localstack-core 4.14.1.dev48__py3-none-any.whl → 4.14.1.dev50__py3-none-any.whl

localstack/services/cloudformation/engine/v2/change_set_model_transform.py

@@ -97,9 +97,9 @@ class ChangeSetModelTransform(ChangeSetModelPreproc):
 
     def __init__(
         self,
-        change_set: ChangeSet,
-        before_parameters: dict,
-        after_parameters: dict,
+        change_set: "ChangeSet",
+        before_parameters: dict | None,
+        after_parameters: dict | None,
         before_template: dict | None,
         after_template: dict | None,
     ):

localstack/services/cloudformation/engine/v2/resolving.py

@@ -7,6 +7,10 @@ from typing import Any
 from botocore.exceptions import ClientError
 
 from localstack.aws.connect import connect_to
+from localstack.services.cloudformation.engine.parameters import resolve_ssm_parameter
+from localstack.services.cloudformation.engine.validations import ValidationError
+from localstack.services.cloudformation.v2.types import EngineParameter, engine_parameter_value
+from localstack.utils.numbers import is_number
 
 LOG = logging.getLogger(__name__)
 
@@ -14,6 +18,10 @@ LOG = logging.getLogger(__name__)
 # we don't capture the parameter usage by excluding ${} characters
 REGEX_DYNAMIC_REF = re.compile(r"{{resolve:([^:]+):([^${}]+)}}")
 
+SSM_PARAMETER_TYPE_RE = re.compile(
+    r"^AWS::SSM::Parameter::Value<(?P<listtype>List<)?(?P<innertype>[^>]+)>?>$"
+)
+
 
 @dataclass
 class DynamicReference:
@@ -100,3 +108,90 @@ def perform_dynamic_reference_lookup(
         "Unsupported service for dynamic parameter: service_name=%s", reference.service_name
     )
     return None
+
+
+def resolve_parameters(
+    template: dict | None,
+    parameters: dict | None,
+    account_id: str,
+    region_name: str,
+    before_parameters: dict | None,
+) -> dict[str, EngineParameter]:
+    template_parameters = template.get("Parameters", {})
+    resolved_parameters = {}
+    invalid_parameters = []
+    for name, parameter in template_parameters.items():
+        given_value = parameters.get(name)
+        default_value = parameter.get("Default")
+        resolved_parameter = EngineParameter(
+            type_=parameter["Type"],
+            given_value=given_value,
+            default_value=default_value,
+            no_echo=parameter.get("NoEcho"),
+        )
+
+        # validate the type
+        if parameter["Type"] == "Number" and not is_number(
+            engine_parameter_value(resolved_parameter)
+        ):
+            raise ValidationError(f"Parameter '{name}' must be a number.")
+
+        # TODO: support other parameter types
+        if match := SSM_PARAMETER_TYPE_RE.match(parameter["Type"]):
+            inner_type = match.group("innertype")
+            is_list_type = match.group("listtype") is not None
+            if is_list_type or inner_type == "CommaDelimitedList":
+                # list types
+                try:
+                    resolved_value = resolve_ssm_parameter(
+                        account_id, region_name, given_value or default_value
+                    )
+                    resolved_parameter["resolved_value"] = resolved_value.split(",")
+                except Exception:
+                    raise ValidationError(
+                        f"Parameter {name} should either have input value or default value"
+                    )
+            else:
+                try:
+                    resolved_parameter["resolved_value"] = resolve_ssm_parameter(
+                        account_id, region_name, given_value or default_value
+                    )
+                except Exception as e:
+                    # we could not find the parameter however CDK provides the resolved value rather than the
+                    # parameter name again so try to look up the value in the previous parameters
+                    if (
+                        before_parameters
+                        and (before_param := before_parameters.get(name))
+                        and isinstance(before_param, dict)
+                        and (resolved_value := before_param.get("resolved_value"))
+                    ):
+                        LOG.debug(
+                            "Parameter %s could not be resolved, using previous value of %s",
+                            name,
+                            resolved_value,
+                        )
+                        resolved_parameter["resolved_value"] = resolved_value
+                    else:
+                        raise ValidationError(
+                            f"Parameter {name} should either have input value or default value"
+                        ) from e
+        elif given_value is None and default_value is None:
+            invalid_parameters.append(name)
+            continue
+
+        resolved_parameters[name] = resolved_parameter
+
+    if invalid_parameters:
+        raise ValidationError(f"Parameters: [{','.join(invalid_parameters)}] must have values")
+
+    for name, parameter in resolved_parameters.items():
+        if (
+            parameter.get("resolved_value") is None
+            and parameter.get("given_value") is None
+            and parameter.get("default_value") is None
+        ):
+            raise ValidationError(
+                f"Parameter {name} should either have input value or default value"
+            )
+
+    return resolved_parameters

localstack/services/cloudformation/v2/entities.py

@@ -1,6 +1,8 @@
+from dataclasses import dataclass
 from datetime import UTC, datetime
 from typing import NotRequired, TypedDict
 
