Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: a cdk diff with analyticsReporting: false and an empty stack will always print [+] Parameter BootstrapVersion #31864

Open
1 task
rehanvdm opened this issue Oct 23, 2024 · 4 comments
Open
1 task

cli: a cdk diff with analyticsReporting: false and an empty stack will always print [+] Parameter BootstrapVersion #31864

rehanvdm opened this issue Oct 23, 2024 · 4 comments
Labels
@aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/medium Medium work item – several days of effort p2 package/tools Related to AWS CDK Tools or CLI

Comments

@rehanvdm
Copy link

Describe the bug

When setting analyticsReporting: false on a stack and that has no resources, the diff always reports as if it still wants to add the boostrap ssm param to that stack.

  Stack security--audit--regional--us-east-1 (dlz-regional)
  Hold on while we create a read-only change set to get a diff with accurate replacement information (use --no-change-set to use a less accurate but faster template-only diff)
  Could not create a change set, will base the diff on template differences (run again with -v to see the reason)
  Parameters
  [+] Parameter BootstrapVersion BootstrapVersion: {"Type":"AWS::SSM::Parameter::Value<String>","Default":"/cdk-bootstrap/hnb659fds/version","Description":"Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"}

  Other Changes
  [+] Unknown Rules: {"CheckBootstrapVersion":{"Assertions":[{"Assert":{"Fn::Not":[{"Fn::Contains":[["1","2","3","4","5"],{"Ref":"BootstrapVersion"}]}]},"AssertDescription":"CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."}]}}

But when you deploy the stack, it won't be created because the deploy commands knows that the stack has no resources and it won't add the version ssm param.

security--log--regional--us-east-1 (dlz-regional)
security--log--regional--us-east-1 (dlz-regional): stack has no resources, skipping deployment.

The logic of skipping a stack deployment must be applied to the diff the same as it is being applied to the deploy command

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The logic of skipping a stack deployment must be applied to the diff the same as it is being applied to the deploy command

Current Behavior

The logic for the diff and deploy commands differ

Reproduction Steps

  1. Create an empty stack, specify the analyticsReporting: false option.
  2. Do a diff and a deploy compare the results

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.133.0

Framework Version

No response

Node.js Version

OS

Language

TypeScript

Language Version

No response

Other information

No response
@rehanvdm rehanvdm added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 23, 2024
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Oct 23, 2024
@rehanvdm rehanvdm mentioned this issue Oct 23, 2024
Open
@khushail khushail added needs-reproduction This issue needs reproduction. and removed needs-triage This issue or PR still needs to be triaged. labels Oct 23, 2024
@khushail khushail self-assigned this Oct 23, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. p2 @aws-cdk/core Related to core CDK functionality and removed needs-reproduction This issue needs reproduction. labels Oct 25, 2024
@khushail
Copy link
Contributor

Hi @rehanvdm , thanks for reporting this.

The issue is reproducible with the following code -

const app = new cdk.App();
new CliIssueStack(app, 'CliIssueStack', {
  env: {
    account: process.env.CDK_DEFAULT_ACCOUNT,
    region: process.env.CDK_DEFAULT_REGION,
  },
  analyticsReporting: false,  
  });

when cdk diff was run, got the diff result as -

Screenshot 2024-10-25 at 2 18 37 PM

however deployment succeeded as you stated -
Screenshot 2024-10-25 at 2 24 10 PM

AFAIU, cdk v2 uses defaultStackSynthesizer, which adds following json code into each synthesized template by default -

{
 "Parameters": {
  "BootstrapVersion": {
   "Type": "AWS::SSM::Parameter::Value<String>",
   "Default": "/cdk-bootstrap/hnb659fds/version",
   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
  }
 },
 "Rules": {
  "CheckBootstrapVersion": {
   "Assertions": [
    {
     "Assert": {
      "Fn::Not": [
       {
        "Fn::Contains": [
         [
          "1",
          "2",
          "3",
          "4",
          "5"
         ],
         {
          "Ref": "BootstrapVersion"
         }
        ]
       }
      ]
     },
     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
    }
   ]
  }
 }
}

