-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(@aws/cx-api): metadata deployed when no Stack differences #15322
Comments
Can you share the |
@rix0rrr It looks like they re-opened 15023. I'm going to focus on this issue there. |
Looks like gzip compression doesn't give the same results on Linux vs macOS... See #15023 (comment) |
copying over comment from @codeedog Looks like there's a single character difference in the compressed metadata and the uncompressed metadata has no differences. Compression algorithmic variation between the two OSes? You might find this discussion on Stack Overflow useful. Here's the program I wrote to analyze the metadata differences: /*
Output:
Deflated: false
Inflated: true
MacOS : 1.110.0!@aws-cdk/{core.{Stack,AssetStaging,Construct,CfnParameter,CfnOutput,CfnResource},aws-{lambda.{Function,CfnFunction,LayerVersion,CfnLayerVersion,CfnPermission},iam.{Role,CfnRole},s3-assets.Asset,s3.BucketBase,lambda-nodejs.NodejsFunction,apigateway.{LambdaRestApi,CfnRestApi,CfnAccount,Deployment,CfnDeployment,Stage,CfnStage,ResourceBase,ProxyResource,CfnResource,Method,CfnMethod}}},node.js/v14.17.0!jsii-runtime.Runtime
Ubuntu : 1.110.0!@aws-cdk/{core.{Stack,AssetStaging,Construct,CfnParameter,CfnOutput,CfnResource},aws-{lambda.{Function,CfnFunction,LayerVersion,CfnLayerVersion,CfnPermission},iam.{Role,CfnRole},s3-assets.Asset,s3.BucketBase,lambda-nodejs.NodejsFunction,apigateway.{LambdaRestApi,CfnRestApi,CfnAccount,Deployment,CfnDeployment,Stage,CfnStage,ResourceBase,ProxyResource,CfnResource,Method,CfnMethod}}},node.js/v14.17.0!jsii-runtime.Runtime
Compressed Data Difference Indicies:
12
*/
const zlib = require('zlib');
const mac = "H4sIAAAAAAAAE11RwU7DMAz9Fu5ptgokrnRDnAZUReJuUrOlbZIqThhV1H8nSddp4uT3nq28Z6fkZbnl27snOFMh2n4ThLHIw4cD0bOKCF2ER6mPbG80OeuFY/tvXYMFhQ5tIu/ejT7LDZLxVuDM0nthAPXVAg8vXgsnjU4jV3yACe0nWro0/vMarZKU2MwkKB4aM2A2iXVmdF9Aikc8p4yc77zo0e2AkC3OhTYtdsTfcrk6wyiP4PAMEw+HPBhzu2qUlxVWWAlhvHbsGcfBTAp13vGGpdPkSAtYt88Jamt+p1W5vQ17RXcybZIWNM8zS0F5R5uf8oGXj/FDOpKysNFdKuTNUv8A3xYryK0BAAA="
const ubu = "H4sIAAAAAAAAA11RwU7DMAz9Fu5ptgokrnRDnAZUReJuUrOlbZIqThhV1H8nSddp4uT3nq28Z6fkZbnl27snOFMh2n4ThLHIw4cD0bOKCF2ER6mPbG80OeuFY/tvXYMFhQ5tIu/ejT7LDZLxVuDM0nthAPXVAg8vXgsnjU4jV3yACe0nWro0/vMarZKU2MwkKB4aM2A2iXVmdF9Aikc8p4yc77zo0e2AkC3OhTYtdsTfcrk6wyiP4PAMEw+HPBhzu2qUlxVWWAlhvHbsGcfBTAp13vGGpdPkSAtYt88Jamt+p1W5vQ17RXcybZIWNM8zS0F5R5uf8oGXj/FDOpKysNFdKuTNUv8A3xYryK0BAAA="
const mac_u = zlib.gunzipSync(Buffer.from(mac, 'base64')).toString()
const ubu_u = zlib.gunzipSync(Buffer.from(ubu, 'base64')).toString()
console.log("Deflated:", mac == ubu);
console.log("Inflated:", mac_u == ubu_u);
console.log("MacOS :", mac_u);
console.log("Ubuntu :", ubu_u);
console.log("\nCompressed Data Difference Indicies:");
for (let i = 0; i < mac.length; i++) {
if (mac[i] != ubu[i]) console.log(i);
} |
With The server-side for this would need to be tested to verify a corresponding inflate method is available, and also likely need to involve bumping the version as well to indicate that the data coming in is header-less. Alternatively, we could potentially just hack the resulting output (from |
POC of the OS-byte hack:
|
There is a third option: compare the decompressed data rather than assume the compressed data is stable. This will (1) provide you the guarantee you're looking for across OSes, (2) won't disrupt every deployment like the The above fix still assumes the compression algorithm is stable across all implementations, OSes and individual runs. I do not believe this assumption is valid and, that only by comparing the inflated values do you have a guarantee. |
For the aws-cdk/packages/aws-cdk/lib/diff.ts Lines 26 to 34 in d2c76aa
vs aws-cdk/packages/aws-cdk/lib/api/deploy-stack.ts Lines 434 to 438 in d2c76aa
For the metadata string (and I don't know your backend of course) I wonder if compression makes sense... I have a template with around 140 resources with constructs from various packages and the difference in bytes is |
