fix(cli): Add the import-utils.ts:207-213 account-mismatch check to... (#761)#43
Draft
aidandaly24 wants to merge 1 commit into
Draft
fix(cli): Add the import-utils.ts:207-213 account-mismatch check to... (#761)#43aidandaly24 wants to merge 1 commit into
aidandaly24 wants to merge 1 commit into
Conversation
…existing detectAccount()/import-utils message, no behavior change when accounts match or no credentials present
Coverage Report
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs aws#761
Issues
agentcore deploywith valid AWS credentials for an account different from the one in aws-targets.json proceeds through load-target, validate, dependency, build, synth, and stack-status steps and only fails at the publish-assets/deploy step with a generic CDK error. The user gets no clear, early "your credentials are for account X but the target is account Y" message even though the CLI already has exactly that check forimport.Root cause
Deploy preflight validateAwsCredentials() (preflight.ts:143 -> account.ts:66-78) only null-checks detectAccount() and never compares caller account to target.account; the mismatch surfaces only when the CDK toolkit publishes assets/assumes roles into aws://{target.account}/{region} (bootstrap.ts:45 used at preflight.ts:333; wrapper.ts:246-256). The guard exists only for import (import-utils.ts:207-213), never ported to deploy.
The fix
Add the import-utils.ts:207-213 account-mismatch check to deploy preflight. Cleanest approach: thread the selected target/account into validateProject() and, after the validateAwsCredentials() call (preflight.ts:143), call detectAccount() and throw a ValidationError when callerAccount !== target.account (reuse the import-utils message and the existing detectAccount() helper — no new design beyond choosing how to pass the resolved target into validateProject). Because both the headless CLI path (commands/deploy/actions.ts handleDeploy) and the TUI path (tui/hooks/useCdkPreflight.ts) route through validateProject(), centralizing it there covers both; also cover the teardown-deferred credential branches (actions.ts:222-226 and useCdkPreflight.ts:442-457) so teardown deploys get the same check after confirmation. Skip the comparison only when detectAccount() returns null (let the existing no-credentials path handle that).
Files touched: src/cli/operations/deploy/preflight.ts (validateProject, add account compare after validateAwsCredentials at ~line 143 — requires threading the selected target into validateProject); src/cli/commands/deploy/actions.ts (target resolved ~line 158; teardown-deferred creds check ~lines 222-226); src/cli/tui/hooks/useCdkPreflight.ts (teardown-deferred creds branch ~lines 442-457); reuse the exact pattern + message from src/cli/commands/import/import-utils.ts:207-213; helpers detectAccount()/validateAwsCredentials() in src/cli/aws/account.ts:22-78
Validation evidence
The fix was verified by reproducing the original symptom and re-running after the change:
Test suite: green.
Staged on the fork as a draft for human review. Promote to aws/agentcore-cli after vetting.