce this issue. It's very likely still some mismatched dependency issue - as I'm unable to reproduce it. Can you still reproduce this error in brand new projects on the latest version and cli?

@peterwoodworth peterwoodworth added needs-reproduction This issue needs reproduction. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels May 20, 2022
@github-actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels May 22, 2022
@diesal11 diesal11 mentioned this issue Jul 12, 2022
Closed
@adonig
Copy link

adonig commented Dec 16, 2022

I ran into the same issue on OS X with VSCode and pylance. As a workaround I used an assertion to get rid of the error:

        my_lambda_role = iam.Role(
            self,
            "MyLambdaRole",
            assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
        )

        # HACK: Stop type checkers from complaining about class Role not implementing interface IRole.
        # See: https://github.com/aws/aws-cdk/issues/20278
        # See: https://github.com/aws/aws-cdk/issues/15150
        assert isinstance(my_lambda_role, iam.IRole)

        my_lambda_role.add_managed_policy(
            iam.ManagedPolicy.from_aws_managed_policy_name(
                "service-role/AWSLambdaBasicExecutionRole"
            )
        )

        my_lambda_function = lambda_.DockerImageFunction(
            self,
            "MyLambdaFunction",
            code=lambda_.DockerImageCode.from_image_asset(
                directory=str(self.root_directory / "my_lambda"),
                follow_symlinks=SymlinkFollowMode.ALWAYS,
            ),
            role=my_lambda_role,
        )

@michelesr
Copy link

This is still an issue, and it's not only limited to Role, there are a lot of other classes not respecting the expected protocols.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. needs-reproduction This issue needs reproduction. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rix0rrr @adonig @michelesr @BwL1289 @peterwoodworth @tejasmr