I have an application that uses an AWS lambda function triggered by an implicit http api event, which gets post/get requests from a React app:
"mylambda": {
"Type": "AWS::Serverless::Function",
"Properties": {
"InlineCode": "exports.handler = async (event, context)",
"MemorySize": {
"Ref": "LambdaMemorySize"
},
"Handler": "backend/index.handler",
"Role": {
"Fn::GetAtt": ["myrole", "Arn"]
},
"Timeout": {
"Ref": "LambdaTimeout"
},
"Runtime": "nodejs12.x",
"FunctionName": "myFunction",
"Events": {
"httpapi": {
"Type": "HttpApi",
"Properties": {
"Path": "/myApi",
"Method": "ANY"
}
}
}
}
}
},
I want to add an environment variable inside the Lambda function for the http-api endpoint so that I can use it in lambda's handler:
"Environment": {
"Variables": {
"apiEndpoint": {
"Fn::Join": [
"",
[
"https://",
{ "Ref": "ServerlessHttpApi" },
".execute-api.",
{ "Ref": "AWS::Region" },
".amazonaws.com"
]
]
}
}
}
The problem is that this throws a circular dependency error and I can see why (lambda relies on api-gateway and api-gateway relies on lambda).
I tried to create the http-api separately but then there seemed to be no way of referencing the api inside lambda as a trigger i.e. when I deploy, the template creates a lambda function that doesn't have my api as a trigger, while my api was created separately.
I know the whole env variables thing can be done easily from the console but my deployment model assumes everything should be done in the CF template.
An answer here suggested:
"You could easily extract the information you need from that event instead of having it as an environment variable, but this depends on your exact use case."
I could do this in the body of the lambda's handler in index.js:
module.exports.apiendpoint = event.requestContext.domainName;
But this will collide with the fact that 1) I can't use index.js variables that are outside React's src folder and 2) I'm not sure how the app will run for the first time since it'll require the get/post request first to trigger lambda.
I think my main problem is simple: I don't know how I can reference the http api endpoint in Lambda's environment variables without throwing an error. Is it that the whole structure of my app is wrong?
Related
This question already has answers here:
Access variables and functions defined in page context using a content script
(6 answers)
Access global js variables from js injected by a chrome extension
(1 answer)
Closed last month.
I created an extension that append button on each tweet on twitter. Upon clicking that button I should perform a function window.phantom.solana.connect().
When I enter window.phantom.solana.connect() directly in my console it works, but the problem is when I try to trigger this function from content script it the window object has different context than the one I am using inside of my browser and it doesn't contain phantom.solana... properties
here is my manifest.json
{
"manifest_version": 3,
"name": "react-boilerplate",
"description": "react-boilerplate for chrome extension",
"version": "1.0.0",
"action": {
"default_title": "React Boilerplate"
},
"permissions": \["tabs", "bookmarks", "storage", "identity", "scripting"\],
"icons": {
"16": "icon.png",
"48": "icon.png",
"128": "icon.png"
},
"background": {
"service_worker": "background.js"
},
"content_scripts": \[
{
"matches": \["https://*.twitter.com/*"\],
"js": \["contentScript.js"\]
}
\],
"web_accessible_resources": \[
{
"resources": \["web_accessible_resources.js"\],
"matches": \["\<all_urls\>"\],
"extension_ids": \["bfnaelmomeimhlpmgjnjophhpkkoljpa"\]
}
\]
}
and my content script
import React from "react";
import { createRoot } from "react-dom/client";
import "../assets/tailwind.css";
import ContentScript from "./contentScript";
function init() {
const appContainer = document.createElement("div");
if (!appContainer) {
throw new Error("Cannot find app container");
}
const root = createRoot(appContainer);
const articleList = window.document.querySelectorAll("article");
root.render(\<ContentScript /\>);
for (const element of articleList) {
var btn = document.createElement("button");
btn.appendChild(document.createTextNode("Bonk tweet"));
btn.style.color = "white";
btn.addEventListener("click", function () {
// this function should catch the window object
chrome.runtime.sendMessage(
{ greetings: "Bonk tweet" },
function (response) {
console.log(response.farewell);
// don't have access to window.phantom.solana
console.log(this);
console.log(window);
}
);
});
element.appendChild(btn);
}
}
setTimeout(init, 4000);
I tried to access it on a various ways through events, web_accessible_resources... Still no luck. Does anyone knows how can I access the same window object inside my extension
Content scripts don't have access the host page's window object. But they do have access to the host page's DOM. So you can work around this limitation by adding a script tag to the host page's DOM so that it executes in the host page's context and has access to the host window object.
const scriptTag = document.createElement('script');
scriptTag.setAttribute('type','application/javascript');
scriptTag.innerText = `window.phantom.solana.connect()`;
document.head.appendChild(scriptTag);
Additionally, you could set up a message handler in the script tag above, and send a message from your content script to execute that handler.
This workaround will not work if the page has a content security policy though.
I am trying to implement OneSignal web push notifications with the next.js web app. I followed this article
to implement it. But it is not implementing properly as it shows an error. I have doubt that where should I place the window.OnseSignal code shown in step 7.
What I did?
I built a component name NewOneSignal instead of pasting it in App.js (because there is no App.js file in next.js) whose code is given below:
import React, { useEffect } from "react";
const NewOneSignal=()=>{
useEffect(()=>{
window.OneSignal = window.OneSignal || [];
const OneSignal = window.OneSignal;
},[]);
return (
OneSignal.push(()=> {
OneSignal.init(
{
appId: "i pasted my app id here", //STEP 9
promptOptions: {
slidedown: {
enabled: true,
actionMessage: "We'd like to show you notifications for the latest Jobs and updates about the following categories.",
acceptButtonText: "OMG YEEEEESS!",
cancelButtonText: "NAHHH",
categories: {
tags: [
{
tag: "governmentJobs",
label: "Government Jobs",
},
{
tag: "PrivateJobs",
label: "Private Jobs",
}
]
}
}
},
welcomeNotification: {
"title": "The website",
"message": "Thanks for subscribing!",
}
},
//Automatically subscribe to the new_app_version tag
OneSignal.sendTag("new_app_version", "new_app_version", tagsSent => {
// Callback called when tag has finished sending
console.log('new_app_version TAG SENT', tagsSent);
})
);
})
)
}
export default NewOneSignal;
And imported this component in the document.js file. According to this article, I have to put step 8 code in the useEffect but didn't work also, I have tried that also
I am very much sure that the problem is in this file. I paste the OneSignalsdk script in head section of the _document.js file.Also, i moved the two service worker files in a public folder as shown in the article. Please help me to make this code work
I'm using ITFoxtec SAML 2.0 where I have started multiple projects; TestIdpCore and TestWebAppCore. Once I click on the TestWebAppCore login link, I face the error Sequence contains no elements.
The error is because the identity provider TestIdpCore cannot find the relying party TestWebAppCore.
I think maybe the TestWebAppCore endpoint have changed or that the application is not answering.
The relying party TestWebAppCore is default exposed on https://localhost:44306/. And the relying party is configured in the identity provider TestIdpCore appsettings.json with the metadata endpoint "https://localhost:44306/metadata".
"Settings": {
"RelyingParties": [
{
"Metadata": "https://localhost:44327/metadata"
},
{
"Metadata": "https://localhost:44306/metadata"
},
{
"Metadata": "https://localhost:44307/metadata"
},
{
"Metadata": "https://localhost:44308/metadata"
},
{
"Metadata": "https://localhost:44309/metadata"
}
]
}
If the TestWebAppCore endpoint has changed you need to change the identity provider configuration.
In the volttron/platform/store.py file, it contains:
# RPC.export
# RPC.allow ('edit_config_store')
def manage_store (self, identity, config_name, raw_contents, config_type = "raw"):
contents = process_raw_config (raw_contents, config_type)
self._add_config_to_store (identity, config_name, raw_contents, contents, config_type,
trigger_callback = True)
To call this function from outside, I wrote the code as below.
self.vip.rpc.call (CONFIGURATION_STORE, "manage_store", 'platform.driver', config_name, raw_contents, 'json')
The error code is as follows.
volttron.platform.jsonrpc.Error: method "manage_store" requires capabilities {'edit_config_store'}, but capability [] was provided for user pnp
auth is registered as below.
