Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stack Creation fails when dependent stack has protection #564

Open
sopeters opened this issue Dec 19, 2018 · 8 comments
Open

Stack Creation fails when dependent stack has protection #564

sopeters opened this issue Dec 19, 2018 · 8 comments

Comments

@sopeters
Copy link

When I launch or create a stack that has a dependency on another stack output (via !stack_output resolver) on a stack that has protect: true I get the error:

Cannot perform action on '': Stack protection is currently enabled

How can I launch a stack with a reference to another protected stack?
@zaro0508
Copy link
Contributor

zaro0508 commented Feb 6, 2019

This use case is not supported with sceptre core. It will probably require a custom hook. I would image that you can enumerate all the dependent stacks in the hook then turn off protection in a before_create or before_update hook call. Once the stack is deployed you can turn protection back on in after_create or after_update hook call.

hooks:
  before_create:
    - !stack_termination_protection 'disabled' 
  before_update:
    - !stack_termination_protection 'disabled' 
  after_create:
    - !stack_termination_protection 'enabled' 
  after_update:
    - !stack_termination_protection 'enabled'

Take a look at https://github.com/zaro0508/sceptre-stack-termination-protection-hook to get started. That hook currently only enables/disables protection on the current stack but it can probably be modified to do the same thing on a list of dependent stacks.

@sopeters
Copy link
Author

sopeters commented Feb 6, 2019 via email

@sopeters
Copy link
Author

sopeters commented Feb 7, 2019

Hi @zaro0508 - The hook deals with StackProtection in AWS.

I'm referencing to sceptre/sceptre/plan/actions.py -> def _protect_execution(self) which checks the config parameter "protect: true" and prevents create, update and launch.

Any dependent stacks that reference any output will fail to execute (I believe already when building the plan).

@jmourelos
Copy link

Hi @sopeters - I was thinking on the possibility of adding a --skip-protected flag. The idea is that it would remove from the execution plan those stacks with "protect: True". Would it be useful for your use case? Our case is that we want to delete and recreate most of our stacks on a daily basis, but not the protected ones.

@sopeters
Copy link
Author

sopeters commented May 3, 2019 via email

@ngfgrant
Copy link
Contributor

ngfgrant commented May 4, 2019

A —skip-protected would be a welcome addition!

@ngfgrant
Copy link
Contributor

ngfgrant commented Jun 6, 2019

I just update the update action by adding a simple try/except. Doing something similar in launch might solve this by allowing the exception to be handled more gracefully and continue with execution ... just noting this down quickly before I forget!

@jmourelos
Copy link

@ngfgrant I had added the flag (with name --ignore-protected-stacks) as we had mentioned originally to a personal branch currently used by my team.

It is working well for us, but I must say that a simple try/catch seems like an easier solution.

@ngfgrant ngfgrant mentioned this issue Apr 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zaro0508 @jmourelos @ngfgrant @sopeters