CDK uses this rule to check the version of the Bootstrap stack which is deployed in your environment. However it can be removed by setting generateBootstrapVersionRule :false and that would not add the skip statement as you can see below -

const app = new cdk.App();
new CliIssueStack(app, 'CliIssueStack', {
  synthesizer: new DefaultStackSynthesizer({
    generateBootstrapVersionRule: false
  })
})

synthesized template -

{
 "Resources": {
  "CDKMetadata": {
   "Type": "AWS::CDK::Metadata",
   "Properties": {
    "Analytics": "v2:deflate64:H4sIAAAAAAAA/zPSMzQz0jNUTCwv1k1OydbNyUzSqw4uSUzO1nFOywtKLc4vLUpOBbGd8/NSMksy8/NqdfLyU1L1sor1y4wM9AzN9QwUs4ozM3WLSvNKMnNT9YIgNADO/LHuWgAAAA=="
   },
   "Metadata": {
    "aws:cdk:path": "CliIssueStack/CDKMetadata/Default"
   },
   "Condition": "CDKMetadataAvailable"
  }
 },
 "Conditions": {
  "CDKMetadataAvailable": {
   "Fn::Or": [
    {
     "Fn::Or": [
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "af-south-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-east-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-northeast-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-northeast-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-northeast-3"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-south-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-south-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-southeast-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-southeast-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-southeast-3"
       ]
      }
     ]
    },
    {
     "Fn::Or": [
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ap-southeast-4"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ca-central-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "ca-west-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "cn-north-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "cn-northwest-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-central-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-central-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-north-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-south-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-south-2"
       ]
      }
     ]
    },
    {
     "Fn::Or": [
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-west-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-west-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "eu-west-3"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "il-central-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "me-central-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "me-south-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "sa-east-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "us-east-1"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "us-east-2"
       ]
      },
      {
       "Fn::Equals": [
        {
         "Ref": "AWS::Region"
        },
        "us-west-1"
       ]
      }
     ]
    },
    {
     "Fn::Equals": [
      {
       "Ref": "AWS::Region"
      },
      "us-west-2"
     ]
    }
   ]
  }
 }
}

and synth does not show any such message.

More information about generateBootstrapVersionRule -

aws-cdk/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts

Line 195 in cb3ecfe

readonly generateBootstrapVersionRule?: boolean; 

  /**
   * Whether to add a Rule to the stack template verifying the bootstrap stack version
   *
   * This generally should be left set to `true`, unless you explicitly
   * want to be able to deploy to an unbootstrapped environment.
   *
   * @default true
   */
  readonly generateBootstrapVersionRule?: boolean;

and how this flag value is used during synthesis -

aws-cdk/packages/aws-cdk-lib/core/lib/stack-synthesizers/default-synthesizer.ts

Line 489 in cb3ecfe

if (this.props.generateBootstrapVersionRule ?? true) {

I am not really sure if team would want to change that check of bootstrap version

Reaching out to team for further inputs and requesting to share insights on this issue.

@khushail khushail removed the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Oct 25, 2024
@khushail khushail removed their assignment Oct 25, 2024
@rehanvdm
Copy link
Author

@khushail what would be the consequence of setting generateBootstrapVersionRule false? I don't want to mess with the CDK internals/logic?

@github-actions github-actions bot mentioned this issue Oct 28, 2024
Closed
@khushail
Copy link
Contributor

khushail commented Oct 28, 2024
edited
Loading

@rehanvdm , this is what I see is mentioned on CDK Docs -
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.DefaultStackSynthesizerProps.html#generatebootstrapversionrule

generateBootstrapVersionRule?

Type: boolean (optional, default: true)

Whether to add a Rule to the stack template verifying the bootstrap stack version.

This generally should be left set to true, unless you explicitly want to be able to deploy to an unbootstrapped environment.

which would mean if this is false, one has to provide a custom bucket, custom role and ECR for the default synthesis process as once you bootstrap any region/environment, default resources are created for the CDK Synthesis process.

For further reference on how to provide your own resources when env is not bootstrapped -https://bliskavka.com/2022/02/07/synth-cdk-to-custom-bucket/

hope this would be helpful!

@github-actions github-actions bot mentioned this issue Nov 1, 2024
Closed
@HBobertz
Copy link
Contributor

HBobertz commented Nov 4, 2024

CDK Core Team Member checking in.

Great catch, we definitely don't want to mess with the actual check logic for the bootstrap version but the diff logic should be properly outputting that we wouldn't be creating this SSM parameter in an empty stack. Still a P2 bug in the backlog, thanks for the report

@khushail khushail added the effort/medium Medium work item – several days of effort label Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/medium Medium work item – several days of effort p2 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@HBobertz @rehanvdm @khushail