fix(app): AWS::Partition should be rendered correctly in app stack (#2567)

<!-- Provide summary of changes -->
1. fixes #2554
2. put one of the environment in domain e2e test in another account to make sure multi-account scenario is expected
3. remove the previous app template version since we never rollback 
<!-- Issue number, if available. E.g. "Fixes #31", "Addresses #42, 77" -->

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Author: iamhopaul123

e2e/app-with-domain/app_with_domain_suite_test.go

@@ -15,13 +15,15 @@ import (
 
 var cli *client.CLI
 var appName string
+var prodEnvironmentProfile string
 
 func TestAppWithDomain(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecs(t, "Multiple Svc Suite (one workspace)")
 }
 
 var _ = BeforeSuite(func() {
+	prodEnvironmentProfile = "e2eprodenv"
 	copilotCLI, err := client.NewCLI()
 	cli = copilotCLI
 	Expect(err).NotTo(HaveOccurred())

e2e/app-with-domain/app_with_domain_test.go

@@ -63,7 +63,7 @@ var _ = Describe("App With Domain", func() {
 			_, envInitErr = cli.EnvInit(&client.EnvInitRequest{
 				AppName: appName,
 				EnvName: "prod",
-				Profile: "default",
+				Profile: prodEnvironmentProfile,
 				Prod:    false,
 			})
 			Expect(envInitErr).NotTo(HaveOccurred())

internal/pkg/cli/app_show_test.go

@@ -241,7 +241,7 @@ func TestShowAppOpts_Execute(t *testing.T) {
 			wantedContent: `About
 
   Name              my-app
-  Version           v0.0.0 (latest available: v1.0.1)
+  Version           v0.0.0 (latest available: v1.0.2)
   URI               example.com
 
 Environments
@@ -301,7 +301,7 @@ Pipelines
 			wantedContent: `About
 
   Name              my-app
-  Version           v1.0.1 
+  Version           v1.0.2 
   URI               example.com
 
 Environments

internal/pkg/deploy/app.go

@@ -20,7 +20,7 @@ const (
 	// LegacyAppTemplateVersion is the version associated with the application template before we started versioning.
 	LegacyAppTemplateVersion = "v0.0.0"
 	// LatestAppTemplateVersion is the latest version number available for application templates.
-	LatestAppTemplateVersion = "v1.0.1"
+	LatestAppTemplateVersion = "v1.0.2"
 	// AliasLeastAppTemplateVersion is the least version number available for HTTPS alias.
 	AliasLeastAppTemplateVersion = "v1.0.0"
 )

internal/pkg/deploy/cloudformation/app.go

@@ -56,6 +56,12 @@ func (cf CloudFormation) DeployApp(in *deploy.CreateAppInput) error {
 
 func (cf CloudFormation) UpgradeApplication(in *deploy.CreateAppInput) error {
 	appConfig := stack.NewAppStackConfig(in)
+	appStack, err := cf.cfnClient.Describe(appConfig.StackName())
+	if err != nil {
+		return fmt.Errorf("get existing application infrastructure stack: %w", err)
+	}
+	in.DNSDelegationAccounts = stack.DNSDelegatedAccountsForStack(appStack.SDK())
+	appConfig = stack.NewAppStackConfig(in)
 	s, err := toStack(appConfig)
 	if err != nil {
 		return err

internal/pkg/deploy/cloudformation/app_test.go

@@ -123,9 +123,21 @@ func TestCloudFormation_UpgradeApplication(t *testing.T) {
 
 		wantedErr error
 	}{
+		"error if fail to get existing application infrastructure stack": {
+			mockDeployer: func(t *testing.T, ctrl *gomock.Controller) *CloudFormation {
+				m := mocks.NewMockcfnClient(ctrl)
+				m.EXPECT().Describe("phonetool-infrastructure-roles").Return(nil, errors.New("some error"))
+
+				return &CloudFormation{
+					cfnClient: m,
+				}
+			},
+			wantedErr: fmt.Errorf("get existing application infrastructure stack: some error"),
+		},
 		"error if fail to describe app stack": {
 			mockDeployer: func(t *testing.T, ctrl *gomock.Controller) *CloudFormation {
 				m := mocks.NewMockcfnClient(ctrl)
+				m.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil)
 				m.EXPECT().Describe("phonetool-infrastructure-roles").Return(nil, errors.New("some error"))
 
