search

aws-cloudformation / rain

A development workflow tool for working with AWS CloudFormation.
Apache License 2.0
749 stars 69 forks source link

Confusion around "build" command with "-p" flag #419

Closed dhx-mike-palandra closed 4 weeks ago

dhx-mike-palandra commented 4 weeks ago 
$ rain --version
Rain v1.10.0 linux/amd64

Quoting README.md:

Build skeleton templates by specifying a resource name like AWS::S3::Bucket, or enable the Bedrock Claude model in your account to use generative AI with a command like rain build -p "A VPC with 2 subnets".

Note that -p is an alias for --profile, so the above command should fail because "A VPC with 2 subnets" is probably not a valid profile name. To my surprise, the above command does not issue an error; instead, it prompts, so it seems as if the last parameter (i.e. "A VPC with 2 subnets") was ignored.

Seems like a bug to me. If not, apologies.

ericzbeard commented 4 weeks ago

I actually removed the shorthand -p for that exact reason. You have to use --prompt. But you can also run rain build without any arguments to enter interactive mode, which is easier.

dhx-mike-palandra commented 4 weeks ago

My mistake for failing to realize that the profile is used lazily (effectively ignored if the operation does not require calling the AWS SDK).

For example:

$ rain build -p 'A VPC with 2 subnets'
✅ list: Show me a list of all resource types
✅ Yes: Yes, let me enter a prefix to filter the list
Enter a prefix, such as AWS::S3:: AWS::SNS::
AWS::SNS::Subscription
AWS::SNS::Topic
AWS::SNS::TopicInlinePolicy
AWS::SNS::TopicPolicy

But the -p shortand does indeed exist, and it does refer to a profile name:

$ rain build --help | grep -E --context=1 -e '^[[:blank:]]*-p'
      --pkl-class            Output a pkl class based on a resource type schema
  -p, --profile string       AWS profile name; read from the AWS CLI configuration file
      --prompt               Generate a template using Bedrock and a prompt

Now if I repeat the invocation but input a different sequence such that AWS SDK will be called, I'll get a credential error:

$ rain build -p 'A VPC with 2 subnets'
✅ policy: Create a policy validation file
✅ guard: CloudFormation Guard (.guard)
✅ claude3haiku: Claude 3 Haiku
Describe the policy you want to enforce: block all
unable to find valid credentials

I would have suggested parsing the argument to -p (i.e. --profile) and failing fast if invalid but there doesn't seem to be a specification for profile names, and the CLI has been updated to accept spaces in them according to this issue: https://github.com/aws/aws-cli/issues/2806

TL;DR: I think it will suffice to update README.md but I see you have already done so; thank you. https://github.com/aws-cloudformation/rain/commit/8805288bfd1117dd90bd5df09f93267402f2016e

Take care.