bootstrap: Missing new permissions boundary options #24882
Assignees
Labels
bug
This issue is a bug.
documentation
This is a problem with documentation.
effort/small
Small work item – less than a day of effort
p1
package/tools
Related to AWS CDK Tools or CLI
Comments
joehillen
added
documentation
|
Yes, we should add them in the document. Thank you for the report. |
pahud
added
effort/small
1 task
mergify bot
pushed a commit
that referenced
this issue
May 9, 2024
### Issue Closes #24882 ### Reason for this change As mentioned in the issue, some of the options for bootstrap were not showing up with `--help` ``` .option('example-permissions-boundary', { type: 'boolean', alias: ['epb', 'example-permissions-boundary'], desc: 'Use the example permissions boundary.', default: undefined, conflicts: 'custom-permissions-boundary' }) .option('custom-permissions-boundary', { type: 'string', alias: ['cpb', 'custom-permissions-boundary'], desc: 'Use the permissions boundary specified by name.', default: undefined, conflicts: 'example-permissions-boundary' }) ``` ### Description of changes Since alias conflicts with actual sub-command option, it fails silently and does not show the option with `--help` ### Description of how you validated changes Built the cdk locally and used `<local repo path>/aws-cdk/bin/cdk bootstrap --help` and verified the options are showing up ### Output `cdk bootstrap --help` output: ``` cdk bootstrap [ENVIRONMENTS..] Deploys the CDK toolkit stack into an AWS environment Options: -a, --app REQUIRED WHEN RUNNING APP: command-line for executing your app or a cloud assembly directory (e.g. "node bin/my-app.js"). Can also be specified in cdk.json or ~/.cdk.json [string] --build Command-line for a pre-synth build [string] -c, --context Add contextual string parameter (KEY=VALUE) [array] -p, --plugin Name or path of a node package that extend the CDK features. Can be specified multiple times [array] --trace Print trace for stack warnings [boolean] --strict Do not construct stacks with warnings [boolean] --lookups Perform context lookups (synthesis fails if this is disabled and context lookups need to be performed) [boolean] [default: true] --ignore-errors Ignores synthesis errors, which will likely produce an invalid output [boolean] [default: false] -j, --json Use JSON output instead of YAML when templates are printed to STDOUT [boolean] [default: false] -v, --verbose Show debug logs (specify multiple times to increase verbosity) [count] [default: false] --debug Enable emission of additional debugging information, such as creation stack traces of tokens [boolean] [default: false] --profile Use the indicated AWS profile as the default environment [string] --proxy Use the indicated proxy. Will read from HTTPS_PROXY environment variable if not specified [string] --ca-bundle-path Path to CA certificate to use when validating HTTPS requests. Will read from AWS_CA_BUNDLE environment variable if not specified [string] -i, --ec2creds Force trying to fetch EC2 instance credentials. Default: guess EC2 instance status [boolean] --version-reporting Include the "AWS::CDK::Metadata" resource in synthesized templates (enabled by default) [boolean] --path-metadata Include "aws:cdk:path" CloudFormation metadata for each resource (enabled by default) [boolean] --asset-metadata Include "aws:asset:*" CloudFormation metadata for resources that uses assets (enabled by default)[boolean] -r, --role-arn ARN of Role to use when invoking CloudFormation [string] --staging Copy assets to the output directory (use --no-staging to disable the copy of assets which allows local debugging via the SAM CLI to reference the original source files) [boolean] [default: true] -o, --output Emits the synthesized cloud assembly into a directory (default: cdk.out) [string] --notices Show relevant notices [boolean] --no-color Removes colors and other style from console output [boolean] [default: false] --ci Force CI detection. If CI=true then logs will be sent to stdout instead of stderr [boolean] [default: false] --version Show version number [boolean] -b, --bootstrap-bucket-name, The name of the CDK toolkit bucket; --toolkit-bucket-name bucket will be created and must not exist [string] --bootstrap-kms-key-id AWS KMS master key ID used for the SSE-KMS encryption [string] --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] --bootstrap-customer-key Create a Customer Master Key (CMK) for the bootstrap bucket (you will be charged but can customize permissions, modern bootstrapping only) [boolean] --qualifier String which must be unique for each bootstrap stack. You must configure it on your CDK app if you change this from the default. [string] --public-access-block-configuration Block public access configuration on CDK toolkit bucket (enabled by default) [boolean] -t, --tags Tags to add for the stack (KEY=VALUE) [array] [default: []] --execute Whether to execute ChangeSet (--no-execute will NOT execute the ChangeSet) [boolean] [default: true] --trust The AWS account IDs that should be trusted to perform deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] --trust-for-lookup The AWS account IDs that should be trusted to look up values in this environment (may be repeated, modern bootstrapping only) [array] [default: []] --cloudformation-execution-policies The Managed Policy ARNs that should be attached to the role performing deployments into this environment (may be repeated, modern bootstrapping only) [array] [default: []] -f, --force Always bootstrap even if it would downgrade template version [boolean] [default: false] --termination-protection Toggle CloudFormation termination protection on the bootstrap stacks [boolean] --show-template Instead of actual bootstrapping, print the current CLI's bootstrapping template to stdout for customization [boolean] [default: false] --toolkit-stack-name The name of the CDK toolkit stack to create [string] --template Use the template from the given file instead of the built-in one (use --show-template to obtain an example) [string] --previous-parameters Use previous values for existing parameters (you must specify all parameters on every deployment if this is disabled) [boolean] [default: true] -h, --help Show help [boolean] ``` TLDR; ``` --example-permissions-boundary, Use the example permissions --epb boundary. [boolean] --custom-permissions-boundary, --cpb Use the permissions boundary specified by name. [string] ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
There appear to be new options that are not listed in the docs or
--helphttps://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/cli.ts#L98-L99
Relates to #12207
Links
The text was updated successfully, but these errors were encountered: