Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: add a --confirm-diff option to cdk deploy #32094

Open
2 tasks
anentropic opened this issue Nov 12, 2024 · 2 comments
Open
2 tasks

cli: add a --confirm-diff option to cdk deploy #32094

anentropic opened this issue Nov 12, 2024 · 2 comments
Labels
effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI

Comments

@anentropic
Copy link

anentropic commented Nov 12, 2024
edited
Loading

Describe the feature

One nice thing about the Pulumi cli is that it gives you the full diff for any deployment to confirm before proceeding.

AFAICT the cdk deploy cli only gives the option to confirm "security-sensitive" changes such as IAM policies etc.

      --require-approval     What security-sensitive changes need manual
                             approval
                         [string] [choices: "never", "any-change", "broadening"]

I would like an option to show the cdk diff output first, with a confirmation step.

Use Case

It's possible to do this manually, I could write a bash script that first runs cdk diff then gets confirmation then runs cdk deploy.

However due to #27991 this would be even more painfully slow than it already is, because every time I run a separate cdk cli command it does several uncached Docker builds. It takes like 5 mins per command... life is too short!

My particular use-case is to avoid issues such as this #7722 where the deployment triggered unexpected non-security-sensitive updates due to stale SSM params in the context json.

Proposed Solution

Add a --confirm-diff option to cdk deploy command that gives the output of cdk diff with a confirmation step before proceeding with the deploy.

Another option might be to extend the options for the existing --require-approval flag, but given it currently has [choices: "never", "any-change", "broadening"] that's probably more confusing.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.166.0 (build 7bb9203)

Environment details (OS name and version, etc.)

macos 14
@anentropic anentropic added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 12, 2024
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Nov 12, 2024
@anentropic
Copy link
Author

TBH even better would be... not exactly the output of cdk diff but more like the nicely formatted tabular output of --require-approval but for any change

@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 12, 2024
@khushail khushail self-assigned this Nov 12, 2024
@khushail khushail added the p2 label Nov 12, 2024
@khushail
Copy link
Contributor

@anentropic , thanks for reaching out. Your suggestions to improve the output messages displayed before the deployment takes places, sound informative and helpful. Right now, cdk deploy calculates the changeset but does not display it.
So having a message or data in tabular format makes sense to me.

Please feel free to submit a PR if you would like to. Since this is a good-to-have feature, I am marking this as P2, for contribution by the community or CDK Teammembers as well. Let me know if you need any more help!

Thanks

@khushail khushail added effort/small Small work item – less than a day of effort and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Nov 12, 2024
@khushail khushail removed their assignment Nov 12, 2024
@khushail khushail added effort/small Small work item – less than a day of effort and removed effort/small Small work item – less than a day of effort labels Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anentropic @khushail