(aws-cloudfront): Unexpected diffs caused by cloudfront.Function #15523
Comments
iliapolo
added
bug
github-actions
bot
added
the
@aws-cdk/aws-cloudfront
|
Shouldn't the region be |
|
I would recommend using |
|
@njlynch 's wish was to add the region information as CF is a global service. But if this is no longer needed happy to remove it. This would be a breaking change for the implementation afaik. |
What kind of breaking change? |
|
If we change the generation of the name it will recreate the CF functions on the next deployment. The name is the physicalName of the function. |
|
Will it cause outage or availability risk? |
|
The ARN will change and this will break CF Distributions using it if not within the same stack. A short outage might as well be a thing as it removes one CFF and then registers the new CFF. |
|
I think CFN will first create the new CFF, update the distribution and only then remove the old one (that's how resource replacement works) |
|
I meant on the distribution. So there might be a time where no CFF is registered. |
I don't understand how it can be different... at synth time the token is resolved no? so you get a aws-cdk/packages/@aws-cdk/aws-cloudfront/test/function.test.ts Lines 48 to 58 in 94f81c4 If you snapshot it, it should always return the same |
|
I think the problem is not the sequence number but actually the length of the unresolved token which is truncated (but I am not 100% sure). This requires taking a closer look. |
|
@njlynch as you are fixing this, please notice that there seems to be an issue with the This is not very surprising since the physical name is explicitly specified. CFN will send an UPDATE operation with the new physical name and the resource provider won't be able to find it (because it should actually delete the old resource and create a new one instead of attempting to update). A reasonable work around is to find the logical ID of the function to the function name itself so that when the function name changes, a new logical ID will be allocated and the resource will effectively be replaced. |
Explicitly set the CloudFront function name so snapshot is stable (see aws/aws-cdk#15523). This also requires updating the logical ID of the AWS::CloudFront::Function resource because it seems like there's a bug in the resource provider that won't allow changing the function name. So changing the logical ID would effectively replace the resource. Re-enable the snapshot test.
|
@njlynch Is on vacation until July 22 and I am triaging his issues in the meantime. It looks like this should be a p2 since customers have a workaround to provide an explicit name. Please let me know if anyone disagrees! I will make sure to raise this to Nick as soon as he is back. |
madeline-k
added
effort/medium
|
@madeline-k I don't believe I would tag it as p2 as basically the entire Also, please add the workaround to the issue description so people don't have to search for it. Here is what we did in construct-hub (source). |
|
Tracking this, we got bitten by this as well. Using the workaround for now. |
There's an upstream bug in CDK that results in unstable generation of CloudFront function names: aws/aws-cdk#15523
This sounds like the behaviour I've just seen. I had deployed a stack containing a cloudfront function, then went to deploy it again and got an error that it couldn't find a function with the expected ID: The ID it's trying to find is almost correct, but has one character missing in the middle compared with the actual ID of the created function. I hadn't actually made any changes to the anything in the stack containing the cloudfront function, diff shows just the ID changing: |
- The bug that a CloudFront function name fluctuated over deployment to
deployment is worked around. There is a bug in CDK that it may
generate different function names at different deployments. Please see
the following issue for more details,
- aws/aws-cdk#15523
As suggested in the above issue, I decided to give a fixed name to my
CloudFront function. Function names never conflict between development
and production stacks because `Node.addr` that is different between
them is appended.
issue codemonger-io#2
|
Any update on this? Sometimes my deployment succeeds; sometimes it doesn’t. |
Encountering the exact same issue which causes the same stack to be re-deployed unexpectedly. Here is one example with no change of code, but still causing the diff when running Was using |
|
Here's a CDK Aspect we've used to apply this work-around to functions created within 3rd party constructs, where we can't control the functionName property directly. If you had a lot of functions, you could also look at getting a better prefix to use from the ID of the construct (or its parent, if any were intentionally given the special name, 'Default'). |
### Issue # (if applicable) Closes #20017 as well as #15523 and #28629 ### Reason for this change Due to the way function names are generated using token strings with either single- or double-digit numbers, longer function names can be truncated differently, leading to inconsistency in generated CloudFormation templates. ### Description of changes To ensure backwards compatibility, if names are longer than 64 characters and use region tokens, if the token uses a single-digit region number, it takes the first **31** characters + the last 32 characters; if the token uses a double-digit region number or otherwise, it takes the first **32** characters + the last 32 characters. This ensures it will always take the same first chunk of the actual function's name. ### Description of how you validated changes A new unit test was added to verify the consistency of function names in the template. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
### Issue # (if applicable) Closes aws#20017 as well as aws#15523 and aws#28629 ### Reason for this change Due to the way function names are generated using token strings with either single- or double-digit numbers, longer function names can be truncated differently, leading to inconsistency in generated CloudFormation templates. ### Description of changes To ensure backwards compatibility, if names are longer than 64 characters and use region tokens, if the token uses a single-digit region number, it takes the first **31** characters + the last 32 characters; if the token uses a double-digit region number or otherwise, it takes the first **32** characters + the last 32 characters. This ensures it will always take the same first chunk of the actual function's name. ### Description of how you validated changes A new unit test was added to verify the consistency of function names in the template. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Non deterministic auto-generated function name causing unexpected diffs.
Reproduction Steps
Using this code:
The function name is different for every synth.
What did you expect to happen?
The function name should be the same.
What actually happened?
Function name changes per synth.
Environment
Other
This happens because of:
aws-cdk/packages/@aws-cdk/aws-cloudfront/lib/function.ts
Lines 178 to 185 in 94f81c4
Where
Stack.of(this).regionis an unresolved token that can have a different sequence number every time the program is executed.A workaround right now would be to provide a name explicitly and not rely on this logic.
Workaround
Provide an explicit name for
cloudfront.Function. Usingthis.node.addrorNode.of(this).addrwill return a stable fixed length unique id. Example:This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: