aws · mergify · Apr 26, 2024 · Apr 23, 2024 · Apr 23, 2024 · Apr 23, 2024
diff --git a/packages/aws-cdk/lib/api/deployments.ts b/packages/aws-cdk/lib/api/deployments.ts
@@ -13,7 +13,7 @@ import { StackActivityProgress } from './util/cloudformation/stack-activity-moni
 import { replaceEnvPlaceholders } from './util/placeholders';
 import { makeBodyParameterAndUpload } from './util/template-body-parameter';
 import { Tag } from '../cdk-toolkit';
-import { debug, warning } from '../logging';
+import { debug, warning, error } from '../logging';
 import { buildAssets, publishAssets, BuildAssetsOptions, PublishAssetsOptions, PublishingAws, EVENT_TO_LOGGER } from '../util/asset-publishing';
 
 /**
@@ -532,8 +532,9 @@ export class Deployments {
 
     // try to assume the lookup role
     const warningMessage = `Could not assume ${arns.lookupRoleArn}, proceeding anyway.`;
-    const upgradeMessage = `(To get rid of this warning, please upgrade to bootstrap version >= ${stack.lookupRole?.requiresBootstrapStackVersion})`;
+
     try {
+      // Trying to assume lookup role and cache the sdk for the environment
       const stackSdk = await this.cachedSdkForEnvironment(resolvedEnvironment, Mode.ForReading, {
         assumeRoleArn: arns.lookupRoleArn,
         assumeRoleExternalId: stack.lookupRole?.assumeRoleExternalId,
@@ -545,22 +546,26 @@ export class Deployments {
       if (stackSdk.didAssumeRole && stack.lookupRole?.bootstrapStackVersionSsmParameter && stack.lookupRole.requiresBootstrapStackVersion) {
         const version = await envResources.versionFromSsmParameter(stack.lookupRole.bootstrapStackVersionSsmParameter);
         if (version < stack.lookupRole.requiresBootstrapStackVersion) {
-          throw new Error(`Bootstrap stack version '${stack.lookupRole.requiresBootstrapStackVersion}' is required, found version '${version}'.`);
+          throw new Error(`Bootstrap stack version '${stack.lookupRole.requiresBootstrapStackVersion}' is required, found version '${version}'. To get rid of this error, please upgrade to bootstrap version >= ${stack.lookupRole.requiresBootstrapStackVersion}`);
         }
-        // we may not have assumed the lookup role because one was not provided
-        // if that is the case then don't print the upgrade warning
-      } else if (!stackSdk.didAssumeRole && stack.lookupRole?.requiresBootstrapStackVersion) {
-        warning(upgradeMessage);
+      } else if (!stackSdk.didAssumeRole) {
+        const lookUpRoleExists = stack.lookupRole ? true : false;
+        warning(`Lookup role ${ lookUpRoleExists ? 'exists but' : 'does not exist, hence'} was not assumed. Proceeding with default credentials.`);
       }
       return { ...stackSdk, resolvedEnvironment, envResources };
     } catch (e: any) {
       debug(e);
-      // only print out the warnings if the lookupRole exists AND there is a required
-      // bootstrap version, otherwise the warnings will print `undefined`
-      if (stack.lookupRole && stack.lookupRole.requiresBootstrapStackVersion) {
+
+      // only print out the warnings if the lookupRole exists
+      if (stack.lookupRole) {
         warning(warningMessage);
-        warning(upgradeMessage);
       }
+
+      // This error should be shown even if debug mode is off
+      if (e instanceof Error && e.message.includes('Bootstrap stack version')) {
+        error(e.message);
+      }
+
       throw (e);
     }
   }

diff --git a/packages/aws-cdk/test/cdk-toolkit.test.ts b/packages/aws-cdk/test/cdk-toolkit.test.ts
@@ -241,7 +241,7 @@ describe('readCurrentTemplate', () => {
     // THEN
     expect(flatten(stderrMock.mock.calls)).toEqual(expect.arrayContaining([
       expect.stringMatching(/Could not assume bloop-lookup:here:123456789012/),
-      expect.stringMatching(/please upgrade to bootstrap version >= 5/),
+      expect.stringContaining("Bootstrap stack version '5' is required, found version '1'. To get rid of this error, please upgrade to bootstrap version >= 5"),
     ]));
     expect(requestedParameterName!).toEqual('/bootstrap/parameter');
     expect(mockForEnvironment.mock.calls.length).toEqual(3);
@@ -276,7 +276,6 @@ describe('readCurrentTemplate', () => {
     // THEN
     expect(flatten(stderrMock.mock.calls)).toEqual(expect.arrayContaining([
       expect.stringMatching(/Could not assume bloop-lookup:here:123456789012/),
-      expect.stringMatching(/please upgrade to bootstrap version >= 5/),
     ]));
     expect(mockForEnvironment.mock.calls.length).toEqual(3);
     expect(mockForEnvironment.mock.calls[0][2]).toEqual({
@@ -315,7 +314,6 @@ describe('readCurrentTemplate', () => {
     expect(mockCloudExecutable.sdkProvider.sdk.ssm).not.toHaveBeenCalled();
     expect(flatten(stderrMock.mock.calls)).toEqual(expect.arrayContaining([
       expect.stringMatching(/Could not assume bloop-lookup:here:123456789012/),
-      expect.stringMatching(/please upgrade to bootstrap version >= 5/),
     ]));
     expect(mockForEnvironment.mock.calls.length).toEqual(3);
     expect(mockForEnvironment.mock.calls[0][2]).toEqual({
@@ -350,7 +348,7 @@ describe('readCurrentTemplate', () => {
 
     // THEN
     expect(flatten(stderrMock.mock.calls)).toEqual(expect.arrayContaining([
-      expect.stringMatching(/please upgrade to bootstrap version >= 5/),
+      expect.stringMatching(/Lookup role exists but was not assumed. Proceeding with default credentials./),
     ]));
     expect(mockCloudExecutable.sdkProvider.sdk.ssm).not.toHaveBeenCalled();
     expect(mockForEnvironment.mock.calls.length).toEqual(3);