aws/copilot-cli

Better validation for protected environment variable names

Open

#2,025 opened on Mar 7, 2021

View on GitHub
 (0 comments) (0 reactions) (0 assignees)Go (3,737 stars) (441 forks)auto 404
good first issue

Description

I create a copilot job which defined COPILOT_APPLICATION_NAME as an environment variable. The infrastructure creation process failed with a rather obscure error message because that environment variable is injected automatically by copilot. Better validation of the manifest file would be more DX friendly.

acarlton@ubuntu:~/project$ aws-vault exec -n [account] -- copilot job deploy --name review-app-cleanup --env dev
Environment dev is already on the latest version v1.1.0, skip upgrade.
✔ Proposing infrastructure changes for stack [application]-dev-review-app-cleanup
- Creating the infrastructure for stack [application]-dev-review-app-cleanup           [rollback complete]  [211.2s]
  The following resource(s) failed to create: [TaskDefinition]. Rollback                                  
   requested by user.                                                                                     
  - An IAM Role for the Fargate agent to make AWS API calls on your behalf           [delete complete]    [0.0s]
  - A CloudWatch log group to hold your service logs                                 [delete complete]    [8.4s]
  - A CloudWatch event rule to trigger the job's state machine                       [not started]         
  - A state machine to invoke your job and handle retry and timeout logic            [not started]         
  - An ECS task definition to group your containers and run them on ECS              [delete complete]    [0.0s]
    Model validation failed (#/ContainerDefinitions/0/Environment: array i                                
    tems are not unique)                                                                                  
  - An IAM role to control permissions for the containers in your tasks              [delete complete]    [0.0s]
✘ deploy job: stack [application]-dev-review-app-cleanup did not complete successfully and exited with status ROLLBACK_COMPLETE

Contributor guide

Tech stack
go
Domain
clideveloper experience
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
Git
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
70
Research direction
Investigate the manifest validation code to identify where environment variables are processed. Add validation to reject protected names like `COPILOT APPLICATION NAME` that are automatically injected, and provide a clear error message.