Add ECS migration reruns and improve ACL failure reporting#25
Merged
Conversation
Apply step lines (-> add bucket, -> create policy, etc.) now print regardless of --verbose so users can see which operation failed. GraphQL error details are always shown, not just in verbose mode. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…them Bucket add errors were caught and appended to warnings that were never shown when a later policy mutation crashed. Now failures print to stderr immediately, policy create/update are also wrapped in try/except, and warnings include context about which failed buckets a policy references. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Role create/update API errors and SSO config updates were not wrapped in try/except, so they could crash the entire apply. Now all operation types consistently catch failures, print to stderr immediately, and continue with remaining operations. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add post-mortem documenting how account-level Lake Formation settings silently broke all Glue/Athena operations on the bench.dev stack, and the fix (IAM_ALLOWED_PRINCIPALS grants in the deployment template). Also add a datasets ACL example showing per-dataset licensing with composable policies. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update post-mortem with confirmed migration Lambda failure (LF blocked GetPartitions on named_packages). Add 03-lakeformation-fixes.md documenting all deployment repo fixes including the new table-wildcard grants and MigrationCallout DependsOn fix. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
drernie
changed the title
drernie
changed the title
Add 06-lakeformation-db-fail.md documenting the Glue Database update NPE. Update 05 status: per-table grants work, CreateTableDefaultPerms does not (crashes nameless DBs). Deploy 70fa6ae succeeded. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move Python API examples to README_DEV.md, streamline README.md for CLI users, and add 07-lakeformation-final.md summarizing the deployed Lake Formation solution. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
quiltx ecs run-migrationcommand that can re-run the registry migration task for a stackquiltx stack aclfailure reporting so apply steps and GraphQL errors are visible immediately, with bucket, policy, role, SSO, and delete failures reported with context instead of disappearing into a generic failureBreaking change
quiltx ecs shell; barequiltx ecsshows subcommand helpTesting