localstack
diff --git a/‎localstack-core/localstack/services/cdk/resource_providers/cdk_metadata.py‎
Lines changed: 2 additions & 1 deletion b/‎localstack-core/localstack/services/cdk/resource_providers/cdk_metadata.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model.py‎
Lines changed: 1 addition & 1 deletion b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_preproc.py‎
Lines changed: 30 additions & 13 deletions b/‎localstack-core/localstack/services/cloudformation/engine/v2/change_set_model_preproc.py‎
Lines changed: 30 additions & 13 deletions
diff --git a/‎localstack-core/localstack/services/cloudformation/v2/provider.py‎
Lines changed: 11 additions & 4 deletions b/‎localstack-core/localstack/services/cloudformation/v2/provider.py‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎localstack-core/localstack/testing/pytest/fixtures.py‎
Lines changed: 11 additions & 8 deletions b/‎localstack-core/localstack/testing/pytest/fixtures.py‎
Lines changed: 11 additions & 8 deletions
diff --git a/‎tests/aws/services/cloudformation/resources/test_cdk.py‎
Lines changed: 122 additions & 27 deletions b/‎tests/aws/services/cloudformation/resources/test_cdk.py‎
Lines changed: 122 additions & 27 deletions
@@ -83,8 +83,9 @@ def update(
 
         """
         model = request.desired_state
+        result_model = {**model, "Id": request.previous_state["Id"]}
 
         return ProgressEvent(
             status=OperationStatus.SUCCESS,
-            resource_model=model,
+            resource_model=result_model,
         )
@@ -728,7 +728,7 @@ def _resolve_intrinsic_function_fn_if(self, arguments: ChangeSetEntity) -> Chang
         )
         if not isinstance(node_condition, NodeCondition):
             raise RuntimeError()
-        change_type = parent_change_type_of([node_condition, *arguments[1:]])
+        change_type = parent_change_type_of([node_condition, *arguments.array[1:]])
         return change_type
 
     def _resolve_requires_replacement(
 
@@ -564,21 +564,38 @@ def _compute_fn_equals(args: list[Any]) -> bool:
     def visit_node_intrinsic_function_fn_if(
         self, node_intrinsic_function: NodeIntrinsicFunction
     ) -> PreprocEntityDelta:
-        def _compute_delta_for_if_statement(args: list[Any]) -> PreprocEntityDelta:
-            condition_name = args[0]
-            boolean_expression_delta = self._resolve_condition(logical_id=condition_name)
-            return PreprocEntityDelta(
-                before=args[1] if boolean_expression_delta.before else args[2],
-                after=args[1] if boolean_expression_delta.after else args[2],
+        # `if` needs to be short-circuiting i.e. if the condition is True we don't evaluate the
+        # False branch. If the condition is False, we don't evaluate the True branch.
+        if len(node_intrinsic_function.arguments.array) != 3:
+            raise ValueError(
+                f"Incorrectly constructed Fn::If usage, expected 3 arguments, found {len(node_intrinsic_function.arguments.array)}"
             )
 
-        arguments_delta = self.visit(node_intrinsic_function.arguments)
-        delta = self._cached_apply(
-            scope=node_intrinsic_function.scope,
-            arguments_delta=arguments_delta,
-            resolver=_compute_delta_for_if_statement,
-        )
-        return delta
+        condition_delta = self.visit(node_intrinsic_function.arguments.array[0])
+        if_delta = PreprocEntityDelta()
+        if not is_nothing(condition_delta.before):
+            node_condition = self._get_node_condition_if_exists(
+                condition_name=condition_delta.before
+            )
+            condition_value = self.visit(node_condition).before
+            if condition_value:
+                arg_delta = self.visit(node_intrinsic_function.arguments.array[1])
+            else:
+                arg_delta = self.visit(node_intrinsic_function.arguments.array[2])
+            if_delta.before = arg_delta.before
+
+        if not is_nothing(condition_delta.after):
+            node_condition = self._get_node_condition_if_exists(
+                condition_name=condition_delta.after
+            )
+            condition_value = self.visit(node_condition).after
+            if condition_value:
+                arg_delta = self.visit(node_intrinsic_function.arguments.array[1])
+            else:
+                arg_delta = self.visit(node_intrinsic_function.arguments.array[2])
+            if_delta.after = arg_delta.after
+
+        return if_delta
 
     def visit_node_intrinsic_function_fn_and(
         self, node_intrinsic_function: NodeIntrinsicFunction
 
@@ -425,10 +425,17 @@ def create_change_set(
         #  is needed for the update graph building, or only looked up in downstream tasks (metadata).
         request_parameters = request.get("Parameters", list())
         # TODO: handle parameter defaults and resolution
-        after_parameters: dict[str, Any] = {
-            parameter["ParameterKey"]: parameter["ParameterValue"]
-            for parameter in request_parameters
-        }
+        after_parameters = {}
+        for parameter in request_parameters:
+            key = parameter["ParameterKey"]
+            if parameter.get("UsePreviousValue", False):
+                # todo: what if the parameter does not exist in the before parameters
+                after_parameters[key] = before_parameters[key]
+                continue
+
+            if "ParameterValue" in parameter:
+                after_parameters[key] = parameter["ParameterValue"]
+                continue
 
         # TODO: update this logic to always pass the clean template object if one exists. The
         #  current issue with relaying on stack.template_original is that this appears to have
 
@@ -21,6 +21,7 @@
 from werkzeug import Request, Response
 
 from localstack import config
+from localstack.aws.api.cloudformation import CreateChangeSetInput, Parameter
 from localstack.aws.api.ec2 import CreateSecurityGroupRequest, CreateVpcEndpointRequest, VpcEndpoint
 from localstack.aws.connect import ServiceLevelClientFactory
 from localstack.services.stores import (
@@ -1095,6 +1096,7 @@ def _deploy(
         max_wait: Optional[int] = None,
         delay_between_polls: Optional[int] = 2,
         custom_aws_client: Optional[ServiceLevelClientFactory] = None,
+        raw_parameters: Optional[list[Parameter]] = None,
     ) -> DeployResult:
         if is_update:
             assert stack_name
@@ -1110,20 +1112,21 @@ def _deploy(
                 raise RuntimeError(f"Could not find file {os.path.realpath(template_path)}")
         template_rendered = render_template(template, **(template_mapping or {}))
 
-        kwargs = dict(
+        kwargs = CreateChangeSetInput(
             StackName=stack_name,
             ChangeSetName=change_set_name,
             TemplateBody=template_rendered,
             Capabilities=["CAPABILITY_AUTO_EXPAND", "CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"],
             ChangeSetType=("UPDATE" if is_update else "CREATE"),
-            Parameters=[
-                {
-                    "ParameterKey": k,
-                    "ParameterValue": v,
-                }
-                for (k, v) in (parameters or {}).items()
-            ],
         )
+        kwargs["Parameters"] = []
+        if parameters:
+            kwargs["Parameters"] = [
+                Parameter(ParameterKey=k, ParameterValue=v) for (k, v) in parameters.items()
+            ]
+        elif raw_parameters:
+            kwargs["Parameters"] = raw_parameters
+
         if role_arn is not None:
             kwargs["RoleARN"] = role_arn
 
 
@@ -1,24 +1,44 @@
 import os
+from collections.abc import Callable
 
 import pytest
 from localstack_snapshot.snapshots.transformer import SortingTransformer
-from tests.aws.services.cloudformation.conftest import skip_if_v2_provider
+from tests.aws.services.cloudformation.conftest import skip_if_v1_provider
 
+from localstack.aws.api.cloudformation import Parameter
 from localstack.testing.pytest import markers
 from localstack.utils.files import load_file
 from localstack.utils.strings import short_uid
 
 
 class TestCdkInit:
-    @pytest.mark.parametrize("bootstrap_version", ["10", "11", "12"])
+    @pytest.mark.parametrize(
+        "bootstrap_version,parameters",
+        [
+            ("10", {"FileAssetsBucketName": f"cdk-bootstrap-{short_uid()}"}),
+            ("11", {"FileAssetsBucketName": f"cdk-bootstrap-{short_uid()}"}),
+            ("12", {"FileAssetsBucketName": f"cdk-bootstrap-{short_uid()}"}),
+            (
+                "28",
+                {
+                    "CloudFormationExecutionPolicies": "",
+                    "FileAssetsBucketKmsKeyId": "AWS_MANAGED_KEY",
+                    "PublicAccessBlockConfiguration": "true",
+                    "TrustedAccounts": "",
+                    "TrustedAccountsForLookup": "",
+                },
+            ),
+        ],
+        ids=["10", "11", "12", "28"],
+    )
     @markers.aws.validated
-    def test_cdk_bootstrap(self, deploy_cfn_template, bootstrap_version, aws_client):
+    def test_cdk_bootstrap(self, deploy_cfn_template, aws_client, bootstrap_version, parameters):
         deploy_cfn_template(
             template_path=os.path.join(
                 os.path.dirname(__file__),
                 f"../../../templates/cdk_bootstrap_v{bootstrap_version}.yaml",
             ),
-            parameters={"FileAssetsBucketName": f"cdk-bootstrap-{short_uid()}"},
+            parameters=parameters,
         )
         init_stack_result = deploy_cfn_template(
             template_path=os.path.join(
@@ -32,61 +52,136 @@ def test_cdk_bootstrap(self, deploy_cfn_template, bootstrap_version, aws_client)
         assert len(stack_res["StackResources"]) == 1
         assert stack_res["StackResources"][0]["LogicalResourceId"] == "CDKMetadata"
 
