I'm submitting a ...
- [X] :beetle: bug report
- [ ] :rocket: feature request
- [ ] :books: construct library gap
- [ ] :phone: security issue or vulnerability => Please see policy
- [ ] :question: support request => Please see note at the top of this template.
What is the current behavior?
On MacOS (Mojave) thecdk diffcommand only prints the 'IAM Statement Changes' section while there are several more changes (IAM policy changes and a lot of different changed resources). On two Linux machines (one running Ubuntu, one running Amazonlinux 2) with the same NodeJS version thecdk diffcommand on the same stack shows all the differences.What is the expected behavior (or behavior of feature suggested)?
Thecdk diffon MacOS should show the full set of changes just like it does on Linux.What is the motivation / use case for changing the behavior or adding this feature?
As a developer using the CDK, I want to see all changes that the deployment would cause so that I don't find a "bad surprise" after the deployment.Please tell us about your environment:
- CDK CLI Version: 0.35.0
- Module Version: 0.35.0
- OS: OSX Mojave
- Language: TypeScript
- NodeJS Version: v10.15.3
Other information
- Usually, I am using zsh on my Macbook, but I also tried it with bash and sh - same result.
- Edit: I played around with a few more combinations of diffs: in a
cdk diffwithout any 'IAM Statement Changes', I can at least see an incomplete list of resource changes in the list of differences. So there might be a connection.
Obirah
All 6 comments
Hi Thomas, thanks so much for reaching out.
It would be super helpful if we could get a gist of your terminal, so we can better analyze what is going on.
NGL321
on 26 Jun 2019
I don't know if this is related, but if I manually add a tag to a deployed resource then do a cdk diff it shows no differences.
$ npx cdk diff
Stack FTPVPCStack
There were no differences
I'm on MacOS too, with similar version 0.36.0 (build 6d38487).
lqueryvg
on 1 Jul 2019
Hey guys, another update from my side: this issue is not a CDK problem. During my initial analysis, I totally overlooked the obvious: I'm calling the CDK via shelljs from a NodeJS CLI tool that we use in our team to deploy OpenShift clusters via CDK.
Unfortunately shelljs is "swallowing" parts of the output, therefore CDK is not the culprit. If call the cdk diff directly from my terminal it shows the difference correctly.
Sorry for the inconvenience!
Obirah
on 1 Jul 2019
@Obirah thank you for getting back to us after finding the issue!
There is no inconvenience, we just appreciate you reaching out and letting us know about a potential problem.
Please don't hesitate to post again in the future if you find anything else!
NGL321
on 1 Jul 2019
@lqueryvg, have you tried running diff in a raw shell to see if it has a different output? If not, and your problem has persisted, its probably worth its own issue for us to look into!
NGL321
on 1 Jul 2019
@NGL321, thanks for responding, but I think this is my misunderstanding.
I've seen "hype" on the internet saying that cdk diff is equivalent to terraform plan.
I don't think that's true.
terraform plan compares the desired state (your code) against deployed resources.
Whereas cdk diff compares the desired state against the stack. It doesn't look at the deployed resources until you deploy, and it will only do that if it sees that your code has changed. You only find out about discrepancies between the stack and deployed resources at deployment time, so there's always room for a little "surprise", here or there 馃槈 馃槷
Bottom line, it's not the same at all really.
lqueryvg
on 1 Jul 2019
Related issues
vgribok
路
3Comments
ababra
路
3Comments
slipdexic
路
3Comments
sudoforge
路
3Comments
eladb
路
3Comments
Most helpful comment
@NGL321, thanks for responding, but I think this is my misunderstanding.
I've seen "hype" on the internet saying that
cdk diffis equivalent toterraform plan.I don't think that's true.
terraform plancompares the desired state (your code) against deployed resources.Whereas
cdk diffcompares the desired state against the stack. It doesn't look at the deployed resources until you deploy, and it will only do that if it sees that your code has changed. You only find out about discrepancies between the stack and deployed resources at deployment time, so there's always room for a little "surprise", here or there 馃槈 馃槷Bottom line, it's not the same at all really.