feat(ssm): allow disabling context caching in valueFromLookup

[andreialecu]

Issue # (if applicable)

Closes #12366

Reason for this change

There are cases when the ssm value should not be cached because it can accidentally roll back certain resources. See discussion in #12366

In my case, I'm using the AWS CLI to update a Cloudfront origin, but it's also part of a CDK stack. I want to avoid deploying the CDK stack and accidentally reverting the origin (which is also persisted to SSM, so the CDK stack can read it if needed).

Description of changes

I added an optional parameter to valueFromLookup(this, 'param', { disableContextCaching: true })

It works by setting an adjacent context key of key + TRANSIENT_CONTEXT_KEY, piggybacking on similar behavior in the CDK.

This seemed like the most straightforward implementation because value is usually a primitive value, and there was no way to attach this metadata.

I didn't want to grow the scope of the change, but ideally, value should've been an object so that { [TRANSIENT_CONTEXT_KEY]: true, value } could've been used directly. I wasn't sure of that behavior's implications and potential breaking changes.

Description of how you validated changes

Added tests.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[andreialecu]

Exemption Request: I don't think an integration test is required here because there's no change to the synthesis. This is just a change relating to what gets saved in cdk.context.json

Also, not sure if a readme change is necessary? (edit: updated the readme)

[aaythapa]

Thank you for the PR!

A couple of comments, mostly from my own lack of understanding for this part of the code base

[aaythapa]

Curious about the schema changes, did you add these manually?

[andreialecu]

Not manual, no. If I remember correctly this was the result of running yarn update-schema which I think was required for getting tests to pass.

[aaythapa]

Confused by why this is true, did you set value to dummy-value-for-my-param-name somewhere?

[andreialecu]

See here:

aws-cdk/packages/aws-cdk-lib/aws-ssm/README.md

Lines 61 to 65 in ab94070

	When using `valueFromLookup` an initial value of 'dummy-value-for-${parameterName}'
	(`dummy-value-for-/My/Public/Parameter` in the above example)
	is returned prior to the lookup being performed. This can lead to errors if you are using this
	value in places that require a certain format. For example if you have stored the ARN for a SNS
	topic in a SSM Parameter which you want to lookup and provide to `Topic.fromTopicArn()`

[andreialecu]

Also, if you look at the test before this one, a similar assertion is made (line 641)

[aaythapa]

With disableContextCaching would the value in cdk context get overwritten when the parameter is resolved or is it the value never gets saved in cdk context?

If its the former I'd prefer if this test showed that with disableContextCaching the context will have a new value everytime it resolves the parameter

[andreialecu]

If there's a previous value in the context, valueFromLookup() will use that one and not do another lookup.

This PR only allows disabling persisting to the context cache if the value needs to be looked up.

[andreialecu]

I added a new test to confirm what I mentioned in my comment above.

[andreialecu]

I'm open to renaming this to something like skipContextPersistence or some other name that would be more descriptive.

[aaythapa]

Does this property work for any context lookup? Like it was suggested in this comment

[andreialecu]

It should be able to be used it in other context lookups, but this PR only implements it for SSM. I'm not sure what other context lookups would benefit from this, but with the underlaying changes in this PR, it would be easy to make it work elsewhere.

[aaythapa]

Not sure about the purpose of this test since it doesn't use disableContextCaching?

[andreialecu]

This is a copy of the test above it ("transient values arent saved to disk") but it checks that the specified keys/values don't get saved to the context, regardless of what the value is.

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.
❌ CLI code has changed. A maintainer must run the code through the testing pipeline (git fetch origin pull/29372/head && git push -f origin FETCH_HEAD:test-main-pipeline), then add the 'pr-linter/cli-integ-tested' label when the pipeline succeeds.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

✅ A exemption request has been requested. Please wait for a maintainer's review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: da5a439
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[aws-cdk-automation]

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.
❌ CLI code has changed. A maintainer must run the code through the testing pipeline (git fetch origin pull/29372/head && git push -f origin FETCH_HEAD:test-main-pipeline), then add the 'pr-linter/cli-integ-tested' label when the pipeline succeeds.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

✅ A exemption request has been requested. Please wait for a maintainer's review.

[TheRealAmazonKendra]

These two PRs (#29372) and (#28766) are not doing the same thing, but there is definitely overlap. Given that fact, it changes the feedback I was going to give to both a bit.

I absolutely see the value in both these changes but want to make sure we're getting the contract right across both. I know you've both been waiting for feedback for some time but I'm going to tax your patience a tad further so I can discuss with the team tomorrow.

[aros3rg3d]

Just came across this feature while searching how to disable caching for ssm lookup. Thanks @andreialecu, can't wait to use it !

[sakurai-ryo]

@andreialecu @aaythapa @TheRealAmazonKendra
I’m really interested in using this feature.
Could I ask if there are any updates or blockers on this PR?
I would be happy to help and potentially take over the work to get it across the finish line.