Changes enter a validation of the template before creating a change s…

…et or updating a stack. According to AWS SDK, it will check for template syntax only (json or yml). It will throw an exception if format is incorrect. Otherwise, validation just returns a ValidateTemplateResult. (#4602) (#4606) Co-authored-by: Ariadna Rouco <ariadna.rouco@adevinta.com> (cherry picked from commit ed76ff4) Co-authored-by: Aria <ariadna.rouco@gmail.com> Co-authored-by: Ethan Rogers <ethanfrogers@users.noreply.github.com>
spinnaker · May 26, 2020 · 27a1b08 · 27a1b08
1 parent 48df175
commit 27a1b08
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java b/...com/netflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperation.java
@@ -59,6 +59,7 @@ public Map operate(List priorOutputs) {
         amazonClientProvider.getAmazonCloudFormation(
             description.getCredentials(), description.getRegion());
     String template = description.getTemplateBody();
+    validateTemplate(amazonCloudFormation, template);
     String roleARN = description.getRoleARN();
     List<Parameter> parameters =
         description.getParameters().entrySet().stream()
@@ -225,4 +226,14 @@ private String getStackId(AmazonCloudFormation amazonCloudFormation) {
                     "No CloudFormation Stack found with stack name " + description.getStackName()))
         .getStackId();
   }
+
+  private void validateTemplate(AmazonCloudFormation amazonCloudFormation, String template) {
+    try {
+      amazonCloudFormation.validateTemplate(
+          new ValidateTemplateRequest().withTemplateBody(template));
+    } catch (AmazonCloudFormationException e) {
+      log.error("Error validating cloudformation template", e);
+      throw e;
+    }
+  }
 }
diff --git a/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy b/...tflix/spinnaker/clouddriver/aws/deploy/ops/DeployCloudFormationAtomicOperationSpec.groovy
@@ -203,7 +203,6 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     "arn:aws:iam:123456789012:role/test" | "arn:aws:iam:123456789012:role/test" | false         || ChangeSetType.CREATE.toString()
   }
 
-
   @Unroll
   void "should fail when AWS fails to update stack"() {
     given:
@@ -271,4 +270,35 @@ class DeployCloudFormationAtomicOperationSpec extends Specification {
     1 * amazonCloudFormation.updateStack(_) >> { throw new AmazonCloudFormationException("No updates are to be performed") }
   }
 
+  @Unroll
+  void "should fail when invalid template"() {
+    given:
+    def amazonClientProvider = Mock(AmazonClientProvider)
+    def amazonCloudFormation = Mock(AmazonCloudFormation)
+    def op = new DeployCloudFormationAtomicOperation(
+      new DeployCloudFormationDescription(
+        [
+          stackName: "stackTest",
+          region: "eu-west-1",
+          templateBody: '{"key":"value"}',
+          roleARN: "arn:aws:iam:123456789012:role/test",
+          parameters: [ key: "value" ],
+          tags: [ key: "value" ],
+          capabilities: ["cap1", "cap2"],
+          credentials: TestCredential.named("test")
+        ]
+      )
+    )
+    op.amazonClientProvider = amazonClientProvider
+    op.objectMapper = new ObjectMapper()
+
+    when:
+    op.operate([])
+
+    then:
+    1 * amazonClientProvider.getAmazonCloudFormation(_, _) >> amazonCloudFormation
+    1 * amazonCloudFormation.validateTemplate(_) >> { throw new AmazonCloudFormationException() }
+    thrown(AmazonCloudFormationException)
+  }
+
 }