search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

AWS::CloudFront::PublicKey Drift showing False positive due to escape character "\r" "\n" #1903

Open AkshayAkyAWS opened 6 months ago

AkshayAkyAWS commented 6 months ago

Name of the resource

AWS::CloudFront::PublicKey

Resource Name

No response

Issue Description

AWS::Cloudfront::PublicKey is showing false positive when you run the drift on the resource. The resource created using CFN template and the describe call on resource have escape characters "\n" "\r" depending on how the EncodedKey value is passed to PublicKey, which is causing a drift since, CFN as well as CloudFront add these character based on the lines and spaces.

Expected Behavior

CFN should ignore escape character in EncodedKey value when comparing the resource or standardised the creation of resource for using escape characters

Observed Behavior

The False positive result for drift is shown when running drift against AWS::Cloudfront::PublicKey resource for EncodedKey value due to escape character "\n" "\r"

Test Cases

Template1

Resources:
  Mypubkey:
    Type: AWS::CloudFront::PublicKey
    Properties:
      PublicKeyConfig:
        Name: "Mypubkey1"
        CallerReference: "c89d732e4c99b1cee53817556d0cdasd389ce"
        EncodedKey: |
          -----BEGIN PUBLIC KEY-----  
            MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JMfjJMMOfJ/OC1BP6AC
            gmYUfP3O0mx1eCMf0TgR8TFpSWPJVOo1wndGeUzEUWjpTIlnWI5cTXUh56xTwSLy 
            bnfx7l8O5jWXfU//QM70WOk0dZHiivSAV9tf6q+jBCT5MM5whvKOnYz/QnmO5+i8 
            kbMHaxXsV1E6so5/pgZxK0Okx9vbf5TqmD4axjuZlgryOXvVBnB0dLx9p6/BxIkx 
            Fvn8AHKZ6JSsPXRU3qUO+5iN0XsoFWhcjPHL8NmNPNJY4Ukhqeio/O1pkWsBnSBz 
            ucgQrtDBMT3JfX3YU+bd37NugoLpXpHwr49evnnXAjBqlz2TEJ3POr/SqBkd6Db2
            HwIDAQAB
            -----END PUBLIC KEY-----

The resource show drift with below details: Expected

{
  "PublicKeyConfig": {
    "CallerReference": "c89d732e4c99b1ce93fab885e53817556d0cd389ce",
    "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JMfjJMMOfJ/OC1BP6AC\ngmYUfP3O0mx1eCMf0TgR8TFpSWPJVOo1wndGeUzEUWjpTIlnWI5cTXUh56xTwSLy\nbnfx7l8O5jWXfU//QM70WOk0dZHiivSAV9tf6q+jBCT5MM5whvKOnYz/QnmO5+i8\nkbMHaxXsV1E6so5/pgZxK0Okx9vbf5TqmD4axjuZlgryOXvVBnB0dLx9p6/BxIkx\nFvn8AHKZ6JSsPXRU3qUO+5iN0XsoFWhcjPHL8NmNPNJY4Ukhqeio/O1pkWsBnSBz\nucgQrtDBMT3JfX3YU+bd37NugoLpXpHwr49evnnXAjBqlz2TEJ3POr/SqBkd6Db2\nHwIDAQAB\n-----END PUBLIC KEY-----",
    "Name": "Mypubkey"
  }
}

Actual

{
  "PublicKeyConfig": {
    "CallerReference": "c89d732e4c99b1ce93fab885e53817556d0cd389ce",
    "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JMfjJMMOfJ/OC1BP6AC\ngmYUfP3O0mx1eCMf0TgR8TFpSWPJVOo1wndGeUzEUWjpTIlnWI5cTXUh56xTwSLy\nbnfx7l8O5jWXfU//QM70WOk0dZHiivSAV9tf6q+jBCT5MM5whvKOnYz/QnmO5+i8\nkbMHaxXsV1E6so5/pgZxK0Okx9vbf5TqmD4axjuZlgryOXvVBnB0dLx9p6/BxIkx\nFvn8AHKZ6JSsPXRU3qUO+5iN0XsoFWhcjPHL8NmNPNJY4Ukhqeio/O1pkWsBnSBz\nucgQrtDBMT3JfX3YU+bd37NugoLpXpHwr49evnnXAjBqlz2TEJ3POr/SqBkd6Db2\nHwIDAQAB\n-----END PUBLIC KEY-----\n",
    "Name": "Mypubkey"
  }
}

Template2

Resources:
  Mypubkey:
    Type: AWS::CloudFront::PublicKey
    Properties:
      PublicKeyConfig:
        Name: "Mypubkey2"
        CallerReference: "c89d732e4c9asd9b1cee53817556d0cdasd389ce"
        EncodedKey: "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDmSnU4Sh5O/RQ34As/2\r\nINgOhYx9S7PVDBbSu0LGtmX+iuIGUuwQS6Y5szIKWyiCwPhpr1vlCXV8VuTow77W\r\nf28jYIGOF00IddBdR5ronRhAhVqKaq2rFrP+ZnPeKjsf4gNO9NAG3bm3BiTnQe1i\r\nEg5EkY2UmY4EEnwj34/u2dpWTsyH98CZI6iuMt2EBErkXpjeSiUa9dekE0DtuRIH\r\nwr/6gtK3MoPqt/OSBQVseFoXev4IHT5MNvJ8PjCMAg3ugK6LxUrOA4MgoQK2aY1Q\r\nuSVRv8yvHYCF0Oa7K6sOw/v1Elx63SXM8dQYvzEN7J653qd08QDGmgCbfSq1oRGD\r\nmQIDAQAB\r\n-----END PUBLIC KEY-----\r\n"

Expected

{
  "PublicKeyConfig": {
    "CallerReference": "c89d732e4c9asd9b1cee53817556d0cdasd389ce",
    "EncodedKey": "-----BEGIN PUBLIC KEY-----\r\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDmSnU4Sh5O/RQ34As/2\r\nINgOhYx9S7PVDBbSu0LGtmX+iuIGUuwQS6Y5szIKWyiCwPhpr1vlCXV8VuTow77W\r\nf28jYIGOF00IddBdR5ronRhAhVqKaq2rFrP+ZnPeKjsf4gNO9NAG3bm3BiTnQe1i\r\nEg5EkY2UmY4EEnwj34/u2dpWTsyH98CZI6iuMt2EBErkXpjeSiUa9dekE0DtuRIH\r\nwr/6gtK3MoPqt/OSBQVseFoXev4IHT5MNvJ8PjCMAg3ugK6LxUrOA4MgoQK2aY1Q\r\nuSVRv8yvHYCF0Oa7K6sOw/v1Elx63SXM8dQYvzEN7J653qd08QDGmgCbfSq1oRGD\r\nmQIDAQAB\r\n-----END PUBLIC KEY-----\r\n",
    "Name": "Mypubkey2"
  }
}

Actual

{
  "PublicKeyConfig": {
    "CallerReference": "c89d732e4c9asd9b1cee53817556d0cdasd389ce",
    "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDmSnU4Sh5O/RQ34As/2\nINgOhYx9S7PVDBbSu0LGtmX+iuIGUuwQS6Y5szIKWyiCwPhpr1vlCXV8VuTow77W\nf28jYIGOF00IddBdR5ronRhAhVqKaq2rFrP+ZnPeKjsf4gNO9NAG3bm3BiTnQe1i\nEg5EkY2UmY4EEnwj34/u2dpWTsyH98CZI6iuMt2EBErkXpjeSiUa9dekE0DtuRIH\nwr/6gtK3MoPqt/OSBQVseFoXev4IHT5MNvJ8PjCMAg3ugK6LxUrOA4MgoQK2aY1Q\nuSVRv8yvHYCF0Oa7K6sOw/v1Elx63SXM8dQYvzEN7J653qd08QDGmgCbfSq1oRGD\nmQIDAQAB\n-----END PUBLIC KEY-----\n",
    "Name": "Mypubkey2"
  }
}

Other Details

No response