Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEX dependency error for v0.4.0 #166

Open
mmeidlinger opened this issue May 21, 2023 · 1 comment · Fixed by alafauci/certbot-lambda#1 · May be fixed by #167
Open

PEX dependency error for v0.4.0 #166

mmeidlinger opened this issue May 21, 2023 · 1 comment · Fixed by alafauci/certbot-lambda#1 · May be fixed by #167

Comments

@mmeidlinger
Copy link

mmeidlinger commented May 21, 2023
edited

Problem Description

Testing v0.4.0 gives the following error

[ERROR] ResolveError: Failed to resolve requirements from PEX environment @ /var/task.Needed cp39-cp39-[ERROR] ResolveError: Failed to resolve requirements from PEX environment @ /var/task.
Needed cp39-cp39-manylinux_2_26_x86_64 compatible dependencies for:
 1: cryptography>=2.5.0
    Required by:
      acme 2.1.0
      certbot 2.1.0
    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.
 2: cryptography>=1.5
    Required by:
      josepy 1.13.0
    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.
 3: cryptography<39,>=38.0.0
    Required by:
      pyOpenSSL 22.1.0
    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.
 4: cryptography>=2
    Required by:
      dns-lexicon 3.11.7
    But this pex had no ProjectName(raw='cryptography', normalized='cryptography') distributions.
Traceback (most recent call last):
  File "/var/lang/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/var/task/main.py", line 34, in <module>
    bootstrap_pex_env(__entry_point__)
  File "/var/task/.bootstrap/pex/pex_bootstrapper.py", line 684, in bootstrap_pex_env
    PEXEnvironment.mount(entry_point, pex_info).activate()
  File "/var/task/.bootstrap/pex/environment.py", line 321, in activate
    self._activated_dists = self._activate()
  File "/var/task/.bootstrap/pex/environment.py", line 671, in _activate
    resolved = self.resolve()
  File "/var/task/.bootstrap/pex/environment.py", line 502, in resolve
    for fingerprinted_distribution in self.resolve_dists(all_reqs)
  File "/var/task/.bootstrap/pex/environment.py", line 589, in resolve_dists
    raise ResolveError(

How to reproduce

Create an S3 Bucket my-bucket, download certbot-lambda.zip release v0.4.0 and upload to s3://my-bucket/certbot-lambda/v0.4.0/certbot-lambda.zip. Then deploy this Cloudformation to setup cerbot-lambda as described in README.md and trigger the lambda function with a test event from the Console.

AWSTemplateFormatVersion: '2010-09-09'
Description: An example template for a Step Functions state machine.
Parameters:
  CertbotDomains:
    Type: String
    Default: example.com
  CertbotEmails:
    Type: String
    Default: admin@example.com
  S3DeploymentAssetBucket:
    Type: String
    Default: my-bucket
  S3DeploymentAssetKey:
    Type: String
    Default: certbot-lambda/v0.4.0/certbot-lambda.zip
  SecretName:
    Type: String
    Default: /certificates/{domain}

Resources:
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub LambdaExecutionRole-${AWS::StackName}
      Description: Role assumed by Lambda to provision Let's Enctpy TLS Certificate
      AssumeRolePolicyDocument: 
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/SecretsManagerReadWrite
        - arn:aws:iam::aws:policy/AmazonRoute53FullAccess
      Policies:
        - PolicyName: InlineLambdaExecutionRolePolicy
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                  - logs:CreateLogGroup
                Resource: arn:aws:logs:*:*:*

  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      Description: Provisions TLS Certificates from Let's Encrypt and stores them in Secretsmanager
      FunctionName: certbot-lambda
      MemorySize: 150
      Role: !GetAtt LambdaExecutionRole.Arn
      Runtime: python3.9
      Handler: main.handler
      Environment:
        Variables:
          CERTBOT_EMAILS: !Ref CertbotEmails
          CERTBOT_DOMAINS: !Ref CertbotDomains
          CERTBOT_DNS_PLUGIN: dns-route53
          AWS_SECRET_NAME: !Ref SecretName
      Timeout: 600
      Code:
        S3Bucket: !Ref S3DeploymentAssetBucket
        S3Key: !Ref S3DeploymentAssetKey
  
  LambdaFunctionPermission:
    Type: AWS::Lambda::Permission
    Properties:
      FunctionName: !GetAtt LambdaFunction.Arn
      Action: lambda:InvokeFunction
      Principal: secretsmanager.amazonaws.com
@mmeidlinger mmeidlinger changed the title PEX dependency error for v.0.4.0 PEX dependency error for v0.4.0 May 21, 2023
@vonschultz
Copy link

I had this problem as well. I think the Glibc version of the manylinux tag is too new for the runtime. I tried regenerating the zip file for the Python 3.11 runtime instead, but still got the same problem, with an even newer manylinux tag this time. To actually fix this, run pex3 interpreter inspect --markers --tags on the AWS Lambda runtime you wish to support, put the result in a file called e.g. complete-platform.json and give --complete-platform complete-platform.json to pex when building the zip file.

vonschultz added a commit to vonschultz/certbot-lambda that referenced this issue Nov 28, 2023
@vonschultz
Update to Python 3.11, use complete-platform JSON
3386043 
The latest supported AWS Lambda runtime is Python 3.11, so upgrade
from Python 3.9 to Python 3.11. To avoid falling into
KiraLT#166, specify a complete-platform.json file,
generated using `pex3 interpreter inspect --markers --tags` in an AWS
Lambda Python 3.11 runtime.

Fixes KiraLT#166
@vonschultz vonschultz linked a pull request Nov 28, 2023 that will close this issue
Open
@alafauci alafauci mentioned this issue Nov 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@mmeidlinger @vonschultz