rjlohan
commented
4 years ago Agree we don't need to support array items here. Either the whole array property is writeOnly or not.
Closed johnttompkins closed 4 years ago
rjlohan
commented
4 years ago Agree we don't need to support array items here. Either the whole array property is writeOnly or not.
rjlohan
commented
4 years ago My overall thinking is;
writeOnlyProperties (or they are redacted by the downstream service) for READ writeOnlyProperties are not returned by READSecretsManager and SSM SecureString is a service capability that describes how CloudFormation will handle those secrets inside the engine. This capability does not overlap with the handler platformHence, if someone uses those template semantics for resource properties which are not writeOnlyProperties, then the promise does not flow down to the READ handler.
Issue #, if available:
Description of changes: Adding some methods to the ResourceSchema class to determine if a given model has writeOnlyProperties and also a method to remove the properties. Tried to make it extensible so that the same thing could be applied to other groups of properties.
I did not handle cases for writeOnlyProperties that were items in arrays, as I was unsure on if this was allowed or what the behavior should be. Say, if "/properties/arrayProperty/0" is writeOnly, and the array has two items, if we remove one, then the object still appears to have a writeOnlyProperty after removal:
After:
Input on this would be great.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.