bootstrap: Missing new permissions boundary options #24882
Assignees
Labels
bug
This issue is a bug.
documentation
This is a problem with documentation.
effort/small
Small work item – less than a day of effort
p1
package/tools
Related to AWS CDK Tools or CLI
Comments
joehillen
added
documentation
|
Yes, we should add them in the document. Thank you for the report. |
pahud
added
effort/small
1 task
mergify bot
pushed a commit
that referenced
this issue
May 9, 2024
### Issue Closes #24882 ### Reason for this change As mentioned in the issue, some of the options for bootstrap were not showing up with `--help` ``` .option('example-permissions-boundary', { type: 'boolean', alias: ['epb', 'example-permissions-boundary'], desc: 'Use the example permissions boundary.', default: undefined, conflicts: 'custom-permissions-boundary' }) .option('custom-permissions-boundary', { type: 'string', alias: ['cpb', 'custom-permissions-boundary'], desc: 'Use the permissions boundary specified by name.', default: undefined, conflicts: 'example-permissions-boundary' }) ``` ### Description of changes Since alias conflicts with actual sub-command option, it fails silently and does not show the option with `--help` ### Description of how you validated changes Built the cdk locally and used `<local repo path>/aws-cdk/bin/cdk bootstrap --help` and verified the options are showing up ### Output `cdk bootstrap --help` output: ``` cdk bootstrap [ENVIRONMENTS..] Deploys the CDK toolkit stack into an AWS environment Options: -a, --app REQUIRED WHEN RUNNING APP: command-line for executing your app or a cloud assembly directory (e.g. "node bin/my-app.js"). Can also be specified in cdk.json or ~/.cdk.json [string] --build Command-line for a pre-synth build [string] -c, --context Add contextual string parameter (KEY=VALUE) [array] -p, --plugin Name or path of a node package that extend the CDK features. Can be specified multiple times [array] --trace Print trace for stack warnings [boolean] --strict Do not construct stacks with warnings [boolean] --lookups Perform context lookups (synthesis fails if this is disabled and context lookups need to be performed) [boolean] [default: true] --ignore-errors Ignores synthesis errors, which will likely produce an invalid output [boolean] [default: false] -j, --json Use JSON output instead of YAML when templates are printed to STDOUT [boolean] [default: false] -v, --verbose Show debug logs (specify multiple times to increase verbosity) [count] [default: false] --debug Enable emission of additional debugging information, such as creation stack traces of tokens [boolean] [default: false] --profile Use the indicated AWS profile as the default environment [string] --proxy Use the indicated proxy. Will read from HTTPS_PROXY environment variable if not specified [string] --ca-bundle-path Path to CA certificate to use when validating HTTPS requests. Will read from AWS_CA_BUNDLE environment variable if not specified [string] -i, --ec2creds Force trying to fetch EC2 instance credentials. Default: guess EC2 instance status [boolean] --version-reporting Include the "AWS::CDK::Metadata" resource in synthesized templates (enabled by default) [boolean] --path-metadata Include "aws:cdk:path" CloudFormation metadata for each resource (enabled by default) [boolean] --asset-metadata Include "aws:asset:*" CloudFormation metadata for resources that uses assets (enabled by default)[boolean] -r, --role-arn ARN of Role to use when invoking CloudFormation [string] --staging Copy assets to the output directory (use --no-staging to disable the copy of assets which allows local debugging via the SAM CLI to reference the original source files) [boolean] [default: true] -o, --output Emits the synthesized cloud assembly into a directory (default: cdk.out) [string] --notices Show relevant notices [boolean] --no-color Removes colors and other style from console output [boolean] [default: false] --ci Force CI detection. If CI=true then logs will be sent to stdout instead of stderr [boolean] [default: false] --version Show version number [boolean] -b, --bootstrap-bucket-name, The name of the CDK toolkit bucket; --toolkit-bucket-name bucket will be created and must not exist [string] --bootstrap-kms-key-id AWS KMS master key ID used for the SSE-KMS encryption [string] --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] --bootstrap-customer-key Create a Customer Master Key (CMK) for the bootstrap bucket (you will be charged but can customize permissions, modern bootstrapping only) [boolean] --qualifier String which must be unique for each bootstrap stack. You must configure it on your CDK app if you change this from the default. [string] --public-access-block-configuration Block public access configuration on CDK toolkit bucket (enabled by default) [boolean] -t, --tags Tags to add for the stack (KEY=VALUE) [array] [default: []] --execute Whether to execute ChangeSet (--no-execute will NOT execute the ChangeSet) [boolean] [default: true] --trust The AWS account IDs that should be trusted to perform deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] --trust-for-lookup The AWS account IDs that should be trusted to look up values in this environment (may be repeated, modern bootstrapping only) [array] [default: []] --cloudformation-execution-policies The Managed Policy ARNs that should be attached to the role performing deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] -f, --force Always bootstrap even if it would downgrade template version [boolean] [default: false] --termination-protection Toggle CloudFormation termination protection on the bootstrap stacks [boolean] --show-template Instead of actual bootstrapping, print the current CLI's bootstrapping template to stdout for customization [boolean] [default: false] --toolkit-stack-name The name of the CDK toolkit stack to create [string] --template Use the template from the given file instead of the built-in one (use --show-template to obtain an example) [string] --previous-parameters Use previous values for existing parameters (you must specify all parameters on every deployment if this is disabled) [boolean] [default: true] -h, --help Show help [boolean] ``` TLDR; ``` --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Describe the issue
There appear to be new options that are not listed in the docs or
--helphttps://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/cli.ts#L98-L99
Relates to #12207
Links
The text was updated successfully, but these errors were encountered: