Search code examples
amazon-web-servicessslaws-lambdaperforcep4python

Run P4Python in AWS Lambda

I am writing an application that retrieves the changelist from Perforce, and lists all the files that have been changed.

I want to deploy this on AWS Lambda, but whenever it runs, I get the following error:

The authenticity of 'xxx.xxx.xxx.xxx:1666' can't be established,
this may be your first attempt to connect to this P4PORT.
The fingerprint for the key sent to your client is 'xx:xx:....
To allow connection use the 'p4 trust' command.'

This is my python code:

### Create the P4 instance
p4 = P4()                        
p4.port = P4PORT
p4.user = P4USER
p4.password = P4PASSWD
p4.client = P4CLIENT

### Connect
connection = p4.connect()   
print(f'Connection established. {connection}')
trust = p4.run_trust( '-i', P4FINGERPRINT )     
print(f'Trust succeeded... {trust}')

### Logging in...
p4.run_login()

From the logs I do see that the connection is established and the trust command succeeds

Connection established. P4 [xx@xx_main ssl:xx.xx.xx.xx:1666] connected

Trust succeeded... ["The fingerprint of the server of your P4PORT setting\n'ssl:xx.xx.xx.xx:1666' is not known.\nThat fingerprint is xx:xx:xx.....\n", "Added trust for P4PORT 'ssl:xx.xx.xx.xx:1666'\n"]

However, when the p4.run_login() command is ran, I get the above error again. I have a suspicion that since this is running on an AWS Lambda, that it doesn't have permissions to create the .p4trust file, which means that it can never establish trust.

Has anyone tried this before and is there any advice/help?

Thanks.

Edit: I should add that when running the same code as a local docker container, the .p4trust file is created under the root directory, and the rest of the application runs smoothly.

Solution

  • It looks like p4 expects the .p4trust file to be in the user's home directory by default. In the AWS Lambda environment that's not possible, because you can only write to the /tmp directory.

    But, I think you can create an environment variable P4TRUST that points to an alternate location for the .p4trust file. You can probably set this to /tmp/.p4trust in your Lambda function configuration.

    As is the nature of AWS Lambda, the contents of /tmp are not guaranteed to persist across Lambda invocations so you should consider persisting the file off-instance (e.g. encrypted and access-restricted in S3) and then restore it as needed in the Lambda environment when your Lambda function is invoked.