I upgraded Takomo from 3.11.1 to 3.35.1 and found out that the dependency resolution no longer works like it used to. have c.yml stack configuration which has depends: - /e/{{ stackGroup.data.globalRegion }}/d.yml (no other dependencies). In the log output I can see that globalRegion is us-east-1. d.yml has no dependencies.
When deploying I get: Deploy stacks in the following order (among other dependencies):
/e/us-east-1/c.yml/us-east-1
Before the update I got:
Would you have suggestions what I could change or how could I debug this further?
I couldn't reproduce the issue with these three stacks which indicates there's something else that messes the order.
I got this order:
Hi!
We have been experimenting with running Takomo on Windows and so far there haven't been major issues and we should be able to fix the remaining problems.
os
to include win32
Non-Windows related question.. this might be an actual bug, but maybe it's better to verify first.
The backstory for the issue is that we were doing refactoring on YAML files (mainly style changes as we Prettier was enabled also on YAML files). We wanted to check that no unwanted functional changes were done between Master and PR branch.
I noticed that when I run Takomo with detect-drift argument, the Takomo said on each stack that there are changes even though I had just deployed the latest version to my own environment.
yml/us-east-1 smith-us-east-1-devtatu UPDATE_COMPLETE DRIFTED 7
Then I tried to deploy, but I asked Takomo to show the differences per stack.
The review showed the following
Stack policy:
Stack policy will be updated
{
"Statement": [
{
- "Effect": "Deny",
- "Action": ["Update:Replace", "Update:Delete"],
- "Principal": "*",
- "Resource": "*",
+ "Action": [
+ "Update:Replace",
+ "Update:Delete"
+ ],
"Condition": {
"StringEquals": {
"ResourceType": [
"AWS::Cognito::UserPool",
"AWS::Cognito::UserPoolClient"
]
}
- }
+ },
+ "Effect": "Deny",
+ "Principal": "*",
+ "Resource": "*"
},
{
+ "Action": "Update:*",
"Effect": "Allow",
- "Action": "Update:*",
"Principal": "*",
"Resource": "*"
}
]
}
There are no actual changes, only the order is different and it shouldn't matter.
Our conclusion is that the diff is done incorrectly, as a text and not as an object where there is no object key order.
@hmeltaus What are your thoughts on this? Is it a bug or a feature? :)
template: template.yml
{{> shared.hbs }}
parameters:
Stage: ""
Suffix: ""
StageWithSuffix: ""
stackPolicy: |
{
"Statement": [
{
"Effect": "Deny",
"Action": ["Update:Replace", "Update:Delete"],
"Principal": "*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ResourceType": [
"AWS::Cognito::UserPool",
"AWS::Cognito::UserPoolClient"
]
}
}
},
{
"Effect": "Allow",
"Action": "Update:*",
"Principal": "*",
"Resource": "*"
}
]
}
@hmeltaus We tested the fix, and the order of the properties didn't cause differences; the bug can be closed. Thank you for the bug fix. 👍
But, there is another issue :) It is about YAML comments.
After successfully deploying the latest source code to my environment, I reran the deployment on the latest Takomo, expecting no changes.
To my surprise, all stacks 35 was going to update
~ /events/eu-west-1/x.yml/eu-west-1: (stack will be updated)
...
I chose "continue, but let me review changes to each stack" and "review changes in the stack template" for the first stack.
AWSTemplateFormatVersion: "2010-09-09"
Description: >
Redacted
Parameters:
Stage:
Type: String
Suffix:
Type: String
Default: ""
StageWithSuffix:
Type: String
Description: >
Redacted
Resources:
# Redacted
MachineUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Sub "<redacted>"
+ # Redacted
+ # Redacted
AliasAttributes:
- email
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: true
Required: true
...
See those two comment lines? Some of the comments were in the source code repository, but not on the AWS side and it seems that getting those synchronised isn't going to happen with deploy command.
Our theory is that when adding a new template (with comments), the CloudFormation will apply the template and its comments, like in the example line below, the resources:
was found.
Later, the developer adds only comment and/or comment changes, and those doesn't affect stacks; the change is never applied.
The Takomo will always say that there are differences as the source code will have the comments, but AWS will not have those until someone makes changes that affect the stack.
After successful deployment to an environment, I ran the detect-drift. This is what I got (names redacted)
⇒ npx takomo stacks detect-drift --dir aws
[info ] - Load configuration
comparing undefined
2022-01-16 16:43:58 +0200 [info ] - Detecting drift, this might take a few minutes...
2022-01-16 16:43:58 +0200 [info ] - Load current stacks
Path Name Status Drift status Drifted resources
---------------------------------------------------- --------------------------------- --------------- ------------ -----------------
/l/eu-north-1/a.yml/eu-north-1 a-eu-north-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/eu-north-1/b.yml/eu-north-1 b-eu-north-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/eu-north-1/c.yml/eu-north-1 c-eu-north-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/eu-north-1/d.yml/eu-north-1 d-eu-north-1-dev UPDATE_COMPLETE DRIFTED 7
...
/l/eu-west-1/d.yml/eu-west-1 d-eu-west-1-dev UPDATE_COMPLETE DRIFTED 7
/l/us-east-1/j.yml/us-east-1 j-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/us-east-1/dd.yml/us-east-1 dd-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/us-east-1/ee.yml/us-east-1 ee-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
/l/us-east-1/d.yml/us-east-1 d-us-east-1-dev UPDATE_COMPLETE DRIFTED 7
/ö/eu-west-1/ff.yml/eu-west-1 ff-eu-west-1-dev UPDATE_COMPLETE DRIFTED 1
/ö/us-east-1/j.yml/us-east-1 j-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
/ö/us-east-1/dd.yml/us-east-1 dd-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
/ö/us-east-1/ee.yml/us-east-1 ee-us-east-1-dev UPDATE_COMPLETE IN_SYNC 0
This is weird as it was just deployed and when I run deployment for a single stack that has drift number 7, there are now changes
--expect-no-changes
option when deploying the stacks. It runs deploy but stops immediately if some stacks are actually updated. See https://takomo.io/docs/command-line-usage/deploy-stacks