Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SomeGetAttable attribute are not marked as such #1139

Open
rix0rrr opened this issue Jun 14, 2024 · 0 comments
Open

SomeGetAttable attribute are not marked as such #1139

rix0rrr opened this issue Jun 14, 2024 · 0 comments

Comments

@rix0rrr
Copy link
Contributor

rix0rrr commented Jun 14, 2024
edited
Loading

The CFN Registry Schema

The CloudFormation Registry schema is a Control Plane schema, that defines resources with properties. Some properties are configurable by the user (BucketName, Timeout, etc), and some properties are not configurable by the user (Arn, KeyId).

In the CloudFormation Registry schema, properties that are not configurable by the user are marked as readOnlyProperties.

CloudFormation

CloudFormation is an IaC engine that can orchestrate the creation of AWS resources by means of a template. In that template, values for configurable resource properties can be specified in a Properties: block. Equally, certain values can be read from a resource by specifying a { Fn::GetAtt } intrinsic. For example, the Arn property of a Bucket can be read by writing { "Fn::GetAtt": [MyBucket, Arn] }.

It's not possible to read all properties this way, just a limited subset that is different for each resource. (Motivation: If arbitrary anytime-mutable properties could be GetAtted, it would become extremely expensive to calculate the changeset, so CloudFormation specifically does not allow it. )

The issue

Now here comes the important bit:

  • In CloudFormation, certain properties can be both configured as well as read.
    • For example, an EC2::Subnet's VpcId can both be configured in Properties, as well as retrieved using { "Fn::GetAtt": [MySubnet, VpcId] }.
  • The CFN Registry Schema has no way to express this! The property is not ReadOnly, so it would be incorrect to put it inside readOnlyProperties.

The CFN Registry Schema is not intended to describe CloudFormation behavior, hence it does not have a way to describe the attributes that can be { Fn::GetAtt }ed, and it will never have a way to describe that.

Yet, in order to generate valid CloudFormation templates, the spec does need a way to describe the properties and attributes of each resource. So we need an additional datasource.

The set of { GetAtt }'able properties will always be at least the set of readOnlyProperties, as well as a set of additional properties that can be both configured as well as { GetAtt }ed.

We currently already mark readOnlyProperties as attributes, but don't have the additional set of writable+readable properties yet.

The solution

CloudFormation currently has an exception list for 87 properties that can be GetAtt'ed with the same name as properties, and will not accept new ones in the future.

We add this additional list as an enhanced data source, and add those into the spec as attributes.

Going forward, new GetAttable properties will be added to readOnlyProperties only, so we will automatically keep up with extensions.

Information on where to find the list of GetAttable properties: internal reference D139308277
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rix0rrr