Closed johnttompkins closed 4 years ago
Agree we don't need to support array items here. Either the whole array property is writeOnly or not.
My overall thinking is;
writeOnlyProperties
(or they are redacted by the downstream service) for READ
writeOnlyProperties
are not returned by READ
SecretsManager
and SSM SecureString
is a service capability that describes how CloudFormation will handle those secrets inside the engine. This capability does not overlap with the handler platformHence, if someone uses those template semantics for resource properties which are not writeOnlyProperties
, then the promise does not flow down to the READ
handler.
Issue #, if available:
Description of changes: Adding some methods to the ResourceSchema class to determine if a given model has writeOnlyProperties and also a method to remove the properties. Tried to make it extensible so that the same thing could be applied to other groups of properties.
I did not handle cases for writeOnlyProperties that were items in arrays, as I was unsure on if this was allowed or what the behavior should be. Say, if "/properties/arrayProperty/0" is writeOnly, and the array has two items, if we remove one, then the object still appears to have a writeOnlyProperty after removal:
After:
Input on this would be great.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.