-    @skip_if_v2_provider(reason="CFNV2:Provider")
     @markers.aws.validated
-    def test_cdk_bootstrap_redeploy(self, aws_client, cleanup_stacks, cleanup_changesets, cleanups):
+    @pytest.mark.parametrize(
+        "template,parameters_fn",
+        [
+            pytest.param(
+                "cdk_bootstrap.yml",
+                lambda qualifier: [
+                    {
+                        "ParameterKey": "BootstrapVariant",
+                        "ParameterValue": "AWS CDK: Default Resources",
+                    },
+                    {"ParameterKey": "TrustedAccounts", "ParameterValue": ""},
+                    {"ParameterKey": "TrustedAccountsForLookup", "ParameterValue": ""},
+                    {"ParameterKey": "CloudFormationExecutionPolicies", "ParameterValue": ""},
+                    {
+                        "ParameterKey": "FileAssetsBucketKmsKeyId",
+                        "ParameterValue": "AWS_MANAGED_KEY",
+                    },
+                    {
+                        "ParameterKey": "PublicAccessBlockConfiguration",
+                        "ParameterValue": "true",
+                    },
+                    {"ParameterKey": "Qualifier", "ParameterValue": qualifier},
+                    {
+                        "ParameterKey": "UseExamplePermissionsBoundary",
+                        "ParameterValue": "false",
+                    },
+                ],
+                id="v20",
+            ),
+            pytest.param(
+                "cdk_bootstrap_v28.yaml",
+                lambda qualifier: [
+                    {"ParameterKey": "CloudFormationExecutionPolicies", "ParameterValue": ""},
+                    {
+                        "ParameterKey": "FileAssetsBucketKmsKeyId",
+                        "ParameterValue": "AWS_MANAGED_KEY",
+                    },
+                    {
+                        "ParameterKey": "PublicAccessBlockConfiguration",
+                        "ParameterValue": "true",
+                    },
+                    {"ParameterKey": "Qualifier", "ParameterValue": qualifier},
+                    {"ParameterKey": "TrustedAccounts", "ParameterValue": ""},
+                    {"ParameterKey": "TrustedAccountsForLookup", "ParameterValue": ""},
+                ],
+                id="v28",
+            ),
+        ],
+    )
+    @markers.snapshot.skip_snapshot_verify(
+        paths=[
+            # CFNV2:Provider
+            "$..Description",
+            # Wrong format, they are our internal parameter format
+            "$..Parameters",
+            # from the list of changes
+            "$..Changes..Details",
+            "$..Changes..LogicalResourceId",
+            "$..Changes..ResourceType",
+            "$..Changes..Scope",
+            # provider
+            "$..IncludeNestedStacks",
+            "$..NotificationARNs",
+            # CFNV2:Describe not supported yet
+            "$..Outputs..ExportName",
+            # mismatch between amazonaws.com and localhost.localstack.cloud
+            "$..Outputs..OutputValue",
+        ]
+    )
+    @skip_if_v1_provider(reason="Changes array not in parity")
+    def test_cdk_bootstrap_redeploy(
+        self,
+        aws_client,
+        cleanup_stacks,
+        cleanup_changesets,
+        cleanups,
+        snapshot,
+        template,
+        parameters_fn: Callable[[str], list[Parameter]],
+    ):
         """Test that simulates a sequence of commands executed by CDK when running 'cdk bootstrap' twice"""
+        snapshot.add_transformer(snapshot.transform.cloudformation_api())
+        snapshot.add_transformer(SortingTransformer("Parameters", lambda p: p["ParameterKey"]))
+        snapshot.add_transformer(SortingTransformer("Outputs", lambda p: p["OutputKey"]))
 
         stack_name = f"CDKToolkit-{short_uid()}"
         change_set_name = f"cdk-deploy-change-set-{short_uid()}"
+        qualifier = short_uid()
+        snapshot.add_transformer(snapshot.transform.regex(qualifier, "<qualifier>"))
 
         def clean_resources():
             cleanup_stacks([stack_name])
             cleanup_changesets([change_set_name])
 
         cleanups.append(clean_resources)
 
