search

aws-cloudformation / cfn-language-discussion

Language discussions for CloudFormation template language
https://aws.amazon.com/cloudformation/
Apache License 2.0
143 stars 13 forks source link

AWS::LanguageExtensions transform seems to break conditions with Fn::Select #159

Open RhubarbSin opened 4 months ago

RhubarbSin commented 4 months ago

Community Note

Tell us about the bug

When trying to create a resource only when the value of a string parameter is not an empty string (using a condition that evaluates to False), CloudFormation appears to try to evaluate the use of Fn::Select in the specification of one of the properties of the declared resource, which would not be created because of the use of the condition in the resource declaration.

Expected behavior

The resource that is declared with the condition associated with it is not created.

Observed behavior

The attempt to create a CloudFormation change set reports status FAILED with the following status reason:

Transform AWS::LanguageExtensions failed with: Fn::Select cannot select nonexistent value at index 1

Test cases

---
AWSTemplateFormatVersion: 2010-09-09

Transform: AWS::LanguageExtensions

Parameters:

  DomainName:
    Type: String
    Default: example.xyz

  Fqdn:
    Type: String
    Default: ''

Conditions:

  CreateRecordSet: !Not [!Equals [!Ref Fqdn, '']]

Resources:

  HostedZone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: !Ref DomainName

  RecordSet:
    Type: AWS::Route53::RecordSet
    Condition: CreateRecordSet
    Properties:
      Type: CNAME
      TTL: 60
      HostedZoneId: !Ref HostedZone
      Name: !Ref Fqdn
      ResourceRecords:
        - !Sub
          - ${SubDomain}.${TopLevelDomain}.
          - SubDomain: !Select [1, !Split ['.', !Ref Fqdn]]
            TopLevelDomain: !Select [2, !Split ['.', !Ref Fqdn]]

Additional context

tgolly commented 3 months ago

I'm getting this as well, I'm trying to refactor some code to use the awesome new ForEach intrinsic function, however enabling the AWS::LanguageExtensions transform seems to break previously working code with no other changes.

It looks like the transform runs some sort of pre-processor that ignores Condition: statements, so it evaluates resources that previously were ignored by the Condition evaluating to False.

And any Select functions in those statements are now being evaluated, when they shouldn't be.

daghaian commented 1 week ago

I'd like to comment that after spending a full day with trying to debug our first use of the Transform LanguageExtension, it also broke our existing stack. I was originally thinking it was the foreach we added but it looks like something else being triggered by just having the reference to the extension.

wheel5up commented 1 week ago

Same behavior. I've reduced my template down to a minimum. I can create several object including AWS::IAM::Role, AWS::Logs::LogGroup, and AWS::ApiGateway::Method WITH the extension enabled. As soon as I add the simplest AWS::StepFunctions::StateMachine I receive the error

Fragment returned by transform AWS::LanguageExtensions is null

I can not create a valid template with AWS::LanguageExtensions and AWS::StepFunctions::StateMachine

Simple yaml fragment to reproduce

AWSTemplateFormatVersion: "2010-09-09" Transform: 'AWS::LanguageExtensions'

Resources:

mystepfunction: Type: 'AWS::StepFunctions::StateMachine' Properties: RoleArn: !GetAtt createJiraConnectionStepFunctionRole.Arn StateMachineName: mystepfunction StateMachineType: 'EXPRESS' DefinitionString: |- { "Comment": "A description of my state machine", "StartAt": "Pass", "States": { "Pass": { "Type": "Pass", "End": true } } }