fix(cli): gen2-migration lock --rollback reports false drift#14862
Open
fix(cli): gen2-migration lock --rollback reports false drift#14862
gen2-migration lock --rollback reports false drift#14862Conversation
…integrity checks Template drift detection was reporting false positives during lock --rollback, blocking the rollback from completing. Replace it with per-resource stack integrity validation that checks whether expected resources still exist in the deployed stacks. Also renames config keys from lock/refactor to lockForward/refactorForward to distinguish forward and rollback directions, adds rollback steps to the e2e migration flow, and extends cfn-output-resolver to fall back to physical resource ID when resolving Ref. --- Prompt: commit my changes. no tests. just commit.
Restore the original curated resource type list for DeletionPolicy instead of applying Retain to all non-stack resources. Update lock rollback tests and post-refactor snapshots accordingly. --- Prompt: made more changes. commit.
iliapolo
changed the title
gen2-migration lock --rollback reports false drift
…pping The gen2 userAttributes property only maps to required attributes. Optional attributes were incorrectly included, causing mismatches with the gen2 auth construct type definition. Also inlines the placeholder app name in cleanup-codebuild-resources to remove the import dependency on amplify-e2e-core. --- Prompt: commit my changes. no tests. no build. just commit.
iliapolo
commented
May 7, 2026
|
|
||
| expect(typeof board.id).toBe('string'); | ||
| expect(board.id.length).toBeGreaterThan(0); | ||
| expect(board.name).toMatch(new RegExp(`^[🌅☀️🌙] ${name} \\(new!\\)$`)); |
Contributor
Author
There was a problem hiding this comment.
This was just wrong and was failing the test - this query doesn't return these emojies.
iliapolo
commented
May 7, 2026
| const found = items.find((b: any) => b.id === created.id); | ||
| expect(found).toBeDefined(); | ||
| expect(found.name).toBe(`📌 ${name}`); | ||
| expect(found.name).toBe(`(new!) ${name}`); |
Contributor
Author
There was a problem hiding this comment.
Because I changed the custom resolver to return a new string instead of an emoji.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of changes
The
lock --rollbackcommand was failing because template drift detection reported false positives. For example, theRoleNameproperty of anAWS::Cognito::UserPoolGroupresource changes during refactor, switching from the Gen1 role to the Gen2 role. Running drift detection after a successful rollback of refactor would still report this drift, even though it is expected and harmless.This PR replaces the drift-based validation with a simpler, more reliable approach: per-resource stack integrity checks that verify expected resources still exist in the deployed stacks. If resources are missing, it means
refactor --rollbackwasn't run first. Here is an example of a failed validation report iflock --rollbackis executed beforerefactor --rollback:E2E rollback flow
Extended the e2e migration flow to exercise the full round-trip: after the forward migration completes and gen2 tests pass, the flow now runs
refactor --rollback→lock --rollback→push→ gen1 tests. This validates that rollback actually works end-to-end.userAttributesindefineAuthIn #14841, we started rendering attributes returned from the SDK description of the user pool schema. This turned out to be wrong because the response contains all possible attributes, not only the ones that were actually configured. This means that post-refactor the user pool is trying to undergo an illegal update and fails.
This PR reverts the logic back to only render required attributes, which is what
userAttributesseems to be dedicated for and is the Gen1 user actually set.Issue #, if available
N/A
Description of how you validated changes
lock.test.tsreduced from 26 to 11 focused tests)yarn cloud-e2eChecklist
yarn testpasses