-        template_body = load_file(
-            os.path.join(os.path.dirname(__file__), "../../../templates/cdk_bootstrap.yml")
+        template_path = os.path.realpath(
+            os.path.join(os.path.dirname(__file__), f"../../../templates/{template}")
         )
+        template_body = load_file(template_path)
+        if template_body is None:
+            raise RuntimeError(f"Template {template_path} not loaded")
+
         aws_client.cloudformation.create_change_set(
             StackName=stack_name,
             ChangeSetName=change_set_name,
             TemplateBody=template_body,
             ChangeSetType="CREATE",
             Capabilities=["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"],
             Description="CDK Changeset for execution 731ed7da-8b2d-49c6-bca3-4698b6875954",
-            Parameters=[
-                {
-                    "ParameterKey": "BootstrapVariant",
-                    "ParameterValue": "AWS CDK: Default Resources",
-                },
-                {"ParameterKey": "TrustedAccounts", "ParameterValue": ""},
-                {"ParameterKey": "TrustedAccountsForLookup", "ParameterValue": ""},
-                {"ParameterKey": "CloudFormationExecutionPolicies", "ParameterValue": ""},
-                {"ParameterKey": "FileAssetsBucketKmsKeyId", "ParameterValue": "AWS_MANAGED_KEY"},
-                {"ParameterKey": "PublicAccessBlockConfiguration", "ParameterValue": "true"},
-                {"ParameterKey": "Qualifier", "ParameterValue": "hnb659fds"},
-                {"ParameterKey": "UseExamplePermissionsBoundary", "ParameterValue": "false"},
-            ],
+            Parameters=parameters_fn(qualifier),
         )
-        aws_client.cloudformation.describe_change_set(
+        aws_client.cloudformation.get_waiter("change_set_create_complete").wait(
             StackName=stack_name, ChangeSetName=change_set_name
         )
-
-        aws_client.cloudformation.get_waiter("change_set_create_complete").wait(
+        describe_change_set = aws_client.cloudformation.describe_change_set(
             StackName=stack_name, ChangeSetName=change_set_name
         )
+        snapshot.match("describe-change-set", describe_change_set)
 
         aws_client.cloudformation.execute_change_set(
             StackName=stack_name, ChangeSetName=change_set_name
         )
 
         aws_client.cloudformation.get_waiter("stack_create_complete").wait(StackName=stack_name)
-        aws_client.cloudformation.describe_stacks(StackName=stack_name)
+        stacks = aws_client.cloudformation.describe_stacks(StackName=stack_name)["Stacks"][0]
+        snapshot.match("describe-stacks", stacks)
 
-        # When CDK toolstrap command is executed again it just confirms that the template is the same
-        aws_client.sts.get_caller_identity()
+        # When CDK bootstrap command is executed again it just confirms that the template is the same
         aws_client.cloudformation.get_template(StackName=stack_name, TemplateStage="Original")
 
         # TODO: create scenario where the template is different to catch cdk behavior
Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,9 @@ def update(`
`83`	`83`
`84`	`84`	`"""`
`85`	`85`	`model = request.desired_state`
	`86`	`+ result_model = {**model, "Id": request.previous_state["Id"]}`
`86`	`87`
`87`	`88`	`return ProgressEvent(`
`88`	`89`	`status=OperationStatus.SUCCESS,`
`89`		`- resource_model=model,`
	`90`	`+ resource_model=result_model,`
`90`	`91`	`)`
Original file line number	Diff line number	Diff line change
`@@ -728,7 +728,7 @@ def _resolve_intrinsic_function_fn_if(self, arguments: ChangeSetEntity) -> Chang`
`728`	`728`	`)`
`729`	`729`	`if not isinstance(node_condition, NodeCondition):`
`730`	`730`	`raise RuntimeError()`
`731`		`- change_type = parent_change_type_of([node_condition, *arguments[1:]])`
	`731`	`+ change_type = parent_change_type_of([node_condition, *arguments.array[1:]])`
`732`	`732`	`return change_type`
`733`	`733`
`734`	`734`	`def _resolve_requires_replacement(`