Skip to content

(aws-apigateway): race condition between Stage and CfnAccount on SpecRestApi #18925

Closed
#22671
Closed
(aws-apigateway): race condition between Stage and CfnAccount on SpecRestApi#18925
#22671
Labels
@aws-cdk/aws-apigatewayRelated to Amazon API GatewaybugThis issue is a bug.p1
@arnulfojr

Description

@arnulfojr
arnulfojr
opened on Feb 10, 2022

What is the problem?

When cloudWatchRole is enabled, a CfnAccount is created for it. Since there is no explicit dependency between the the stages and the account, CloudFormation may deploy them in the wrong order, causing the deployment to fail.

Add an explicit dependency between Stages (whether defined by the user or created automatically) and the CloudWatch CfnAccount, if it exists.

This PR solved it for the RestApi #18011 but not entirely for the SpecRestApi.

Currently when we instantiate a SpecRestApi the class will first create the Deployment and the Stage

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/restapi.ts

Lines 651 to 660 in 5dd8e50

this._configureDeployment(props);
if (props.domainName) {
this.addDomainName('CustomDomain', props.domainName);
}
const cloudWatchRole = props.cloudWatchRole ?? true;
if (cloudWatchRole) {
this._configureCloudWatchRole(resource);
}
}

then attach the Stage to the API

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/restapi.ts

Lines 560 to 565 in 5dd8e50

// stage name is part of the endpoint, so that makes sense.
const stageName = (props.deployOptions && props.deployOptions.stageName) || 'prod';
this.deploymentStage = new Stage(this, `DeploymentStage.${stageName}`, {
deployment: this._latestDeployment,
...props.deployOptions,

The problem is that when calling the _attachStage the cloudwatchAccount does not exist yet, so it does not create the dependency between each other (as in RestApi)

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/stage.ts

Lines 258 to 263 in 5dd8e50

this.restApi = props.deployment.api;
if (RestApiBase._isRestApiBase(this.restApi)) {
this.restApi._attachStage(this);
}
}

If my understanding is correct, we would just need to swap the calls, first create the cloudwatchAccount then create the deployment and stage.

Reproduction Steps

Create a SpecRestApi and deploy the stack all at once.

What did you expect to happen?

Deployment to complete.

What actually happened?

When creating a SpecRestApi the race condition still happens

CDK CLI Version

1.142.0 (build 5dd8e50)

Framework Version

1.142.0

Node.js Version

17.3.0

OS

macOS

Language

Typescript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-apigatewayRelated to Amazon API GatewaybugThis issue is a bug.p1

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions