Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Feature Request: Manual changeset approval via CLI
See original GitHub issue🚀 Feature Request
General Information
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
Description
This is similar to #2879, but my use case is less CI/CD and more CLI workflow.
Our existing tool (https://github.com/envato/stack_master) has the following workflow:
stack_master apply <stack>(similar tocdk deploy <stack>)- Stack Master creates the changeset, presents what would be changed/replaced/etc to the user
- User verifies the changeset by pressing
y - Changeset is applied
This is similar to CDK’s behaviour if IAM changes are detected.
We’ve come to rely on this behaviour - it gives us confidence that the changes we’re about to make don’t accidentally replace something they shouldn’t (eg, an RDS instance) or have other unexpected behaviour that doesn’t show up in a simple diff.
From what I can tell, cdk diff infers what would be changed rather than creating a changeset, so there’s the possibility that its idea of what would occur and what would actually happen may be different. For example, in “traditional” cloudformation, I’ve had updates occur on converting a JSON template to a YAML one, with no other changes.
Proposed Solution
Add a command line option (--confirm, maybe?) that always asks the user if they’d like to apply the proposed changset.
Add this to cdk.json as well so that it can be set on a per-project basis.
Add --no-confirm to override this in the CLI.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:24
- Comments:11 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It would be great to have this feature in aws-cdk! Changes can’t be safely deployed without it, since there’s no way to review the changeset beforehand. Currently, external tools would need to be used in combination with
--no-executeand--change-set-name ...in order to review changesets before executing them.My suggestion would be to add the same flags / UI as aws sam cli:
When deploying from a build agent in a CICD tool, waiting for input from stdin (eg keyboard) is awkward, but manual review of changes is still useful. Ideally we’d be able to leverage the same support to run a cdk command that created the changeset, and printed it in a friendly format, then in a separate later command, deployed the changeset. See https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/manual-validation for an example - it’s a task that will pause in between two separate, standalone bash commands.
In theory you could glue this together yourself now, I haven’t tried, but at a glance a couple of things look painful:
cdk deploy --execute=falsecreates from the CLI output, I can’t see a way to get this in a structured/API way.