sam local start-lambda with cfn test in Bitbucket pipeline networking error

Get involved · June 21, 2023

Description:

Running sam local start-lambda in a Bitbucket pipeline to then run cfn test for my cloudformation hooks. I am trying to test the hooks before deploying.

Have tried all combinations of following flags:

host
container-host
container-host-interface
docker-network (pretty sure this is limited to only bridge in Bitbucket)

Raised with aws sam cli project but seems to be an issue with Bitbucket docker permissions - https://github.com/aws/aws-sam-cli/issues/5391.

Seeking some guidance!

Steps to reproduce:

Have valid Cloudformation hook.

Bitbucket pipeline:

# Prep pipeline
yum update -y &&
yum install -y jq curl unzip git &&
cd hooks/s3-block-public-access/ &&
pip install awscli aws-sam-cli pipenv
pipenv install git+https://github.com/aws-cloudformation/aws-cloudformation-rpdk-python-plugin.git#egg=cloudformation-cli-python-plugin &&

pipenv run cfn submit --dry-run --region [MY REGION] --role-arn "$MYROLE"

Then, main commands:

nohup sam local start-lambda --debug --host 0.0.0.0 -l /sam-background.log > /sam-background-all.log &
pipenv run cfn test -v --region [REDACTED REDGION] || echo "sam log------>" && cat /sam-background.log

Observed result:

+ nohup sam local start-lambda --debug --host 0.0.0.0 -l /sam-background.log > /sam-background-all.log &

+ pipenv run cfn test -v --region ap-southeast-2 || echo "sam log------>" && cat /sam-background.log && echo "sam log2------>" && cat /sam-background-all.log
2023-06-21 12:38:47,527 | Config file location: /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/samconfig.toml
2023-06-21 12:38:47,527 | Config file '/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/samconfig.toml' does not exist
2023-06-21 12:38:47,534 | Using SAM Template at /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/template.yml
2023-06-21 12:38:47,560 | Using config file: samconfig.toml, config environment: default
2023-06-21 12:38:47,560 | Expand command line arguments to:
2023-06-21 12:38:47,560 | --template_file=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/template.yml --host=0.0.0.0 --log_file=/sam-background.log --port=3001 --layer_cache_basedir=/root/.aws-sam/layers-pkg --container_host=localhost --container_host_interface=127.0.0.1 
2023-06-21 12:38:47,656 | local start_lambda command is called
2023-06-21 12:38:47,660 | No Parameters detected in the template
2023-06-21 12:38:47,692 | There is no customer defined id or cdk path defined for resource TypeFunction, so we will use the resource logical id as the resource id
2023-06-21 12:38:47,692 | There is no customer defined id or cdk path defined for resource TestEntrypoint, so we will use the resource logical id as the resource id
2023-06-21 12:38:47,692 | 0 stacks found in the template
2023-06-21 12:38:47,692 | No Parameters detected in the template
2023-06-21 12:38:47,716 | There is no customer defined id or cdk path defined for resource TypeFunction, so we will use the resource logical id as the resource id
2023-06-21 12:38:47,717 | There is no customer defined id or cdk path defined for resource TestEntrypoint, so we will use the resource logical id as the resource id
2023-06-21 12:38:47,717 | 2 resources found in the stack 
2023-06-21 12:38:47,717 | Found Serverless function with name='TypeFunction' and CodeUri='build/'
2023-06-21 12:38:47,717 | --base-dir is not presented, adjusting uri build/ relative to /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/template.yml
2023-06-21 12:38:47,717 | Found Serverless function with name='TestEntrypoint' and CodeUri='build/'
2023-06-21 12:38:47,717 | --base-dir is not presented, adjusting uri build/ relative to /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/template.yml
2023-06-21 12:38:47,728 | Starting the Local Lambda Service. You can now invoke your Lambda Functions defined in your template through the endpoint.
2023-06-21 12:38:47,728 | Localhost server is starting up. Multi-threading = True
2023-06-21 12:38:47 �[31m�[1mWARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.�[0m
 * Running on all addresses (0.0.0.0)
 * Running on http://127.0.0.1:3001
 * Running on http://10.38.[REDACTED]:3001
2023-06-21 12:38:47 �[33mPress CTRL+C to quit�[0m
Validating your hook specification...
============================= test session starts ==============================
platform linux -- Python 3.9.16, pytest-7.3.2, pluggy-1.2.0 -- /root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/bin/python
cachedir: .pytest_cache
hypothesis profile 'default' -> database=DirectoryBasedExampleDatabase('/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/.hypothesis/examples')
Test order randomisation NOT enabled. Enable with --random-order or --random-order-bucket=<bucket_type>
rootdir: /tmp
configfile: pytest_km9gmubq.ini
plugins: localserver-0.7.1, hypothesis-6.79.1, random-order-1.1.0
collecting ... collected 24 items / 17 deselected / 7 selected

2023-06-21 12:38:56,944 | Found one Lambda function with name 'TypeFunction'
2023-06-21 12:38:56,944 | Invoking [REDACTED]_s3blockpublicaccess_hook.handlers.hook (python3.9)
2023-06-21 12:38:56,944 | No environment variables found for function 'TypeFunction'
2023-06-21 12:38:56,944 | Loading AWS credentials from session with profile 'None'
2023-06-21 12:38:56,954 | Resolving code path. Cwd=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access, CodeUri=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:38:56,955 | Resolved absolute path to code is /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:38:56,955 | Code /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build is not a zip/jar file
2023-06-21 12:38:56,960 | Local image was not found.
2023-06-21 12:38:56,960 | Removing rapid images for repo public.ecr.aws/sam/emulation-python3.9
Building image..........................
2023-06-21 12:38:57,969 | Using local image: public.ecr.aws/lambda/python:3.9-rapid-x86_64.

2023-06-21 12:38:57,969 | Mounting /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build as /var/task:ro,delegated, inside runtime container
2023-06-21 12:38:58,273 | Starting a timer for 180 seconds for function 'TypeFunction'
2023-06-21 12:38:58,807 | Cleaning all decompressed code dirs
2023-06-21 12:38:58,807 | Unable to find Click Context for getting session_id.
2023-06-21 12:38:58 127.0.0.1 - - [21/Jun/2023 12:38:58] "POST /2015-03-31/functions/TypeFunction/invocations HTTP/1.1" 200 -
../../../../../../../tmp/hook/handler_pre_create.py::contract_pre_create_success FAILED [ 14%]
2023-06-21 12:39:02,421 | Found one Lambda function with name 'TypeFunction'
2023-06-21 12:39:02,421 | Invoking [REDACTED]_s3blockpublicaccess_hook.handlers.hook (python3.9)
2023-06-21 12:39:02,421 | No environment variables found for function 'TypeFunction'
2023-06-21 12:39:02,421 | Resolving code path. Cwd=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access, CodeUri=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:02,421 | Resolved absolute path to code is /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:02,421 | Code /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build is not a zip/jar file
2023-06-21 12:39:02,432 | Cleaning all decompressed code dirs
2023-06-21 12:39:02,432 | Exception on /2015-03-31/functions/TypeFunction/invocations [POST]
Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/var/lang/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 196, in build
    self._check_base_image_is_current(base_image)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 470, in _check_base_image_is_current
    if self.is_base_image_current(image_name):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 494, in is_base_image_current
    return self.get_local_image_digest(image_name) == self.get_remote_image_digest(image_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 510, in get_remote_image_digest
    remote_info = self.docker_client.images.get_registry_data(image_name)
  File "/var/lang/lib/python3.9/site-packages/docker/models/images.py", line 356, in get_registry_data
    attrs=self.client.api.inspect_distribution(name, auth_config),
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 34, in wrapper
    return f(self, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/api/image.py", line 287, in inspect_distribution
    return self._result(
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 274, in _result
    self._raise_for_status(response)
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e) from e
  File "/var/lang/lib/python3.9/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 403 Client Error for http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json: Forbidden ("authorization denied by plugin pipelines: ")

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambda_service/local_lambda_invoke_service.py", line 169, in _invoke_request_handler
    self.lambda_runner.invoke(function_name, request_data, stdout=stdout_stream_writer, stderr=self.stderr)
  File "/var/lang/lib/python3.9/site-packages/samcli/commands/local/lib/local_lambda.py", line 144, in invoke
    self.local_runtime.invoke(
  File "/var/lang/lib/python3.9/site-packages/samcli/lib/telemetry/metric.py", line 324, in wrapped_func
    return_value = func(*args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 189, in invoke
    container = self.create(function_config, debug_context, container_host, container_host_interface)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 85, in create
    container = LambdaContainer(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 94, in __init__
    image = LambdaContainer._get_image(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 237, in _get_image
    return lambda_image.build(runtime, packagetype, image, layers, architecture, function_name=function_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 213, in build
    raise DockerDistributionAPIError("Unknown API error received from docker") from e
samcli.commands.local.cli_common.user_exceptions.DockerDistributionAPIError: Unknown API error received from docker
2023-06-21 12:39:02 127.0.0.1 - - [21/Jun/2023 12:39:02] "�[35m�[1mPOST /2015-03-31/functions/TypeFunction/invocations HTTP/1.1�[0m" 500 -
../../../../../../../tmp/hook/handler_pre_create.py::contract_pre_create_failed FAILED [ 28%]
../../../../../../../tmp/hook/handler_pre_create.py::contract_pre_create_failed_unsupported_target SKIPPED [ 42%]
2023-06-21 12:39:05,966 | Found one Lambda function with name 'TypeFunction'
2023-06-21 12:39:05,966 | Invoking [REDACTED]_s3blockpublicaccess_hook.handlers.hook (python3.9)
2023-06-21 12:39:05,966 | No environment variables found for function 'TypeFunction'
2023-06-21 12:39:05,966 | Resolving code path. Cwd=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access, CodeUri=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:05,966 | Resolved absolute path to code is /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:05,966 | Code /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build is not a zip/jar file
2023-06-21 12:39:05,977 | Cleaning all decompressed code dirs
2023-06-21 12:39:05,977 | Exception on /2015-03-31/functions/TypeFunction/invocations [POST]
Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/var/lang/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 196, in build
    self._check_base_image_is_current(base_image)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 470, in _check_base_image_is_current
    if self.is_base_image_current(image_name):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 494, in is_base_image_current
    return self.get_local_image_digest(image_name) == self.get_remote_image_digest(image_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 510, in get_remote_image_digest
    remote_info = self.docker_client.images.get_registry_data(image_name)
  File "/var/lang/lib/python3.9/site-packages/docker/models/images.py", line 356, in get_registry_data
    attrs=self.client.api.inspect_distribution(name, auth_config),
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 34, in wrapper
    return f(self, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/api/image.py", line 287, in inspect_distribution
    return self._result(
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 274, in _result
    self._raise_for_status(response)
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e) from e
  File "/var/lang/lib/python3.9/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 403 Client Error for http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json: Forbidden ("authorization denied by plugin pipelines: ")

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambda_service/local_lambda_invoke_service.py", line 169, in _invoke_request_handler
    self.lambda_runner.invoke(function_name, request_data, stdout=stdout_stream_writer, stderr=self.stderr)
  File "/var/lang/lib/python3.9/site-packages/samcli/commands/local/lib/local_lambda.py", line 144, in invoke
    self.local_runtime.invoke(
  File "/var/lang/lib/python3.9/site-packages/samcli/lib/telemetry/metric.py", line 324, in wrapped_func
    return_value = func(*args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 189, in invoke
    container = self.create(function_config, debug_context, container_host, container_host_interface)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 85, in create
    container = LambdaContainer(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 94, in __init__
    image = LambdaContainer._get_image(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 237, in _get_image
    return lambda_image.build(runtime, packagetype, image, layers, architecture, function_name=function_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 213, in build
    raise DockerDistributionAPIError("Unknown API error received from docker") from e
samcli.commands.local.cli_common.user_exceptions.DockerDistributionAPIError: Unknown API error received from docker
2023-06-21 12:39:05 127.0.0.1 - - [21/Jun/2023 12:39:05] "�[35m�[1mPOST /2015-03-31/functions/TypeFunction/invocations HTTP/1.1�[0m" 500 -
../../../../../../../tmp/hook/handler_pre_update.py::contract_pre_update_success FAILED [ 57%]
2023-06-21 12:39:09,412 | Found one Lambda function with name 'TypeFunction'
2023-06-21 12:39:09,412 | Invoking [REDACTED]_s3blockpublicaccess_hook.handlers.hook (python3.9)
2023-06-21 12:39:09,413 | No environment variables found for function 'TypeFunction'
2023-06-21 12:39:09,413 | Resolving code path. Cwd=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access, CodeUri=/opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:09,413 | Resolved absolute path to code is /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build
2023-06-21 12:39:09,413 | Code /opt/atlassian/pipelines/agent/build/hooks/s3-block-public-access/build is not a zip/jar file
2023-06-21 12:39:09,429 | Cleaning all decompressed code dirs
2023-06-21 12:39:09,430 | Exception on /2015-03-31/functions/TypeFunction/invocations [POST]
Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 268, in _raise_for_status
    response.raise_for_status()
  File "/var/lang/lib/python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 196, in build
    self._check_base_image_is_current(base_image)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 470, in _check_base_image_is_current
    if self.is_base_image_current(image_name):
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 494, in is_base_image_current
    return self.get_local_image_digest(image_name) == self.get_remote_image_digest(image_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 510, in get_remote_image_digest
    remote_info = self.docker_client.images.get_registry_data(image_name)
  File "/var/lang/lib/python3.9/site-packages/docker/models/images.py", line 356, in get_registry_data
    attrs=self.client.api.inspect_distribution(name, auth_config),
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 34, in wrapper
    return f(self, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/utils/decorators.py", line 19, in wrapped
    return f(self, resource_id, *args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/docker/api/image.py", line 287, in inspect_distribution
    return self._result(
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 274, in _result
    self._raise_for_status(response)
  File "/var/lang/lib/python3.9/site-packages/docker/api/client.py", line 270, in _raise_for_status
    raise create_api_error_from_http_exception(e) from e
  File "/var/lang/lib/python3.9/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation) from e
docker.errors.APIError: 403 Client Error for http://localhost:2375/v1.35/distribution/public.ecr.aws/lambda/python:3.9-x86_64/json: Forbidden ("authorization denied by plugin pipelines: ")