INDEX: 8
{
"domain": null,
"address": null,
"mechanism": "CURVE",
"credentials": "6vjPXC8ctO8oWkeMXAOe5FsAM9vZD_sg0vkLrstnVFs",
"groups": [],
"roles": [],
"capabilities": {
"edit_config_store": {
"identity": "pnp.b"
}
},
"comments": "Automatically added on agent install",
"user_id": "pnp.b",
"enabled": true
}
How do I fix Capability?
This is a security feature. By default an agent can only update its own config store. So the agent with identity pnp.b can only edit its own config store and not of platform.driver. But you (or whoever has access to run vctl auth command or to directly edit the $VOLTTRON_HOME/auth.json file) can edit config store by giving the pnp.b agent the capability to edit the config store of platform.driver.
The capabilities entry for the agent can be changed to a regular expression that allows pnp.b or platform.driver (Or any other pattern you want). Regular expressions should be enclosed in / For example
{
"domain": null,
"address": null,
"mechanism": "CURVE",
"credentials": "6vjPXC8ctO8oWkeMXAOe5FsAM9vZD_sg0vkLrstnVFs",
"groups": [],
"roles": [],
"capabilities": {
"edit_config_store": {
"identity": "/pnp.b|platform.driver/"
}
},
"comments": "Automatically added on agent install",
"user_id": "pnp.b",
"enabled": true
}
Thank you very much for your answer.
Referring to your answer, I was correcting auth's capability.
INDEX: 8
{
"domain": null,
"address": null,
"mechanism": "CURVE",
"credentials": "TG3z7cEa1FnMp_642srvNLyd6HsxTq18xMOg20FFWjE",
"groups": [],
"roles": [],
"capabilities": {
"edit_config_store": {
"identity": "/pnp.b|platform.driver/"
}
},
"comments": "Automatically added on agent install",
"user_id": "pnp.b",
"enabled": true
}
However, it still shows that the agent is not authorized as shown in the log below.
Is it my mistake during correction?
Do you have any comments on this?
Note: I use the volttron 7.0rc branch.
2020-04-07 09:09:37,467 () volttron.platform.vip.agent.subsystems.rpc ERROR: unhandled exception in JSON-RPC method 'manage_store':
Traceback (most recent call last):
File "/volttron7_200331/volttron/platform/vip/agent/subsystems/rpc.py", line 158, in method
return method(*args, **kwargs)
File "/volttron7_200331/volttron/platform/vip/agent/subsystems/rpc.py", line 283, in checked_method
raise jsonrpc.exception_from_json(jsonrpc.UNAUTHORIZED, msg)
volttron.platform.jsonrpc.Error: method "manage_store" requires capabilities {'edit_config_store'}, but capability [] was provided for user pnp
everyone.
I'm having trouble trying to authorize my Compute Engine instance to lease tasks on a Task Queue queue.
I've included de necessary scopes (I think), in the instance creation config:
"metadata": {
"kind": "compute#metadata",
"items": [
{
"key": "startup-script-url",
"value": "[MY-STARTUP-SCRIPT]"
},
{
"key": "service_account_scopes",
"value": "https://www.googleapis.com/auth/cloud-platform"
}
]
},
"serviceAccounts": [
{
"email": "[MY-SERVICE-ACCOUNT]",
"scopes": [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/taskqueue",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/compute"
]
}
Also in my queue.yaml, I have added the same service account to the acl directive with the "user_email" attribute:
queue:
- name: [MY-QUEUELIST]
mode: pull
retry_parameters:
task_retry_limit: 5
acl:
- user_email: [MY-COMPUTE-ENGINE-SERVICE-ACCOUNT]
Finally, the script that I run on my instance uses the GoogleCredentials.get_application_default() function to obtain the credentials. This credentials are passed as argument to the build() method (as stated here: https://cloud.google.com/compute/docs/authentication):
The end result is that when I try to list the task of the given taskqueue I get this error:
googleapiclient.errors.HttpError: https://www.googleapis.com/tasks/v1/lists/documentation-compiler-queue/tasks?alt=json
returned "Insufficient Permission">
What am I missing?!
Thanks in advance.
I got my own mistake!
Just ignore this cuestion. I was using:
from googleapiclient.discovery import build
taskqueue_service = build('task', 'v1beta2', credentials=credentials)
instead of:
from googleapiclient.discovery import build
taskqueue_service = build('taskqueue', 'v1beta2', credentials=credentials)
Note the [API name] string in the build method