default value for insertionOrder is true

[aygold92]

Issue #, if available:

Description of changes: The default value for insertionOrder should be true, because by default we will honor order (i..e, we assume list by default, rather than set). This kind of makes me think the property should actually be called something else, so that the default value can be false, but I'm not sure we can make that change at this point. If so, would like to have suggestions (my original idea was "orderMatters", which allows us to default to false, but that sounds bad)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[aygold92]

even if the default implementation honours order, it doesn't necessarily mean we should change this flag, although i can get behind this because it's less confusing. does this have any impact on code generation?

at the moment it does not affect code generation because we don't use it anywhere, but as we discussed offline I think we should be adding ordered set and multiset to the codegen options. Why should we not change the flag to true if the actual default interpretation by CFN is true?

[aygold92]

I don't think it's true it isn't used: https://github.com/aws-cloudformation/aws-cloudformation-rpdk/blob/185bff46ee11dcde384541f1dc769612c02df991/src/rpdk/core/jsonutils/resolver.py#L112-L117

Oh interesting, I guess it defaults to False there? It should default to true though

[aygold92]

I don't think it's true it isn't used: https://github.com/aws-cloudformation/aws-cloudformation-rpdk/blob/185bff46ee11dcde384541f1dc769612c02df991/src/rpdk/core/jsonutils/resolver.py#L112-L117

Oh interesting, I guess it defaults to False there? It should default to true though

I am fixing that

[tobywf]

cheers. that logic is gnarly, i think going from the unit tests what the result is is the right move, just pointing out it is being used, not necessarily the logic is wrong. it may have been done that way so that uniqueItems: true and insertionOrder not specified works.

[aygold92]

cheers. that logic is gnarly, i think going from the unit tests what the result is is the right move, just pointing out it is being used, not necessarily the logic is wrong. it may have been done that way so that uniqueItems: true and insertionOrder not specified works.

yeah, that's why in the description for this PR, I mentioned we should consider changing the property name so that it can default to false, which would fix that

[PatMyron]

Description reasoning feels somewhat circular to me, don't completely follow why the default definition switched to true rather than the implementation's default switching to false to match the previous definition

Less than 200 of the 1000+ public resource schema arrays specified insertionOrder, and insertionOrder defaulting to true is one of the main issues with drift detection for Registry types causing false positives

Seems easier to default to false than modifying most resource schemas to specify insertionOrder for drift detection to work properly