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/var/lang/lib/python3.9/site-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambda_service/local_lambda_invoke_service.py", line 169, in _invoke_request_handler
    self.lambda_runner.invoke(function_name, request_data, stdout=stdout_stream_writer, stderr=self.stderr)
  File "/var/lang/lib/python3.9/site-packages/samcli/commands/local/lib/local_lambda.py", line 144, in invoke
    self.local_runtime.invoke(
  File "/var/lang/lib/python3.9/site-packages/samcli/lib/telemetry/metric.py", line 324, in wrapped_func
    return_value = func(*args, **kwargs)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 189, in invoke
    container = self.create(function_config, debug_context, container_host, container_host_interface)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/lambdafn/runtime.py", line 85, in create
    container = LambdaContainer(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 94, in __init__
    image = LambdaContainer._get_image(
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_container.py", line 237, in _get_image
    return lambda_image.build(runtime, packagetype, image, layers, architecture, function_name=function_name)
  File "/var/lang/lib/python3.9/site-packages/samcli/local/docker/lambda_image.py", line 213, in build
    raise DockerDistributionAPIError("Unknown API error received from docker") from e
samcli.commands.local.cli_common.user_exceptions.DockerDistributionAPIError: Unknown API error received from docker
2023-06-21 12:39:09 127.0.0.1 - - [21/Jun/2023 12:39:09] "�[35m�[1mPOST /2015-03-31/functions/TypeFunction/invocations HTTP/1.1�[0m" 500 -
../../../../../../../tmp/hook/handler_pre_update.py::contract_pre_update_failed FAILED [ 71%]
../../../../../../../tmp/hook/handler_pre_update.py::contract_pre_update_failed_unsupported_target SKIPPED [ 85%]
../../../../../../../tmp/resource/handler_misc.py::contract_check_asserts_work PASSED [100%]

=================================== FAILURES ===================================
_________________________ contract_pre_create_success __________________________
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/handler_pre_create.py:19: in contract_pre_create_success
    test_hook_handlers_success(hook_client, INVOCATION_POINT)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:74: in test_hook_handlers_success
    test_hook_success(hook_client, invocation_point, target, target_model)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:32: in test_hook_success
    _status, response, _error_code = hook_client.call_and_assert(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:479: in call_and_assert
    self.assert_success(status, response, target)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:184: in assert_success
    assert status == HookStatus.SUCCESS, f"status should be SUCCESS ({target})"
E   AssertionError: status should be SUCCESS (AWS::S3::Bucket)
__________________________ contract_pre_create_failed __________________________
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/handler_pre_create.py:24: in contract_pre_create_failed
    test_hook_handlers_failed(hook_client, INVOCATION_POINT)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:83: in test_hook_handlers_failed
    test_hook_failed(hook_client, invocation_point, target, target_model)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:55: in test_hook_failed
    _status, response, error_code = hook_client.call_and_assert(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:477: in call_and_assert
    status, response = self.call(invocation_point, target, target_model, **kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:500: in call
    response = self._call(request)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:450: in _call
    result = self._client.invoke(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:530: in _api_call
    return self._make_api_call(operation_name, kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:964: in _make_api_call
    raise error_class(parsed_response, operation_name)
E   botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
_________________________ contract_pre_update_success __________________________
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/handler_pre_update.py:19: in contract_pre_update_success
    test_hook_handlers_success(hook_client, INVOCATION_POINT)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:70: in test_hook_handlers_success
    test_update_hook_success(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:47: in test_update_hook_success
    _status, response, _error_code = hook_client.call_and_assert(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:477: in call_and_assert
    status, response = self.call(invocation_point, target, target_model, **kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:500: in call
    response = self._call(request)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:450: in _call
    result = self._client.invoke(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:530: in _api_call
    return self._make_api_call(operation_name, kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:964: in _make_api_call
    raise error_class(parsed_response, operation_name)
E   botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
__________________________ contract_pre_update_failed __________________________
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/handler_pre_update.py:24: in contract_pre_update_failed
    test_hook_handlers_failed(hook_client, INVOCATION_POINT)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:83: in test_hook_handlers_failed
    test_hook_failed(hook_client, invocation_point, target, target_model)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/suite/hook/hook_handler_commons.py:55: in test_hook_failed
    _status, response, error_code = hook_client.call_and_assert(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:477: in call_and_assert
    status, response = self.call(invocation_point, target, target_model, **kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:500: in call
    response = self._call(request)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/rpdk/core/contract/hook_client.py:450: in _call
    result = self._client.invoke(
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:530: in _api_call
    return self._make_api_call(operation_name, kwargs)
/root/.local/share/virtualenvs/s3-block-public-access-yxZjV0V7/lib/python3.9/site-packages/botocore/client.py:964: in _make_api_call
    raise error_class(parsed_response, operation_name)
E   botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
=========================== short test summary info ============================
FAILED ../../../../../../../tmp/hook/handler_pre_create.py::contract_pre_create_success - AssertionError: status should be SUCCESS (AWS::S3::Bucket)
FAILED ../../../../../../../tmp/hook/handler_pre_create.py::contract_pre_create_failed - botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
FAILED ../../../../../../../tmp/hook/handler_pre_update.py::contract_pre_update_success - botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
FAILED ../../../../../../../tmp/hook/handler_pre_update.py::contract_pre_update_failed - botocore.exceptions.ClientError: An error occurred (Service) when calling the Invoke operation (reached max retries: 0): ServiceException
============ 4 failed, 1 passed, 2 skipped, 17 deselected in 16.07s ============
One or more contract tests failed
sam log------>
START RequestId: 4320bb4a-b3b7-469b-b419-2eef21c0edbe Version: $LATEST
[DEBUG]	2023-06-21T12:38:58.601Z	4320bb4a-b3b7-469b-b419-2eef21c0edbe	Hook context:
[DEBUG]	2023-06-21T12:38:58.601Z	4320bb4a-b3b7-469b-b419-2eef21c0edbe	HookContext(awsAccountId='467440188625', stackId='27805d43-cc4d-4620-b6f3-deafb44dac87', hookTypeName=‘[REDACTED]::S3BlockPublicAccess::Hook', hookTypeVersion='00000001', invocationPoint=<HookInvocationPoint.CREATE_PRE_PROVISION: 'CREATE_PRE_PROVISION'>, targetName='AWS::S3::Bucket', targetType='RESOURCE', targetLogicalId='27805d43-cc4d-4620-b6f3-deafb44dac87', targetModel={'resourceProperties': {'PublicAccessBlockConfiguration': {'BlockPublicAcls': 'true', 'BlockPublicPolicy': 'true', 'IgnorePublicAcls': 'true', 'RestrictPublicBuckets': 'true'}}}, changeSetId=None)
END RequestId: 4320bb4a-b3b7-469b-b419-2eef21c0edbe
REPORT RequestId: 4320bb4a-b3b7-469b-b419-2eef21c0edbe	Init Duration: 0.12 ms	Duration: 325.54 ms	Billed Duration: 326 ms	Memory Size: 256 MB	Max Memory Used: 256 MB	
sam log2------>

Searching for test report files in directories named [test-results, failsafe-reports, test-reports, TestResults, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.

Expected result:

PASSED function tests.

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

Using public.ecr.aws/sam/build-python3.9:latest for Bitbucket pipeline base image, but have also tried base python image.

{
  "version": "1.87.0",
  "system": {
    "python": "3.9.16",
    "os": "Linux-5.15.0-1036-aws-x86_64-with-glibc2.26"
  },
  "additional_dependencies": {
    "docker_engine": "20.10.24",
    "aws_cdk": "Not available",
    "terraform": "Not available"
  },
  "available_beta_feature_env_vars": [
    "SAM_CLI_BETA_FEATURES",
    "SAM_CLI_BETA_BUILD_PERFORMANCE",
    "SAM_CLI_BETA_TERRAFORM_SUPPORT",
    "SAM_CLI_BETA_RUST_CARGO_LAMBDA"
  ]
}

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

sam local start-lambda with cfn test in Bitbucket pipeline networking error

Description:

Steps to reproduce:

Observed result:

Expected result:

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

1 answer

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

TAGS

Atlassian Community Events