search

aws-cloudformation / cfn-lint

CloudFormation Linter
MIT No Attribution
2.4k stars 577 forks source link

Using JSON within YAML no longer works as of 1.3.4 #3403

Closed jtherrmann closed 5 days ago

jtherrmann commented 1 week ago

CloudFormation Lint Version

1.3.4

What operating system are you using?

Ubuntu 24.04 LTS

Describe the bug

We have a AWS::SNS::Subscription resource as part of our CloudFormation template here. We provide our FilterPolicy as a JSON object, as specified in the CloudFormation docs. However, running cfn-lint v1.3.4 on our template gives the following error:

E3012 '{\n  "landsat_product_id": [{"suffix": "_T1"}, {"suffix": "_T2"}],\n  "s3_location": [{"prefix": "s3://usgs-landsat/collection02/level-1/standard/oli-tirs/"}]\n}\n' is not of type 'object'
cloudformation.yml:74:7

This error does not appear with the previous release of cfn-lint, v0.87.8.

Expected behavior

This error should not appear, because we are specifying our FilterPolicy as a JSON object, which matches the CloudFormation docs.

Reproduction template

The full template is available here and the relevant resource block is here:

  LandsatSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      TopicArn: !Ref LandsatTopicArn
      Protocol: sqs
      Endpoint: !GetAtt Queue.Arn
      FilterPolicyScope: MessageBody
      FilterPolicy: |
        {
          "landsat_product_id": [{"suffix": "_T1"}, {"suffix": "_T2"}],
          "s3_location": [{"prefix": "s3://usgs-landsat/collection02/level-1/standard/oli-tirs/"}]
        }
jtherrmann commented 1 week ago

Looks like this may just be an issue when JSON is used within a YAML template, as the error goes away when I convert the JSON portion to YAML. Is mixing the two no longer supported as of v1.3.4?

kddejong commented 1 week ago

Its how some of the items get codified into the schema. Previously there was a type of json and now in some resource schemas we are getting just {"type": "object"}. The easy fix is to patch those with {"type": ["object", "string"]}. Ideally we would be able to identify these situations and valid the string is JSON. Working on a solution for this shortly.

We may have a short term and a long term solution to this btw.

jtherrmann commented 1 week ago

@kddejong Sounds great, thanks!

kddejong commented 6 days ago

This PR should allow any of these json properties to be either string or an object. While doing this work I found a chunk of resources that were only providing "type": "object" for the Tags property so I patched those as well.

kddejong commented 5 days ago

This should now be resolved with the recent release. Let me know if you are still having issues. There are some more steps to be done to improve the validation but that can come later.

jtherrmann commented 5 days ago

@kddejong Thank you!