---

arrays without insertionOrder per resource type if we want to encourage explicitness:

```python if property_type == 'array' and 'insertionOrder' not in property_keywords: LOG.warning(resource_spec['typeName']) ``` ``` 47 AWS::Kendra::DataSource 32 AWS::ECS::TaskDefinition 28 AWS::CloudFront::Distribution 17 AWS::QuickSight::DataSet 17 AWS::EC2::NetworkInsightsAnalysis 16 AWS::WAFv2::WebACL 16 AWS::WAFv2::RuleGroup 15 AWS::QuickSight::Dashboard 15 AWS::QuickSight::Analysis 15 AWS::ApplicationInsights::Application 10 AWS::QuickSight::Template 10 AWS::ElasticLoadBalancingV2::ListenerRule 8 AWS::ResourceGroups::Group 8 AWS::MediaPackage::OriginEndpoint 8 AWS::KinesisFirehose::DeliveryStream 8 AWS::IoTEvents::DetectorModel 8 AWS::ECS::Service 7 AWS::SageMaker::MonitoringSchedule 7 AWS::QuickSight::Theme 7 AWS::MediaPackage::PackagingConfiguration 7 AWS::ImageBuilder::DistributionConfiguration 7 AWS::AppFlow::Flow 6 AWS::SageMaker::ModelQualityJobDefinition 6 AWS::SageMaker::DataQualityJobDefinition 6 AWS::LookoutMetrics::AnomalyDetector 6 AWS::Lambda::Function 6 AWS::IoT::TopicRule 6 AWS::DataBrew::Recipe 6 AWS::Budgets::BudgetsAction 5 AWS::ServiceCatalog::CloudFormationProvisionedProduct 5 AWS::QuickSight::DataSource 5 AWS::NimbleStudio::LaunchProfile 5 AWS::Lambda::EventSourceMapping 5 AWS::GreengrassV2::ComponentVersion 5 AWS::GameLift::Fleet 5 AWS::FMS::Policy 5 AWS::FIS::ExperimentTemplate 5 AWS::DataBrew::Dataset 5 AWS::Config::ConfigurationAggregator 5 AWS::AuditManager::Assessment 4 AWS::SageMaker::ModelExplainabilityJobDefinition 4 AWS::SageMaker::ModelBiasJobDefinition 4 AWS::SageMaker::Domain 4 AWS::SSM::Document 4 AWS::OpsWorksCM::Server 4 AWS::NimbleStudio::StudioComponent 4 AWS::Kendra::Index 4 AWS::GroundStation::DataflowEndpointGroup 4 AWS::ElasticLoadBalancingV2::Listener 4 AWS::ElastiCache::GlobalReplicationGroup 4 AWS::EKS::FargateProfile 4 AWS::ECS::TaskSet 4 AWS::ECS::Cluster 4 AWS::CustomerProfiles::Integration 4 AWS::ACMPCA::Certificate 3 AWS::Synthetics::Canary 3 AWS::SageMaker::UserProfile 3 AWS::SSO::InstanceAccessControlAttributeConfiguration 3 AWS::SSM::Association 3 AWS::S3Outposts::Bucket 3 AWS::Macie::FindingsFilter 3 AWS::IoT::DomainConfiguration 3 AWS::IAM::OIDCProvider 3 AWS::GameLift::GameServerGroup 3 AWS::Events::Connection 3 AWS::DynamoDB::GlobalTable 3 AWS::DataSync::Task 3 AWS::DataBrew::Job 3 AWS::CustomerProfiles::ObjectType 3 AWS::CodeGuruProfiler::ProfilingGroup 3 AWS::CodeArtifact::Repository 3 AWS::CloudWatch::MetricStream 3 AWS::CloudWatch::CompositeAlarm 3 AWS::CloudFront::OriginRequestPolicy 3 AWS::CloudFront::CachePolicy 3 AWS::Backup::BackupPlan 3 AWS::AppRunner::Service 3 AWS::AppIntegrations::EventIntegration 2 AWS::WorkSpaces::ConnectionAlias 2 AWS::WAFv2::RegexPatternSet 2 AWS::WAFv2::IPSet 2 AWS::StepFunctions::StateMachine 2 AWS::SageMaker::Project 2 AWS::SageMaker::FeatureGroup 2 AWS::SageMaker::AppImageConfig 2 AWS::SSMContacts::Contact 2 AWS::SSM::ResourceDataSync 2 AWS::SES::ContactList 2 AWS::Route53::HealthCheck 2 AWS::MediaPackage::Channel 2 AWS::MediaPackage::Asset 2 AWS::MediaConnect::FlowVpcInterface 2 AWS::Macie::CustomDataIdentifier 2 AWS::MWAA::Environment 2 AWS::LicenseManager::License 2 AWS::LicenseManager::Grant 2 AWS::IoTSiteWise::Gateway 2 AWS::IoTEvents::Input 2 AWS::IoT::TopicRuleDestination 2 AWS::ImageBuilder::InfrastructureConfiguration 2 AWS::ImageBuilder::ImageRecipe 2 AWS::ImageBuilder::ContainerRecipe 2 AWS::IAM::VirtualMFADevice 2 AWS::GroundStation::MissionProfile 2 AWS::GlobalAccelerator::EndpointGroup 2 AWS::GlobalAccelerator::Accelerator 2 