Skip to content

Add lstk sam command#312

Open
peter-smith-phd wants to merge 2 commits into
mainfrom
dpx-506-add-sam-proxy-command
Open

Add lstk sam command#312
peter-smith-phd wants to merge 2 commits into
mainfrom
dpx-506-add-sam-proxy-command

Conversation

@peter-smith-phd

@peter-smith-phd peter-smith-phd commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Adds lstk sam, proxying the AWS SAM CLI against LocalStack — a first-party replacement for samlocal/aws-sam-cli-local (no extra install needed). This implementation is based on the work done for lstk terraform and lstk cdk.

Closes DPX-506

What it does

  • Points the sam subprocess at LocalStack via AWS_ENDPOINT_URL only — SAM's botocore auto-selects path-style S3 on a localhost endpoint, so no S3-specific endpoint is set.
  • Provides mock credentials and strips unrelated AWS config (AWS_PROFILE, AWS_DEFAULT_PROFILE, AWS_SESSION_TOKEN) that could accidentally cause sam to contact real AWS.
  • Supports leading --region and --account.
  • Requires AWS-contacting sam subcommands to have a running AWS emulator, whereas offline ones (docs, init, build, validate, local, pipeline) don't require an emulator.
  • Requires AWS SAM CLI 1.95.0+. Older versions ignore AWS_ENDPOINT_URL and would silently target real AWS).
  • Resolves the binary from PATH, overridable via LSTK_SAM_CMD.

Known limitations vs samlocal

samlocal is a Python wrapper that monkeypatches SAM in-process; lstk sam is a subprocess wrapper written in Go, so two samlocal behaviors are out of reach and not supported (use samlocal for them): 1) image/container-based Lambda (ECR) deploys and 2) nested CloudFormation stack template export. These are documented in the help text and tracked as open questions in the design doc.

Layout

  • Domain logic: internal/iac/sam/cli/ (env.go, defaults.go, version.go, exec.go) — mirrors internal/iac/cdk/cli/.
  • Wiring: cmd/sam.go, registered in cmd/root.go; reuses cmd/iac.go helpers.
  • Design/spec/tasks under openspec/changes/add-samlocal-command/.
  • Docs: new "Infrastructure as Code Commands" section in CLAUDE.md.

Testing

  • Unit tests for newly-written functions.
  • Integration tests with a fake sam binary (arg forwarding, env injection, version gate, missing binary, --account, offline gating, emulator gating).
  • E2E tests (sam_e2e_test.go) against a real sam talking to LocalStack. These exercise the full path, with no test mocks.

🤖 Generated with Claude Code

@peter-smith-phd peter-smith-phd added semver: minor docs: needed Pull request requires documentation updates labels Jun 15, 2026
@peter-smith-phd peter-smith-phd changed the title feat: add lstk sam proxy command Add lstk sam command Jun 15, 2026
peter-smith-phd and others added 2 commits June 16, 2026 09:41
@peter-smith-phd @claude
feat: add lstk sam proxy command
3cc59aa 
Add `lstk sam`, proxying the AWS SAM CLI against LocalStack — a first-party
replacement for samlocal/aws-sam-cli-local (no install needed). It uses the
lstk cdk env-var mechanism with the Terraform account model.

- Points sam at LocalStack via AWS_ENDPOINT_URL only (SAM's botocore uses
  path-style S3 on a localhost endpoint, so no S3-specific endpoint is set);
  provides mock credentials and strips ambient AWS config.
- Supports leading --region and --account (LocalStack derives the account from
  AWS_ACCESS_KEY_ID); writes the region to both AWS_REGION and
  AWS_DEFAULT_REGION since SAM reads the latter.
- Gates AWS-contacting subcommands on a running emulator; runs offline ones
  (docs, init, build, validate, local, pipeline) without one.
- Requires AWS SAM CLI 1.95.0+ (older versions ignore AWS_ENDPOINT_URL and
  would silently target real AWS).

Known limitations vs samlocal: image/container-based Lambda (ECR) deploys and
nested CloudFormation stacks are unsupported (they need in-process SAM patches
a subprocess wrapper cannot apply).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@peter-smith-phd @claude
ci: explicitly install the AWS SAM CLI for sam e2e tests
b9b81ac 
The ubuntu-latest runner image happens to ship aws-sam-cli (1.161.1), so the
`lstk sam` e2e tests pass today — but relying on that is fragile: if a future
image drops it, requireSAM() would silently skip the tests and we'd lose all
SAM e2e coverage with no signal. Install it explicitly via aws-actions/setup-sam
on the Linux shards, mirroring the existing Terraform/OpenTofu/CDK install steps.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@peter-smith-phd peter-smith-phd force-pushed the dpx-506-add-sam-proxy-command branch from aeca4ee to b9b81ac Compare June 15, 2026 21:42
@peter-smith-phd peter-smith-phd marked this pull request as ready for review June 15, 2026 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carole-lavillonniere carole-lavillonniere Awaiting requested review from carole-lavillonniere carole-lavillonniere is a code owner

@silv-io silv-io Awaiting requested review from silv-io silv-io is a code owner

@anisaoshafi anisaoshafi Awaiting requested review from anisaoshafi anisaoshafi is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

docs: needed Pull request requires documentation updates semver: minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peter-smith-phd