Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

CLI: Add context validate/refresh commands #25828

Closed
1 of 2 tasks
frogamic opened this issue Jun 2, 2023 · 3 comments
Closed
1 of 2 tasks

CLI: Add context validate/refresh commands #25828

frogamic opened this issue Jun 2, 2023 · 3 comments
Labels
closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@frogamic
Copy link

frogamic commented Jun 2, 2023

Describe the feature

The UX for managing cdk context is clunky and difficult to teach to new users (do you delete cdk.context.json?, manually edit the file? did you remove the key pertaining to the prod account or the dev account??). In addition, having all the values for SSM parameters persisted into a text file that is committed to source control somewhat removes the benefit of using SSM to drive parameters instead of using some local config files instead.

Use Case

We are finding the UX around keeping context values up to date to be frustrating. In our CI system, CDK deploy will use the out of date values (primarily for SSM parameters in our case) and either succeed with out of date values, or fail with an error that some value is invalid (e.g. ecs cluster ID is invalid) because the value from context is used rather than the fresh value stored in SSM. This type of error is not always obviously attributed to stale context by inexperienced devs causing time consuming trouble shooting.

Once the issue is identified, fixing the stale context would involve one of the following, all not ideal

  • manually edit cdk.context.json to remove the offending value and then re-synth
  • delete cdk.context.json and re-synth
  • use cdk context --reset <number> any number of times and re-synth
    2 of these options are inconvenient and the other could wipe context from other accounts/regions that is still accurate and should be kept.

Proposed Solution

Add 2 subcommands to the CDK context command:
cdk context validate
This command would use the same mechanism as originally populated the context to fetch fresh values for all keys and return with a non-zero exit status and useful log output if they are different from the cached values.
It should default to validating all keys for the current account/region if known, and take filter parameters to customize which keys to validate, i.e. to validate all keys associated with x account, or y region, or from z configprovider

The purpose of this command is to run on CI before a deploy or before a PR, or even a precommit hook, to ensure that stale context is not being used, and give the user a clear indication of which key is stale.

cdk context refresh
This command would use the same mechanisms for fetching context, to fetch fresh values for all keys and cache them in the cdk.context.json file. It would have the same filtering options and default behaviour as above to refresh keys relating to a specific provider, account or region or combination of the 3.

The purpose of this command would be for devs to run it during development in order to ensure the context being committed is fresh. Especially if your CI failed at cdk context validate on a PR, you would run cdk context refresh and commit the fresh values to resolve the issue.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.80

Environment details (OS name and version, etc.)

MacOS 13.2.1 and NixOS 23.05

@frogamic frogamic added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 2, 2023
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Jun 2, 2023
@pahud
Copy link
Contributor

pahud commented Jun 5, 2023

Thank you for your feature request.

Can you share more details about how the context values are invalid in your use case?

If your CI fetches the values from SSM, I assume the it should always run cdk context --reset KEY before the cdk synth --context key=value to avoid using the cached value?

In our CI system, CDK deploy will use the out of date values (primarily for SSM parameters in our case) and either succeed with out of date values, or fail with an error that some value is invalid (e.g. ecs cluster ID is invalid) because the value from context is used rather than the fresh value stored in SSM.

@pahud pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 5, 2023
@github-actions
Copy link

github-actions bot commented Jun 7, 2023

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 7, 2023
@frogamic
Copy link
Author

If your CI fetches the values from SSM, I assume the it should always run cdk context --reset KEY before the cdk synth --context key=value to avoid using the cached value?

Our CI system is not fetching SSM parameters and passing them as --context ... options, it is using CDK context system, i.e. let CDK get the value from cdk.context.json or look it up during synth. The problem is that as long as we check cdk.context.json into version control, as all advice suggests, these values can be stale. If our CI ran cdk context --clear before a build, that seems like it would ruin many of the benefits of checking the context.json into version control (i.e. repeatability/deterministic deploys)

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Development

No branches or pull requests

2 participants