forked from aws/aws-cdk
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a CLI feature to roll a stuck change back. This is mostly useful for deployments performed using `--no-rollback`: if a failure occurs, the stack gets stuck in an `UPDATE_FAILED` state from which there are 2 options: - Try again using a new template - Roll back to the last stable state There used to be no way to perform the second operation using the CDK CLI, but there now is. `cdk rollback` works in 2 situations: - A paused fail state; it will initiating a fresh rollback (on `CREATE_FAILED`, `UPDATE_FAILED`). - A paused rollback state; it will retry the rollback, optionally skipping some resources (on `UPDATE_ROLLBACK_FAILED` -- it seems there is no way to continue a rollback in `ROLLBACK_FAILED` state). `cdk rollback --orphan <logicalid>` can be used to skip resource rollbacks that are causing problems. `cdk rollback --force` will look up all failed resources and continue skipping them until the rollback has finished. This change requires new bootstrap permissions, so the bootstrap stack is updated to add the following IAM permissions to the `deploy-action` role: ``` - cloudformation:RollbackStack - cloudformation:ContinueUpdateRollback ``` These are necessary to call the 2 CloudFormation APIs that start and continue a rollback. Relates to (but does not close yet) aws#30546. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
Showing
20 changed files
with
1,121 additions
and
218 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100 changes: 100 additions & 0 deletions
100
packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
const cdk = require('aws-cdk-lib'); | ||
const lambda = require('aws-cdk-lib/aws-lambda'); | ||
const cr = require('aws-cdk-lib/custom-resources'); | ||
|
||
/** | ||
* This stack will be deployed in multiple phases, to achieve a very specific effect | ||
* | ||
* It contains resources r1 and r2, where r1 gets deployed first. | ||
* | ||
* - PHASE = 1: both resources deploy regularly. | ||
* - PHASE = 2a: r1 gets updated, r2 will fail to update | ||
* - PHASE = 2b: r1 gets updated, r2 will fail to update, and r1 will fail its rollback. | ||
* | ||
* To exercise this app: | ||
* | ||
* ``` | ||
* env PHASE=1 npx cdk deploy | ||
* env PHASE=2b npx cdk deploy --no-rollback | ||
* # This will leave the stack in UPDATE_FAILED | ||
* | ||
* env PHASE=2b npx cdk rollback | ||
* # This will start a rollback that will fail because r1 fails its rollabck | ||
* | ||
* env PHASE=2b npx cdk rollback --force | ||
* # This will retry the rollabck and skip r1 | ||
* ``` | ||
*/ | ||
class RollbacktestStack extends cdk.Stack { | ||
constructor(scope, id, props) { | ||
super(scope, id, props); | ||
|
||
let r1props = {}; | ||
let r2props = {}; | ||
|
||
const phase = process.env.PHASE; | ||
switch (phase) { | ||
case '1': | ||
// Normal deployment | ||
break; | ||
case '2a': | ||
// r1 updates normally, r2 fails updating | ||
r2props.FailUpdate = true; | ||
break; | ||
case '2b': | ||
// r1 updates normally, r2 fails updating, r1 fails rollback | ||
r1props.FailRollback = true; | ||
r2props.FailUpdate = true; | ||
break; | ||
} | ||
|
||
const fn = new lambda.Function(this, 'Fun', { | ||
runtime: lambda.Runtime.NODEJS_LATEST, | ||
code: lambda.Code.fromInline(`exports.handler = async function(event, ctx) { | ||
const key = \`Fail\${event.RequestType}\`; | ||
if (event.ResourceProperties[key]) { | ||
throw new Error(\`\${event.RequestType} fails!\`); | ||
} | ||
if (event.OldResourceProperties?.FailRollback) { | ||
throw new Error('Failing rollback!'); | ||
} | ||
return {}; | ||
}`), | ||
handler: 'index.handler', | ||
timeout: cdk.Duration.minutes(1), | ||
}); | ||
const provider = new cr.Provider(this, "MyProvider", { | ||
onEventHandler: fn, | ||
}); | ||
|
||
const r1 = new cdk.CustomResource(this, 'r1', { | ||
serviceToken: provider.serviceToken, | ||
properties: r1props, | ||
}); | ||
const r2 = new cdk.CustomResource(this, 'r2', { | ||
serviceToken: provider.serviceToken, | ||
properties: r2props, | ||
}); | ||
r2.node.addDependency(r1); | ||
} | ||
} | ||
|
||
const app = new cdk.App({ | ||
context: { | ||
'@aws-cdk/core:assetHashSalt': process.env.CODEBUILD_BUILD_ID, // Force all assets to be unique, but consistent in one build | ||
}, | ||
}); | ||
|
||
const defaultEnv = { | ||
account: process.env.CDK_DEFAULT_ACCOUNT, | ||
region: process.env.CDK_DEFAULT_REGION | ||
}; | ||
|
||
const stackPrefix = process.env.STACK_NAME_PREFIX; | ||
if (!stackPrefix) { | ||
throw new Error(`the STACK_NAME_PREFIX environment variable is required`); | ||
} | ||
|
||
// Sometimes we don't want to synthesize all stacks because it will impact the results | ||
new RollbacktestStack(app, `${stackPrefix}-test-rollback`, { env: defaultEnv }); | ||
app.synth(); |
7 changes: 7 additions & 0 deletions
7
packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/cdk.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"app": "node app.js", | ||
"versionReporting": false, | ||
"context": { | ||
"aws-cdk:enableDiffNoFail": "true" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.