Skip to content

v1.222.0-rc.7

Pre-release
Pre-release

Choose a tag to compare

View all tags
@cloudposse-releaser cloudposse-releaser released this 23 Jun 01:22
· 2 commits to main since this release
v1.222.0-rc.7
e56077c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🚀 Enhancements

fix(stacks): scope and cache per-component auth in describe stacks Brian Ojeda (@sgtoj) (#2652) ## what
  • Move the stack and component filters above resolveComponentAuthManager in processComponentEntry so only in-scope components authenticate (auth still precedes BuildTerraformWorkspace, template, and YAML-function processing).
  • Add a pass-scoped auth cache keyed by the parent chain + a deterministic JSON fingerprint of the component auth section, so components that share an auth section reuse one authenticated manager.
  • Regression tests: out-of-scope skip + cache reuse.

why

Any auth-enabled ExecuteDescribeStacks caller — atmos describe stacks, atmos list values/instances, atmos terraform --all/--query — resolves per-component auth before the stack/component filters and never reuses it. On a multi-stack repo where components declare their own default: true identity, atmos describe stacks -s <stack> authenticates components in other stacks before discarding them, and re-authenticates each same-identity component from scratch — so the command effectively hangs.

Per-component auth exists only to populate info.AuthContext for that component's later template (atmos.Component(...)) and YAML-function (!terraform.state, !terraform.output) processing, which is skipped for filtered-out components — so authenticating them is wasted work.

#2646 fixed atmos secret list by disabling per-component auth for that command; it did not touch the shared processor, so every other caller still hits this.

Measured with the identical command atmos describe stacks -s <stack> --logs-level Debug under a 45s budget, only the atmos binary varying:

binary result
latest release (v1.221.1) did not complete within 45s (authenticating mostly out-of-scope stacks)
current main (aa68d85be) did not complete within 45s
this PR completed in ~18s

With the fix, in-scope processor-path authentications drop to 2 and out-of-scope ones to zero (the ~42 remaining auths are legitimate nested !terraform.output / atmos.Component reads).

references

  • Related to #2639; supersedes #2642 and #2644.
  • Fix write-up: docs/fixes/2026-06-22-describe-stacks-scope-and-cache-per-component-auth.md

Summary by CodeRabbit

Release Notes

  • Bug Fixes

    • Fixed unnecessary authentication of out-of-scope components in describe stacks operations with stack/component filters
    • Added caching to eliminate redundant authentication cycles for components with identical auth configurations

  • Documentation

    • Added documentation explaining describe-stacks authentication scoping and caching behavior

Contributors

sgtoj
Assets 14
Loading