https://kotlinlang.org logo
#kotless
Title
# kotless
m

Mattlangsenkamp

06/18/2020, 4:58 AM
aside from adding
@DynamoDBTable(tableName, PermissionLevel.ReadWrite)
to the object that has the client object is there anything else I need to do on the aws side? ikeep getting a
:assumed-role/graphql-post/graphql-post is not authorized to perform: dynamodb:Scan on resource
error
t

TanVD

06/18/2020, 10:18 AM
Well, in general no. As you may see here https://github.com/JetBrains/kotless/blob/master/model/src/main/kotlin/io/kotless/Permission.kt#L18
Read
access includes
Scan
. Are you sure that table name is correct? And that you use explicitly annotated object.
Kotless infers permissions from usage of annotated entities, so, for example, if you annotate object with client, but in function use AWS client directly Kotless will not be able to understand that this functions needs those permissions
m

Mattlangsenkamp

06/18/2020, 4:31 PM
double checked the table name and it is correct. https://github.com/MattLangsenkamp/fnb-serverless-2/blob/master/src/main/kotlin/fnb/locations/LocationsServiceDynamo.kt this is the object that trying to touch the table
t

TanVD

06/18/2020, 4:35 PM
I'll generate terraform and will take a look 🙂
👍 1
Oh, I think I see the reason why it does not work
Look, you are using
LocationsServiceDynamo
during creation of schema, but inside
post
handler you are using only prepared object
m

Mattlangsenkamp

06/18/2020, 7:12 PM
so to remedy this do i need to give the post rout access as well?
t

TanVD

06/18/2020, 7:12 PM
Unfortunately, Kotless is unable to track right now that creation of object required permission, if inside a request only the resulting object is used.
The simplest fix is to add
@DynamoDBTable
to
GraphQLRequest
message has been deleted
m

Mattlangsenkamp

06/18/2020, 7:12 PM
thanks I will give that a try and report back
t

TanVD

06/18/2020, 7:14 PM
At least it works for me. BTW, it may be I have overcomplicated the whole permissions thing. As far as I see user need just all the permissions that were defined in application. Kotless right now is trying to find out what specific permissions which handler uses. It leads to such problems.
m

Mattlangsenkamp

06/18/2020, 7:15 PM
Your advice worked, thanks for the speedy help
t

TanVD

06/18/2020, 7:18 PM
No problem. If you you find Permissions API too complex don't hesitate to create an issue. I would really love to hear some feedback from users 🙂
👍 1