Skip to content

CFN: Validate resource last status in describe_stack_resource #13269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pinzon merged 6 commits into from
Oct 16, 2025
Merged

CFN: Validate resource last status in describe_stack_resource #13269

pinzon merged 6 commits into from
Oct 16, 2025

Conversation

@pinzon
Copy link
Member

@pinzon pinzon commented Oct 14, 2025
edited
Loading

Motivation

This PR addresses an issue where users encountered errors in the describe_stack_resource operation when the resource description was incomplete or inconsistent. The root cause was that the ChangeSetExecutor retained metadata for resources even after deletion or in the case of failed creation attempts.

While this retained state is necessary for handling nested stacks correctly, it can lead to failed responses if not properly validated before returning attempting to generate a response.

The fix adds explicit validation of the resource status before returning a response. Only resources with active states are included in the output.

Changes

  • Validate resource last status to be CREATE_COMPLETE or UPDATE_COMPLETE before returning.

Testing

  • AWS validated test for describing a resource removed after update
  • AWS validated test for describing a resource after failed creation

@pinzon pinzon added semver: patch Non-breaking changes which can be included in patch releases aws:cloudformation:v2 Issues related to the V2 CloudFormation engine docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Oct 14, 2025
@github-actions
Copy link

github-actions bot commented Oct 14, 2025
edited
Loading

Test Results - Preflight, Unit

22 337 tests  ±0   20 587 ✅ ±0   15m 16s ⏱️ -25s
     1 suites ±0    1 750 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit a8e5001. ± Comparison against base commit 48d30e0.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Oct 14, 2025
edited
Loading

LocalStack Community integration with Pro

  2 files  ±    0    2 suites  ±0   37m 30s ⏱️ - 1h 21m 28s
585 tests  - 4 232  471 ✅  - 4 009  114 💤  - 223  0 ❌ ±0 
587 runs   - 4 232  471 ✅  - 4 009  116 💤  - 223  0 ❌ ±0 

Results for commit a8e5001. ± Comparison against base commit 48d30e0.

This pull request removes 4232 tests. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Oct 14, 2025
edited
Loading

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 21s ⏱️ +2s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit a8e5001. ± Comparison against base commit 48d30e0.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Oct 14, 2025
edited
Loading

Test Results (amd64) - Integration, Bootstrap

  5 files  ±    0    5 suites  ±0   49m 32s ⏱️ - 1h 50m 9s
609 tests  - 4 582  496 ✅  - 4 198  113 💤  - 384  0 ❌ ±0 
615 runs   - 4 582  496 ✅  - 4 198  119 💤  - 384  0 ❌ ±0 

Results for commit a8e5001. ± Comparison against base commit 48d30e0.

This pull request removes 4582 tests. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Oct 14, 2025
edited
Loading

Test Results - Alternative Providers

584 tests   - 784   330 ✅  - 382   26m 30s ⏱️ - 13m 47s
  1 suites  -   4   254 💤  - 402 
  1 files    -   4     0 ❌ ±  0 

Results for commit a8e5001. ± Comparison against base commit 48d30e0.

This pull request removes 784 tests. 
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_basic_operations_multiple_protocols[json]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_basic_operations_multiple_protocols[query]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_basic_operations_multiple_protocols[smithy-rpc-v2-cbor]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_exception_serializing_with_no_shape_in_spec[json]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_exception_serializing_with_no_shape_in_spec[query]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_exception_serializing_with_no_shape_in_spec[smithy-rpc-v2-cbor]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_multi_protocol_client_fixture[json]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_multi_protocol_client_fixture[query]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudWatchMultiProtocol ‑ test_multi_protocol_client_fixture[smithy-rpc-v2-cbor]
tests.aws.services.cloudwatch.test_cloudwatch.TestCloudwatch ‑ test_alarm_lambda_target
…

♻️ This comment has been updated with latest results.

@pinzon pinzon changed the title CFN: Remove deleted resources descriptions CFN: Validate resource last status in describe_stack_resource Oct 14, 2025
@pinzon pinzon marked this pull request as ready for review October 15, 2025 13:35
simonrw
simonrw approved these changes Oct 16, 2025
View reviewed changes
Copy link
Contributor

@simonrw simonrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor suggestions and questions but nothing blocking. Thanks for tackling this!

localstack-core/localstack/services/cloudformation/v2/provider.py Outdated

try:
resource = stack.resolved_resources[logical_resource_id]
if resource.get("ResourceStatus") not in ["CREATE_COMPLETE", "UPDATE_COMPLETE"]:
Copy link
Contributor

@simonrw simonrw Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: do we need to account for ROLLBACK_COMPLETE?

Copy link
Member Author

@pinzon pinzon Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably yes. I'm adding it even if we can't test it for now.

@pinzon pinzon merged commit aa231e5 into main Oct 16, 2025
40 checks passed
@pinzon pinzon deleted the unc-37-no-physicalresourceid-in-describe_stack_resource branch October 16, 2025 19:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonrw simonrw simonrw approved these changes

@dominikschubert dominikschubert Awaiting requested review from dominikschubert dominikschubert is a code owner

Assignees

No one assigned

Labels

aws:cloudformation:v2 Issues related to the V2 CloudFormation engine docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: patch Non-breaking changes which can be included in patch releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pinzon @simonrw