Stack protection feature documentation discrepancy

[zaro0508]

The sceptre docs refers to stack protection feature with key protected[1] however it only seems to work when using the protect keyword (i.e. protect: true). a quick grep shows that many tests use protected keyword. Not sure which is the correct keyword to use.

[1] https://sceptre.cloudreach.com/latest/docs/stack_config.html#protected

(py36-sceptredev) ~/w/sceptre ❯❯❯ git grep protected docs/docs/stack_config.md:* protected (optional)
docs/docs/stack_config.md:### protected
docs/docs/stack_config.md:If a user tries to run one of these commands on a protected Stack, Sceptre will
sceptre/config/reader.py: protected=config.get("protect", False),
sceptre/plan/actions.py: if self.stack.protected:
sceptre/stack.py: :param protected: Stack protection against execution.
sceptre/stack.py: :type protected: bool
sceptre/stack.py: dependencies=None, role_arn=None, protected=False, tags=None,
sceptre/stack.py: self.protected = protected
sceptre/stack.py: "protected={protected}, "
sceptre/stack.py: protected=self.protected,
sceptre/stack.py: self.protected == stack.protected and
tests/test_actions.py: role_arn=sentinel.role_arn, protected=False,
tests/test_actions.py: self.actions.stack.protected = True
tests/test_config_reader.py: protected=False,
tests/test_plan.py: role_arn=sentinel.role_arn, protected=False,
tests/test_stack.py: role_arn=sentinel.role_arn, protected=False,
tests/test_stack.py: assert stack.protected is False
tests/test_stack.py: "protected=False, "\

[jmourelos]

@ngfgrant after rereading my last comment in the PR I realize I did not explain myself properly.

Yes, you are right, "protected" is used in the Python API (not "protect"). The problematic is that here we have 3 aspects to be ideally in line with each other:

• Python API: uses "protected" in master
• Config API: uses "protect" in master
• Config API documentation: uses "protected" in master and I changed it to "protect" in this PR.

Additionally, I believe we need to be backwards-compatible.

Assuming all this I see 2 solutions:

1. The solution implemented in this PR:

• Pros:
  • Simple
  • Makes "Config API" and "Config API documentation" be in line
• Cons:
  • "Python API" and "Config API" will continue not to be in line

2. Keep "Config API documentation" as it is, make both "protect" and "protected" synonym keywords in the Config API and remove "protect" in a hypothetical Sceptre 3.0:

• Pros:
  • "Python API", "Config API" and "Config API documentation" are all in line with each other
• Cons:
  • We have to decide how to handle the case of "protect" and "protected" being used simultaneously and implement a proper solution for it (e.g. not allowing both keywords to be used in the same Stack Config file)

[adamcousins]

Any updates on this issue?
Im still seeing this discrepency on the latest version when I define the below in my stack config .yaml file.

protect: true ##This works successfully
protected: true ##This is ignored

On a side note I'd see it more useful if we could define it like this:
protected:

• create
• delete

where I can define the different types of execution which are 'protected'
Is this possible?

[dragarthPl]

Hello, I request that either the code or the documentation be corrected so that the actual state is consistent. This should have been fixed after 4 years.