Merge branch 'main' into vpc-endpoint-dynamodb

aws · Oct 3, 2024 · e55376a · e55376a
2 parents 5caf3bc + 0e03d39
commit e55376a
Show file tree

Hide file tree

Showing 37 changed files with 1,338 additions and 347 deletions.
diff --git a/packages/@aws-cdk-testing/cli-integ/README.md b/packages/@aws-cdk-testing/cli-integ/README.md
@@ -37,7 +37,7 @@ Test suites are written as a collection of Jest tests, and they are run using Je
 
 ### Setup
 
-Building the @aws-cdk-testing package is not very different from building the rest of the CDK. However, If you are having issues with the tests, you can ensure your enviornment is built properly by following the steps below:
+Building the @aws-cdk-testing package is not very different from building the rest of the CDK. However, If you are having issues with the tests, you can ensure your environment is built properly by following the steps below:
 
 ```shell
 yarn install # Install dependencies

diff --git a/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts b/packages/@aws-cdk-testing/cli-integ/lib/with-cdk-app.ts
@@ -24,7 +24,8 @@ export const EXTENDED_TEST_TIMEOUT_S = 30 * 60;
  * For backwards compatibility with existing tests (so we don't have to change
  * too much) the inner block is expected to take a `TestFixture` object.
  */
-export function withCdkApp(
+export function withSpecificCdkApp(
+  appName: string,
   block: (context: TestFixture) => Promise<void>,
 ): (context: TestContext & AwsContext & DisableBootstrapContext) => Promise<void> {
   return async (context: TestContext & AwsContext & DisableBootstrapContext) => {
@@ -36,7 +37,7 @@ export function withCdkApp(
     context.output.write(` Test directory: ${integTestDir}\n`);
     context.output.write(` Region:         ${context.aws.region}\n`);
 
-    await cloneDirectory(path.join(RESOURCES_DIR, 'cdk-apps', 'app'), integTestDir, context.output);
+    await cloneDirectory(path.join(RESOURCES_DIR, 'cdk-apps', appName), integTestDir, context.output);
     const fixture = new TestFixture(
       integTestDir,
       stackNamePrefix,
@@ -87,6 +88,16 @@ export function withCdkApp(
   };
 }
 
+/**
+ * Like `withSpecificCdkApp`, but uses the default integration testing app with a million stacks in it
+ */
+export function withCdkApp(
+  block: (context: TestFixture) => Promise<void>,
+): (context: TestContext & AwsContext & DisableBootstrapContext) => Promise<void> {
+  // 'app' is the name of the default integration app in the `cdk-apps` directory
+  return withSpecificCdkApp('app', block);
+}
+
 export function withCdkMigrateApp<A extends TestContext>(language: string, block: (context: TestFixture) => Promise<void>) {
   return async (context: A) => {
     const stackName = `cdk-migrate-${language}-integ-${context.randomString}`;
@@ -188,6 +199,10 @@ export function withDefaultFixture(block: (context: TestFixture) => Promise<void
   return withAws(withTimeout(DEFAULT_TEST_TIMEOUT_S, withCdkApp(block)));
 }
 
+export function withSpecificFixture(appName: string, block: (context: TestFixture) => Promise<void>) {
+  return withAws(withTimeout(DEFAULT_TEST_TIMEOUT_S, withSpecificCdkApp(appName, block)));
+}
+
 export function withExtendedTimeoutFixture(block: (context: TestFixture) => Promise<void>) {
   return withAws(withTimeout(EXTENDED_TEST_TIMEOUT_S, withCdkApp(block)));
 }

diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/app/app.js
@@ -431,6 +431,20 @@ class LambdaStack extends cdk.Stack {
   }
 }
 
+class IamRolesStack extends cdk.Stack {
+  constructor(parent, id, props) {
+    super(parent, id, props);
+
+    // Environment variabile is used to create a bunch of roles to test
+    // that large diff templates are uploaded to S3 to create the changeset.
+    for(let i = 1; i <= Number(process.env.NUMBER_OF_ROLES) ; i++) {
+      new iam.Role(this, `Role${i}`, {
+        assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
+      });
+    }
+  }
+}
+
 class SessionTagsStack extends cdk.Stack {
   constructor(parent, id, props) {
     super(parent, id, {
@@ -778,6 +792,8 @@ switch (stackSet) {
 
     new LambdaStack(app, `${stackPrefix}-lambda`);
 
+    new IamRolesStack(app, `${stackPrefix}-iam-roles`);
+
     if (process.env.ENABLE_VPC_TESTING == 'IMPORT') {
       // this stack performs a VPC lookup so we gate synth
       const env = { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION };

diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/app.js
@@ -0,0 +1,100 @@
+const cdk = require('aws-cdk-lib');
+const lambda = require('aws-cdk-lib/aws-lambda');
+const cr = require('aws-cdk-lib/custom-resources');
+
+/**
+ * This stack will be deployed in multiple phases, to achieve a very specific effect
+ *
+ * It contains resources r1 and r2, where r1 gets deployed first.
+ *
+ * - PHASE = 1: both resources deploy regularly.
+ * - PHASE = 2a: r1 gets updated, r2 will fail to update
+ * - PHASE = 2b: r1 gets updated, r2 will fail to update, and r1 will fail its rollback.
+ *
+ * To exercise this app:
+ *
+ * ```
+ * env PHASE=1 npx cdk deploy
+ * env PHASE=2b npx cdk deploy --no-rollback
+ * # This will leave the stack in UPDATE_FAILED
+ *
+ * env PHASE=2b npx cdk rollback
+ * # This will start a rollback that will fail because r1 fails its rollabck
+ *
+ * env PHASE=2b npx cdk rollback --force
+ * # This will retry the rollabck and skip r1
+ * ```
+ */
+class RollbacktestStack extends cdk.Stack {
+  constructor(scope, id, props) {
+    super(scope, id, props);
+
+    let r1props = {};
+    let r2props = {};
+
+    const phase = process.env.PHASE;
+    switch (phase) {
+      case '1':
+        // Normal deployment
+        break;
+      case '2a':
+        // r1 updates normally, r2 fails updating
+        r2props.FailUpdate = true;
+        break;
+      case '2b':
+        // r1 updates normally, r2 fails updating, r1 fails rollback
+        r1props.FailRollback = true;
+        r2props.FailUpdate = true;
+        break;
+    }
+
+    const fn = new lambda.Function(this, 'Fun', {
+      runtime: lambda.Runtime.NODEJS_LATEST,
+      code: lambda.Code.fromInline(`exports.handler = async function(event, ctx) {
+        const key = \`Fail\${event.RequestType}\`;
+        if (event.ResourceProperties[key]) {
+          throw new Error(\`\${event.RequestType} fails!\`);
+        }
+        if (event.OldResourceProperties?.FailRollback) {
+          throw new Error('Failing rollback!');
+        }
+        return {};
+      }`),
+      handler: 'index.handler',
+      timeout: cdk.Duration.minutes(1),
+    });
+    const provider = new cr.Provider(this, "MyProvider", {
+      onEventHandler: fn,
+    });
+
+    const r1 = new cdk.CustomResource(this, 'r1', {
+      serviceToken: provider.serviceToken,
+      properties: r1props,
+    });
+    const r2 = new cdk.CustomResource(this, 'r2', {
+      serviceToken: provider.serviceToken,
+      properties: r2props,
+    });
+    r2.node.addDependency(r1);
+  }
+}
+
+const app = new cdk.App({
+  context: {
+    '@aws-cdk/core:assetHashSalt': process.env.CODEBUILD_BUILD_ID, // Force all assets to be unique, but consistent in one build
+  },
+});
+
+const defaultEnv = {
+  account: process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEFAULT_REGION
+};
+
+const stackPrefix = process.env.STACK_NAME_PREFIX;
+if (!stackPrefix) {
+  throw new Error(`the STACK_NAME_PREFIX environment variable is required`);
+}
+
+// Sometimes we don't want to synthesize all stacks because it will impact the results
+new RollbacktestStack(app, `${stackPrefix}-test-rollback`, { env: defaultEnv });
+app.synth();
diff --git a/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/cdk.json b/packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/rollback-test-app/cdk.json
@@ -0,0 +1,7 @@
+{
+  "app": "node app.js",
+  "versionReporting": false,
+  "context": {
+    "aws-cdk:enableDiffNoFail": "true"
+  }
+}
diff --git a/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts b/packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts
@@ -32,6 +32,7 @@ import {
   withCDKMigrateFixture,
   withExtendedTimeoutFixture,
   randomString,
+  withSpecificFixture,
   withoutBootstrap,
 } from '../../lib';
 
@@ -1031,6 +1032,30 @@ integTest(
   }),
 );
 
+integTest(
+  'cdk diff with large changeset does not fail',
+  withDefaultFixture(async (fixture) => {
+    // GIVEN - small initial stack with only ane IAM role
+    await fixture.cdkDeploy('iam-roles', {
+      modEnv: {
+        NUMBER_OF_ROLES: '1',
+      },
+    });
+
+    // WHEN - adding 200 roles to the same stack to create a large diff
+    const diff = await fixture.cdk(['diff', fixture.fullStackName('iam-roles')], {
+      verbose: true,
+      modEnv: {
+        NUMBER_OF_ROLES: '200',
+      },
+    });
+
+    // Assert that the CLI assumes the file publishing role:
+    expect(diff).toMatch(/Assuming role .*file-publishing-role/);
+    expect(diff).toContain('success: Published');
+  }),
+);
+
 integTest(
   'cdk diff --security-only successfully outputs sso-permission-set-without-managed-policy information',
