feat: add "pipeline delete" command #652
Conversation
SoManyHs
requested review from
clareliguori
and removed request for
clareliguori
| if err := o.deleteSecret(); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| if err := o.deleteStack(); err != nil { | ||
| return err | ||
| } |
There was a problem hiding this comment.
Can we ignore the errors if the secret and stack are already deleted?
Maybe we can write something like log.Successf("Secret %s is already removed.", o.PipelineSecret)
There was a problem hiding this comment.
Oh, is this an error we handle like this elsewhere? I was mostly following suit of what app_delete.go does for the stack deletion. On the underlying cloudformation.DeleteStack method we already wrap some errors. Wondering if you think we should add some sugar on top of that?
For the deletion of secret, the errors returned by secretsmanager.DeleteSecret don't seem to return like, an idempotency error. Unless I'm misunderstanding what you mean when you say these things are already deleted?
There was a problem hiding this comment.
app_delete calls delete-stack API which does not return an error if stack does not exist. However describe-stacks will return ValidationError if stack does not exist. Maybe we can use delete-stack in pipeline delete as well so that we don't need to validate if pipeline already exists?
There was a problem hiding this comment.
Okay so, with the latest changes (see: 3b9bf4c) here's what's happening with the following workflow:
- Run
pipeline init- creates new secret and writes pipeline.yml - Run
pipeline update- deploys pipeline via CFN - From the AWS Console, I schedule the deletion of the secret I just made through
pipeline init. This schedules the secret for deletion in N days. - run
pipeline delete:
~/aws-reinvent-2019-trivia-backend(master)$ ecs-preview pipeline delete
? Are you sure you want to delete pipeline pipeline-backend-SoManyHs-aws-reinvent-trivia-2019-backend from project backend? Yes
? Are you sure you want to delete the source secret github-token-backend-aws-reinvent-trivia-2019-backend associated with pipeline pipeline-backend-SoManyHs-aws-reinvent-trivia-2019-backend? Yes
✔ Deleted secret github-token-backend-aws-reinvent-trivia-2019-backend.
✔ Deleted pipeline pipeline-backend-SoManyHs-aws-reinvent-trivia-2019-backend from project backend.
~/aws-reinvent-2019-trivia-backend(master)$ aws secretsmanager list-secrets --region us-east-2
{
"SecretList": [
]
}
So as far as idempotency for deleting the secret, it seems to be okay for both deleting the secret and the stack (since the stack only refers to the name of the secret, and does not actually create it so there wouldn't be any stack drift).
There was a problem hiding this comment.
app_deletecallsdelete-stackAPI which does not return an error if stack does not exist. Howeverdescribe-stackswill returnValidationErrorif stack does not exist. Maybe we can usedelete-stackin pipeline delete as well so that we don't need to validate if pipeline already exists?
I'm not seeing this in app_delete or in env_delete -- am I missing something? @iamhopaul123
There was a problem hiding this comment.
|
oh can you update the git commit to follow: https://www.conventionalcommits.org/en/v1.0.0/ feat: add "pipeline delete" command |
|
|
||
| func (cf CloudFormation) DeletePipeline(stackName string) error { | ||
| // Check if the stack exists | ||
| out, err := cf.describeStack(&cloudformation.DescribeStacksInput{ |
There was a problem hiding this comment.
Same idempotency caveat here. If CFN stack has been deleted.
There was a problem hiding this comment.
I think what @iamhopaul123 means is that we can actually remove the describeStack call and call directly cf.delete(stackName) which handles ignoring the stackDoesNotExist error
|
Oh. Would we want to delete the pipeline manifest if we delete the pipeline? It doesn't look like we delete the app manifest when we call |
We delete them in |
SoManyHs
force-pushed
the
pipeline-delete
branch
2 times, most recently
from
3194e26 to
705e5ca
Compare
|
Noting here for my own bookkeeping: We should try to handle this gracefully. Also, might want to test this if the pipeline is deleted from the CodePipeline (rather than the CFN) console manually. |
| return []*secretsmanager.Tag{ | ||
| { | ||
| Key: aws.String("ecs-project"), | ||
| Value: aws.String(timestamp), |
There was a problem hiding this comment.
Should this be the project name instead?
|
|
||
| func (cf CloudFormation) DeletePipeline(stackName string) error { | ||
| // Check if the stack exists | ||
| out, err := cf.describeStack(&cloudformation.DescribeStacksInput{ |
There was a problem hiding this comment.
I think what @iamhopaul123 means is that we can actually remove the describeStack call and call directly cf.delete(stackName) which handles ignoring the stackDoesNotExist error
Closes aws#630
This was leftover from a refactor in which we moved much of the PreRunE logic into the constructor for the opts. This approach allows for ease and consistency of testing. NOTE: See 16d3bb1 -- previously, calling the constructors outside of RunE made it harder to catch errors returned by the constructor itself. This allows the errors to be caught will still getting values from the command's flags..
Neither field will be passed in as flags, so they can be moved out of deletePipelineVars.
Since we always assume the pipeline for a workspace will be named "pipeline.yml", we are not passing this field in as a flag.
pending changes in aws#657
SoManyHs
force-pushed
the
pipeline-delete
branch
from
705e5ca to
c00e021
Compare
SoManyHs
force-pushed
the
pipeline-delete
branch
2 times, most recently
from
5c01605 to
34dc68b
Compare
|
|
When running The message isn't quite right, but can fix in a future PR. |
SoManyHs
force-pushed
the
pipeline-delete
branch
from
34dc68b to
def193d
Compare
Closes #630
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.