+from localstack import config
 from localstack.aws.api.cloudformation import (
     Capability,
     ChangeSetStatus,
@@ -28,9 +30,14 @@ from localstack.services.cloudformation.engine.entities import (
     StackIdentifierV2,
 )
 from localstack.services.cloudformation.engine.v2.change_set_model import (
+    ChangeSetModel,
     ChangeType,
     UpdateModel,
 )
+from localstack.services.cloudformation.engine.v2.change_set_resource_support_checker import (
+    ChangeSetResourceSupportChecker,
+)
+from localstack.services.cloudformation.engine.v2.resolving import resolve_parameters
 from localstack.services.cloudformation.v2.types import EngineParameter, ResolvedResource
 from localstack.utils.aws import arns
 from localstack.utils.strings import long_uid, short_uid
@@ -190,11 +197,19 @@ class ChangeSetRequestPayload(TypedDict, total=False):
     ChangeSetType: NotRequired[ChangeSetType]
 
 
+@dataclass
+class UpdateModelInputs:
+    before_template: dict | None
+    after_template: dict | None
+    before_parameters: dict | None
+    after_parameters: dict | None
+    previous_update_model: UpdateModel | None = None
+
+
 class ChangeSet:
     change_set_name: str
     change_set_id: str
     change_set_type: ChangeSetType
-    update_model: UpdateModel | None
     status: ChangeSetStatus
     status_reason: str | None
     execution_status: ExecutionStatus
@@ -217,7 +232,6 @@ class ChangeSet:
         self.status = ChangeSetStatus.CREATE_IN_PROGRESS
         self.status_reason = None
         self.execution_status = ExecutionStatus.AVAILABLE
-        self.update_model = None
         self.creation_time = datetime.now(tz=UTC)
         self.resolved_parameters = {}
         self.tags = request_payload.get("Tags") or []
@@ -232,9 +246,9 @@ class ChangeSet:
             region_name=self.stack.region_name,
         )
         self.processed_template = None
-
-    def set_update_model(self, update_model: UpdateModel) -> None:
-        self.update_model = update_model
+        # Do not add the `_cached_update_model` attribute to the type annotations of the class. This is a runtime-only
+        # attribute that cannot be serialized by our persistence framework.
+        self._cached_update_model = None
 
     def set_change_set_status(self, status: ChangeSetStatus):
         self.status = status
@@ -243,6 +257,8 @@ class ChangeSet:
         self.execution_status = execution_status
 
     def has_changes(self) -> bool:
+        if self.update_model is None:
+            raise ValueError("update model has not been computed")
         return self.update_model.node_template.change_type != ChangeType.UNCHANGED
 
     @property
@@ -253,6 +269,133 @@ class ChangeSet:
     def region_name(self) -> str:
         return self.stack.region_name
 
