From 1c3db8cc6062790673e74ebc54da270c5cba45b7 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Mon, 28 Oct 2024 17:21:12 +0100 Subject: [PATCH 1/9] feat(cli): automatically roll back stacks if necessary If a user is deploying with `--no-rollback`, and the stack contains replacements (or the `--no-rollback` flag is dropped), then a rollback needs to be performed before a regular deployment can happen again. In this PR, we add a prompt where we ask the user to confirm that they are okay with performing a rollback and then a normal deployment. Closes #30546. --- .../cdk-apps/rollback-test-app/app.js | 14 +- .../api/bootstrap/bootstrap-environment.ts | 10 +- .../lib/api/bootstrap/deploy-bootstrap.ts | 15 +- packages/aws-cdk/lib/api/deploy-stack.ts | 50 +++++- packages/aws-cdk/lib/api/deployments.ts | 2 +- .../aws-cdk/lib/api/hotswap-deployments.ts | 6 +- .../api/util/cloudformation/stack-status.ts | 4 + packages/aws-cdk/lib/cdk-toolkit.ts | 158 +++++++++++++----- packages/aws-cdk/lib/import.ts | 4 + .../aws-cdk/test/api/deploy-stack.test.ts | 6 +- .../test/api/hotswap/hotswap-test-setup.ts | 4 +- packages/aws-cdk/test/cdk-toolkit.test.ts | 6 +- packages/aws-cdk/test/diff.test.ts | 11 +- 13 files changed, 211 insertions(+), 79 deletions(-) diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js index 419e30898c9bf..dd117b62a9dd9 100644 --- a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js +++ b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js @@ -1,15 +1,17 @@ const cdk = require('aws-cdk-lib'); const lambda = require('aws-cdk-lib/aws-lambda'); +const sqs = require('aws-cdk-lib/aws-sqs'); const cr = require('aws-cdk-lib/custom-resources'); /** * This stack will be deployed in multiple phases, to achieve a very specific effect * - * It contains resources r1 and r2, where r1 gets deployed first. + * It contains resources r1 and r2, and a queue q, where r1 gets deployed first. * * - PHASE = 1: both resources deploy regularly. * - PHASE = 2a: r1 gets updated, r2 will fail to update * - PHASE = 2b: r1 gets updated, r2 will fail to update, and r1 will fail its rollback. + * - PHASE = 3: q gets replaced w.r.t. phases 1 and 2 * * To exercise this app: * @@ -22,7 +24,7 @@ const cr = require('aws-cdk-lib/custom-resources'); * # This will start a rollback that will fail because r1 fails its rollabck * * env PHASE=2b npx cdk rollback --force - * # This will retry the rollabck and skip r1 + * # This will retry the rollback and skip r1 * ``` */ class RollbacktestStack extends cdk.Stack { @@ -31,6 +33,7 @@ class RollbacktestStack extends cdk.Stack { let r1props = {}; let r2props = {}; + let fifo = false; const phase = process.env.PHASE; switch (phase) { @@ -46,6 +49,9 @@ class RollbacktestStack extends cdk.Stack { r1props.FailRollback = true; r2props.FailUpdate = true; break; + case '3': + fifo = true; + break; } const fn = new lambda.Function(this, 'Fun', { @@ -76,6 +82,10 @@ class RollbacktestStack extends cdk.Stack { properties: r2props, }); r2.node.addDependency(r1); + + new sqs.Queue(this, 'Queue', { + fifo, + }); } } diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts index f3041fd3864ec..c05f575fd1a0e 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts @@ -8,7 +8,7 @@ import { warning } from '../../logging'; import { loadStructuredFile, serializeStructure } from '../../serialize'; import { rootDir } from '../../util/directories'; import { ISDK, Mode, SdkProvider } from '../aws-auth'; -import { DeployStackResult } from '../deploy-stack'; +import { RegularDeployStackResult } from '../deploy-stack'; /* eslint-disable max-len */ @@ -21,7 +21,7 @@ export class Bootstrapper { constructor(private readonly source: BootstrapSource) { } - public bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { + public bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { switch (this.source.source) { case 'legacy': return this.legacyBootstrap(environment, sdkProvider, options); @@ -41,7 +41,7 @@ export class Bootstrapper { * Deploy legacy bootstrap stack * */ - private async legacyBootstrap(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { + private async legacyBootstrap(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { const params = options.parameters ?? {}; if (params.trustedAccounts?.length) { @@ -71,7 +71,7 @@ export class Bootstrapper { private async modernBootstrap( environment: cxapi.Environment, sdkProvider: SdkProvider, - options: BootstrapEnvironmentOptions = {}): Promise { + options: BootstrapEnvironmentOptions = {}): Promise { const params = options.parameters ?? {}; @@ -291,7 +291,7 @@ export class Bootstrapper { private async customBootstrap( environment: cxapi.Environment, sdkProvider: SdkProvider, - options: BootstrapEnvironmentOptions = {}): Promise { + options: BootstrapEnvironmentOptions = {}): Promise { // Look at the template, decide whether it's most likely a legacy or modern bootstrap // template, and use the right bootstrapper for that. diff --git a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts index 501122697eab5..ccb8d4c796b4e 100644 --- a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts +++ b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts @@ -6,7 +6,7 @@ import * as fs from 'fs-extra'; import { BOOTSTRAP_VERSION_OUTPUT, BootstrapEnvironmentOptions, BOOTSTRAP_VERSION_RESOURCE, BOOTSTRAP_VARIANT_PARAMETER, DEFAULT_BOOTSTRAP_VARIANT } from './bootstrap-props'; import * as logging from '../../logging'; import { Mode, SdkProvider, ISDK } from '../aws-auth'; -import { deployStack, DeployStackResult } from '../deploy-stack'; +import { deployStack, RegularDeployStackResult } from '../deploy-stack'; import { NoBootstrapStackEnvironmentResources } from '../environment-resources'; import { DEFAULT_TOOLKIT_STACK_NAME, ToolkitInfo } from '../toolkit-info'; @@ -63,14 +63,15 @@ export class BootstrapStack { template: any, parameters: Record, options: Omit, - ): Promise { + ): Promise { if (this.currentToolkitInfo.found && !options.force) { // Safety checks const abortResponse = { + type: 'did-deploy-stack', noOp: true, outputs: {}, stackArn: this.currentToolkitInfo.bootstrapStack.stackId, - }; + } satisfies RegularDeployStackResult; // Validate that the bootstrap stack we're trying to replace is from the same variant as the one we're trying to deploy const currentVariant = this.currentToolkitInfo.variant; @@ -110,7 +111,7 @@ export class BootstrapStack { const assembly = builder.buildAssembly(); - return deployStack({ + const ret = await deployStack({ stack: assembly.getStackByName(this.toolkitStackName), resolvedEnvironment: this.resolvedEnvironment, sdk: this.sdk, @@ -124,6 +125,12 @@ export class BootstrapStack { // Obviously we can't need a bootstrap stack to deploy a bootstrap stack envResources: new NoBootstrapStackEnvironmentResources(this.resolvedEnvironment, this.sdk), }); + + if (ret.type !== 'did-deploy-stack') { + throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(ret)}`); + } + + return ret; } } diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 16da0447b81f5..42119a35cc077 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -20,7 +20,17 @@ import { AssetManifestBuilder } from '../util/asset-manifest-builder'; import { determineAllowCrossAccountAssetPublishing } from './util/checks'; import { publishAssets } from '../util/asset-publishing'; -export interface DeployStackResult { +export type DeployStackResult = + // Regular result + | RegularDeployStackResult + // The stack is currently in a failpaused state, and needs to be rolled back before the deployment + | { type: 'failpaused-need-rollback-first'; reason: 'not-norollback' | 'replacement' } + // The upcoming change has a replacement, which requires deploying without --no-rollback. + | { type: 'replacement-requires-norollback' } + ; + +export interface RegularDeployStackResult { + readonly type: 'did-deploy-stack'; readonly noOp: boolean; readonly outputs: { [name: string]: string }; readonly stackArn: string; @@ -279,6 +289,7 @@ export async function deployStack(options: DeployStackOptions): Promise { + private async executeChangeSet(changeSet: CloudFormation.DescribeChangeSetOutput): Promise { debug('Initiating execution of changeset %s on stack %s', changeSet.ChangeSetId, this.stackName); await this.cfn.executeChangeSet({ @@ -478,7 +503,7 @@ class FullCloudFormationDeployment { } } - private async directDeployment(): Promise { + private async directDeployment(): Promise { print('%s: %s stack...', chalk.bold(this.stackName), this.update ? 