(AWS::SSM::Document) `Invalid request provided: schemaVersion should be String` not recognized by cfn-lint

aws-cloudformation / cfn-lint

CloudFormation Linter

MIT No Attribution

2.41k stars 577 forks source link

(AWS::SSM::Document) `Invalid request provided: schemaVersion should be String` not recognized by cfn-lint #2728

Open r-heimann opened 1 year ago

r-heimann commented 1 year ago

CloudFormation Lint Version

cfn-lint 0.77.4

What operating system are you using?

Windows 10

Describe the bug

cfn-lint is unable to recognize that schemaVersion: needs to be a string:

  SSMDocument:
    Type: AWS::SSM::Document
    Properties:
      DocumentType: "Command"
      Content:
        schemaVersion: 2.2
        mainSteps:
          - action: aws:runShellScript...

CloudFormation is throwing the following exception:

Resource handler returned message: "Invalid request provided: schemaVersion should be String
(Service: Ssm, Status Code: 400, Request ID: 6123eabf-1adf-4b9e-a2db-XXXXXXXX)"
(RequestToken: ac277c66-4ced-8306-88b3-XXXXXXXX, HandlerErrorCode: InvalidRequest)

Expected behavior

cfn-lint should display this as an error.

Reproduction template

  SSMDocument:
    Type: AWS::SSM::Document
    Properties:
      DocumentType: "Command"
      Content:
        schemaVersion: 2.2
        mainSteps:
          - action: aws:runShellScript...

kddejong commented 1 year ago

we would like to help cover this but we will need to develop some content ourselves for this. Currently Content in the spec is listed as json which means the CloudFormation specs don't include the properties and what their types are.

We do this for step functions, IAM policies, and some other areas but we have not tackled the SSM doc content as of yet.

ArjunMenon-bit commented 8 months ago

@kddejong I would like to contribute to this issue. I saw we have defined 'Content' as json in cfn-lint\test\fixtures\specs\us-east-1.json. Can you please guide me towards the implementation we have done for step functions and IAM policies in such similar situations?

kddejong commented 6 months ago

If we create some JSON schemas we can use those to validate SSM documents. Looks like that was started here but hasn't been updated in a while. https://github.com/aws/amazon-ssm-document-language-service/blob/master/src/schema/ssmDocumentSchema.ts

ArjunMenon-bit commented 4 months ago

I tried to dig through the code and similar issues from the past. Would it be the right understanding to add this json schema to all the files under cfn-lint\src\cfnlint\data\CloudSpecs*.json ?

kddejong commented 1 week ago

@ArjunMenon-bit in v1 we can add json schema docs to src/cfnlint/data/schemas/other/ssm

kddejong commented 1 week ago

I started some schema documents in this branch and location: https://github.com/aws-cloudformation/cfn-lint/tree/feature/schemas/ssm/src/cfnlint/data/schemas/other/ssm

The problem is there are a lot of versions and not a lot of documentation to fill in the gaps.

kddejong commented 1 week ago

Submitted a PR that is a minimal start to validating SSM documents.