fix(aws-cdk): Improvements to IAM diff rendering (#1542)

Contains the following changes: - Print table to STDOUT instead of STDERR. This ensures the diff output and the "confirm (y/n)" prompt that follows it don't interleave on the terminal, degrading readability. - Control table width to not exceed the terminal width, so that it doesn't wrap and lead to a mess of lines. - Switch back to the new version of the `table` library (instead of `cli-table`) which now has in-cell newline support, to get rid of the rendering bugs in `cli-table` that would occasionally eat newlines. - Render resource `replace` impact as red instead of yellow, to indicate that data loss will be happening here (fixes #1458). - Change replacement diffing in order to not trigger IAM changes dialog (fixes #1495). - Print a message instead of an empty table if 'cdk context' has no information in it (fixes #1549). Explanation: We used to modify the new target template in place, causing changes to the logical ids of replaced resources, which would trigger downstream changes, which would further trigger potential downstream replacements, etc. This would properly calculate the set of impacted resources, but would also lead to the modified logical ID popping up in the IAM diff, which was not desirable. In this change, we do the same processing but we throw away the template after all changes have been propagated, and only copy the resultant property *statuses* onto the diff object that gets returned to the user. This leads to the same displayed result without the changes to the template actually propagating. In the course of this modification, the diff classes have been changed to also have objects in places of resources and properties that didn't actually change (so that they could be modified in-place), and diff objects have a boolean telling whether they are actual changes or not.
aws · Jan 16, 2019 · 3270b47 · 3270b47
1 parent 6642ca2
commit 3270b47
Show file tree

Hide file tree

Showing 15 changed files with 395 additions and 189 deletions.
diff --git a/packages/@aws-cdk/assert/lib/assertions/match-template.ts b/packages/@aws-cdk/assert/lib/assertions/match-template.ts
@@ -55,7 +55,7 @@ class StackMatchesTemplateAssertion extends Assertion<StackInspector> {
  private isDiffAcceptable(diff: cfnDiff.TemplateDiff): boolean {
  switch (this.matchStyle) {
  case MatchStyle.EXACT:
- return diff.count === 0;
+ return diff.differenceCount === 0;
  case MatchStyle.NO_REPLACES:
  for (const key of Object.keys(diff.resources.changes)) {
  const change = diff.resources.changes[key]!;

diff --git a/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts b/packages/@aws-cdk/cloudformation-diff/lib/diff-template.ts
@@ -39,42 +39,77 @@ const DIFF_HANDLERS: HandlerRegistry = {
  * the template +newTemplate+.
  */
 export function diffTemplate(currentTemplate: { [key: string]: any }, newTemplate: { [key: string]: any }): types.TemplateDiff {
+ // Base diff
+ const theDiff = calculateTemplateDiff(currentTemplate, newTemplate);
+
  // We're going to modify this in-place
- newTemplate = deepCopy(newTemplate);
-
- while (true) {
- const differences: types.ITemplateDiff = {};
- const unknown: { [key: string]: types.Difference<any> } = {};
- for (const key of unionOf(Object.keys(currentTemplate), Object.keys(newTemplate)).sort()) {
- const oldValue = currentTemplate[key];
- const newValue = newTemplate[key];
- if (deepEqual(oldValue, newValue)) { continue; }
- const handler: DiffHandler = DIFF_HANDLERS[key]
- || ((_diff, oldV, newV) => unknown[key] = impl.diffUnknown(oldV, newV));
- handler(differences, oldValue, newValue);
+ const newTemplateCopy = deepCopy(newTemplate);
 
- }
- if (Object.keys(unknown).length > 0) { differences.unknown = new types.DifferenceCollection(unknown); }
+ let didPropagateReferenceChanges;
+ let diffWithReplacements;
+ do {
+ diffWithReplacements = calculateTemplateDiff(currentTemplate, newTemplateCopy);
 
  // Propagate replacements for replaced resources
- let didPropagateReferenceChanges = false;
- if (differences.resources) {
- differences.resources.forEach((logicalId, change) => {
+ didPropagateReferenceChanges = false;
+ if (diffWithReplacements.resources) {
+ diffWithReplacements.resources.forEachDifference((logicalId, change) => {
  if (change.changeImpact === types.ResourceImpact.WILL_REPLACE) {
- if (propagateReplacedReferences(newTemplate, logicalId)) {
+ if (propagateReplacedReferences(newTemplateCopy, logicalId)) {
  didPropagateReferenceChanges = true;
  }
  }
  });
  }
+ } while (didPropagateReferenceChanges);
+
+ // Copy "replaced" states from `diffWithReplacements` to `theDiff`.
+ diffWithReplacements.resources
+ .filter(r => isReplacement(r!.changeImpact))
+ .forEachDifference((logicalId, downstreamReplacement) => {
+ const resource = theDiff.resources.get(logicalId);
+
+ if (resource.changeImpact !== downstreamReplacement.changeImpact) {
+ propagatePropertyReplacement(downstreamReplacement, resource);
+ }
+ });
+
+ return theDiff;
+}
+
+function isReplacement(impact: types.ResourceImpact) {
+ return impact === types.ResourceImpact.MAY_REPLACE || impact === types.ResourceImpact.WILL_REPLACE;
+}
 
- // We're done only if we didn't have to propagate any more replacements.
- if (!didPropagateReferenceChanges) {
- return new types.TemplateDiff(differences);
+/**
+ * For all properties in 'source' that have a "replacement" impact, propagate that impact to "dest"
+ */
+function propagatePropertyReplacement(source: types.ResourceDifference, dest: types.ResourceDifference) {
+ for (const [propertyName, diff] of Object.entries(source.propertyUpdates)) {
+ if (diff.changeImpact && isReplacement(diff.changeImpact)) {
+ // Use the propertydiff of source in target. The result of this happens to be clear enough.
+ dest.setPropertyChange(propertyName, diff);
  }
  }
 }
 
+function calculateTemplateDiff(currentTemplate: { [key: string]: any }, newTemplate: { [key: string]: any }): types.TemplateDiff {
+ const differences: types.ITemplateDiff = {};
+ const unknown: { [key: string]: types.Difference<any> } = {};
+ for (const key of unionOf(Object.keys(currentTemplate), Object.keys(newTemplate)).sort()) {
+ const oldValue = currentTemplate[key];
+ const newValue = newTemplate[key];
+ if (deepEqual(oldValue, newValue)) { continue; }
+ const handler: DiffHandler = DIFF_HANDLERS[key]
+ || ((_diff, oldV, newV) => unknown[key] = impl.diffUnknown(oldV, newV));
+ handler(differences, oldValue, newValue);
+
+ }
+ if (Object.keys(unknown).length > 0) { differences.unknown = new types.DifferenceCollection(unknown); }
+
+ return new types.TemplateDiff(differences);
+}
+
 /**
  * Compare two CloudFormation resources and return semantic differences between them
  */
@@ -109,7 +144,7 @@ function propagateReplacedReferences(template: object, logicalId: string): boole
 
  if (key === 'Ref') {
  if (obj.Ref === logicalId) {
- obj.Ref = logicalId + '(replaced)';
+ obj.Ref = logicalId + ' (replaced)';
  ret = true;
  }
  return true;

diff --git a/packages/@aws-cdk/cloudformation-diff/lib/diff/index.ts b/packages/@aws-cdk/cloudformation-diff/lib/diff/index.ts
@@ -1,6 +1,6 @@
 import cfnspec = require('@aws-cdk/cfnspec');
 import types = require('./types');
-import { diffKeyedEntities } from './util';
+import { deepEqual, diffKeyedEntities } from './util';
 
 export function diffAttribute(oldValue: any, newValue: any): types.Difference<string> {
  return new types.Difference<string>(_asString(oldValue), _asString(newValue));
@@ -31,31 +31,29 @@ export function diffResource(oldValue?: types.Resource, newValue?: types.Resourc
  oldType: oldValue && oldValue.Type,
  newType: newValue && newValue.Type
  };
- let propertyUpdates: { [key: string]: types.PropertyDifference<any> } = {};
- let otherChanges: { [key: string]: types.Difference<any> } = {};
+ let propertyDiffs: { [key: string]: types.PropertyDifference<any> } = {};
+ let otherDiffs: { [key: string]: types.Difference<any> } = {};
 
  if (resourceType.oldType !== undefined && resourceType.oldType === resourceType.newType) {
  // Only makes sense to inspect deeper if the types stayed the same
  const typeSpec = cfnspec.filteredSpecification(resourceType.oldType);
  const impl = typeSpec.ResourceTypes[resourceType.oldType];
- propertyUpdates = diffKeyedEntities(oldValue!.Properties,
+ propertyDiffs = diffKeyedEntities(oldValue!.Properties,
  newValue!.Properties,
  (oldVal, newVal, key) => _diffProperty(oldVal, newVal, key, impl));
- otherChanges = diffKeyedEntities(oldValue, newValue, _diffOther);
- delete otherChanges.Properties;
+ otherDiffs = diffKeyedEntities(oldValue, newValue, _diffOther);
+ delete otherDiffs.Properties;
  }
 
  return new types.ResourceDifference(oldValue, newValue, {
- resourceType, propertyUpdates, otherChanges,
- oldProperties: oldValue && oldValue.Properties,
- newProperties: newValue && newValue.Properties,
+ resourceType, propertyDiffs, otherDiffs,
  });
 
  function _diffProperty(oldV: any, newV: any, key: string, resourceSpec?: cfnspec.schema.ResourceType) {
- let changeImpact;
+ let changeImpact = types.ResourceImpact.NO_CHANGE;
 
  const spec = resourceSpec && resourceSpec.Properties && resourceSpec.Properties[key];
- if (spec) {
+ if (spec && !deepEqual(oldV, newV)) {
  switch (spec.UpdateType) {
  case 'Immutable':
  changeImpact = types.ResourceImpact.WILL_REPLACE;