   withDefaultFixture(async (fixture) => {
@@ -2260,55 +2285,97 @@ integTest(
   }),
 );
 
-integTest('cdk notices are displayed correctly', withDefaultFixture(async (fixture) => {
+integTest(
+  'test cdk rollback',
+  withSpecificFixture('rollback-test-app', async (fixture) => {
+    let phase = '1';
+
+    // Should succeed
+    await fixture.cdkDeploy('test-rollback', {
+      options: ['--no-rollback'],
+      modEnv: { PHASE: phase },
+      verbose: false,
+    });
+    try {
+      phase = '2a';
+
+      // Should fail
+      const deployOutput = await fixture.cdkDeploy('test-rollback', {
+        options: ['--no-rollback'],
+        modEnv: { PHASE: phase },
+        verbose: false,
+        allowErrExit: true,
+      });
+      expect(deployOutput).toContain('UPDATE_FAILED');
+
+      // Rollback
+      await fixture.cdk(['rollback'], {
+        modEnv: { PHASE: phase },
+        verbose: false,
+      });
+    } finally {
+      await fixture.cdkDestroy('test-rollback');
+    }
+  }),
+);
+
+integTest(
+  'test cdk rollback --force',
+  withSpecificFixture('rollback-test-app', async (fixture) => {
+    let phase = '1';
+
+    // Should succeed
+    await fixture.cdkDeploy('test-rollback', {
+      options: ['--no-rollback'],
+      modEnv: { PHASE: phase },
+      verbose: false,
+    });
+    try {
+      phase = '2b'; // Fail update and also fail rollback
+
+      // Should fail
+      const deployOutput = await fixture.cdkDeploy('test-rollback', {
+        options: ['--no-rollback'],
+        modEnv: { PHASE: phase },
+        verbose: false,
+        allowErrExit: true,
+      });
+
+      expect(deployOutput).toContain('UPDATE_FAILED');
+
+      // Should still fail
+      const rollbackOutput = await fixture.cdk(['rollback'], {
+        modEnv: { PHASE: phase },
+        verbose: false,
+        allowErrExit: true,
+      });
+
+      expect(rollbackOutput).toContain('Failing rollback');
+
+      // Rollback and force cleanup
+      await fixture.cdk(['rollback', '--force'], {
+        modEnv: { PHASE: phase },
+        verbose: false,
+      });
+    } finally {
+      await fixture.cdkDestroy('test-rollback');
+    }
+  }),
+);
+
+integTest('cdk bootstrap notice is displayed correctly', withDefaultFixture(async (fixture) => {
 
   const cache = {
     expiration: 4125963264000, // year 2100 so we never overwrite the cache
     notices: [
       {
-        title: 'CLI Notice',
-        issueNumber: 1111,
-        overview: 'Overview for CLI Notice',
-        components: [
-          {
-            name: 'cli',
-            version: '<99.0.0',
-          },
-        ],
-        schemaVersion: '1',
-      },
-      {
-        title: 'Framework Notice',
-        issueNumber: 2222,
-        overview: 'Overview for Framework Notice',
-        components: [
-          {
-            name: 'framework',
-            version: '<99.0.0',
-          },
-        ],
-        schemaVersion: '1',
-      },
-      {
-        title: 'Queue Notice',
-        issueNumber: 3333,
-        overview: 'Overview for Queue Notice',
-        components: [
-          {
-            name: 'aws-cdk-lib.aws_sqs.Queue',
-            version: '<99.0.0',
-          },
-        ],
-        schemaVersion: '1',
-      },
-      {
-        title: 'Bootstrap 22 Notice',
+        title: 'Bootstrap 1999 Notice',
         issueNumber: 4444,
-        overview: 'Overview for Bootstrap 22 Notice. AffectedEnvironments:<{resolve:ENVIRONMENTS}>',
+        overview: 'Overview for Bootstrap 1999 Notice. AffectedEnvironments:<{resolve:ENVIRONMENTS}>',
         components: [
           {
             name: 'bootstrap',
-            version: '22',
+            version: '<1999', // so we include all possible environments
           },
         ],
         schemaVersion: '1',
@@ -2327,10 +2394,7 @@ integTest('cdk notices are displayed correctly', withDefaultFixture(async (fixtu
     },
   });
 
-  expect(output).toContain('Overview for CLI Notice');
-  expect(output).toContain('Overview for Framework Notice');
-  expect(output).toContain('Overview for Queue Notice');
-  expect(output).toContain('Overview for Bootstrap 22 Notice');
+  expect(output).toContain('Overview for Bootstrap 1999 Notice');
 
   // assert dynamic environments are resolved
   expect(output).toContain(`AffectedEnvironments:<aws://${await fixture.aws.account()}/${fixture.aws.region}>`);

diff --git a/.../test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json b/.../test/integ.function-url.js.snapshot/IntegTestDefaultTestDeployAssertE3E7D2A4.assets.json