'updating' : 'creating'); const startTime = new Date(); @@ -496,7 +521,7 @@ class FullCloudFormationDeployment { } catch (err: any) { if (err.message === 'No updates are to be performed.') { debug('No updates are to be performed for stack %s', this.stackName); - return { noOp: true, outputs: this.cloudFormationStack.outputs, stackArn: this.cloudFormationStack.stackId }; + return { type: 'did-deploy-stack', noOp: true, outputs: this.cloudFormationStack.outputs, stackArn: this.cloudFormationStack.stackId }; } throw err; } @@ -518,7 +543,7 @@ class FullCloudFormationDeployment { } } - private async monitorDeployment(startTime: Date, expectedChanges: number | undefined): Promise { + private async monitorDeployment(startTime: Date, expectedChanges: number | undefined): Promise { const monitor = this.options.quiet ? undefined : StackActivityMonitor.withDefaultPrinter(this.cfn, this.stackName, this.stackArtifact, { resourcesTotal: expectedChanges, progress: this.options.progress, @@ -539,7 +564,7 @@ class FullCloudFormationDeployment { await monitor?.stop(); } debug('Stack %s has completed updating', this.stackName); - return { noOp: false, outputs: finalState.outputs, stackArn: finalState.stackId }; + return { type: 'did-deploy-stack', noOp: false, outputs: finalState.outputs, stackArn: finalState.stackId }; } /** @@ -718,3 +743,10 @@ function suffixWithErrors(msg: string, errors?: string[]) { function arrayEquals(a: any[], b: any[]): boolean { return a.every(item => b.includes(item)) && b.every(item => a.includes(item)); } + +function hasReplacement(cs: AWS.CloudFormation.DescribeChangeSetOutput) { + return (cs.Changes ?? []).some(c => { + const a = c.ResourceChange?.PolicyAction; + return a === 'ReplaceAndDelete' || a === 'ReplaceAndRetain' || a === 'ReplaceAndSnapshot'; + }); +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/api/deployments.ts b/packages/aws-cdk/lib/api/deployments.ts index 6231aa9a70567..e2058cc643722 100644 --- a/packages/aws-cdk/lib/api/deployments.ts +++ b/packages/aws-cdk/lib/api/deployments.ts @@ -8,7 +8,7 @@ import { debug, warning, error } from '../logging'; import { Mode } from './aws-auth/credentials'; import { ISDK } from './aws-auth/sdk'; import { CredentialsOptions, SdkForEnvironment, SdkProvider } from './aws-auth/sdk-provider'; -import { deployStack, DeployStackResult, destroyStack, DeploymentMethod } from './deploy-stack'; +import { deployStack, destroyStack, DeploymentMethod, DeployStackResult } from './deploy-stack'; import { EnvironmentResources, EnvironmentResourcesRegistry } from './environment-resources'; import { HotswapMode, HotswapPropertyOverrides } from './hotswap/common'; import { loadCurrentTemplateWithNestedStacks, loadCurrentTemplate, RootTemplateWithNestedStacks } from './nested-stack-helpers'; diff --git a/packages/aws-cdk/lib/api/hotswap-deployments.ts b/packages/aws-cdk/lib/api/hotswap-deployments.ts index 427561fce67a6..acd2cc45f591f 100644 --- a/packages/aws-cdk/lib/api/hotswap-deployments.ts +++ b/packages/aws-cdk/lib/api/hotswap-deployments.ts @@ -2,7 +2,7 @@ import * as cfn_diff from '@aws-cdk/cloudformation-diff'; import * as cxapi from '@aws-cdk/cx-api'; import * as chalk from 'chalk'; import { ISDK, Mode, SdkProvider } from './aws-auth'; -import { DeployStackResult } from './deploy-stack'; +import { RegularDeployStackResult } from './deploy-stack'; import { EvaluateCloudFormationTemplate } from './evaluate-cloudformation-template'; import { print } from '../logging'; import { isHotswappableAppSyncChange } from './hotswap/appsync-mapping-templates'; @@ -66,7 +66,7 @@ export async function tryHotswapDeployment( sdkProvider: SdkProvider, assetParams: { [key: string]: string }, cloudFormationStack: CloudFormationStack, stackArtifact: cxapi.CloudFormationStackArtifact, hotswapMode: HotswapMode, hotswapPropertyOverrides: HotswapPropertyOverrides, -): Promise { +): Promise { // resolve the environment, so we can substitute things like AWS::Region in CFN expressions const resolvedEnv = await sdkProvider.resolveEnvironment(stackArtifact.environment); // create a new SDK using the CLI credentials, because the default one will not work for new-style synthesis - @@ -104,7 +104,7 @@ export async function tryHotswapDeployment( // apply the short-circuitable changes await applyAllHotswappableChanges(sdk, hotswappableChanges); - return { noOp: hotswappableChanges.length === 0, stackArn: cloudFormationStack.stackId, outputs: cloudFormationStack.outputs }; + return { type: 'did-deploy-stack', noOp: hotswappableChanges.length === 0, stackArn: cloudFormationStack.stackId, outputs: cloudFormationStack.outputs }; } /** diff --git a/packages/aws-cdk/lib/api/util/cloudformation/stack-status.ts b/packages/aws-cdk/lib/api/util/cloudformation/stack-status.ts index 4dd113aaa30db..e4555aef93dcb 100644 --- a/packages/aws-cdk/lib/api/util/cloudformation/stack-status.ts +++ b/packages/aws-cdk/lib/api/util/cloudformation/stack-status.ts @@ -67,6 +67,10 @@ export class StackStatus { } } + get isRollbackable(): boolean { + return [RollbackChoice.START_ROLLBACK, RollbackChoice.CONTINUE_UPDATE_ROLLBACK].includes(this.rollbackChoice); + } + public toString(): string { return this.name + (this.reason ? ` (${this.reason})` : ''); } diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 57dabce74a5dd..1425d2bc70fd7 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -6,7 +6,7 @@ import * as chokidar from 'chokidar'; import * as fs from 'fs-extra'; import * as promptly from 'promptly'; import * as uuid from 'uuid'; -import { DeploymentMethod } from './api'; +import { DeploymentMethod, RegularDeployStackResult } from './api'; import { SdkProvider } from './api/aws-auth'; import { Bootstrapper, BootstrapEnvironmentOptions } from './api/bootstrap'; import { CloudAssembly, DefaultSelection, ExtendedStackSelection, StackCollection, StackSelector } from './api/cxapp/cloud-assembly'; @@ -266,8 +266,8 @@ export class CdkToolkit { }); }; - const deployStack = async (assetNode: StackNode) => { - const stack = assetNode.stack; + const deployStack = async (stackNode: StackNode) => { + const stack = stackNode.stack; if (stackCollection.stackCount !== 1) { highlight(stack.displayName); } if (!stack.environment) { @@ -295,24 +295,11 @@ export class CdkToolkit { if (requireApproval !== RequireApproval.Never) { const currentTemplate = await this.props.deployments.readCurrentTemplate(stack); if (printSecurityDiff(currentTemplate, stack, requireApproval)) { - await withCorkedLogging(async () => { - // only talk to user if STDIN is a terminal (otherwise, fail) - if (!process.stdin.isTTY) { - throw new Error( - '"--require-approval" is enabled and stack includes security-sensitive updates, ' + - 'but terminal (TTY) is not attached so we are unable to get a confirmation from the user'); - } - - // only talk to user if concurrency is 1 (otherwise, fail) - if (concurrency > 1) { - throw new Error( - '"--require-approval" is enabled and stack includes security-sensitive updates, ' + - 'but concurrency is greater than 1 so we are unable to get a confirmation from the user'); - } - - const confirmed = await promptly.confirm('Do you wish to deploy these changes (y/n)?'); - if (!confirmed) { throw new Error('Aborted by user'); } - }); + await askUserConfirmation( + concurrency, + '"--require-approval" is enabled and stack includes security-sensitive updates', + 'Do you wish to deploy these changes', + ); } } @@ -337,29 +324,85 @@ export class CdkToolkit { let elapsedDeployTime = 0; try { - const result = await this.props.deployments.deployStack({ - stack, - deployName: stack.stackName, - roleArn: options.roleArn, - toolkitStackName: options.toolkitStackName, - reuseAssets: options.reuseAssets, - notificationArns, - tags, - execute: options.execute, - changeSetName: options.changeSetName, - deploymentMethod: options.deploymentMethod, - force: options.force, - parameters: Object.assign({}, parameterMap['*'], parameterMap[stack.stackName]), - usePreviousParameters: options.usePreviousParameters, - progress, - ci: options.ci, - rollback: options.rollback, - hotswap: options.hotswap, - hotswapPropertyOverrides: hotswapPropertyOverrides, - extraUserAgent: options.extraUserAgent, - assetParallelism: options.assetParallelism, - ignoreNoStacks: options.ignoreNoStacks, - }); + let result: RegularDeployStackResult | undefined; + + let rollback = options.rollback; + while (!result) { + const r = await this.props.deployments.deployStack({ + stack, + deployName: stack.stackName, + roleArn: options.roleArn, + toolkitStackName: options.toolkitStackName, + reuseAssets: options.reuseAssets, + notificationArns, + tags, + execute: options.execute, + changeSetName: options.changeSetName, + deploymentMethod: options.deploymentMethod, + force: options.force, + parameters: Object.assign({}, parameterMap['*'], parameterMap[stack.stackName]), + usePreviousParameters: options.usePreviousParameters, + progress, + ci: options.ci, + rollback, + hotswap: options.hotswap, + hotswapPropertyOverrides: hotswapPropertyOverrides, + extraUserAgent: options.extraUserAgent, + assetParallelism: options.assetParallelism, + ignoreNoStacks: options.ignoreNoStacks, + }); + + switch (r.type) { + case 'did-deploy-stack': + result = r; + break; + + case 'failpaused-need-rollback-first': { + const motivation = r.reason === 'replacement' + ? 'Stack is in a paused fail state and change includes a replacement which cannot be deployed with "--no-rollback"' + : 'Stack is in a paused fail state and command line arguments do not include "--no-rollback"'; + + if (options.force) { + warning(`${motivation}. Rolling back first (--force).`); + } else { + await askUserConfirmation( + concurrency, + motivation, + `${motivation}. Roll back first and then proceed with deployment`, + ); + } + + // Perform a rollback + await this.rollback({ + selector: { patterns: [stack.hierarchicalId] }, + toolkitStackName: options.toolkitStackName, + force: options.force, + }); + + // Go around through the 'while' loop again but switch rollback to true. + rollback = true; + break; + } + + case 'replacement-requires-norollback': { + const motivation = 'Change includes a replacement which cannot be deployed with "--no-rollback"'; + + if (options.force) { + warning(`${motivation}. Proceeding with regular deployment (--force).`); + } else { + await askUserConfirmation( + concurrency, + motivation, + `${motivation}. Perform a regular deployment`, + ); + } + + // Go around through the 'while' loop again but switch rollback to false. + rollback = true; + break; + } + } + } const message = result.noOp ? ' ✅ %s (no changes)' @@ -1729,3 +1772,30 @@ function obscureTemplate(template: any = {}) { return template; } + +/** + * Ask the user for a yes/no confirmation + * + * Automatically fail the confirmation in case we're in a situation where the confirmation + * cannot be interactively obtained from a human at the keyboard. + */ +async function askUserConfirmation( + concurrency: number, + motivation: string, + question: string, +) { + await withCorkedLogging(async () => { + // only talk to user if STDIN is a terminal (otherwise, fail) + if (!process.stdin.isTTY) { + throw new Error(`${motivation}, but terminal (TTY) is not attached so we are unable to get a confirmation from the user`); + } + + // only talk to user if concurrency is 1 (otherwise, fail) + if (concurrency > 1) { + throw new Error(`${motivation}, but concurrency is greater than 1 so we are unable to get a confirmation from the user`); + } + + const confirmed = await promptly.confirm(`${question} (y/n)?`); + if (!confirmed) { throw new Error('Aborted by user'); } + }); +} \ No newline at end of file diff --git a/packages/aws-cdk/lib/import.ts b/packages/aws-cdk/lib/import.ts index cd6f70cebb03f..e70330374891a 100644 --- a/packages/aws-cdk/lib/import.ts +++ b/packages/aws-cdk/lib/import.ts @@ -153,6 +153,10 @@ export class ResourceImporter { resourcesToImport, }); + if (result.type !== 'did-deploy-stack') { + throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(result)}`); + } + const message = result.noOp ? ' ✅ %s (no changes)' : ' ✅ %s'; diff --git a/packages/aws-cdk/test/api/deploy-stack.test.ts b/packages/aws-cdk/test/api/deploy-stack.test.ts index 7afcea68f4c60..1066b93613e6a 100644 --- a/packages/aws-cdk/test/api/deploy-stack.test.ts +++ b/packages/aws-cdk/test/api/deploy-stack.test.ts @@ -129,7 +129,7 @@ test("calls tryHotswapDeployment() if 'hotswap' is `HotswapMode.HOTSWAP_ONLY`", }); // THEN - expect(deployStackResult.noOp).toEqual(true); + expect(deployStackResult.type === 'did-deploy-stack' && deployStackResult.noOp).toEqual(true); expect(tryHotswapDeployment).toHaveBeenCalled(); // check that the extra User-Agent is honored expect(sdk.appendCustomUserAgent).toHaveBeenCalledWith('extra-user-agent'); @@ -275,7 +275,7 @@ test('do deploy executable change set with 0 changes', async () => { }); // THEN - expect(ret.noOp).toBeFalsy(); + expect(ret.type === 'did-deploy-stack' && ret.noOp).toBeFalsy(); expect(cfnMocks.executeChangeSet).toHaveBeenCalled(); }); @@ -625,7 +625,7 @@ test('deployStack reports no change if describeChangeSet returns specific error' }); // THEN - expect(deployResult.noOp).toEqual(true); + expect(deployResult.type === 'did-deploy-stack' && deployResult.noOp).toEqual(true); }); test('deploy not skipped if template did not change but one tag removed', async () => { diff --git a/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts b/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts index 1288c827f2300..992ced62bfb17 100644 --- a/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts +++ b/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts @@ -3,7 +3,7 @@ import * as AWS from 'aws-sdk'; import * as codebuild from 'aws-sdk/clients/codebuild'; import * as lambda from 'aws-sdk/clients/lambda'; import * as stepfunctions from 'aws-sdk/clients/stepfunctions'; -import { DeployStackResult } from '../../../lib/api'; +import { RegularDeployStackResult } from '../../../lib/api'; import { HotswapMode, HotswapPropertyOverrides } from '../../../lib/api/hotswap/common'; import * as deployments from '../../../lib/api/hotswap-deployments'; import { CloudFormationStack, Template } from '../../../lib/api/util/cloudformation'; @@ -180,7 +180,7 @@ export class HotswapMockSdkProvider { stackArtifact: cxapi.CloudFormationStackArtifact, assetParams: { [key: string]: string } = {}, hotswapPropertyOverrides?: HotswapPropertyOverrides, - ): Promise { + ): Promise { let hotswapProps = hotswapPropertyOverrides || new HotswapPropertyOverrides(); return deployments.tryHotswapDeployment(this.mockSdkProvider, assetParams, currentCfnStack, stackArtifact, hotswapMode, hotswapProps); } diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index cabd1da365256..bd44d94829fc9 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -63,7 +63,7 @@ import * as fs from 'fs-extra'; import { instanceMockFrom, MockCloudExecutable, TestStackArtifact } from './util'; import { MockSdkProvider } from './util/mock-sdk'; import { Bootstrapper } from '../lib/api/bootstrap'; -import { DeployStackResult } from '../lib/api/deploy-stack'; +import { RegularDeployStackResult } from '../lib/api/deploy-stack'; import { Deployments, DeployStackOptions, DestroyStackOptions, RollbackStackOptions, RollbackStackResult } from '../lib/api/deployments'; import { HotswapMode } from '../lib/api/hotswap/common'; import { Template } from '../lib/api/util/cloudformation'; @@ -436,6 +436,7 @@ describe('deploy', () => { // GIVEN const mockCfnDeployments = instanceMockFrom(Deployments); mockCfnDeployments.deployStack.mockReturnValue(Promise.resolve({ + type: 'did-deploy-stack', noOp: false, outputs: {}, stackArn: 'stackArn', @@ -1402,7 +1403,7 @@ class FakeCloudFormation extends Deployments { this.expectedNotificationArns = expectedNotificationArns ?? []; } - public deployStack(options: DeployStackOptions): Promise { + public deployStack(options: DeployStackOptions): Promise { expect([ MockStack.MOCK_STACK_A.stackName, MockStack.MOCK_STACK_B.stackName, @@ -1420,6 +1421,7 @@ class FakeCloudFormation extends Deployments { expect(options.notificationArns).toEqual(this.expectedNotificationArns); return Promise.resolve({ + type: 'did-deploy-stack', stackArn: `arn:aws:cloudformation:::stack/${options.stack.stackName}/MockedOut`, noOp: false, outputs: { StackName: options.stack.stackName }, diff --git a/packages/aws-cdk/test/diff.test.ts b/packages/aws-cdk/test/diff.test.ts index 7267f746b1af9..36cd95ff1fe0a 100644 --- a/packages/aws-cdk/test/diff.test.ts +++ b/packages/aws-cdk/test/diff.test.ts @@ -72,7 +72,7 @@ describe('fixed template', () => { const plainTextOutput = buffer.data.replace(/\x1B\[[0-?]*[ -/]*[@-~]/g, ''); expect(exitCode).toBe(0); expect(plainTextOutput.replace(/\x1B\[[0-?]*[ -/]*[@-~]/g, '')).toContain(`Resources -[~] AWS::SomeService::SomeResource SomeResource +[~] AWS::SomeService::SomeResource SomeResource └─ [~] Something ├─ [-] old-value └─ [+] new-value @@ -152,6 +152,7 @@ describe('imports', () => { }); }); cloudFormation.deployStack.mockImplementation((options) => Promise.resolve({ + type: 'did-deploy-stack', noOp: true, outputs: {}, stackArn: '', @@ -272,6 +273,7 @@ describe('non-nested stacks', () => { }); }); cloudFormation.deployStack.mockImplementation((options) => Promise.resolve({ + type: 'did-deploy-stack', noOp: true, outputs: {}, stackArn: '', @@ -485,6 +487,7 @@ describe('stack exists checks', () => { }); }); cloudFormation.deployStack.mockImplementation((options) => Promise.resolve({ + type: 'did-deploy-stack', noOp: true, outputs: {}, stackArn: '', @@ -1095,8 +1098,8 @@ describe('--strict', () => { const plainTextOutput = buffer.data.replace(/\x1B\[[0-?]*[ -/]*[@-~]/g, ''); expect(plainTextOutput.trim()).toEqual(`Stack A Resources -[+] AWS::CDK::Metadata MetadataResource -[+] AWS::Something::Amazing SomeOtherResource +[+] AWS::CDK::Metadata MetadataResource +[+] AWS::Something::Amazing SomeOtherResource Other Changes [+] Unknown Rules: {\"CheckBootstrapVersion\":{\"newCheck\":\"newBootstrapVersion\"}} @@ -1120,7 +1123,7 @@ Other Changes const plainTextOutput = buffer.data.replace(/\x1B\[[0-?]