GithubHelp home page GithubHelp logo

connec / cloudformatious Goto Github PK

View Code? Open in Web Editor NEW
0.0 0.0 1.0 219 KB

A CloudFormation library offering richly typed higher-level APIs to perform long-running operations and await their termination or observe their progress.

License: MIT License

Rust 100.00%

cloudformatious's People

Contributors

connec avatar

Watchers

avatar avatar

cloudformatious's Issues

Unexpected panic when there are no changes to apply 

thread 'main' panicked at 'Stack without change_set_id', cloudformatious-0.1.2/src/apply_stack.rs:434:48
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Assumed to be related to there being no changes. It's not clear why this does seem to work in some cases, e.g.

cloudformatious/tests/it/apply_stack.rs

Lines 211 to 239 in 82fdf77

#[tokio::test]
async fn apply_overall_idempotent() -> Result<(), Box<dyn std::error::Error>> {
let client = get_client();
let stack_name = generated_name();
let input = ApplyStackInput::new(&stack_name, TemplateSource::inline(EMPTY_TEMPLATE));
let mut apply = client.apply_stack(input.clone());
let change_set = apply.change_set().await?;
assert_eq!(change_set.status, ChangeSetStatus::CreateComplete);
assert_eq!(change_set.execution_status, ExecutionStatus::Available);
assert!(change_set.changes.is_empty());
let output1 = apply.await?;
let mut apply = client.apply_stack(input);
let change_set = apply.change_set().await?;
assert_eq!(change_set.status, ChangeSetStatus::Failed);
assert!(change_set.status_reason.is_some());
assert_eq!(change_set.execution_status, ExecutionStatus::Unavailable);
assert!(change_set.changes.is_empty());
let output2 = apply.await?;
assert_eq!(output2.stack_status, StackStatus::CreateComplete);
assert_eq!(output1, output2);
clean_up(&client, stack_name).await?;
Ok(())
}
.

Authz hint missing for IAM OIDC provider APIs

E.g.

Resource handler returned message: "User: ... is not authorized to perform: iam:DeleteOpenIDConnectProvider on resource: ... because no identity-based policy allows the iam:DeleteOpenIDConnectProvider action (Service: Iam, Status Code: 403, Request ID: ...)" (RequestToken: ..., HandlerErrorCode: AccessDenied)

The filter for permission errors needs to be a bit more flexible.

Panic when modifying `AWS::SecretsManager::Secret` tags 

thread 'main' panicked at 'ResourceTargetDefinition with attribute "Tags" with requires_recreation', /cloudformatious-0.1.1/src/change_set.rs:588:17
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

        {
            "Type": "Resource",
            "ResourceChange": {
                "Action": "Modify",
                "LogicalResourceId": "...",
                "PhysicalResourceId": "arn:aws:secretsmanager:eu-west-1:...:secret:...",
                "ResourceType": "AWS::SecretsManager::Secret",
                "Replacement": "Conditional",
                "Scope": [
                    "Properties",
                    "Tags"
                ],
                "Details": [
                    {
                        "Target": {
                            "Attribute": "Tags",
                            "RequiresRecreation": "Conditionally" // wat
                        },
                        "Evaluation": "Dynamic",
                        "ChangeSource": "DirectModification"
                    },
                    {
                        "Target": {
                            "Attribute": "Properties",
                            "Name": "SecretString",
                            "RequiresRecreation": "Conditionally"
                        },
                        "Evaluation": "Dynamic",
                        "ChangeSource": "ResourceAttribute",
                        "CausingEntity": "..."
                    },
                    {
                        "Target": {
                            "Attribute": "Tags",
                            "RequiresRecreation": "Never"
                        },
                        "Evaluation": "Static"
                    },
                    {
                        "Target": {
                            "Attribute": "Tags",
                            "RequiresRecreation": "Conditionally" // wat
                        },
                        "Evaluation": "Static",
                        "ChangeSource": "ParameterReference",
                        "CausingEntity": "..."
                    },
                    {
                        "Target": {
                            "Attribute": "Properties",
                            "Name": "Description",
                            "RequiresRecreation": "Conditionally"
                        },
                        "Evaluation": "Dynamic",
                        "ChangeSource": "ResourceReference",
                        "CausingEntity": "..."
                    }
                ]
            }
        },

Updating only tags for `AWS::AppRunner::Service` causes panic

Low priority since CloudFormation itself fails on tag-only updates to AWS::AppRunner::Service. The panic originates here:

cloudformatious/src/change_set.rs

Lines 666 to 677 in 73cf5ae

assert!(
// We assume that changes to these attributes would never require recreation.
// NOTE: CloudFormation may report tag changes on AWS::SecretsManager::Secret
// resources as conditionally requiring recreation. We assume this is a bug in
// CloudFormation and ignore it.
matches!(
target.requires_recreation,
None | Some(aws_sdk_cloudformation::model::RequiresRecreation::Never)
) || resource_type == "AWS::SecretsManager::Secret",
"ResourceTargetDefinition with attribute {:?} with requires_recreation",
attribute
);

Note that there's already an exception for AWS::SecretsManager::Secret (introduced in 7e5e35d). For now we could simply add an additional exception for AWS::AppRunner::Service.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.