Merge branch 'aws:mainline' into local-run-decrypt

aws · Jul 26, 2023 · edd6171 · edd6171
2 parents bc7b3fb + ac4ded0
commit edd6171
Show file tree

Hide file tree

Showing 24 changed files with 637 additions and 27 deletions.
diff --git a/cf-custom-resources/package-lock.json b/cf-custom-resources/package-lock.json
diff --git a/e2e/multi-pipeline/s3template.yml b/e2e/multi-pipeline/s3template.yml
@@ -22,6 +22,8 @@ Resources:
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
 
   e2epipelineaddonBucketPolicy:
     Metadata:

diff --git a/internal/pkg/addon/testdata/merge/env/second.yaml b/internal/pkg/addon/testdata/merge/env/second.yaml
@@ -76,6 +76,8 @@ Resources:
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
 
   MyBucketAccessPolicy:
     Type: AWS::IAM::ManagedPolicy

diff --git a/internal/pkg/addon/testdata/merge/env/wanted.yaml b/internal/pkg/addon/testdata/merge/env/wanted.yaml
@@ -106,6 +106,8 @@ Resources:
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
   MyBucketAccessPolicy:
     Type: AWS::IAM::ManagedPolicy
     Properties:

diff --git a/internal/pkg/addon/testdata/merge/second.yaml b/internal/pkg/addon/testdata/merge/second.yaml
@@ -79,6 +79,8 @@ Resources:
         PublicAccessBlockConfiguration:
           BlockPublicAcls: true
           BlockPublicPolicy: true
+          IgnorePublicAcls: true
+          RestrictPublicBuckets: true
 
     MyBucketAccessPolicy:
       Type: AWS::IAM::ManagedPolicy

diff --git a/internal/pkg/addon/testdata/merge/wanted.yaml b/internal/pkg/addon/testdata/merge/wanted.yaml
@@ -109,6 +109,8 @@ Resources:
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
   MyBucketAccessPolicy:
     Type: AWS::IAM::ManagedPolicy
     Properties:

diff --git a/internal/pkg/addon/testdata/storage/bucket.yml b/internal/pkg/addon/testdata/storage/bucket.yml
@@ -22,6 +22,8 @@ Resources:
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       OwnershipControls:
         Rules:
           - ObjectOwnership: BucketOwnerEnforced

diff --git a/internal/pkg/aws/cloudformation/cloudformationtest/cloudformationtest.go b/internal/pkg/aws/cloudformation/cloudformationtest/cloudformationtest.go
@@ -33,6 +33,7 @@ type Double struct {
 	ErrorEventsFn               func(stackName string) ([]cfn.StackEvent, error)
 	ListStacksWithTagsFn        func(tags map[string]string) ([]cfn.StackDescription, error)
 	DescribeStackEventsFn       func(input *sdk.DescribeStackEventsInput) (*sdk.DescribeStackEventsOutput, error)
+	CancelUpdateStackFn         func(stackName string) error
 }
 
 // Create calls the stubbed function.
@@ -139,3 +140,8 @@ func (d *Double) ListStacksWithTags(tags map[string]string) ([]cfn.StackDescript
 func (d *Double) DescribeStackEvents(input *sdk.DescribeStackEventsInput) (*sdk.DescribeStackEventsOutput, error) {
 	return d.DescribeStackEventsFn(input)
 }
+
+// CancelUpdateStack calls the stubbed function.
+func (d *Double) CancelUpdateStack(stackName string) error {
+	return d.CancelUpdateStackFn(stackName)
+}
diff --git a/internal/pkg/cli/env_delete_test.go b/internal/pkg/cli/env_delete_test.go
@@ -6,9 +6,10 @@ package cli
 import (
 	"errors"
 	"fmt"
-	"github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation"
 	"testing"
 
+	"github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi"
 	"github.com/aws/copilot-cli/internal/pkg/cli/mocks"
@@ -353,7 +354,7 @@ Resources:
 				store := mocks.NewMockenvironmentStore(ctrl)
 				store.EXPECT().ListEnvironments("phonetool").Return([]*config.Environment{
 					&mockEnv,
-					&config.Environment{
+					{
 						Name:      "prod",
 						Region:    "us-west-2",
 						AccountID: "5678",
@@ -431,7 +432,7 @@ Resources:
 				store := mocks.NewMockenvironmentStore(ctrl)
 				store.EXPECT().ListEnvironments("phonetool").Return([]*config.Environment{
 					&mockEnv,
-					&config.Environment{
+					{
 						Name:      "prod",
 						Region:    "us-west-2",
 						AccountID: "5678",

diff --git a/internal/pkg/cli/job_deploy.go b/internal/pkg/cli/job_deploy.go
@@ -16,6 +16,7 @@ import (
 	"github.com/aws/copilot-cli/internal/pkg/version"
 	"github.com/spf13/afero"
 
