Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cdk diff: always fails on diff #19110

Closed
rittneje opened this issue Feb 23, 2022 · 7 comments · Fixed by #21107
Closed

cdk diff: always fails on diff #19110

rittneje opened this issue Feb 23, 2022 · 7 comments · Fixed by #21107
Assignees
@otaviomacedo
Labels
bug This issue is a bug. effort/small Small work item – less than a day of effort needs-reproduction This issue needs reproduction. p1 package/tools Related to AWS CDK Tools or CLI

Comments

@rittneje
Copy link

What is the problem?

The docs for cdk diff with respect to --fail are wrong.

  --fail                Fail with exit code 1 in case of diff
                                                 [boolean] [default: false]
  1. By default cdk diff exits with status code 1 if there is a diff.
  2. Neither --fail=false nor --no-fail have any effect.

In a deployment pipeline, we do not want the build to fail when there is a diff. But we also don't want to ignore the exit code from cdk diff entirely, since if it fails for some other reason that should be fatal.

Reproduction Steps

Run cdk diff.

What did you expect to happen?

I expected cdk diff to abide by the documented behavior.

What actually happened?

It failed in violation of the documented behavior.

CDK CLI Version

1.140.0

Framework Version

No response

Node.js Version

16.13.2

OS

Alpine 3.15

Language

Python

Language Version

3.9.10

Other information

No response
@rittneje rittneje added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 23, 2022
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Feb 23, 2022
@ryparker
Copy link
Contributor

ryparker commented Feb 23, 2022
edited
Loading

Hey @rittneje 👋🏻

I wasn't able to reproduce this behavior with v2.13.0 (build b0b744d). Would you mind testing this with the latest CDK version?

cdk-diff-test

cdk diff -> exit code 0
cdk diff --fail true -> exit code 1
cdk diff --fail false -> exit code 0

@ryparker ryparker added needs-reproduction This issue needs reproduction. p2 labels Feb 23, 2022
@rittneje
Copy link
Author

rittneje commented Feb 23, 2022
edited
Loading

@ryparker This is the source of the bug in v1.

aws-cdk/packages/aws-cdk/bin/cdk.ts

Line 333 in 789f2dc

fail: args.fail || !enableDiffNoFail,

Since args.fail is itself a boolean, when we pass --no-fail, it incorrectly causes it to fall back to the aws-cdk:enableDiffNoFail feature flag, which itself defaults to false. Ergo, passing --no-fail has no effect whatsoever, with or without that feature flag.

I strongly question why that feature flag was even introduced, instead of just letting people opt-out via --no-fail.

In any case, please fix v1 to handle the boolean correctly. It needs to distinguish null (as in no flag was passed, so use the default) from false (as in --no-fail was passed explicitly). Also, please fix the cdk docs to make it clear that the default value of this flag is contingent upon the aws-cdk:enableDiffNoFail feature flag in v1. https://docs.aws.amazon.com/cdk/v1/guide/cli.html#cli-ref

@rix0rrr rix0rrr added effort/small Small work item – less than a day of effort p1 and removed p2 needs-triage This issue or PR still needs to be triaged. labels Feb 24, 2022
@rix0rrr rix0rrr removed their assignment Feb 24, 2022
@TheRealAmazonKendra
Copy link
Contributor

@rittneje The same line of code exists for v1 and v2. When you have the feature flag enabled in v1 it produces the behavior @ryparker displayed above. If the app you're experiencing this issue in was created before the feature flag existed, you'll need to add it to the context in cdk.json. From what I can tell, this is working as intended.

@rittneje
Copy link
Author

@TheRealAmazonKendra If I explicitly pass --fail or --no-fail at the command line, then the feature flag should not matter. However, there is currently a bug where passing --no-fail actually means to do whatever the feature flag says. This is true in both v1 and v2. The only difference is that in v2 the feature flag is enabled by default. Frankly, I feel it was a design flaw to use a feature flag for this, because clients can just as easily pass one of those two command line flags. (If anything, it should have been a first-class field in cdk.json a la versionReporting, not a context attribute.)

@TheRealAmazonKendra
Copy link
Contributor

The feature flag was used because it caused a breaking change when it was implemented. You are correct that it is enabled by default in v2. The fix here, however, is to enable the feature flag in your project and then it will work by passing those very cli arguments. I understand the frustration of "it should have been this way in the first place," but because it wasn't, and the fix would cause a breaking change for customers, the feature flag was added.

@rittneje
Copy link
Author

rittneje commented May 17, 2022
edited
Loading

@TheRealAmazonKendra You misunderstand. Originally cdk diff always exited with failure if there was a diff. Many people (myself included) found this behavior undesirable, and wanted a way to make it always exit successfully. Adding support for the --no-fail (or equivalently --fail=false) command line flag alone would have addressed this. There was no need to introduce a feature flag, because passing the command line flag itself is an explicit opt-in. However, the --no-fail flag was itself implemented incorrectly, such that it has no effect at all. That bug needs to be fixed.

What the feature flag should have done is changed the default behavior of cdk diff. Instead, it also kind of "enabled" the ability to use the --fail command line flag, which doesn't really make any sense. What should have been done is the following:

  1. In CDK v1, the default behavior of cdk diff remains to fail on diff.
  2. In CDK v2, the default behavior of cdk diff is not to fail on diff.
  3. In cdk.json, I can optionally specify "failOnDiff": true|false to override the default behavior in either version. (This should NOT be a feature flag since it isn't enabling or disabling a "feature" as such.)
  4. At the command line, I can explicitly pass --fail or --no-fail to override any default behavior in either version.

@otaviomacedo otaviomacedo self-assigned this Jul 11, 2022
@otaviomacedo otaviomacedo mentioned this issue Jul 12, 2022
Merged
4 tasks
@mergify mergify bot closed this as completed in #21107 Jul 12, 2022
mergify bot pushed a commit that referenced this issue Jul 12, 2022
@otaviomacedo
fix(cli): --no-fail flag is ignored in favor of the `enableDiffNoFa…
cad6fc5 
…il` feature flag (#21107)

The CLI doesn't distinguish between `cdk diff --no-fail` and just `cdk diff`. In both cases, it's taking the value of `enableDiffNoFail` feature flag to decide which status code to return.

Change the behavior to:

| Is there a difference? | `--fail` (CLI option) | `enableDiffNoFail` (FF) | Return code |
|------------------------|------------------------|-------------------------|-------------|
| No                     | Don't care             | Don't care              | 0           |
| Yes                    | false                  | Don't care              | 0           |
| Yes                    | true                   | Don't care              | 1           |
| Yes                    | null                   | false                   | 1           |
| Yes                    | null                   | true                    | 0           |

Fixes #19110.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@otaviomacedo otaviomacedo

Labels
bug This issue is a bug. effort/small Small work item – less than a day of effort needs-reproduction This issue needs reproduction. p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cli): --no-fail flag is ignored in favor of the enableDiffNoFail feature flag aws/aws-cdk
5 participants
@otaviomacedo @rix0rrr @ryparker @rittneje @TheRealAmazonKendra