AWS::EFS::FileSystem 2 AWS::ECS::ClusterCapacityProviderAssociations 2 AWS::ECR::ReplicationConfiguration 2 AWS::EC2::PrefixList 2 AWS::DataSync::Agent 2 AWS::DataBrew::Schedule 2 AWS::Config::OrganizationConformancePack 2 AWS::CloudFront::RealtimeLogConfig 2 AWS::CUR::ReportDefinition 2 AWS::Backup::BackupSelection 2 AWS::ApiGateway::DomainName 2 AWS::ApiGateway::ApiKey 2 AWS::ACMPCA::CertificateAuthority 1 AWS::XRay::SamplingRule 1 AWS::XRay::Group 1 AWS::Timestream::Table 1 AWS::Timestream::Database 1 AWS::Signer::SigningProfile 1 AWS::ServiceCatalog::ServiceAction 1 AWS::SageMaker::Pipeline 1 AWS::SageMaker::ModelPackageGroup 1 AWS::SageMaker::Image 1 AWS::SageMaker::DeviceFleet 1 AWS::SageMaker::Device 1 AWS::SageMaker::App 1 AWS::SSMIncidents::ResponsePlan 1 AWS::SSMIncidents::ReplicationSet 1 AWS::S3Outposts::Endpoint 1 AWS::Route53Resolver::FirewallDomainList 1 AWS::Route53::HostedZone 1 AWS::NimbleStudio::StreamingImage 1 AWS::NetworkManager::Site 1 AWS::NetworkManager::Link 1 AWS::NetworkManager::GlobalNetwork 1 AWS::NetworkManager::Device 1 AWS::NetworkFirewall::Firewall 1 AWS::MediaPackage::PackagingGroup 1 AWS::MediaConnect::FlowOutput 1 AWS::MediaConnect::FlowEntitlement 1 AWS::Logs::QueryDefinition 1 AWS::Lambda::CodeSigningConfig 1 AWS::Kendra::Faq 1 AWS::IoTWireless::WirelessGateway 1 AWS::IoTWireless::WirelessDevice 1 AWS::IoTWireless::TaskDefinition 1 AWS::IoTWireless::ServiceProfile 1 AWS::IoTWireless::PartnerAccount 1 AWS::IoTWireless::DeviceProfile 1 AWS::IoTWireless::Destination 1 AWS::IoTSiteWise::Project 1 AWS::IoTCoreDeviceAdvisor::SuiteDefinition 1 AWS::IoT::ProvisioningTemplate 1 AWS::IoT::Authorizer 1 AWS::ImageBuilder::Component 1 AWS::IAM::ServerCertificate 1 AWS::IAM::SAMLProvider 1 AWS::GroundStation::Config 1 AWS::Glue::Schema 1 AWS::Glue::Registry 1 AWS::GlobalAccelerator::Listener 1 AWS::ElastiCache::UserGroup 1 AWS::ElastiCache::User 1 AWS::EMR::Studio 1 AWS::EFS::AccessPoint 1 AWS::ECS::CapacityProvider 1 AWS::EC2::TransitGatewayPeeringAttachment 1 AWS::EC2::TransitGatewayMulticastDomain 1 AWS::EC2::TransitGatewayConnect 1 AWS::EC2::FlowLog 1 AWS::DevOpsGuru::ResourceCollection 1 AWS::Detective::Graph 1 AWS::DataSync::LocationSMB 1 AWS::DataSync::LocationObjectStorage 1 AWS::DataSync::LocationNFS 1 AWS::DataSync::LocationFSxWindows 1 AWS::DataSync::LocationEFS 1 AWS::DataBrew::Project 1 AWS::CustomerProfiles::Domain 1 AWS::Config::StoredQuery 1 AWS::Config::ConformancePack 1 AWS::CodeStarConnections::Connection 1 AWS::CodeGuruReviewer::RepositoryAssociation 1 AWS::CodeArtifact::Domain 1 AWS::CloudFront::KeyGroup 1 AWS::CloudFormation::StackSet 1 AWS::Chatbot::SlackChannelConfiguration 1 AWS::Cassandra::Table 1 AWS::Cassandra::Keyspace 1 AWS::Backup::BackupVault 1 AWS::Athena::WorkGroup 1 AWS::Athena::DataCatalog 1 AWS::ApiGateway::ClientCertificate ```

[aygold92]

Description reasoning feels somewhat circular to me, don't completely follow why the default definition switched to true rather than the implementation's default switching to false to match the previous definition

Seems easier to default to false than modifying most resource schemas to specify insertionOrder for drift detection to work properly

Not sure what you mean by this. By default, order is honored, and if they have a Set then they need to say insertionOrder: false. It would have been better to call this something where the default could be false, but in terms of updating schemas that have not included it, it doesn't really make a difference. In most cases, teams don't need to include it because by default we honor the order