feat(core): allow validation report multi-write based on context keys (#34927)

scoobydrew · web-flow · commit 9571599b58e0 · 2025-07-23T12:38:25.000Z
### Reason for this change It would be helpful to have more options around how the validation report is output. Currently the pretty print and JSON formatted file options are mutually exclusive. This pull request allows both to be used. The primary driver is to allow users to see their report results in a human-readable format while also having an output artifact that can be consumed by other CI/CD tools. ### Description of changes It is now possible to print multiple validation report formats. I added a new context key `@aws-cdk/core:validationReportPrettyPrint` boolean that prints the validation report to the console when `true`. I have made this value `true` by default so that users today maintain the same behavior they expect. Setting the existing `@aws-cdk/core:validationReportJson` key still results in only JSON formatted output. Users may now select both options by enabling both keys. Rather than a pretty print context key, I considered implementing a `@aws-cdk/core:validationReportBoth` key but this seemed to assume there would not be another format option added. It would allow the JSON format key to also keep its current behavior but the tradeoff of both report types appearing for those who only provide the JSON key seemed like a reasonable trade for keeping the report formats open for additional options in the future. ### Describe any new or updated permissions being added N/A ### Description of how you validated changes I have added unit tests that validate my changes. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ### EDIT Following review suggestions the logic has been updated such that: - Default: pretty print only - Enable JSON format context key: JSON only - Enable pretty print context key: pretty print only - Enable both keys: both formats ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/core/README.md b/packages/aws-cdk-lib/core/README.md
@@ -1545,7 +1545,7 @@ validation.
 > etc. It's your responsibility as the consumer of a plugin to verify that it is
 > secure to use.
 
-By default, the report will be printed in a human readable format. If you want a
+By default, the report will be printed in a human-readable format. If you want a
 report in JSON format, enable it using the `@aws-cdk/core:validationReportJson`
 context passing it directly to the application:
 
@@ -1559,6 +1559,18 @@ Alternatively, you can set this context key-value pair using the `cdk.json` or
 `cdk.context.json` files in your project directory (see
 [Runtime context](https://docs.aws.amazon.com/cdk/v2/guide/context.html)).
 
+It is also possible to enable both JSON and human-readable formats by setting
+`@aws-cdk/core:validationReportPrettyPrint` context key explicitly:
+
+```ts
+const app = new App({
+  context: {
+    '@aws-cdk/core:validationReportJson': true,
+    '@aws-cdk/core:validationReportPrettyPrint': true,
+  },
+});
+```
+
 If you choose the JSON format, the CDK will print the policy validation report
 to a file called `policy-validation-report.json` in the cloud assembly
 directory. For the default, human-readable format, the report will be printed to
diff --git a/packages/aws-cdk-lib/core/lib/private/synthesis.ts b/packages/aws-cdk-lib/core/lib/private/synthesis.ts
@@ -20,6 +20,7 @@ import { ConstructTree } from '../validation/private/construct-tree';
 import { PolicyValidationReportFormatter, NamedValidationPluginReport } from '../validation/private/report';
 
 const POLICY_VALIDATION_FILE_PATH = 'policy-validation-report.json';
+const VALIDATION_REPORT_PRETTY_CONTEXT = '@aws-cdk/core:validationReportPrettyPrint';
 const VALIDATION_REPORT_JSON_CONTEXT = '@aws-cdk/core:validationReportJson';
 
 /**
@@ -147,24 +148,27 @@ function invokeValidationPlugins(root: IConstruct, outdir: string, assembly: Clo
   if (reports.length > 0) {
     const tree = new ConstructTree(root);
     const formatter = new PolicyValidationReportFormatter(tree);
+    let formatPretty = root.node.tryGetContext(VALIDATION_REPORT_PRETTY_CONTEXT) ?? false;
     const formatJson = root.node.tryGetContext(VALIDATION_REPORT_JSON_CONTEXT) ?? false;
-    const output = formatJson
-      ? formatter.formatJson(reports)
-      : formatter.formatPrettyPrinted(reports);
-
+    formatPretty = formatPretty || !(formatPretty || formatJson); // if neither is set, default to pretty print
     const reportFile = path.join(assembly.directory, POLICY_VALIDATION_FILE_PATH);
-    if (formatJson) {
-      fs.writeFileSync(reportFile, JSON.stringify(output, undefined, 2));
-    } else {
+    if (formatPretty) {
+      const output = formatter.formatPrettyPrinted(reports);
       // eslint-disable-next-line no-console
       console.error(output);
     }
+    if (formatJson) {
+      const output = formatter.formatJson(reports);
+      fs.writeFileSync(reportFile, JSON.stringify(output, undefined, 2));
+    }
     const failed = reports.some(r => !r.success);
     if (failed) {
-      const message = formatJson
+      let message = formatJson
         ? `Validation failed. See the validation report in '${reportFile}' for details`
         : 'Validation failed. See the validation report above for details';
-
+      if (formatPretty && formatJson) {
+        message = `Validation failed. See the validation report in '${reportFile}' and above for details`;
+      }
       // eslint-disable-next-line no-console
       console.log(message);
       process.exitCode = 1;
diff --git a/packages/aws-cdk-lib/core/test/validation/validation.test.ts b/packages/aws-cdk-lib/core/test/validation/validation.test.ts
@@ -631,7 +631,9 @@ Policy Validation Report Summary
           }],
         }]),
       ],
-      context: { '@aws-cdk/core:validationReportJson': true },
+      context: {
+        '@aws-cdk/core:validationReportJson': true,
+      },
     });
     const stack = new core.Stack(app);
     new core.CfnResource(stack, 'Fake', {
@@ -642,8 +644,125 @@ Policy Validation Report Summary
     });
     app.synth();
     expect(process.exitCode).toEqual(1);
+    const file = path.join(app.outdir, 'policy-validation-report.json');
+    const report = fs.readFileSync(file).toString('utf-8');
+    expect(JSON.parse(report)).toEqual(expect.objectContaining({
+      title: 'Validation Report',
+      pluginReports: [
+        {
+          summary: {
+            pluginName: 'test-plugin',
+            status: 'failure',
+          },
+          violations: [
+            {
+              ruleName: 'test-rule',
+              description: 'test recommendation',
+              ruleMetadata: { id: 'abcdefg' },
+              violatingResources: [{
+                'locations': [
+                  'test-location',
+                ],
+                'resourceLogicalId': 'Fake',
+                'templatePath': '/path/to/Default.template.json',
+              }],
+              violatingConstructs: [
+                {
+                  constructStack: {
+                    'id': 'Default',
+                    'construct': expect.stringMatching(/(aws-cdk-lib.Stack|Construct)/),
+                    'libraryVersion': expect.any(String),
+                    'location': "Run with '--debug' to include location info",
+                    'path': 'Default',
+                    'child': {
+                      'id': 'Fake',
+                      'construct': expect.stringMatching(/(aws-cdk-lib.CfnResource|Construct)/),
+                      'libraryVersion': expect.any(String),
+                      'location': "Run with '--debug' to include location info",
+                      'path': 'Default/Fake',
+                    },
+                  },
+                  constructPath: 'Default/Fake',
+                  locations: ['test-location'],
+                  resourceLogicalId: 'Fake',
+                  templatePath: '/path/to/Default.template.json',
+                },
+              ],
+            },
+          ],
+        },
+      ],
+    }));
+    const consoleOut = consoleLogMock.mock.calls[1][0];
+    expect(consoleOut).toContain(`Validation failed. See the validation report in \'${file}\' for details`);
+  });
 
-    const report = fs.readFileSync(path.join(app.outdir, 'policy-validation-report.json')).toString('utf-8');
+  test('Pretty print as default', () => {
+    const app = new core.App({
+      policyValidationBeta1: [
+        new FakePlugin('test-plugin', [{
+          description: 'test recommendation',
+          ruleName: 'test-rule',
+          ruleMetadata: {
+            id: 'abcdefg',
+          },
+          violatingResources: [{
+            locations: ['test-location'],
+            resourceLogicalId: 'Fake',
+            templatePath: '/path/to/Default.template.json',
+          }],
+        }]),
+      ],
+      context: {
+      },
+    });
+    const stack = new core.Stack(app);
+    new core.CfnResource(stack, 'Fake', {
+      type: 'Test::Resource::Fake',
+      properties: {
+        result: 'failure',
+      },
+    });
+    app.synth();
+    expect(process.exitCode).toEqual(1);
+    const consoleOut = consoleLogMock.mock.calls[1][0];
+    expect(consoleOut).toContain('Validation failed. See the validation report above for details');
+    const consoleReport = consoleErrorMock.mock.calls[0][0];
+    expect(consoleReport).toContain('Validation Report');
+  });
+
+  test('Multi format', () => {
+    const app = new core.App({
+      policyValidationBeta1: [
+        new FakePlugin('test-plugin', [{
+          description: 'test recommendation',
+          ruleName: 'test-rule',
+          ruleMetadata: {
+            id: 'abcdefg',
+          },
+          violatingResources: [{
+            locations: ['test-location'],
+            resourceLogicalId: 'Fake',
+            templatePath: '/path/to/Default.template.json',
+          }],
+        }]),
+      ],
+      context: {
+        '@aws-cdk/core:validationReportJson': true,
+        '@aws-cdk/core:validationReportPrettyPrint': true,
+      },
+    });
+    const stack = new core.Stack(app);
+    new core.CfnResource(stack, 'Fake', {
+      type: 'Test::Resource::Fake',
+      properties: {
+        result: 'failure',
+      },
+    });
+    app.synth();
+    expect(process.exitCode).toEqual(1);
+    const file = path.join(app.outdir, 'policy-validation-report.json');
+    const report = fs.readFileSync(file).toString('utf-8');
     expect(JSON.parse(report)).toEqual(expect.objectContaining({
       title: 'Validation Report',
       pluginReports: [
@@ -691,6 +810,10 @@ Policy Validation Report Summary
         },
       ],
     }));
+    const consoleOut = consoleLogMock.mock.calls[1][0];
+    expect(consoleOut).toContain(`Validation failed. See the validation report in \'${file}\' and above for details`);
+    const consoleReport = consoleErrorMock.mock.calls[0][0];
+    expect(consoleReport).toContain('Validation Report');
   });
 });
 