Sure, but at the same time the metadata isn't load-bearing, and if we listed out the data in there in full it would be distractingly huge (taking up a lot of vertical space in a viewer program). Plus, we would be eating 10x more space in a space-constrained template. So I think compression is an acceptable trade-off. It's a good point that this might cause unintended updates, which don't really harm anyone but take up unnecessary time. I think a combination of:
are the best we can do (apart from you configuring |
@rix0rrr I don't agree that "unintended" Layer rebuilds resulting in new versions are entirely "harmless". |
This also affects GitHub Workflows support for CDK Pipelines because the asset ID of the template that's encoded in the deploy.yml workflow (generated on the developer machine) is inconsistent with the asset ID generated during the workflow run. Currently we have to disable version reporting to make that work. |
The gzip header includes an “OS” byte that indicates which operating system was used to perform the operation. This means that the CDK Metadata analytics string would be different for the same CDK app in two different operating systems. To address this, we explicitly set the �OS flag to 255 (unknown). Fixes #15322
…6300) The gzip header includes an “OS” byte that indicates which operating system was used to perform the operation. This means that the CDK Metadata analytics string would be different for the same CDK app in two different operating systems. To address this, we explicitly set the [gzip OS flag] to 255 (unknown). Fixes #15322 [gzip OS flag]: https://datatracker.ietf.org/doc/html/rfc1952 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…s#16300) The gzip header includes an “OS” byte that indicates which operating system was used to perform the operation. This means that the CDK Metadata analytics string would be different for the same CDK app in two different operating systems. To address this, we explicitly set the [gzip OS flag] to 255 (unknown). Fixes aws#15322 [gzip OS flag]: https://datatracker.ietf.org/doc/html/rfc1952 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#16300) The gzip header includes an “OS” byte that indicates which operating system was used to perform the operation. This means that the CDK Metadata analytics string would be different for the same CDK app in two different operating systems. To address this, we explicitly set the [gzip OS flag] to 255 (unknown). Fixes aws#15322 [gzip OS flag]: https://datatracker.ietf.org/doc/html/rfc1952 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
While reviewing the fix to bug 15023 we found that metadata reporting (
"versionReporting": true
) causescdk deploy
to upload metadata even whencdk diff
reports no differences and no files have changed. This occurs when the commands are run on different operating systems.Reproduction Steps
Craft any stable stack that is javascript only (no native code) and ensure all modules versions are explicit. This repo abides by that. Note,
versionReporting
has been set tofalse
in that repo's cdk.json. It would need to be set totrue
to see the issue.What did you expect to happen?
I expected there to be no
deploy
on the second machine due to the lack of any code changes.What actually happened?
Metadata was collected making it look like there were changes to the Stack that needed to be built.
Environment
Other
Notes from my comment in the now fixed Bug 15023:
To me this feels like a bug (trigger a deploy when no code changed and all modules are stable). You don't send metadata from the same OS when
cdk deploy
is called with no differences. Why should you do so when the command is run on a different operating system and still there are no differences?This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: