search

aws-cloudformation / cloudformation-resource-schema

The CloudFormation Resource Schema defines the shape and semantic for resources provisioned by CloudFormation. It is used by provider developers using the CloudFormation RPDK.
Apache License 2.0
90 stars 38 forks source link

What is the expected format of `readOnlyProperties`? #150

Open gordonmleigh opened 7 months ago

gordonmleigh commented 7 months ago

What is the expected format of readOnlyProperties? There are several examples in the current schemas, shown below. Since this format is an extension of JSON Schema, I'd have expected readOnlyProperties to match required, i.e. just having property names. Instead it has something which looks like a JSON Pointer, but in most cases isn't actually a valid reference.

Are all of the properties listed here supposed to be now accessible with Fn::GetAtt? The last word on this was in 2019 (#59): "supposed to be, but not quite working yet".

Prefixed with /properties/, nested with /

The /properties/ prefix implies that this is a JSON Pointer, but these aren't actually valid references, since the nested property isn't a child of the schema at that location.

E.g. AWS::RDS::DBInstance:

"readOnlyProperties": [
  "/properties/Endpoint/Address",
  "/properties/Endpoint/Port",
  "/properties/Endpoint/HostedZoneId",
  "/properties/DbiResourceId",
  "/properties/DBInstanceArn",
  "/properties/DBSystemId",
  "/properties/MasterUserSecret/SecretArn",
  "/properties/CertificateDetails/CAIdentifier",
  "/properties/CertificateDetails/ValidTill"
],

Prefixed with /properties/, nested with /, contains * wildcards

Also not a valid reference. E.g. AWS::WAFv2::RuleGroup:

"readOnlyProperties": [
  "/properties/Arn",
  "/properties/Id",
  "/properties/LabelNamespace",
  "/properties/AvailableLabels/*/Name",
  "/properties/ConsumedLabels/*/Name"
],

Prefixed with /properties/, nested with .

Also not a valid reference. E.g. AWS::ElastiCache::CacheCluster:

"readOnlyProperties": [
  "/properties/ConfigurationEndpoint.Address",
  "/properties/Id",
  "/properties/ConfigurationEndpoint.Port",
  "/properties/RedisEndpoint.Port",
  "/properties/RedisEndpoint.Address"
],

Prefixed with /Properties/ (uppercase P)

I assume this is a mistake. Only example is AWS::DMS::ReplicationConfig:

"readOnlyProperties": ["/Properties/ReplicationConfigArn"],
PatMyron commented 7 months ago

Started intending to be JSON pointers: https://github.com/aws-cloudformation/cloudformation-resource-schema/blob/92bda29af16ad870ab56bb27f7df4c4b9b68965c/README.md?plain=1#L64

but did diverge to support wildcards: https://github.com/aws-cloudformation/cloudformation-cli/issues/478#issuecomment-750944230

(uppercase P is indeed likely a typo. Don't remember enough to weigh in on RDS/ElastiCache examples anymore)