 				return &CloudFormation{
@@ -137,7 +149,7 @@ func TestCloudFormation_UpgradeApplication(t *testing.T) {
 		"error if fail to update app stack": {
 			mockDeployer: func(t *testing.T, ctrl *gomock.Controller) *CloudFormation {
 				m := mocks.NewMockcfnClient(ctrl)
-				m.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil)
+				m.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil).Times(2)
 				m.EXPECT().UpdateAndWait(gomock.Any()).Return(errors.New("some error"))
 				return &CloudFormation{
 					cfnClient: m,
@@ -148,7 +160,7 @@ func TestCloudFormation_UpgradeApplication(t *testing.T) {
 		"error if fail to wait until stack set last operation complete": {
 			mockDeployer: func(t *testing.T, ctrl *gomock.Controller) *CloudFormation {
 				mockCFNClient := mocks.NewMockcfnClient(ctrl)
-				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil)
+				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil).Times(2)
 				mockCFNClient.EXPECT().UpdateAndWait(gomock.Any()).Return(nil)
 
 				mockAppStackSet := mocks.NewMockstackSetClient(ctrl)
@@ -165,7 +177,7 @@ func TestCloudFormation_UpgradeApplication(t *testing.T) {
 		"success": {
 			mockDeployer: func(t *testing.T, ctrl *gomock.Controller) *CloudFormation {
 				mockCFNClient := mocks.NewMockcfnClient(ctrl)
-				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil)
+				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil).Times(2)
 				mockCFNClient.EXPECT().UpdateAndWait(gomock.Any()).Return(nil)
 
 				mockAppStackSet := mocks.NewMockstackSetClient(ctrl)
@@ -186,7 +198,7 @@ func TestCloudFormation_UpgradeApplication(t *testing.T) {
 				mockCFNClient := mocks.NewMockcfnClient(ctrl)
 				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{
 					StackStatus: aws.String(awscfn.StackStatusCreateInProgress),
-				}, nil)
+				}, nil).Times(2)
 				mockCFNClient.EXPECT().WaitForUpdate(gomock.Any(), "phonetool-infrastructure-roles").Return(nil)
 				mockCFNClient.EXPECT().Describe("phonetool-infrastructure-roles").Return(&cloudformation.StackDescription{}, nil)
 				mockCFNClient.EXPECT().UpdateAndWait(gomock.Any()).Return(nil)

internal/pkg/deploy/cloudformation/stack/app.go

@@ -48,8 +48,8 @@ type AppRegionalResources struct {
 }
 
 const (
-	fmtAppTemplatePath            = "app/versions/%s/app.yml"
-	fmtAppResourcesTemplatePath   = "app/versions/%s/cf.yml"
+	appTemplatePath               = "app/app.yml"
+	appResourcesTemplatePath      = "app/cf.yml"
 	appAdminRoleParamName         = "AdminRoleName"
 	appExecutionRoleParamName     = "ExecutionRoleName"
 	appDNSDelegationRoleParamName = "DNSDelegationRoleName"
@@ -89,10 +89,13 @@ func NewAppStackConfig(in *deploy.CreateAppInput) *AppStackConfig {
 
 // Template returns the environment CloudFormation template.
 func (c *AppStackConfig) Template() (string, error) {
-	// content, err := c.parser.Read(appTemplatePath(c.Version))
-	content, err := c.parser.Parse(appTemplatePath(c.Version), struct {
-		TemplateVersion string
-	}{c.Version})
+	content, err := c.parser.Parse(appTemplatePath, struct {
+		TemplateVersion         string
+		AppDNSDelegatedAccounts []string
+	}{
+		c.Version,
+		c.dnsDelegationAccounts(),
+	})
 	if err != nil {
 		return "", err
 	}
@@ -105,7 +108,7 @@ func (c *AppStackConfig) ResourceTemplate(config *AppResourcesConfig) (string, e
 	sort.Strings(config.Accounts)
 	sort.Strings(config.Services)
 
-	content, err := c.parser.Parse(appResourcesTemplatePath(c.Version), struct {
+	content, err := c.parser.Parse(appResourcesTemplatePath, struct {
 		*AppResourcesConfig
 		ServiceTagKey   string
 		TemplateVersion string
@@ -120,20 +123,6 @@ func (c *AppStackConfig) ResourceTemplate(config *AppResourcesConfig) (string, e
 	return content.String(), err
 }
 