*[ -/]*[@-~]/g, ''); expect(plainTextOutput.trim()).toEqual(`Stack A Resources -[+] AWS::Something::Amazing SomeOtherResource +[+] AWS::Something::Amazing SomeOtherResource ✨ Number of stacks with differences: 1`); From 8a9d85c66df87604d22a5acbe9bb93111ee1498c Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 29 Oct 2024 09:54:48 +0100 Subject: [PATCH 2/9] Add integ tests --- .../tests/cli-integ-tests/cli.integtest.ts | 97 +++++++++++++++++++ 1 file changed, 97 insertions(+) diff --git a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts index 9ab18eb0a49cf..e76dcf95f2510 100644 --- a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts +++ b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts @@ -2412,6 +2412,103 @@ integTest( }), ); +integTest( + 'automatic rollback if paused and change contains a replacement', + withSpecificFixture('rollback-test-app', async (fixture) => { + let phase = '1'; + + // Should succeed + await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback'], + modEnv: { PHASE: phase }, + verbose: false, + }); + try { + phase = '2a'; + + // Should fail + const deployOutput = await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback'], + modEnv: { PHASE: phase }, + verbose: false, + allowErrExit: true, + }); + expect(deployOutput).toContain('UPDATE_FAILED'); + + // Do a deployment with a replacement and --force: this will roll back first and then deploy normally + phase = '3'; + await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback', '--force'], + modEnv: { PHASE: phase }, + verbose: false, + }); + } finally { + await fixture.cdkDestroy('test-rollback'); + } + }), +); + +integTest( + 'automatic rollback if paused and --no-rollback is removed from flags', + withSpecificFixture('rollback-test-app', async (fixture) => { + let phase = '1'; + + // Should succeed + await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback'], + modEnv: { PHASE: phase }, + verbose: false, + }); + try { + phase = '2a'; + + // Should fail + const deployOutput = await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback'], + modEnv: { PHASE: phase }, + verbose: false, + allowErrExit: true, + }); + expect(deployOutput).toContain('UPDATE_FAILED'); + + // Do a deployment removing --no-rollback: this will roll back first and then deploy normally + phase = '1'; + await fixture.cdkDeploy('test-rollback', { + options: ['--force'], + modEnv: { PHASE: phase }, + verbose: false, + }); + } finally { + await fixture.cdkDestroy('test-rollback'); + } + }), +); + +integTest( + 'automatic rollback if replacement and --no-rollback is removed from flags', + withSpecificFixture('rollback-test-app', async (fixture) => { + let phase = '1'; + + // Should succeed + await fixture.cdkDeploy('test-rollback', { + options: ['--no-rollback'], + modEnv: { PHASE: phase }, + verbose: false, + }); + try { + // Do a deployment with a replacement and removing --no-rollback: this will do a regular rollback deploy + phase = '3'; + await fixture.cdkDeploy('test-rollback', { + options: ['--force'], + modEnv: { PHASE: phase }, + verbose: false, + }); + } finally { + await fixture.cdkDestroy('test-rollback'); + } + }), +); + integTest( 'test cdk rollback --force', withSpecificFixture('rollback-test-app', async (fixture) => { From c8c1458ec6b2ce68e7cea8a728f092036af387a3 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 29 Oct 2024 11:08:28 +0100 Subject: [PATCH 3/9] Add unit tests --- packages/aws-cdk/lib/cdk-toolkit.ts | 20 +++---- packages/aws-cdk/lib/diff.ts | 7 +-- .../aws-cdk/test/api/deploy-stack.test.ts | 53 ++++++++++++++++++ packages/aws-cdk/test/cdk-toolkit.test.ts | 55 ++++++++++++++++++- 4 files changed, 119 insertions(+), 16 deletions(-) diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 1425d2bc70fd7..69c1b909305c9 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -324,10 +324,10 @@ export class CdkToolkit { let elapsedDeployTime = 0; try { - let result: RegularDeployStackResult | undefined; + let deployResult: RegularDeployStackResult | undefined; let rollback = options.rollback; - while (!result) { + while (!deployResult) { const r = await this.props.deployments.deployStack({ stack, deployName: stack.stackName, @@ -354,7 +354,7 @@ export class CdkToolkit { switch (r.type) { case 'did-deploy-stack': - result = r; + deployResult = r; break; case 'failpaused-need-rollback-first': { @@ -404,7 +404,7 @@ export class CdkToolkit { } } - const message = result.noOp + const message = deployResult.noOp ? ' ✅ %s (no changes)' : ' ✅ %s'; @@ -412,20 +412,20 @@ export class CdkToolkit { elapsedDeployTime = new Date().getTime() - startDeployTime; print('\n✨ Deployment time: %ss\n', formatTime(elapsedDeployTime)); - if (Object.keys(result.outputs).length > 0) { + if (Object.keys(deployResult.outputs).length > 0) { print('Outputs:'); - stackOutputs[stack.stackName] = result.outputs; + stackOutputs[stack.stackName] = deployResult.outputs; } - for (const name of Object.keys(result.outputs).sort()) { - const value = result.outputs[name]; + for (const name of Object.keys(deployResult.outputs).sort()) { + const value = deployResult.outputs[name]; print('%s.%s = %s', chalk.cyan(stack.id), chalk.cyan(name), chalk.underline(chalk.cyan(value))); } print('Stack ARN:'); - data(result.stackArn); + data(deployResult.stackArn); } catch (e: any) { // It has to be exactly this string because an integration test tests for // "bold(stackname) failed: ResourceNotReady: " @@ -1795,7 +1795,7 @@ async function askUserConfirmation( throw new Error(`${motivation}, but concurrency is greater than 1 so we are unable to get a confirmation from the user`); } - const confirmed = await promptly.confirm(`${question} (y/n)?`); + const confirmed = await promptly.confirm(`${chalk.cyan(question)} (y/n)?`); if (!confirmed) { throw new Error('Aborted by user'); } }); } \ No newline at end of file diff --git a/packages/aws-cdk/lib/diff.ts b/packages/aws-cdk/lib/diff.ts index c940efb46fca7..9e84345deac37 100644 --- a/packages/aws-cdk/lib/diff.ts +++ b/packages/aws-cdk/lib/diff.ts @@ -119,19 +119,16 @@ export function printSecurityDiff( oldTemplate: any, newTemplate: cxapi.CloudFormationStackArtifact, requireApproval: RequireApproval, - quiet?: boolean, + _quiet?: boolean, stackName?: string, changeSet?: DescribeChangeSetOutput, stream: FormatStream = process.stderr, ): boolean { const diff = fullDiff(oldTemplate, newTemplate.template, changeSet); - // must output the stack name if there are differences, even if quiet - if (!quiet || !diff.isEmpty) { + if (difRequiresApproval(diff, requireApproval)) { stream.write(format('Stack %s\n', chalk.bold(stackName))); - } - if (difRequiresApproval(diff, requireApproval)) { // eslint-disable-next-line max-len warning(`This deployment will make potentially sensitive changes according to your current security approval level (--require-approval ${requireApproval}).`); warning('Please confirm you intend to make the following modifications:\n'); diff --git a/packages/aws-cdk/test/api/deploy-stack.test.ts b/packages/aws-cdk/test/api/deploy-stack.test.ts index 1066b93613e6a..8ec842cc377a4 100644 --- a/packages/aws-cdk/test/api/deploy-stack.test.ts +++ b/packages/aws-cdk/test/api/deploy-stack.test.ts @@ -916,7 +916,29 @@ describe('disable rollback', () => { DisableRollback: true, })); }); +}); + +test.each([ + ['UPDATE_FAILED', 'failpaused-need-rollback-first'], + ['CREATE_COMPLETE', 'replacement-requires-norollback'], +])('no-rollback and replacement is disadvised: %p -> %p', async (stackStatus, expectedType) => { + // GIVEN + givenTemplateIs(FAKE_STACK.template); + givenStackExists({ + NotificationARNs: ['arn:aws:sns:bermuda-triangle-1337:123456789012:TestTopic'], + StackStatus: stackStatus, + }); + givenChangeSetContainsReplacement(); + + // WHEN + const result = await deployStack({ + ...standardDeployStackArguments(), + stack: FAKE_STACK, + rollback: false, + }); + // THEN + expect(result.type).toEqual(expectedType); }); /** @@ -955,3 +977,34 @@ function givenTemplateIs(template: any) { TemplateBody: JSON.stringify(template), }); } + +function givenChangeSetContainsReplacement() { + cfnMocks.describeChangeSet?.mockReturnValue({ + Status: 'CREATE_COMPLETE', + Changes: [ + { + Type: 'Resource', + ResourceChange: { + PolicyAction: 'ReplaceAndDelete', + Action: 'Modify', + LogicalResourceId: 'Queue4A7E3555', + PhysicalResourceId: 'https://sqs.eu-west-1.amazonaws.com/111111111111/Queue4A7E3555-P9C8nK3uv8v6.fifo', + ResourceType: 'AWS::SQS::Queue', + Replacement: 'True', + Scope: ['Properties'], + Details: [ + { + Target: { + Attribute: 'Properties', + Name: 'FifoQueue', + RequiresRecreation: 'Always', + }, + Evaluation: 'Static', + ChangeSource: 'DirectModification', + }, + ], + }, + }, + ], + }); +} diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index bd44d94829fc9..8b80cc97831cb 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -63,7 +63,7 @@ import * as fs from 'fs-extra'; import { instanceMockFrom, MockCloudExecutable, TestStackArtifact } from './util'; import { MockSdkProvider } from './util/mock-sdk'; import { Bootstrapper } from '../lib/api/bootstrap'; -import { RegularDeployStackResult } from '../lib/api/deploy-stack'; +import { DeployStackResult, RegularDeployStackResult } from '../lib/api/deploy-stack'; import { Deployments, DeployStackOptions, DestroyStackOptions, RollbackStackOptions, RollbackStackResult } from '../lib/api/deployments'; import { HotswapMode } from '../lib/api/hotswap/common'; import { Template } from '../lib/api/util/cloudformation'; @@ -1252,6 +1252,59 @@ describe('synth', () => { expect(mockedRollback).toHaveBeenCalled(); }); + + type StackResultType = DeployStackResult['type']; + + test.each([ + 'failpaused-need-rollback-first', + 'replacement-requires-norollback', + ] satisfies Array)('no-rollback deployment that cant proceed will be called with rollback on retry: %p', async (deployResult) => { + cloudExecutable = new MockCloudExecutable({ + stacks: [ + MockStack.MOCK_STACK_C, + ], + }); + + const deployments = new Deployments({ sdkProvider: new MockSdkProvider() }); + + // Rollback might be called -- just don't do nothing. + const mockRollbackStack = jest.spyOn(deployments, 'rollbackStack').mockResolvedValue({}); + + const mockedDeployStack = jest + .spyOn(deployments, 'deployStack') + .mockResolvedValueOnce({ + type: deployResult, + reason: 'replacement', + }).mockResolvedValueOnce({ + type: 'did-deploy-stack', + noOp: false, + outputs: {}, + stackArn: 'stack:arn', + }); + + const toolkit = new CdkToolkit({ + cloudExecutable, + configuration: cloudExecutable.configuration, + sdkProvider: cloudExecutable.sdkProvider, + deployments, + }); + + await toolkit.deploy({ + selector: { patterns: [] }, + hotswap: HotswapMode.FULL_DEPLOYMENT, + rollback: false, + requireApproval: RequireApproval.Never, + // Assume the user entered Y + force: true, + }); + + if (deployResult === 'failpaused-need-rollback-first') { + expect(mockRollbackStack).toHaveBeenCalled(); + } + + expect(mockedDeployStack).toHaveBeenNthCalledWith(1, expect.objectContaining({ rollback: false })); + expect(mockedDeployStack).toHaveBeenNthCalledWith(2, expect.objectContaining({ rollback: true })); + }); }); class MockStack { From f2fb85007937caf100f72a48554e1490017a64f4 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 29 Oct 2024 11:29:06 +0100 Subject: [PATCH 4/9] Fix some other tests --- packages/@aws-cdk/cloudformation-diff/lib/format.ts | 2 +- packages/aws-cdk/test/api/bootstrap2.test.ts | 5 +++++ packages/aws-cdk/test/diff.test.ts | 8 ++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/cloudformation-diff/lib/format.ts b/packages/@aws-cdk/cloudformation-diff/lib/format.ts index 61f44fc15e5fa..a29155f87399a 100644 --- a/packages/@aws-cdk/cloudformation-diff/lib/format.ts +++ b/packages/@aws-cdk/cloudformation-diff/lib/format.ts @@ -160,7 +160,7 @@ export class Formatter { const resourceType = diff.isRemoval ? diff.oldResourceType : diff.newResourceType; // eslint-disable-next-line max-len - this.print(`${this.formatResourcePrefix(diff)} ${this.formatValue(resourceType, chalk.cyan)} ${this.formatLogicalId(logicalId)} ${this.formatImpact(diff.changeImpact)}`); + this.print(`${this.formatResourcePrefix(diff)} ${this.formatValue(resourceType, chalk.cyan)} ${this.formatLogicalId(logicalId)} ${this.formatImpact(diff.changeImpact)}`.trimEnd()); if (diff.isUpdate) { const differenceCount = diff.differenceCount; diff --git a/packages/aws-cdk/test/api/bootstrap2.test.ts b/packages/aws-cdk/test/api/bootstrap2.test.ts index d9ec9d563768a..528f3e5162059 100644 --- a/packages/aws-cdk/test/api/bootstrap2.test.ts +++ b/packages/aws-cdk/test/api/bootstrap2.test.ts @@ -53,6 +53,10 @@ describe('Bootstrapping v2', () => { createPolicy: mockCreatePolicyIamCode, getPolicy: mockGetPolicyIamCode, }); + mockDeployStack.mockResolvedValue({ + type: 'did-deploy-stack', + noOp: false, + }); }); afterEach(() => { @@ -341,6 +345,7 @@ describe('Bootstrapping v2', () => { let template: any; mockDeployStack.mockImplementation((args: DeployStackOptions) => { template = args.stack.template; + return Promise.resolve({ type: 'did-deploy-stack' }); }); await bootstrapper.bootstrapEnvironment(env, sdk, { diff --git a/packages/aws-cdk/test/diff.test.ts b/packages/aws-cdk/test/diff.test.ts index 36cd95ff1fe0a..635e0157fbd88 100644 --- a/packages/aws-cdk/test/diff.test.ts +++ b/packages/aws-cdk/test/diff.test.ts @@ -1047,6 +1047,14 @@ describe('--strict', () => { beforeEach(() => { const oldTemplate = {}; + cloudFormation = instanceMockFrom(Deployments); + cloudFormation.readCurrentTemplateWithNestedStacks.mockImplementation((_stackArtifact: CloudFormationStackArtifact) => { + return Promise.resolve({ + deployedRootTemplate: {}, + nestedStacks: {}, + }); + }); + cloudExecutable = new MockCloudExecutable({ stacks: [{ stackName: 'A', From 97790ebe44c14d476ccf6094346efa47f0106dc1 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 29 Oct 2024 13:58:15 +0100 Subject: [PATCH 5/9] Review comments --- .../api/bootstrap/bootstrap-environment.ts | 10 +++--- .../lib/api/bootstrap/deploy-bootstrap.ts | 8 ++--- packages/aws-cdk/lib/api/deploy-stack.ts | 31 ++++++++++++------- .../aws-cdk/lib/api/hotswap-deployments.ts | 4 +-- packages/aws-cdk/lib/cdk-toolkit.ts | 14 +++++++-- packages/aws-cdk/lib/diff.ts | 4 +-- packages/aws-cdk/lib/import.ts | 2 +- .../test/api/hotswap/hotswap-test-setup.ts | 4 +-- packages/aws-cdk/test/cdk-toolkit.test.ts | 4 +-- 9 files changed, 49 insertions(+), 32 deletions(-) diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts index c05f575fd1a0e..46b5fd5bd909a 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts @@ -8,7 +8,7 @@ import { warning } from '../../logging'; import { loadStructuredFile, serializeStructure } from '../../serialize'; import { rootDir } from '../../util/directories'; import { ISDK, Mode, SdkProvider } from '../aws-auth'; -import { RegularDeployStackResult } from '../deploy-stack'; +import { SuccessfulDeployStackResult } from '../deploy-stack'; /* eslint-disable max-len */ @@ -21,7 +21,7 @@ export class Bootstrapper { constructor(private readonly source: BootstrapSource) { } - public bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { + public bootstrapEnvironment(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { switch (this.source.source) { case 'legacy': return this.legacyBootstrap(environment, sdkProvider, options); @@ -41,7 +41,7 @@ export class Bootstrapper { * Deploy legacy bootstrap stack * */ - private async legacyBootstrap(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { + private async legacyBootstrap(environment: cxapi.Environment, sdkProvider: SdkProvider, options: BootstrapEnvironmentOptions = {}): Promise { const params = options.parameters ?? {}; if (params.trustedAccounts?.length) { @@ -71,7 +71,7 @@ export class Bootstrapper { private async modernBootstrap( environment: cxapi.Environment, sdkProvider: SdkProvider, - options: BootstrapEnvironmentOptions = {}): Promise { + options: BootstrapEnvironmentOptions = {}): Promise { const params = options.parameters ?? {}; @@ -291,7 +291,7 @@ export class Bootstrapper { private async customBootstrap( environment: cxapi.Environment, sdkProvider: SdkProvider, - options: BootstrapEnvironmentOptions = {}): Promise { + options: BootstrapEnvironmentOptions = {}): Promise { // Look at the template, decide whether it's most likely a legacy or modern bootstrap // template, and use the right bootstrapper for that. diff --git a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts index ccb8d4c796b4e..2ba5ddd305eaa 100644 --- a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts +++ b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts @@ -6,7 +6,7 @@ import * as fs from 'fs-extra'; import { BOOTSTRAP_VERSION_OUTPUT, BootstrapEnvironmentOptions, BOOTSTRAP_VERSION_RESOURCE, BOOTSTRAP_VARIANT_PARAMETER, DEFAULT_BOOTSTRAP_VARIANT } from './bootstrap-props'; import * as logging from '../../logging'; import { Mode, SdkProvider, ISDK } from '../aws-auth'; -import { deployStack, RegularDeployStackResult } from '../deploy-stack'; +import { deployStack, SuccessfulDeployStackResult } from '../deploy-stack'; import { NoBootstrapStackEnvironmentResources } from '../environment-resources'; import { DEFAULT_TOOLKIT_STACK_NAME, ToolkitInfo } from '../toolkit-info'; @@ -63,7 +63,7 @@ export class BootstrapStack { template: any, parameters: Record, options: Omit, - ): Promise { + ): Promise { if (this.currentToolkitInfo.found && !options.force) { // Safety checks const abortResponse = { @@ -71,7 +71,7 @@ export class BootstrapStack { noOp: true, outputs: {}, stackArn: this.currentToolkitInfo.bootstrapStack.stackId, - } satisfies RegularDeployStackResult; + } satisfies SuccessfulDeployStackResult; // Validate that the bootstrap stack we're trying to replace is from the same variant as the one we're trying to deploy const currentVariant = this.currentToolkitInfo.variant; @@ -127,7 +127,7 @@ export class BootstrapStack { }); if (ret.type !== 'did-deploy-stack') { - throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(ret)}`); + throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(ret)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose`); } return ret; diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 42119a35cc077..63b0817958a02 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -21,21 +21,30 @@ import { determineAllowCrossAccountAssetPublishing } from './util/checks'; import { publishAssets } from '../util/asset-publishing'; export type DeployStackResult = - // Regular result - | RegularDeployStackResult - // The stack is currently in a failpaused state, and needs to be rolled back before the deployment - | { type: 'failpaused-need-rollback-first'; reason: 'not-norollback' | 'replacement' } - // The upcoming change has a replacement, which requires deploying without --no-rollback. - | { type: 'replacement-requires-norollback' } + | SuccessfulDeployStackResult + | NeedRollbackFirstDeployStackResult + | ReplacementRequiresNoRollbackStackResult ; -export interface RegularDeployStackResult { +/** Successfully deployed a stack */ +export interface SuccessfulDeployStackResult { readonly type: 'did-deploy-stack'; readonly noOp: boolean; readonly outputs: { [name: string]: string }; readonly stackArn: string; } +/** The stack is currently in a failpaused state, and needs to be rolled back before the deployment */ +export interface NeedRollbackFirstDeployStackResult { + readonly type: 'failpaused-need-rollback-first'; + readonly reason: 'not-norollback' | 'replacement'; +} + +/** The upcoming change has a replacement, which requires deploying without --no-rollback */ +export interface ReplacementRequiresNoRollbackStackResult { + readonly type: 'replacement-requires-norollback'; +} + export interface DeployStackOptions { /** * The stack to be deployed @@ -464,7 +473,7 @@ class FullCloudFormationDeployment { return waitForChangeSet(this.cfn, this.stackName, changeSetName, { fetchAll: willExecute }); } - private async executeChangeSet(changeSet: CloudFormation.DescribeChangeSetOutput): Promise { + private async executeChangeSet(changeSet: CloudFormation.DescribeChangeSetOutput): Promise { debug('Initiating execution of changeset %s on stack %s', changeSet.ChangeSetId, this.stackName); await this.cfn.executeChangeSet({ @@ -503,7 +512,7 @@ class FullCloudFormationDeployment { } } - private async directDeployment(): Promise { + private async directDeployment(): Promise { print('%s: %s stack...', chalk.bold(this.stackName), this.update ? 'updating' : 'creating'); const startTime = new Date(); @@ -543,7 +552,7 @@ class FullCloudFormationDeployment { } } - private async monitorDeployment(startTime: Date, expectedChanges: number | undefined): Promise { + private async monitorDeployment(startTime: Date, expectedChanges: number | undefined): Promise { const monitor = this.options.quiet ? undefined : StackActivityMonitor.withDefaultPrinter(this.cfn, this.stackName, this.stackArtifact, { resourcesTotal: expectedChanges, progress: this.options.progress, @@ -749,4 +758,4 @@ function hasReplacement(cs: AWS.CloudFormation.DescribeChangeSetOutput) { const a = c.ResourceChange?.PolicyAction; return a === 'ReplaceAndDelete' || a === 'ReplaceAndRetain' || a === 'ReplaceAndSnapshot'; }); -} \ No newline at end of file +} diff --git a/packages/aws-cdk/lib/api/hotswap-deployments.ts b/packages/aws-cdk/lib/api/hotswap-deployments.ts index acd2cc45f591f..7944d499af889 100644 --- a/packages/aws-cdk/lib/api/hotswap-deployments.ts +++ b/packages/aws-cdk/lib/api/hotswap-deployments.ts @@ -2,7 +2,7 @@ import * as cfn_diff from '@aws-cdk/cloudformation-diff'; import * as cxapi from '@aws-cdk/cx-api'; import * as chalk from 'chalk'; import { ISDK, Mode, SdkProvider } from './aws-auth'; -import { RegularDeployStackResult } from './deploy-stack'; +import { SuccessfulDeployStackResult } from './deploy-stack'; import { EvaluateCloudFormationTemplate } from './evaluate-cloudformation-template'; import { print } from '../logging'; import { isHotswappableAppSyncChange } from './hotswap/appsync-mapping-templates'; @@ -66,7 +66,7 @@ export async function tryHotswapDeployment( sdkProvider: SdkProvider, assetParams: { [key: string]: string }, cloudFormationStack: CloudFormationStack, stackArtifact: cxapi.CloudFormationStackArtifact, hotswapMode: HotswapMode, hotswapPropertyOverrides: HotswapPropertyOverrides, -): Promise { +): Promise { // resolve the environment, so we can substitute things like AWS::Region in CFN expressions const resolvedEnv = await sdkProvider.resolveEnvironment(stackArtifact.environment); // create a new SDK using the CLI credentials, because the default one will not work for new-style synthesis - diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 69c1b909305c9..64a700870e3fb 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -6,7 +6,7 @@ import * as chokidar from 'chokidar'; import * as fs from 'fs-extra'; import * as promptly from 'promptly'; import * as uuid from 'uuid'; -import { DeploymentMethod, RegularDeployStackResult } from './api'; +import { DeploymentMethod, SuccessfulDeployStackResult } from './api'; import { SdkProvider } from './api/aws-auth'; import { Bootstrapper, BootstrapEnvironmentOptions } from './api/bootstrap'; import { CloudAssembly, DefaultSelection, ExtendedStackSelection, StackCollection, StackSelector } from './api/cxapp/cloud-assembly'; @@ -324,10 +324,15 @@ export class CdkToolkit { let elapsedDeployTime = 0; try { - let deployResult: RegularDeployStackResult | undefined; + let deployResult: SuccessfulDeployStackResult | undefined; let rollback = options.rollback; + let iteration = 0; while (!deployResult) { + if (++iteration > 2) { + throw new Error('This loop should have stabilized in 2 iterations, but didn\'t. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose'); + } + const r = await this.props.deployments.deployStack({ stack, deployName: stack.stackName, @@ -401,6 +406,9 @@ export class CdkToolkit { rollback = true; break; } + + default: + throw new Error(`Unexpected result type from deployStack: ${JSON.stringify(r)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose`); } } @@ -1798,4 +1806,4 @@ async function askUserConfirmation( const confirmed = await promptly.confirm(`${chalk.cyan(question)} (y/n)?`); if (!confirmed) { throw new Error('Aborted by user'); } }); -} \ No newline at end of file +} diff --git a/packages/aws-cdk/lib/diff.ts b/packages/aws-cdk/lib/diff.ts index 9e84345deac37..487201108d293 100644 --- a/packages/aws-cdk/lib/diff.ts +++ b/packages/aws-cdk/lib/diff.ts @@ -126,7 +126,7 @@ export function printSecurityDiff( ): boolean { const diff = fullDiff(oldTemplate, newTemplate.template, changeSet); - if (difRequiresApproval(diff, requireApproval)) { + if (diffRequiresApproval(diff, requireApproval)) { stream.write(format('Stack %s\n', chalk.bold(stackName))); // eslint-disable-next-line max-len @@ -145,7 +145,7 @@ export function printSecurityDiff( * TODO: Filter the security impact determination based off of an enum that allows * us to pick minimum "severities" to alert on. */ -function difRequiresApproval(diff: TemplateDiff, requireApproval: RequireApproval) { +function diffRequiresApproval(diff: TemplateDiff, requireApproval: RequireApproval) { switch (requireApproval) { case RequireApproval.Never: return false; case RequireApproval.AnyChange: return diff.permissionsAnyChanges; diff --git a/packages/aws-cdk/lib/import.ts b/packages/aws-cdk/lib/import.ts index e70330374891a..3c15ee83c4e63 100644 --- a/packages/aws-cdk/lib/import.ts +++ b/packages/aws-cdk/lib/import.ts @@ -154,7 +154,7 @@ export class ResourceImporter { }); if (result.type !== 'did-deploy-stack') { - throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(result)}`); + throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(result)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose.`); } const message = result.noOp diff --git a/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts b/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts index 992ced62bfb17..3150d20b5e806 100644 --- a/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts +++ b/packages/aws-cdk/test/api/hotswap/hotswap-test-setup.ts @@ -3,7 +3,7 @@ import * as AWS from 'aws-sdk'; import * as codebuild from 'aws-sdk/clients/codebuild'; import * as lambda from 'aws-sdk/clients/lambda'; import * as stepfunctions from 'aws-sdk/clients/stepfunctions'; -import { RegularDeployStackResult } from '../../../lib/api'; +import { SuccessfulDeployStackResult } from '../../../lib/api'; import { HotswapMode, HotswapPropertyOverrides } from '../../../lib/api/hotswap/common'; import * as deployments from '../../../lib/api/hotswap-deployments'; import { CloudFormationStack, Template } from '../../../lib/api/util/cloudformation'; @@ -180,7 +180,7 @@ export class HotswapMockSdkProvider { stackArtifact: cxapi.CloudFormationStackArtifact, assetParams: { [key: string]: string } = {}, hotswapPropertyOverrides?: HotswapPropertyOverrides, - ): Promise { + ): Promise { let hotswapProps = hotswapPropertyOverrides || new HotswapPropertyOverrides(); return deployments.tryHotswapDeployment(this.mockSdkProvider, assetParams, currentCfnStack, stackArtifact, hotswapMode, hotswapProps); } diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index 8b80cc97831cb..ceabf3ef51ef6 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -63,7 +63,7 @@ import * as fs from 'fs-extra'; import { instanceMockFrom, MockCloudExecutable, TestStackArtifact } from './util'; import { MockSdkProvider } from './util/mock-sdk'; import { Bootstrapper } from '../lib/api/bootstrap'; -import { DeployStackResult, RegularDeployStackResult } from '../lib/api/deploy-stack'; +import { DeployStackResult, SuccessfulDeployStackResult } from '../lib/api/deploy-stack'; import { Deployments, DeployStackOptions, DestroyStackOptions, RollbackStackOptions, RollbackStackResult } from '../lib/api/deployments'; import { HotswapMode } from '../lib/api/hotswap/common'; import { Template } from '../lib/api/util/cloudformation'; @@ -1456,7 +1456,7 @@ class FakeCloudFormation extends Deployments { this.expectedNotificationArns = expectedNotificationArns ?? []; } - public deployStack(options: DeployStackOptions): Promise { + public deployStack(options: DeployStackOptions): Promise { expect([ MockStack.MOCK_STACK_A.stackName, MockStack.MOCK_STACK_B.stackName, From 87d6ce99176db62b6d5aee5824db63d9ec4f972d Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 29 Oct 2024 14:03:56 +0100 Subject: [PATCH 6/9] Update README --- packages/aws-cdk/README.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/packages/aws-cdk/README.md b/packages/aws-cdk/README.md index 6465d944fc518..c0aa5a8b6db08 100644 --- a/packages/aws-cdk/README.md +++ b/packages/aws-cdk/README.md @@ -205,11 +205,14 @@ $ cdk deploy -R ``` If a deployment fails you can update your code and immediately retry the -deployment from the point of failure. If you would like to explicitly roll back a failed, paused deployment, -use `cdk rollback`. +deployment from the point of failure. If you would like to explicitly roll back +a failed, paused deployment, use `cdk rollback`. -NOTE: you cannot use `--no-rollback` for any updates that would cause a resource replacement, only for updates -and creations of new resources. +`--no-rollback` deployments cannot contain resource replacements. If the CLI +detects that a resource is being replaced, it will prompt you to perform +a regular replacement instead. If the stack rollback is currently paused +and you are trying to perform an deployment that contains a replacement, you +will be prompted to roll back first. #### Deploying multiple stacks @@ -801,7 +804,7 @@ In practice this means for any resource in the provided template, for example, } ``` -There must not exist a resource of that type with the same identifier in the desired region. In this example that identfier +There must not exist a resource of that type with the same identifier in the desired region. In this example that identfier would be "amzn-s3-demo-bucket" ##### **The provided template is not deployed to CloudFormation in the account/region, and there *is* overlap with existing resources in the account/region** @@ -897,7 +900,7 @@ CDK Garbage Collection. > [!CAUTION] > CDK Garbage Collection is under development and therefore must be opted in via the `--unstable` flag: `cdk gc --unstable=gc`. -`cdk gc` garbage collects unused assets from your bootstrap bucket via the following mechanism: +`cdk gc` garbage collects unused assets from your bootstrap bucket via the following mechanism: - for each object in the bootstrap S3 Bucket, check to see if it is referenced in any existing CloudFormation templates - if not, it is treated as unused and gc will either tag it or delete it, depending on your configuration. @@ -935,7 +938,7 @@ Found X objects to delete based off of the following criteria: Delete this batch (yes/no/delete-all)? ``` -Since it's quite possible that the bootstrap bucket has many objects, we work in batches of 1000 objects or 100 images. +Since it's quite possible that the bootstrap bucket has many objects, we work in batches of 1000 objects or 100 images. To skip the prompt either reply with `delete-all`, or use the `--confirm=false` option. ```console @@ -945,7 +948,7 @@ cdk gc --unstable=gc --confirm=false If you are concerned about deleting assets too aggressively, there are multiple levers you can configure: - rollback-buffer-days: this is the amount of days an asset has to be marked as isolated before it is elligible for deletion. -- created-buffer-days: this is the amount of days an asset must live before it is elligible for deletion. +- created-buffer-days: this is the amount of days an asset must live before it is elligible for deletion. When using `rollback-buffer-days`, instead of deleting unused objects, `cdk gc` will tag them with today's date instead. It will also check if any objects have been tagged by previous runs of `cdk gc` From ac22c1c43d6660caa7c76e0809acb666eeb5ad85 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 31 Oct 2024 16:29:28 +0100 Subject: [PATCH 7/9] Unit test prompts --- packages/aws-cdk/test/cdk-toolkit.test.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index ceabf3ef51ef6..0cfc96bfa08a2 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -60,6 +60,7 @@ import * as cxschema from '@aws-cdk/cloud-assembly-schema'; import { Manifest } from '@aws-cdk/cloud-assembly-schema'; import * as cxapi from '@aws-cdk/cx-api'; import * as fs from 'fs-extra'; +import * as promptly from 'promptly'; import { instanceMockFrom, MockCloudExecutable, TestStackArtifact } from './util'; import { MockSdkProvider } from './util/mock-sdk'; import { Bootstrapper } from '../lib/api/bootstrap'; @@ -1282,6 +1283,8 @@ describe('synth', () => { stackArn: 'stack:arn', }); + const mockedConfirm = jest.spyOn(promptly, 'confirm').mockResolvedValue(true); + const toolkit = new CdkToolkit({ cloudExecutable, configuration: cloudExecutable.configuration, @@ -1294,12 +1297,13 @@ describe('synth', () => { hotswap: HotswapMode.FULL_DEPLOYMENT, rollback: false, requireApproval: RequireApproval.Never, - // Assume the user entered Y - force: true, }); if (deployResult === 'failpaused-need-rollback-first') { expect(mockRollbackStack).toHaveBeenCalled(); + expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Roll back first and then proceed with deployment')); + } else { + expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Perform a regular deployment')); } expect(mockedDeployStack).toHaveBeenNthCalledWith(1, expect.objectContaining({ rollback: false })); From f35e8317e7f2fa409dfdce5a2c6f6a6565b9dcad Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Thu, 31 Oct 2024 17:15:43 +0100 Subject: [PATCH 8/9] Add testing marker --- packages/aws-cdk/lib/cdk-toolkit.ts | 8 +++++++- packages/aws-cdk/test/cdk-toolkit.test.ts | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/packages/aws-cdk/lib/cdk-toolkit.ts b/packages/aws-cdk/lib/cdk-toolkit.ts index 64a700870e3fb..f6955b6e14449 100644 --- a/packages/aws-cdk/lib/cdk-toolkit.ts +++ b/packages/aws-cdk/lib/cdk-toolkit.ts @@ -36,6 +36,12 @@ import { environmentsFromDescriptors, globEnvironmentsFromStacks, looksLikeGlob // eslint-disable-next-line @typescript-eslint/no-require-imports const pLimit: typeof import('p-limit') = require('p-limit'); +let TESTING = false; + +export function markTesting() { + TESTING = true; +} + export interface CdkToolkitProps { /** @@ -1794,7 +1800,7 @@ async function askUserConfirmation( ) { await withCorkedLogging(async () => { // only talk to user if STDIN is a terminal (otherwise, fail) - if (!process.stdin.isTTY) { + if (!TESTING && !process.stdin.isTTY) { throw new Error(`${motivation}, but terminal (TTY) is not attached so we are unable to get a confirmation from the user`); } diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index 0cfc96bfa08a2..ba550f6572e95 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -68,11 +68,13 @@ import { DeployStackResult, SuccessfulDeployStackResult } from '../lib/api/deplo import { Deployments, DeployStackOptions, DestroyStackOptions, RollbackStackOptions, RollbackStackResult } from '../lib/api/deployments'; import { HotswapMode } from '../lib/api/hotswap/common'; import { Template } from '../lib/api/util/cloudformation'; -import { CdkToolkit, Tag } from '../lib/cdk-toolkit'; +import { CdkToolkit, markTesting, Tag } from '../lib/cdk-toolkit'; import { RequireApproval } from '../lib/diff'; import { Configuration } from '../lib/settings'; import { flatten } from '../lib/util'; +markTesting(); + process.env.CXAPI_DISABLE_SELECT_BY_ID = '1'; let cloudExecutable: MockCloudExecutable; From 417a2141210247d26f583bd3f1c5e9b338de7dd3 Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Fri, 1 Nov 2024 18:23:11 +0100 Subject: [PATCH 9/9] Try to get higher branch coverage --- .../lib/api/bootstrap/deploy-bootstrap.ts | 6 ++-- packages/aws-cdk/lib/api/deploy-stack.ts | 6 ++++ packages/aws-cdk/lib/import.ts | 5 ++-- packages/aws-cdk/test/api/bootstrap2.test.ts | 16 ++++++---- .../aws-cdk/test/api/deploy-stack.test.ts | 6 +++- packages/aws-cdk/test/cdk-toolkit.test.ts | 30 +++++++++++-------- 6 files changed, 43 insertions(+), 26 deletions(-) diff --git a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts index 2ba5ddd305eaa..b1f0cb506837f 100644 --- a/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts +++ b/packages/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts @@ -6,7 +6,7 @@ import * as fs from 'fs-extra'; import { BOOTSTRAP_VERSION_OUTPUT, BootstrapEnvironmentOptions, BOOTSTRAP_VERSION_RESOURCE, BOOTSTRAP_VARIANT_PARAMETER, DEFAULT_BOOTSTRAP_VARIANT } from './bootstrap-props'; import * as logging from '../../logging'; import { Mode, SdkProvider, ISDK } from '../aws-auth'; -import { deployStack, SuccessfulDeployStackResult } from '../deploy-stack'; +import { assertIsSuccessfulDeployStackResult, deployStack, SuccessfulDeployStackResult } from '../deploy-stack'; import { NoBootstrapStackEnvironmentResources } from '../environment-resources'; import { DEFAULT_TOOLKIT_STACK_NAME, ToolkitInfo } from '../toolkit-info'; @@ -126,9 +126,7 @@ export class BootstrapStack { envResources: new NoBootstrapStackEnvironmentResources(this.resolvedEnvironment, this.sdk), }); - if (ret.type !== 'did-deploy-stack') { - throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(ret)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose`); - } + assertIsSuccessfulDeployStackResult(ret); return ret; } diff --git a/packages/aws-cdk/lib/api/deploy-stack.ts b/packages/aws-cdk/lib/api/deploy-stack.ts index 3e9cc99a2ed3d..5fe7b39bd7c89 100644 --- a/packages/aws-cdk/lib/api/deploy-stack.ts +++ b/packages/aws-cdk/lib/api/deploy-stack.ts @@ -46,6 +46,12 @@ export interface ReplacementRequiresNoRollbackStackResult { readonly type: 'replacement-requires-norollback'; } +export function assertIsSuccessfulDeployStackResult(x: DeployStackResult): asserts x is SuccessfulDeployStackResult { + if (x.type !== 'did-deploy-stack') { + throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(x)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose.`); + } +} + export interface DeployStackOptions { /** * The stack to be deployed diff --git a/packages/aws-cdk/lib/import.ts b/packages/aws-cdk/lib/import.ts index 3c15ee83c4e63..b0a94b54ded92 100644 --- a/packages/aws-cdk/lib/import.ts +++ b/packages/aws-cdk/lib/import.ts @@ -6,6 +6,7 @@ import * as chalk from 'chalk'; import * as fs from 'fs-extra'; import * as promptly from 'promptly'; import { DeploymentMethod } from './api'; +import { assertIsSuccessfulDeployStackResult } from './api/deploy-stack'; import { Deployments } from './api/deployments'; import { ResourceIdentifierProperties, ResourcesToImport } from './api/util/cloudformation'; import { StackActivityProgress } from './api/util/cloudformation/stack-activity-monitor'; @@ -153,9 +154,7 @@ export class ResourceImporter { resourcesToImport, }); - if (result.type !== 'did-deploy-stack') { - throw new Error(`Unexpected deployStack result. This should not happen: ${JSON.stringify(result)}. If you are seeing this error, please report it at https://github.com/aws/aws-cdk/issues/new/choose.`); - } + assertIsSuccessfulDeployStackResult(result); const message = result.noOp ? ' ✅ %s (no changes)' diff --git a/packages/aws-cdk/test/api/bootstrap2.test.ts b/packages/aws-cdk/test/api/bootstrap2.test.ts index 528f3e5162059..4be0ec22ea2f6 100644 --- a/packages/aws-cdk/test/api/bootstrap2.test.ts +++ b/packages/aws-cdk/test/api/bootstrap2.test.ts @@ -1,10 +1,7 @@ /* eslint-disable import/order */ -const mockDeployStack = jest.fn(); - -jest.mock('../../lib/api/deploy-stack', () => ({ - deployStack: mockDeployStack, -})); +import * as deployStack from '../../lib/api/deploy-stack'; +const mockDeployStack = jest.spyOn(deployStack, 'deployStack'); import { IAM } from 'aws-sdk'; import { Bootstrapper, DeployStackOptions, ToolkitInfo } from '../../lib/api'; @@ -56,6 +53,8 @@ describe('Bootstrapping v2', () => { mockDeployStack.mockResolvedValue({ type: 'did-deploy-stack', noOp: false, + outputs: {}, + stackArn: 'arn:stack', }); }); @@ -345,7 +344,12 @@ describe('Bootstrapping v2', () => { let template: any; mockDeployStack.mockImplementation((args: DeployStackOptions) => { template = args.stack.template; - return Promise.resolve({ type: 'did-deploy-stack' }); + return Promise.resolve({ + type: 'did-deploy-stack', + noOp: false, + outputs: {}, + stackArn: 'arn:stack', + }); }); await bootstrapper.bootstrapEnvironment(env, sdk, { diff --git a/packages/aws-cdk/test/api/deploy-stack.test.ts b/packages/aws-cdk/test/api/deploy-stack.test.ts index 8ec842cc377a4..cfc6f92a709df 100644 --- a/packages/aws-cdk/test/api/deploy-stack.test.ts +++ b/packages/aws-cdk/test/api/deploy-stack.test.ts @@ -1,5 +1,5 @@ /* eslint-disable import/order */ -import { deployStack, DeployStackOptions } from '../../lib/api'; +import { assertIsSuccessfulDeployStackResult, deployStack, DeployStackOptions } from '../../lib/api'; import { HotswapMode } from '../../lib/api/hotswap/common'; import { tryHotswapDeployment } from '../../lib/api/hotswap-deployments'; import { setCI } from '../../lib/logging'; @@ -941,6 +941,10 @@ test.each([ expect(result.type).toEqual(expectedType); }); +test('assertIsSuccessfulDeployStackResult does what it says', () => { + expect(() => assertIsSuccessfulDeployStackResult({ type: 'replacement-requires-norollback' })).toThrow(); +}); + /** * Set up the mocks so that it looks like the stack exists to start with * diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts index 2c3849771d4fc..a36bf5efd224c 100644 --- a/packages/aws-cdk/test/cdk-toolkit.test.ts +++ b/packages/aws-cdk/test/cdk-toolkit.test.ts @@ -1256,12 +1256,13 @@ describe('synth', () => { expect(mockedRollback).toHaveBeenCalled(); }); - type StackResultType = DeployStackResult['type']; - test.each([ - 'failpaused-need-rollback-first', - 'replacement-requires-norollback', - ] satisfies Array)('no-rollback deployment that cant proceed will be called with rollback on retry: %p', async (deployResult) => { + [{ type: 'failpaused-need-rollback-first', reason: 'replacement' }, false], + [{ type: 'failpaused-need-rollback-first', reason: 'replacement' }, true], + [{ type: 'failpaused-need-rollback-first', reason: 'not-norollback' }, false], + [{ type: 'replacement-requires-norollback' }, false], + [{ type: 'replacement-requires-norollback' }, true], + ] satisfies Array<[DeployStackResult, boolean]>)('no-rollback deployment that cant proceed will be called with rollback on retry: %p (using force: %p)', async (firstResult, useForce) => { cloudExecutable = new MockCloudExecutable({ stacks: [ MockStack.MOCK_STACK_C, @@ -1275,10 +1276,8 @@ describe('synth', () => { const mockedDeployStack = jest .spyOn(deployments, 'deployStack') + .mockResolvedValueOnce(firstResult) .mockResolvedValueOnce({ - type: deployResult, - reason: 'replacement', - }).mockResolvedValueOnce({ type: 'did-deploy-stack', noOp: false, outputs: {}, @@ -1299,13 +1298,20 @@ describe('synth', () => { hotswap: HotswapMode.FULL_DEPLOYMENT, rollback: false, requireApproval: RequireApproval.Never, + force: useForce, }); - if (deployResult === 'failpaused-need-rollback-first') { + if (firstResult.type === 'failpaused-need-rollback-first') { expect(mockRollbackStack).toHaveBeenCalled(); - expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Roll back first and then proceed with deployment')); - } else { - expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Perform a regular deployment')); + } + + if (!useForce) { + // Questions will have been asked only if --force is not specified + if (firstResult.type === 'failpaused-need-rollback-first') { + expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Roll back first and then proceed with deployment')); + } else { + expect(mockedConfirm).toHaveBeenCalledWith(expect.stringContaining('Perform a regular deployment')); + } } expect(mockedDeployStack).toHaveBeenNthCalledWith(1, expect.objectContaining({ rollback: false }));