feat(core): context lookup errors are reported to CX app#3772
feat(core): context lookup errors are reported to CX app#3772
Conversation
Instead of the toolkit failing and stopping when a context provider lookup fails, the error is reported to the CDK app, which can then decide what to do with it. In practice, it will attach a (localized) error to the Construct tree. This has the following advantages: * Dependent context resolution can proceed in a stepwise fashion, without the toolkit stopping at the first failure. For example, a VPC lookup from a value found in SSM will work. * Stacks in multiple accounts that need context lookup can be used in a single app with cold context. Without this change they couldn't, because you could only have credentials for a single account at a time available so lookup for one of the accounts was bound to fail. Fixes #3654.
|
TODO: tests and fixing build |
Pull Request Checklist
|
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
1 similar comment
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
|
Before I lock in the error and nosave protocols using tests I want a second pair of eyes on this. No point spending effort locking down this behavior if other people are going to make me change it. Some motivation/explanation:
|
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
| * - The request does not have versioning yet, only the response. | ||
| */ | ||
| export const CLOUD_ASSEMBLY_VERSION = '0.36.0'; | ||
| export const CLOUD_ASSEMBLY_VERSION = '1.6.0'; |
There was a problem hiding this comment.
Isn't this a breaking change?
There was a problem hiding this comment.
It certainly means you will have to get a newer CLI version to use this functionality. Is that a breaking change? Does that mean we can never evolve the CX protocol ever again?
There was a problem hiding this comment.
I don't think this constitutes a breaking change as long as there's a good error (and there should be)
| */ | ||
| function stripTransientValues(obj: any) { | ||
| const ret: any = {}; | ||
| for (const [key, value] of Object.entries(obj)) { |
There was a problem hiding this comment.
obj might be null or undefined, in which case Object.entries will raise.
There was a problem hiding this comment.
It couldn't really, but I think you're telling me to shore up the input type definition.
| * - The request does not have versioning yet, only the response. | ||
| */ | ||
| export const CLOUD_ASSEMBLY_VERSION = '0.36.0'; | ||
| export const CLOUD_ASSEMBLY_VERSION = '1.6.0'; |
There was a problem hiding this comment.
I don't think this constitutes a breaking change as long as there's a good error (and there should be)
| if (semver.lt(frameworkVersion, toolkitVersion)) { | ||
| throw new Error( | ||
| `CDK CLI can only be used with apps created by CDK >= ${CLOUD_ASSEMBLY_VERSION}`); | ||
| `CDK CLI can only be used with apps created by CDK >= ${toolkitVersion} (got ${frameworkVersion})`); |
There was a problem hiding this comment.
frameworkVersion and toolkitVersion do not represent the CDK version but rather the manifest version. The addition of "got ${x}" will be misleading (it will report the manifest version of the toolkit/framework instead of the actual version). I would recommend not adding it.
There was a problem hiding this comment.
We purposely used CDK version numbers as manifest version numbers so that we can generate error messages like this. The alternatives would be:
# no information
The assembly is too new, get a newer CLI.
# information that's hard to map to software versions
The assembly has version 5, but this CLI can only read assembly version 3. Get a newer CLI.
Both of which are horrible in terms of what a user should do about it, or what versions they should be looking for.
There was a problem hiding this comment.
My reservation is only with the got ${frameworkVersion}. It will be confusing because it will not print the framework version but rather the cloud assembly version that the framework presents. Either we should find some other phrasing or avoid this part of the message. The first part is useful.
There was a problem hiding this comment.
Oh I see what you mean. Agreed.
| } | ||
|
|
||
| public static getValue(scope: Construct, options: GetContextValueOptions): any { | ||
| public static getValue(scope: Construct, options: GetContextValueOptions): GetContextValueResult { |
There was a problem hiding this comment.
I am wondering why did we need to change the return type here. Seems like it doesn't provide any benefit.
There was a problem hiding this comment.
Consistency with getKey().
| const value = await provider.getValue(missingContext.props); | ||
| let value; | ||
| try { | ||
| value = await provider.getValue(missingContext.props); |
There was a problem hiding this comment.
I feel like I am missing something here. Why not just set the key to undefined and let the system stabilize itself?
There was a problem hiding this comment.
First, because we couldn't tell the difference between a value that hasn't been looked up yet, and a value that we tried to look up but the lookup failed.
Second, because the point is to catch the error and transport it to the CX.
There was a problem hiding this comment.
Not sure I understand the response. Why do we need to tell the difference?
There was a problem hiding this comment.
At some point I used to tell the difference between failed lookups and untried lookups, that's no longer the case. But we still need to transport the error to the CX, so it can attach a useful error message to the construct tree.
|
Since I didn't get any substantial feedback on the approach, I'm going to assume you all are okay with the direction of this change, and I will start adding unit tests now. |
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
|
Codebuild (Continuous Integration) build failed for current commits. Please check log and resolve before PR is merged. |
|
Thanks so much for taking the time to contribute to the AWS CDK ❤️ We will shortly assign someone to review this pull request and help get it
|
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
…k into huijbers/context-report-error
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Instead of the toolkit failing and stopping when a context provider lookup fails, the error is reported to the CDK app, which can then decide what to do with it. In practice, it will attach a (localized) error to the Construct tree. This has the following advantages: * Dependent context resolution can proceed in a stepwise fashion, without the toolkit stopping at the first failure. For example, a VPC lookup from a value found in SSM will work. * Stacks in multiple accounts that need context lookup can be used in a single app with cold context. Without this change they couldn't, because you could only have credentials for a single account at a time available so lookup for one of the accounts was bound to fail. Fixes #3654.
* chore: fix CLI integration tests Fix breakage introduced by #3782, which changed the wrong string. Update other expectation to match change introduced in #3772. * Use substitutions in error message * Rewrite how CLI tests are being run * Extract environment setup from tests * Need to not ignore integ test Javascript files
Instead of the toolkit failing and stopping when a context provider
lookup fails, the error is reported to the CDK app, which can then
decide what to do with it.
In practice, it will attach a (localized) error to the Construct tree.
This has the following advantages:
without the toolkit stopping at the first failure. For example,
a VPC lookup from a value found in SSM will work.
in a single app with cold context. Without this change they couldn't,
because you could only have credentials for a single account at a
time available so lookup for one of the accounts was bound to fail.
Fixes #3654.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license