Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(pipelines): missing capabilities to deploy stack with secret rotation application #15711

Closed
asterikx opened this issue Jul 22, 2021 · 2 comments · Fixed by #15819
Closed

(pipelines): missing capabilities to deploy stack with secret rotation application #15711

asterikx opened this issue Jul 22, 2021 · 2 comments · Fixed by #15819
Assignees
@rix0rrr
Labels
@aws-cdk/pipelines CDK Pipelines library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@asterikx
Copy link
Contributor

asterikx commented Jul 22, 2021
edited
Loading

The modern pipelines.CodePipeline fails to create/update stacks that contain a secret rotation application, e.g. SecretsManagerRDSMySQLRotationSingleUser created by myCluster.addRotationSingleUser(), due to missing capabilities:

Requires capabilities : [CAPABILITY_AUTO_EXPAND]

This could be a regression from the he original pipelines.CdkPipeline which successfully deploys the same stack.

Reproduction Steps

class MyDatabaseStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    // ...
    const myCluster = new rds.DatabaseCluster(this, 'Database', {
      // ...
    });
    myCluster.addRotationSingleUser(); // <-- This line created the rotation application
  }
}

class MyPipelineStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    // ...
    const pipeline = new CodePipeline(this, 'Pipeline', {
      // ...
    });
    pipeline.addStage(new MyApplication(this, 'Prod', {
      // ...
    }));
  }
}

class MyApplication extends Stage {
  constructor(scope: Construct, id: string, props?: StageProps) {
    // ...
    const dbStack = new MyDatabaseStack(this, 'Database');
  }
}

new MyPipelineStack(app, 'PipelineStack');

What did you expect to happen?

The modern pipelines.CodePipeline successfully deploys stacks with secret rotation applications (as the original pipelines.CdkPipeline does).

What actually happened?

The modern pipelines.CodePipeline fails to deploy stacks with secret rotation applications.

Environment

  • CDK CLI Version : 1.115.0 (build f0ca40f)
  • Framework Version: 1.115.0

This is 🐛 Bug Report
@asterikx asterikx added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 22, 2021
@asterikx asterikx changed the title (pipelines): missing capabilities to deploy stack containing secret rotation application (pipelines): missing capabilities to deploy stack with secret rotation application Jul 22, 2021
@github-actions github-actions bot added the @aws-cdk/pipelines CDK Pipelines library label Jul 22, 2021
@ksco92
Copy link

ksco92 commented Jul 26, 2021

Having the same issue:

https://stackoverflow.com/questions/68523505/add-iam-capabilities-to-stack-in-cdk

By adding this to the resources in my stack I start getting this issue:

    rdsInstance.addRotationSingleUser({
        automaticallyAfter: Duration.days(1),
        excludeCharacters: '/@" '
    });

Also happening in 1.115, which I installed today.

@otaviomacedo otaviomacedo mentioned this issue Jul 29, 2021
Merged
@mergify mergify bot closed this as completed in #15819 Aug 1, 2021
mergify bot pushed a commit that referenced this issue Aug 1, 2021
@otaviomacedo
fix(pipelines): Prepare stage doesn't have AUTO_EXPAND capability (#1…
a6fac49 
…5819)

Fixes #15711.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Aug 1, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this issue Aug 3, 2021
@otaviomacedo @TikiTDO
fix(pipelines): Prepare stage doesn't have AUTO_EXPAND capability (aw…
f1c5da0 
…s#15819)

Fixes aws#15711.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@otaviomacedo @hollanddd
fix(pipelines): Prepare stage doesn't have AUTO_EXPAND capability (aw…
a20ee90 
…s#15819)

Fixes aws#15711.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
david-doyle-as24 pushed a commit to david-doyle-as24/aws-cdk that referenced this issue Sep 7, 2021
@otaviomacedo @david-doyle-as24
fix(pipelines): Prepare stage doesn't have AUTO_EXPAND capability (aw…
3dd9347 
…s#15819)

Fixes aws#15711.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/pipelines CDK Pipelines library bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(pipelines): Prepare stage doesn't have AUTO_EXPAND capability
3 participants
@rix0rrr @asterikx @ksco92