feat(cli): notices on bootstrap version

packages/@aws-cdk-testing/cli-integ/tests/cli-integ-tests/cli.integtest.ts

@@ -2259,3 +2259,34 @@ integTest(
  expect(noticesUnacknowledged).toEqual(noticesUnacknowledgedAlias);
  }),
 );
+
+integTest('cdk notices for bootstrap', withDefaultFixture(async (fixture) => {
+
+ const cache = {
+ expiration: 4125963264000, // year 2100 so we never overwrite the cache
+ notices: [{
+ title: 'Bootstrap stack outdated',
+ issueNumber: 16600,
+ overview: 'Your environments "{resolve:ENVIRONMENTS}" are running an outdated bootstrap stack.',
+ components: [{
+ name: 'bootstrap',
+ version: '<2000',
+ }],
+ schemaVersion: '1',
+ }],
+ };
+
+ const cdkCacheDir = path.join(fixture.integTestDir, 'cache');
+ await fs.mkdir(cdkCacheDir);
+ await fs.writeFile(path.join(cdkCacheDir, 'notices.json'), JSON.stringify(cache));
+
+ const output = await fixture.cdkDeploy('test-2', {
+ verbose: false,
+ modEnv: {
+ CDK_HOME: fixture.integTestDir,
+ },
+ });
+
+ expect(output).toContain('Your environments \"aws://');
+
+}));

packages/aws-cdk/README.md

@@ -879,33 +879,39 @@ $ cdk deploy
 
 NOTICES
 
-16603 Toggling off auto_delete_objects for Bucket empties the bucket
+22090 cli: cdk init produces EACCES: permission denied and does not fill the directory
 
- Overview: If a stack is deployed with an S3 bucket with
- auto_delete_objects=True, and then re-deployed with
- auto_delete_objects=False, all the objects in the bucket
- will be deleted.
+ Overview: The CLI is unable to initialize new apps if CDK is
+ installed globally in a directory owned by root
 
- Affected versions: <1.126.0.
+ Affected versions: cli: 2.42.0.
 
- More information at: https:/aws/aws-cdk/issues/16603
+ More information at: https:/aws/aws-cdk/issues/22090
 
 
-17061 Error when building EKS cluster with monocdk import
+27547 Incorrect action in policy of Bucket `grantRead` method
 
- Overview: When using monocdk/aws-eks to build a stack containing
- an EKS cluster, error is thrown about missing
- lambda-layer-node-proxy-agent/layer/package.json.
+ Overview: Using the `grantRead` method on `aws-cdk-lib/aws-s3.Bucket`
+ results in an invalid action attached to the resource policy
+ which can cause unexpected failures when interacting
+ with the bucket.
 
- Affected versions: >=1.126.0 <=1.130.0.
+ Affected versions: aws-cdk-lib.aws_s3.Bucket: 2.101.0.
 
- More information at: https:/aws/aws-cdk/issues/17061
+ More information at: https:/aws/aws-cdk/issues/27547
 