-func appTemplatePath(version string) string {
-	if version == "" {
-		return fmt.Sprintf(fmtAppTemplatePath, "v0.0.0")
-	}
-	return fmt.Sprintf(fmtAppTemplatePath, version)
-}
-
-func appResourcesTemplatePath(version string) string {
-	if version == "" {
-		return fmt.Sprintf(fmtAppResourcesTemplatePath, "v0.0.0")
-	}
-	return fmt.Sprintf(fmtAppResourcesTemplatePath, version)
-}
-
 // Parameters returns a list of parameters which accompany the app CloudFormation template.
 func (c *AppStackConfig) Parameters() ([]*cloudformation.Parameter, error) {
 	return []*cloudformation.Parameter{

internal/pkg/deploy/cloudformation/stack/app_test.go

@@ -43,25 +43,12 @@ func TestAppTemplate(t *testing.T) {
 			inVersion: "v1.0.0",
 			mockDependencies: func(ctrl *gomock.Controller, c *AppStackConfig) {
 				m := mocks.NewMockReadParser(ctrl)
-				m.EXPECT().Parse(fmt.Sprintf(fmtAppTemplatePath, "v1.0.0"), struct {
-					TemplateVersion string
+				m.EXPECT().Parse(appTemplatePath, struct {
+					TemplateVersion         string
+					AppDNSDelegatedAccounts []string
 				}{
 					"v1.0.0",
-				}, gomock.Any()).Return(&template.Content{
-					Buffer: bytes.NewBufferString("template"),
-				}, nil)
-				c.parser = m
-			},
-
-			wantedTemplate: "template",
-		},
-		"success for legacy template": {
-			mockDependencies: func(ctrl *gomock.Controller, c *AppStackConfig) {
-				m := mocks.NewMockReadParser(ctrl)
-				m.EXPECT().Parse(fmt.Sprintf(fmtAppTemplatePath, "v0.0.0"), struct {
-					TemplateVersion string
-				}{
-					"",
+					[]string{"123456"},
 				}, gomock.Any()).Return(&template.Content{
 					Buffer: bytes.NewBufferString("template"),
 				}, nil)
@@ -79,7 +66,8 @@ func TestAppTemplate(t *testing.T) {
 			defer ctrl.Finish()
 			appStack := &AppStackConfig{
 				CreateAppInput: &deploy.CreateAppInput{
-					Version: tc.inVersion,
+					Version:   tc.inVersion,
+					AccountID: "123456",
 				},
 			}
 			tc.mockDependencies(ctrl, appStack)
@@ -159,7 +147,7 @@ func TestAppResourceTemplate(t *testing.T) {
 			},
 			mockDependencies: func(ctrl *gomock.Controller, c *AppStackConfig) {
 				m := mocks.NewMockReadParser(ctrl)
-				m.EXPECT().Parse(fmt.Sprintf(fmtAppResourcesTemplatePath, "v0.0.0"), struct {
+				m.EXPECT().Parse(appResourcesTemplatePath, struct {
 					*AppResourcesConfig
 					ServiceTagKey   string
 					TemplateVersion string

templates/app/versions/v1.0.1/app.yml renamed to templates/app/app.yml

@@ -3,7 +3,7 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: Configure the AWSCloudFormationStackSetAdministrationRole to enable use of AWS CloudFormation StackSets.
 Metadata:
-  TemplateVersion: 'v1.0.1'
+  TemplateVersion: 'v1.0.2'
 Parameters:
   AdminRoleName:
     Type: String
@@ -118,13 +118,10 @@ Resources:
               - sts:AssumeRole
           - Effect: Allow
             Principal:
-              AWS: !Split
-                - ','
-                - !Sub
-                    - 'arn:${AWS::Partition}:iam::${inner}:root'
-                    - inner: !Join
-                      - ':root,arn:${AWS::Partition}:iam::'
-                      - Ref: "AppDNSDelegatedAccounts"
+              AWS:
+{{- range $account := .AppDNSDelegatedAccounts}}
+                - !Sub arn:${AWS::Partition}:iam::{{$account}}:root
+{{- end}}
             Action:
               - sts:AssumeRole
       Path: /

templates/app/versions/v1.0.1/cf.yml renamed to templates/app/cf.yml

@@ -5,7 +5,7 @@ AWSTemplateFormatVersion: '2010-09-09'{{$accounts := .Accounts}}{{$app := .App}}
 # to support the CodePipeline for a workspace
 Description: Cross-regional resources to support the CodePipeline for a workspace
 Metadata:
-  TemplateVersion: 'v1.0.1'
+  TemplateVersion: 'v1.0.2'
   Version: {{.Version}}
   Services:{{if not $services}} []{{else}}{{range $service := $services}}
   - {{$service}}{{end}}{{end}}