+	deploycfn "github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation"
 	"github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation/stack"
 	"github.com/aws/copilot-cli/internal/pkg/exec"
 	"github.com/aws/copilot-cli/internal/pkg/term/log"
@@ -236,6 +237,8 @@ func (o *deployJobOpts) Execute() error {
 			return nil
 		}
 	}
+	var errStackDeletedOnInterrupt *deploycfn.ErrStackDeletedOnInterrupt
+	var errStackUpdateCanceledOnInterrupt *deploycfn.ErrStackUpdateCanceledOnInterrupt
 	if _, err = deployer.DeployWorkload(&deploy.DeployWorkloadInput{
 		StackRuntimeConfiguration: deploy.StackRuntimeConfiguration{
 			ImageDigests:       uploadOut.ImageDigests,
@@ -250,6 +253,13 @@ func (o *deployJobOpts) Execute() error {
 			DisableRollback: o.disableRollback,
 		},
 	}); err != nil {
+		if errors.As(err, &errStackDeletedOnInterrupt) {
+			return nil
+		}
+		if errors.As(err, &errStackUpdateCanceledOnInterrupt) {
+			log.Successf("Successfully rolled back service %s to the previous configuration.\n", color.HighlightUserInput(o.name))
+			return nil
+		}
 		if o.disableRollback {
 			stackName := stack.NameForWorkload(o.targetApp.Name, o.targetEnv.Name, o.name)
 			rollbackCmd := fmt.Sprintf("aws cloudformation rollback-stack --stack-name %s --role-arn %s", stackName, o.targetEnv.ExecutionRoleARN)

diff --git a/internal/pkg/cli/svc_deploy.go b/internal/pkg/cli/svc_deploy.go
@@ -17,6 +17,7 @@ import (
 	"github.com/aws/copilot-cli/internal/pkg/aws/cloudformation"
 	"github.com/aws/copilot-cli/internal/pkg/aws/identity"
 	"github.com/aws/copilot-cli/internal/pkg/aws/tags"
+	deploycfn "github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation"
 	"github.com/aws/copilot-cli/internal/pkg/deploy/cloudformation/stack"
 	"github.com/aws/copilot-cli/internal/pkg/manifest/manifestinfo"
 	"github.com/aws/copilot-cli/internal/pkg/template"
@@ -291,6 +292,8 @@ func (o *deploySvcOpts) Execute() error {
 			return nil
 		}
 	}
+	var errStackDeletedOnInterrupt *deploycfn.ErrStackDeletedOnInterrupt
+	var errStackUpdateCanceledOnInterrupt *deploycfn.ErrStackUpdateCanceledOnInterrupt
 	deployRecs, err := deployer.DeployWorkload(&clideploy.DeployWorkloadInput{
 		StackRuntimeConfiguration: clideploy.StackRuntimeConfiguration{
 			ImageDigests:              uploadOut.ImageDigests,
@@ -308,6 +311,15 @@ func (o *deploySvcOpts) Execute() error {
 		},
 	})
 	if err != nil {
+		if errors.As(err, &errStackDeletedOnInterrupt) {
+			o.noDeploy = true
+			return nil
+		}
+		if errors.As(err, &errStackUpdateCanceledOnInterrupt) {
+			log.Successf("Successfully rolled back service %s to the previous configuration.\n", color.HighlightUserInput(o.name))
+			o.noDeploy = true
+			return nil
+		}
 		if o.disableRollback {
 			stackName := stack.NameForWorkload(o.targetApp.Name, o.targetEnv.Name, o.name)
 			rollbackCmd := fmt.Sprintf("aws cloudformation rollback-stack --stack-name %s --role-arn %s", stackName, o.targetEnv.ExecutionRoleARN)
@@ -321,8 +333,8 @@ After fixing the deployment, you can:
 		}
 		return fmt.Errorf("deploy service %s to environment %s: %w", o.name, o.envName, err)
 	}
-	o.deployRecs = deployRecs
 	log.Successf("Deployed service %s.\n", color.HighlightUserInput(o.name))
+	o.deployRecs = deployRecs
 	return nil
 }