Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFormation Refs do not always map to the CCAPI id #173

Open
corymhall opened this issue Oct 14, 2024 · 3 comments
Open

CloudFormation Refs do not always map to the CCAPI id #173

corymhall opened this issue Oct 14, 2024 · 3 comments
Assignees
@t0yv0
Labels
kind/bug Some behavior is incorrect or out of spec
Milestone
0.113

Comments

@corymhall
Copy link
Contributor

What happened?

CloudFormation has two ways of referencing attributes from a Resource. You can either use Ref or Fn::GetAtt.

The Ref is essentially a shortcut to get you the attribute that represents the CloudFormation Id of the resource. In the case of this library we are converting CloudFormation to CCAPI and we are currently assuming that the CloudFormation Ref is always the same as the CCAPI Identifier, but it turns out that is not always the case, especially for resources that have a CCAPI Identifier made up of multiple attributes.

Example

Take this CloudFormation template.

"Resources": {
    "RestApi": {
       "Type": "AWS::ApiGateway::RestApi",
       "Properties": {},
    },
    "ApiResource": {
       "Type": "AWS::ApiGateway::Resource",
       "Properties": {
          "RestApiId": {
           "Ref": "RestApi"
          }
       },
      },
      "ApiMethod": {
         "Type": "AWS::ApiGateway::Method",
         "Properties": {
            "ResourceId": {
             "Ref": "ApiResource"
            },
            "RestApiId": {
             "Ref": "Api"
            }
         }
    }
}

The ResourceId property of the AWS::ApiGateway::Method resource uses a Ref to the AWS::ApiGateway::Resource resource. CloudFormation will return the ResourceId from Ref. If we look at wha the CCAPI resource looks like:

{
    "Identifier": "xzpvi0s9e2|58778h",
    "Properties": "{\"ParentId\":\"aenyy5u7il\",\"PathPart\":\"api\",\"ResourceId\":\"58778h\",\"RestApiId\":\"xzpvi0s9e2\"}"
},

The Identifier is a reference to the primaryIdentifier which is a composite id made up of the ${RestApiId}|${ResourceId} and is not the same as what will be returned by CloudFormation Ref.

For the Method resource, the CCAPI Identifier is not the correct value for the ResourceId property. It should be using the ResourceId attribute of the Resource resource.

Output of pulumi about

N/A

Additional context

If we had access to the CloudFormation schema for the AWS::ApiGateway::Resource resource

https://github.com/pulumi/pulumi-aws-native/blob/cf710320d32c3b59067b81582ba8ff239bc4e452/aws-cloudformation-schema/aws-apigateway-resource.json#L31-L36

We may be able to make an assumption that if the primaryIdentifier is a composite identifier then we only take those values that also exist in the readOnlyAttributes.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@corymhall corymhall added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team and removed needs-triage Needs attention from the triage team labels Oct 14, 2024
@cleverguy25
Copy link

Added to epic https://github.com/pulumi/home/issues/2191

@t0yv0
Copy link
Member

t0yv0 commented Oct 28, 2024

Related: pulumi/pulumi-aws-native#1662

corymhall added a commit that referenced this issue Oct 28, 2024
@corymhall
Add more test resource coverage
34f4a84 
This PR adds some additional examples taken from [cdk
patterns](https://cdkpatterns.com/).

It adds coverage for these additional resources.
```
aws-native:sns:Topic
aws-native:sns:Subscription
aws-native:lambda:EventSourceMapping
aws:lambda:Permission
aws-native:iam:Role
aws-native:apigateway:Model
aws-native:apigateway:RestApi
aws-native:apigateway:Deployment
aws-native:apigateway:Stage
aws-native:apigateway:Method
aws-native:apigateway:Resource
aws-native:sqs:Queue
aws:sqs:QueuePolicy
aws-native:events:Rule
aws-native:dynamodb:GlobalTable
```

I am also introducing a workaround for #173 for a couple of the
ApiGateway resources since those are top 20 library resources. We can
easily remove this workaround once the complete fix done.
@corymhall corymhall mentioned this issue Oct 28, 2024
Merged
@t0yv0 t0yv0 self-assigned this Oct 28, 2024
corymhall added a commit that referenced this issue Oct 29, 2024
@corymhall
Add more test resource coverage (#182)
c36cb89 
This PR adds some additional examples taken from [cdk
patterns](https://cdkpatterns.com/).

It adds coverage for these additional resources.
```
aws-native:sns:Topic
aws-native:sns:Subscription
aws-native:lambda:EventSourceMapping
aws:lambda:Permission
aws-native:iam:Role
aws-native:apigateway:Model
aws-native:apigateway:RestApi
aws-native:apigateway:Deployment
aws-native:apigateway:Stage
aws-native:apigateway:Method
aws-native:apigateway:Resource
aws-native:sqs:Queue
aws:sqs:QueuePolicy
aws-native:events:Rule
aws-native:dynamodb:GlobalTable
```

I am also introducing a workaround for #173 for a couple of the
ApiGateway resources since those are top 20 library resources. We can
easily remove this workaround once the complete fix done.
@mjeffryes mjeffryes added this to the 0.112 milestone Oct 30, 2024
@mjeffryes mjeffryes modified the milestones: 0.112, 0.113 Nov 13, 2024
@t0yv0
Copy link
Member

t0yv0 commented Nov 19, 2024

Possibly related: pulumi/pulumi-aws-native#1734

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@t0yv0 t0yv0

Labels
kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
0.113
Development

No branches or pull requests
4 participants
@t0yv0 @mjeffryes @cleverguy25 @corymhall