feat(ssm): allow disabling context caching in valueFromLookup#29372
feat(ssm): allow disabling context caching in valueFromLookup#29372andreialecu wants to merge 7 commits intoaws:mainfrom
Conversation
github-actions
bot
added
effort/medium
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ Features must contain a change to an integration test file and the resulting snapshot.
❌ CLI code has changed. A maintainer must run the code through the testing pipeline (git fetch origin pull/29372/head && git push -f origin FETCH_HEAD:test-main-pipeline), then add the 'pr-linter/cli-integ-tested' label when the pipeline succeeds.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
✅ A exemption request has been requested. Please wait for a maintainer's review.
aws-cdk-automation
added
the
pr/needs-cli-test-run
|
Exemption Request: I don't think an integration test is required here because there's no change to the synthesis. This is just a change relating to what gets saved in
|
aws-cdk-automation
added
the
pr-linter/exemption-requested
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
aws-cdk-automation
added
the
pr/needs-maintainer-review
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
aaythapa
left a comment
aaythapa
left a comment
There was a problem hiding this comment.
Thank you for the PR!
A couple of comments, mostly from my own lack of understanding for this part of the code base
| }, | ||
| "disableContextCaching": { | ||
| "description": "Whether to disable persisting this to the context file.", | ||
| "default": false, | ||
| "type": "boolean" |
There was a problem hiding this comment.
Curious about the schema changes, did you add these manually?
There was a problem hiding this comment.
Not manual, no. If I remember correctly this was the result of running yarn update-schema which I think was required for getting tests to pass.
| const config = await new Configuration({ readUserContext: false }).load(); | ||
|
|
||
| // THEN | ||
| expect(value).toEqual('dummy-value-for-my-param-name'); |
There was a problem hiding this comment.
Confused by why this is true, did you set value to dummy-value-for-my-param-name somewhere?
There was a problem hiding this comment.
See here:
aws-cdk/packages/aws-cdk-lib/aws-ssm/README.md
Lines 61 to 65 in ab94070
There was a problem hiding this comment.
Also, if you look at the test before this one, a similar assertion is made (line 641)
| expect(config.context.keys).toEqual(['ssm:account=12344:parameterName=my-param-name:region=us-east-1']); | ||
| }); | ||
|
|
||
| test('fromLookup will not persist value in context if requested', async () => { |
There was a problem hiding this comment.
With disableContextCaching would the value in cdk context get overwritten when the parameter is resolved or is it the value never gets saved in cdk context?
If its the former I'd prefer if this test showed that with disableContextCaching the context will have a new value everytime it resolves the parameter
There was a problem hiding this comment.
If there's a previous value in the context, valueFromLookup() will use that one and not do another lookup.
This PR only allows disabling persisting to the context cache if the value needs to be looked up.
There was a problem hiding this comment.
I added a new test to confirm what I mentioned in my comment above.
There was a problem hiding this comment.
I'm open to renaming this to something like skipContextPersistence or some other name that would be more descriptive.
| if (missingContext.disableContextCaching) { | ||
| debug(`Skipping context caching for ${key}`); | ||
| context.set(key + TRANSIENT_CONTEXT_KEY, { [TRANSIENT_CONTEXT_KEY]: true }); |
There was a problem hiding this comment.
Does this property work for any context lookup? Like it was suggested in this comment
There was a problem hiding this comment.
It should be able to be used it in other context lookups, but this PR only implements it for SSM. I'm not sure what other context lookups would benefit from this, but with the underlaying changes in this PR, it would be easy to make it work elsewhere.
| expect(config2.context.get('some_key')).toEqual(undefined); | ||
| }); | ||
|
|
||
| test('transient keys arent saved to disk', async () => { |
There was a problem hiding this comment.
Not sure about the purpose of this test since it doesn't use disableContextCaching?
There was a problem hiding this comment.
This is a copy of the test above it ("transient values arent saved to disk") but it checks that the specified keys/values don't get saved to the context, regardless of what the value is.
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
andreialecu
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
These two PRs (#29372) and (#28766) are not doing the same thing, but there is definitely overlap. Given that fact, it changes the feedback I was going to give to both a bit. I absolutely see the value in both these changes but want to make sure we're getting the contract right across both. I know you've both been waiting for feedback for some time but I'm going to tax your patience a tad further so I can discuss with the team tomorrow. |
|
Just came across this feature while searching how to disable caching for ssm lookup. Thanks @andreialecu, can't wait to use it ! |
|
@andreialecu @aaythapa @TheRealAmazonKendra |
GavinZZ
added
pr-linter/exempt-test
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
@andreialecu I apologize that this PR was just sitting here since Kendra reviewed and we did not make any new progress. Are you still interested in contributing this feature? If yes, please address the conflicts and ping me for another review. I'll make sure to prioritize reviewing this PR once the conflicts are addressed. |
The changes merged while this PR was overlooked have introduced some awkwardness in usage. Someone added functionality to return a default value, which could have been integrated into the options object I proposed in this PR under a I must note my disappointment with the turnaround on this. I'll try to fix the conflicts. |
|
@GavinZZ this PR introduced changes to the I'm not sure how to proceed, should I open a PR there first and wait for that to be merged before doing this? It won't work without the change. |
|
This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
|
@andreialecu Thanks for getting back to me. I had an internal discussion with my colleague and we have some questions on why the disable context caching is needed given that CloudFormation supports dynamic reference. My colleague will post more detail on this discussion shortly in this issue #12366 and let's continue the discussion from there. |
|
This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error. |
aws-cdk-automation
added
the
closed-for-staleness
|
Comments on closed issues and PRs are hard for our team to see. |
7 participants
Issue # (if applicable)
Closes #12366
Reason for this change
There are cases when the ssm value should not be cached because it can accidentally roll back certain resources. See discussion in #12366
In my case, I'm using the AWS CLI to update a Cloudfront origin, but it's also part of a CDK stack. I want to avoid deploying the CDK stack and accidentally reverting the origin (which is also persisted to SSM, so the CDK stack can read it if needed).
Description of changes
I added an optional parameter to
valueFromLookup(this, 'param', { disableContextCaching: true })It works by setting an adjacent context key of
key + TRANSIENT_CONTEXT_KEY, piggybacking on similar behavior in the CDK.This seemed like the most straightforward implementation because
valueis usually a primitive value, and there was no way to attach this metadata.I didn't want to grow the scope of the change, but ideally,
valueshould've been an object so that{ [TRANSIENT_CONTEXT_KEY]: true, value }could've been used directly. I wasn't sure of that behavior's implications and potential breaking changes.Description of how you validated changes
Added tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license