Skip to content

feat(cli): cdk validate --online#1539

Open
kaizencc wants to merge 8 commits into
conroyka/cli-validatefrom
conroyka/cli-validate-online
Open

feat(cli): cdk validate --online#1539
kaizencc wants to merge 8 commits into
conroyka/cli-validatefrom
conroyka/cli-validate-online

Conversation

@kaizencc
Copy link
Copy Markdown
Contributor

@kaizencc kaizencc commented May 21, 2026
edited
Loading

Summary

Screenshot 2026-05-21 at 7 56 05 PM

Adds cdk validate --online which submits synthesized CloudFormation templates for early validation via non-executing change sets. This catches errors that offline policy plugins can't — invalid resource types, property validation failures, name conflicts, etc.

  • Adds online option to ValidateOptions (defaults to true)
  • Refactors waitForChangeSet into waitForChangeSetReport (non-throwing) + wrapper, extracting shared prepareChangeSetEnv helper to deduplicate with the diff change set path
  • Adds createValidationChangeSet() — creates a non-executing change set per stack, collects early validation errors via the diagnoser, reports them as a synthetic "CloudFormation" plugin, always cleans up
  • Extends validate() to merge offline (policy report) + online (CFN) results
  • Wires --online / --no-online flag through CLI (cli-config.ts, cli.ts)
  • Unit tests for the online path (mocked createValidationChangeSet)
  • Integration tests with a fixture app using AWS::Fake::DoesNotExist to trigger CFN rejection

Depends on

Test plan

  • Unit tests: offline path (12 tests), online path (4 tests), validate-formatting (9 tests)
  • Integration tests: cdk validate --online catches invalid resource type, passes valid template, --no-online skips CFN validation
  • Manual: cd packages/@aws-cdk-testing/cli-integ/resources/cdk-apps/validate-online-app && STACK_NAME_PREFIX=test node ../../../../../aws-cdk/bin/cdk --app "node app.js" --unstable=validate validate --online

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions Bot added the p2 label May 21, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 21, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@aws-cdk-automation aws-cdk-automation requested a review from a team May 21, 2026 01:15
@kaizencc kaizencc changed the title feat(toolkit-lib): cdk validate --online feat(cli): cdk validate --online May 21, 2026
kaizencc and others added 8 commits May 22, 2026 15:14
@kaizencc
feat(toolkit): implement cdk validate --online via CloudFormation ear…
39599a7 
…ly validation

Refactor waitForChangeSet into waitForChangeSetReport (returns diagnosis
without throwing) + waitForChangeSet wrapper (throws, preserving existing
behavior for deploy/diff).

Add createValidationChangeSet() which creates a non-executing change set,
collects early validation errors via the existing diagnoser infrastructure,
and always cleans up afterwards.

Extend validate() to optionally run online validation after reading the
offline report, merging CloudFormation early validation errors into the
combined result as a synthetic "CloudFormation" plugin report using proper
schema types (PluginReportJson, ViolatingConstructJson).
@kaizencc
test(toolkit): add integ tests for cdk validate --online
118935a 
Tests cover:
- Invalid resource type (AWS::Fake::DoesNotExist) is caught by CFN
- Valid template passes online validation
- --no-online flag skips CloudFormation validation
@kaizencc
refactor(toolkit): deduplicate cfn-api change set prep, add online un…
371cbee 
…it tests

Extract prepareChangeSetEnv() to share env setup between diff and
validate change set creation. Restore JSDoc on waitForChangeSet.

Add unit tests for the online validation path:
- Reports CFN errors as a CloudFormation plugin report
- Passes when CFN finds no problems
- Merges offline + online results
- Gracefully handles errors (warns instead of throwing)
@kaizencc
fix(toolkit): wire --online flag in parser, report CFN errors as viol…
5589744 
…ations

- Add --online option to parse-command-line-arguments.ts so yargs
  recognizes it instead of warning "Unknown option"
- Report CloudFormation errors (like template format errors) as
  violations instead of swallowing them with a warning
@kaizencc
test(toolkit): add combined offline+online validation integ test
9d1316f 
Adds a CombinedStack fixture with both an S3 bucket (triggers
SecurityPlugin offline) and AWS::Fake::DoesNotExist (rejected by
CFN online). Test verifies both violations appear in one report.
@kaizencc
fix(toolkit): improve online validation output formatting
3bae24f 
- Use realistic bucket name conflict test instead of fake resource type
- Strip (at /Resources/...) suffix from CFN error descriptions
- Remove parentheses around logical ID in construct info
- Skip library frames in stack traces, show user code location
- Don't set constructFqn from CFN resource type (inconsistent with offline)
- Update integ tests to deploy+validate flow for bucket conflicts
@kaizencc
fix: add validate to cli-arguments test expected output
30fb8ec
@github-actions
chore: self mutation
b33869f 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

No one assigned

Labels

p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaizencc @rix0rrr @aws-cdk-automation