 
-If you don’t want to see an notice anymore, use "cdk acknowledge ID". For example, "cdk acknowledge 16603".
+If you don’t want to see a notice anymore, use "cdk acknowledge ID". For example, "cdk acknowledge 16603".
 ```
 
-You can suppress warnings in a variety of ways:
+There are several types of notices you may encounter, differentiated by the affected component:
+
+- **cli**: notifies you about issues related to your CLI version.
+- **framework**: notifies you about issues related to your version of core constructs (e.g `Stack`).
+- **aws-cdk-lib.{module}.{construct}**: notifies you about issue related to your version of a specific construct (e.g `aws-cdk-lib.aws_s3.Bucket`)
+- **bootstrap**: notifies you about issues related to your version of the bootstrap stack. Note that these types of notices are only shown during the `cdk deploy` command.
+
+You can suppress notices in a variety of ways:
 
 - per individual execution:
 

packages/aws-cdk/lib/api/environment-resources.ts

@@ -2,6 +2,7 @@ import * as cxapi from '@aws-cdk/cx-api';
 import { ISDK } from './aws-auth';
 import { EcrRepositoryInfo, ToolkitInfo } from './toolkit-info';
 import { debug, warning } from '../logging';
+import { Notices } from '../notices';
 
 /**
  * Registry class for `EnvironmentResources`.
@@ -77,7 +78,7 @@ export class EnvironmentResources {
 
  if (ssmParameterName !== undefined) {
  try {
- doValidate(await this.versionFromSsmParameter(ssmParameterName));
+ doValidate(await this.versionFromSsmParameter(ssmParameterName), this.environment);
  return;
  } catch (e: any) {
  if (e.code !== 'AccessDeniedException') { throw e; }
@@ -92,7 +93,7 @@ export class EnvironmentResources {
  const bootstrapStack = await this.lookupToolkit();
  if (bootstrapStack.found && bootstrapStack.version < BOOTSTRAP_TEMPLATE_VERSION_INTRODUCING_GETPARAMETER) {
  warning(`Could not read SSM parameter ${ssmParameterName}: ${e.message}, falling back to version from ${bootstrapStack}`);
- doValidate(bootstrapStack.version);
+ doValidate(bootstrapStack.version, this.environment);
  return;
  }
 
@@ -102,9 +103,15 @@ export class EnvironmentResources {
 
  // No SSM parameter
  const bootstrapStack = await this.lookupToolkit();
- doValidate(bootstrapStack.version);
-
- function doValidate(version: number) {
+ doValidate(bootstrapStack.version, this.environment);
+
+ function doValidate(version: number, environment: cxapi.Environment) {
+ const notices = Notices.get();
+ if (notices) {
+ // if `Notices` hasn't been initialized there is probably a good
+ // reason for it. handle gracefully.
+ notices.addBootstrappedEnvironment({ bootstrapStackVersion: version, environment });
+ }
  if (defExpectedVersion > version) {
  throw new Error(`This CDK deployment requires bootstrap stack version '${expectedVersion}', found '${version}'. Please run 'cdk bootstrap'.`);
  }

packages/aws-cdk/lib/cli.ts

@@ -26,7 +26,7 @@ import { MIGRATE_SUPPORTED_LANGUAGES, getMigrateScanType } from '../lib/commands
 import { RequireApproval } from '../lib/diff';
 import { availableInitLanguages, cliInit, printAvailableTemplates } from '../lib/init';
 import { data, debug, error, print, setLogLevel, setCI } from '../lib/logging';
-import { displayNotices, refreshNotices } from '../lib/notices';
+import { Notices } from '../lib/notices';
 import { Command, Configuration, Settings } from '../lib/settings';
 import * as version from '../lib/version';
 
@@ -367,10 +367,10 @@ export async function exec(args: string[], synthesizer?: Synthesizer): Promise<n
  });
  await configuration.load();
 
- if (shouldDisplayNotices()) {
- void refreshNotices()
-  .catch(e => debug(`Could not refresh notices: ${e}`));
- }
+ const cmd = argv._[0];
+
+ const notices = Notices.create({ configuration, includeAcknowlegded: cmd === 'notices' ? !argv.unacknowledged : false });
+ await notices.refresh();
 
  const sdkProvider = await SdkProvider.withAwsCliCompatibleDefaults({
  profile: configuration.settings.get(['profile']),
@@ -422,8 +422,6 @@ export async function exec(args: string[], synthesizer?: Synthesizer): Promise<n
 
  loadPlugins(configuration.settings);
 
- const cmd = argv._[0];
-
  if (typeof(cmd) !== 'string') {
  throw new Error(`First argument should be a string. Got: ${cmd} (${typeof(cmd)})`);
  }
@@ -440,32 +438,15 @@ export async function exec(args: string[], synthesizer?: Synthesizer): Promise<n
  // Do PSAs here
  await version.displayVersionMessage();
 
- if (shouldDisplayNotices()) {
- if (cmd === 'notices' && argv.unacknowledged === true) {
- await displayNotices({
- outdir: configuration.settings.get(['output']) ?? 'cdk.out',
- acknowledgedIssueNumbers: configuration.context.get('acknowledged-issue-numbers') ?? [],
- ignoreCache: true,
- unacknowledged: true,
- });
- } else if (cmd === 'notices') {
- await displayNotices({
- outdir: configuration.settings.get(['output']) ?? 'cdk.out',
- acknowledgedIssueNumbers: [],
- ignoreCache: true,
- });
- } else if (cmd !== 'version') {
- await displayNotices({
- outdir: configuration.settings.get(['output']) ?? 'cdk.out',
- acknowledgedIssueNumbers: configuration.context.get('acknowledged-issue-numbers') ?? [],
- ignoreCache: false,
- });
- }
+ if (cmd === 'notices') {
+ await notices.refresh({ force: true });
+ notices.display({ showTotal: argv.unacknowledged });
+
+ } else if (cmd !== 'version') {
+ await notices.refresh();
+ notices.display();
  }
- }
 
- function shouldDisplayNotices(): boolean {
- return configuration.settings.get(['notices']) ?? true;
  }
 
  async function main(command: string, args: any): Promise<number | void> {