fix(cli): disallow import of internal cli libraries #33021
Conversation
mrgrain
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
There was a problem hiding this comment.
The pull request linter fails with the following errors:
❌ CLI code has changed. A maintainer must run the code through the testing pipeline (git fetch origin pull/33021/head && git push -f origin FETCH_HEAD:test-main-pipeline), then add the 'pr-linter/cli-integ-tested' label when the pipeline succeeds.
If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.
| @@ -1,7 +1,7 @@ | |||
| // eslint-disable-next-line import/no-extraneous-dependencies | |||
| import { exec as runCli } from 'aws-cdk/lib'; | |||
| import { exec as runCli } from '../../../aws-cdk/lib'; | |||
There was a problem hiding this comment.
This is intentional. We don't want to depended on aws-cdk the package, but on the local file. It works because cli-lib-alpha is bundling everything itself.
Tomorrow*, this will change to ../../../tmp-aws-cdk/lib to import from the temporary package that holds all library code. We already do the same in the toolkit package.
There was a problem hiding this comment.
This doesn't make any practical difference. For me it's about conveying an intention. But happy to revert if you feel strongly otherwise.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #33021 +/- ##
==========================================
- Coverage 81.46% 81.46% -0.01%
==========================================
Files 225 224 -1
Lines 13750 13748 -2
Branches 2412 2412
==========================================
- Hits 11202 11200 -2
Misses 2273 2273
Partials 275 275
Flags with carried forward coverage won't be shown. Click here to find out more.
|
mrgrain
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
mrgrain
force-pushed
the
mrgrain/chore/fix-cli-exports
branch
from
1e0f5a7 to
0c8686f
Compare
mrgrain
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
Previously it was possible to import any subpaths from the `aws-cdk` package ("the CLI"). This was never intended to be allowed, or supported. In practice, these subpaths imports allowed users to depend on internal CLI APIs that are not intended for public usage and do not receive the same backwards compatibility guarantees as other parts of the AWS CDK.
**With this change we are explicitly disallowing unsanctioned subpath imports.**
We are currently in the process of making most CLI features available through a new Programmatic Toolkit library. Please see the [respective RFC](aws/aws-cdk-rfcs#654) and let us know if you have a use case that is not currently covered by the proposed feature set.
In order to not immediately break all customers using unsanctioned subpath imports, we have identified a subset of symbols that we will keep exporting in the short-time future. **You are still very strongly encouraged to move off any of these features asap.** We are actively considering to emit warnings and enact brown-outs to inform users of this removal.
mrgrain
force-pushed
the
mrgrain/chore/fix-cli-exports
branch
from
0c8686f to
087c0ab
Compare
mrgrain
added
the
pr-linter/exempt-test
mrgrain
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
|
➡️ PR build request submitted to A maintainer must now check the pipeline and add the |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
mrgrain
added
the
pr-linter/exempt-integ-test
|
Comments on closed issues and PRs are hard for our team to see. |
Reason for this change
Previously it was possible to import any subpaths from the
aws-cdkpackage ("the CLI"). This was never intended to be allowed, or supported. In practice, these subpaths imports allowed users to depend on internal CLI APIs that are not intended for public usage and do not receive the same backwards compatibility guarantees as other parts of the AWS CDK.With this change we are explicitly disallowing unsanctioned subpath imports.
We are currently in the process of making most CLI features available through a new Programmatic Toolkit library. Please see the respective RFC and let us know if you have a use case that is not currently covered by the proposed feature set.
In order to not immediately break all customers using unsanctioned subpath imports, we have identified a subset of symbols that we will keep exporting in the short-time future. You are still very strongly encouraged to move off any of these features asap. We are actively considering to emit warnings and enact brown-outs to inform users of this removal.
Description of changes
Added the new legacy exports to
aws-cdk.Also change some imports in
aws-cdkto use the lower-level path instead oflib/index.In
cli-lib-alphawe now import from the CLI package via file paths, instead of the package. This is intentional because we don't actually need or want to depended on theaws-cdkthe package ascli-lib-alphais bundling everything itself. Although we still have a dependency onaws-cdkat the moment because we need its build to run to produce some other artifacts. Soon these imports will change to../../../tmp-aws-cdk/liband import from the temporary package that holds all library code. We already do the same in the toolkit package.Describe any new or updated permissions being added
none
Description of how you validated changes
Existing tests
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license