+    @property
+    def update_model(self) -> UpdateModel | None:
+        # non-persisted state, runtime cache
+        # TODO: maybe move out of the `ChangeSet` class into the provider
+        return self._cached_update_model
+
+    def compute_update_model(self, inputs: UpdateModelInputs):
+        from localstack.services.cloudformation.engine.transformers import (
+            FailedTransformationException,
+        )
+        from localstack.services.cloudformation.engine.v2.change_set_model_transform import (
+            ChangeSetModelTransform,
+        )
+        from localstack.services.cloudformation.engine.v2.change_set_model_validator import (
+            ChangeSetModelValidator,
+        )
+
+        resolved_parameters = None
+        if inputs.after_parameters is not None:
+            resolved_parameters = resolve_parameters(
+                inputs.after_template,
+                inputs.after_parameters,
+                self.account_id,
+                self.region_name,
+                inputs.before_parameters,
+            )
+
+        self.resolved_parameters = resolved_parameters or {}
+
+        # Create and preprocess the update graph for this template update.
+        change_set_model = ChangeSetModel(
+            before_template=inputs.before_template,
+            after_template=inputs.after_template,
+            before_parameters=inputs.before_parameters,
+            after_parameters=resolved_parameters,
+        )
+        raw_update_model: UpdateModel = change_set_model.get_update_model()
+        # If there exists an update model which operated in the 'before' version of this change set,
+        # port the runtime values computed for the before version into this latest update model.
+        if inputs.previous_update_model:
+            raw_update_model.before_runtime_cache.clear()
+            raw_update_model.before_runtime_cache.update(
+                inputs.previous_update_model.after_runtime_cache
+            )
+        self._cached_update_model = raw_update_model
+
+        # Apply global transforms.
+        # TODO: skip this process iff both versions of the template don't specify transform blocks.
+        change_set_model_transform = ChangeSetModelTransform(
+            change_set=self,
+            before_parameters=inputs.before_parameters,
+            after_parameters=resolved_parameters,
+            before_template=inputs.before_template,
+            after_template=inputs.after_template,
+        )
+        try:
+            transformed_before_template, transformed_after_template = (
+                change_set_model_transform.transform()
+            )
+        except FailedTransformationException as e:
+            self.status = ChangeSetStatus.FAILED
+            self.status_reason = e.message
+            self.stack.set_stack_status(status=StackStatus.ROLLBACK_IN_PROGRESS, reason=e.message)
+            self.stack.set_stack_status(status=StackStatus.CREATE_FAILED)
+            return
+
+        # Remodel the update graph after the applying the global transforms.
+        change_set_model = ChangeSetModel(
+            before_template=transformed_before_template,
+            after_template=transformed_after_template,
+            before_parameters=inputs.before_parameters,
+            after_parameters=resolved_parameters,
+        )
+        update_model = change_set_model.get_update_model()
+        # Bring the cache for the previous operations forward in the update graph for this version
+        # of the templates. This enables downstream update graph visitors to access runtime
+        # information computed whilst evaluating the previous version of this template, and during
+        # the transformations.
+        update_model.before_runtime_cache.update(raw_update_model.before_runtime_cache)
+        update_model.after_runtime_cache.update(raw_update_model.after_runtime_cache)
+        self._cached_update_model = update_model
+
+        # perform validations
+        validator = ChangeSetModelValidator(
+            change_set=self,
+        )
+        validator.validate()
+
+        # hacky
+        if transform := raw_update_model.node_template.transform:
+            if transform.global_transforms:
+                # global transforms should always be considered "MODIFIED"
+                update_model.node_template.change_type = ChangeType.MODIFIED
+        self.processed_template = transformed_after_template
+
+        if not config.CFN_IGNORE_UNSUPPORTED_RESOURCE_TYPES:
+            support_visitor = ChangeSetResourceSupportChecker(change_set_type=self.change_set_type)
+            support_visitor.visit(self._cached_update_model.node_template)
+            failure_messages = support_visitor.failure_messages
+            if failure_messages:
+                reason_suffix = ", ".join(failure_messages)
+                status_reason = f"{ChangeSetResourceSupportChecker.TITLE_MESSAGE} {reason_suffix}"
+
+                self.status_reason = status_reason
+                self.set_change_set_status(ChangeSetStatus.FAILED)
+                failure_transitions = {
+                    ChangeSetType.CREATE: (
+                        StackStatus.ROLLBACK_IN_PROGRESS,
+                        StackStatus.CREATE_FAILED,
+                    ),
+                    ChangeSetType.UPDATE: (
+                        StackStatus.UPDATE_ROLLBACK_IN_PROGRESS,
+                        StackStatus.UPDATE_ROLLBACK_FAILED,
+                    ),
+                    ChangeSetType.IMPORT: (
+                        StackStatus.IMPORT_ROLLBACK_IN_PROGRESS,
+                        StackStatus.IMPORT_ROLLBACK_FAILED,
+                    ),
+                }
+                transitions = failure_transitions.get(self.change_set_type)
+                if transitions:
+                    first_status, *remaining_statuses = transitions
+                    self.stack.set_stack_status(first_status, status_reason)
+                    for status in remaining_statuses:
+                        self.stack.set_stack_status(status)
+                return
+
 
 class StackInstance:
     def __init__(