search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.56k stars 3.87k forks source link

elasticache: incorrect cloudformation synthensis when using aws_elasticache.CfnUser.AuthenticationModeProperty(type="iam") #28780

Closed viralmdesai closed 2 months ago

viralmdesai commented 8 months ago

Describe the bug

cdk --version
2.121.1 (build d86bb1a)

When using AuthenticationModeProperty(type="iam"), the synthesized cloudformation is incorrect.


        auth_type = elasticache.CfnUser.AuthenticationModeProperty(type="iam")

        ec_user_iam_auth = aws_elasticache.CfnUser(self, "ec-user-1",
                                               engine= "redis",
                                               user_id="ec-user-1",
                                               user_name="ec-user-1",
                                               access_string="on ~* +@all",
                                               authentication_mode=auth_type)

        auth_type = aws_elasticache.CfnUser.AuthenticationModeProperty(type="iam")

Notice that the generated CloudFormation "type" in lower case for user properties...

"ecuser1": { "Type": "AWS::ElastiCache::User", "Properties": { "AccessString": "on ~* +@all", "AuthenticationMode": { "type": "iam" }, "Engine": "redis", "UserId": "ec-user-1", "UserName": "ec-user-1" },

...

When using auth_type is JSON object, it generates the CloudFormation template correctly.
   auth_type = {"Type" : "iam"}
    ec_user_iam_auth = aws_elasticache.CfnUser(self, "ec-user-1",
                                           engine= "redis",
                                           user_id="ec-user-1",
                                           user_name="ec-user-1",
                                           access_string="on ~* +@all",
                                           authentication_mode=auth_type)
According an internal discussion, it appears that there is a bug here on how authenticationMode is defined.

It is

authenticationMode?: any | cdk.IResolvable;

Should it be

authenticationMode?: CfnUser.AuthenticationModeProperty | cdk.IResolvable;

?

### Expected Behavior

When using aws_elasticache.CfnUser.AuthenticationModeProperty(type="iam"), it should generate syntactically correct cloudformation template with "Type" : "iam" property in ElastiCache redis user.

### Current Behavior

When using aws_elasticache.CfnUser.AuthenticationModeProperty(type="iam"), it generates syntactically incorrect cloudformation template with "type" : "iam" property in ElastiCache redis user.

### Reproduction Steps

Please see the bug description

### Possible Solution

Interim solution until bug fix
   auth_type = {"Type" : "iam"}
    ec_user_iam_auth = aws_elasticache.CfnUser(self, "ec-user-1",
                                           engine= "redis",
                                           user_id="ec-user-1",
                                           user_name="ec-user-1",
                                           access_string="on ~* +@all",
                                           authentication_mode=auth_type)

May be bug fix is needed in how this is defined

authenticationMode?: any | cdk.IResolvable;

Should it be

authenticationMode?: CfnUser.AuthenticationModeProperty | cdk.IResolvable;



### Additional Information/Context

_No response_

### CDK CLI Version

cdk --version (2.121.1 (build d86bb1a))

### Framework Version

_No response_

### Node.js Version

node --version (v20.6.1)

### OS

macos sw_vers -productVersion  13.6.3

### Language

TypeScript, Python

### Language Version

_No response_

### Other information

Only tested in python
pahud commented 8 months ago

According to the document here, authentication_mode is type Any(not typed) and I believe you should pass a JSON object in this case. https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_elasticache/CfnUser.html

viralmdesai commented 8 months ago

@pahud - What is the purpose of having a Class in the same documentation? here: https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_elasticache/CfnUser.html#authenticationmodeproperty

class CfnUser.AuthenticationModeProperty(*, type, passwords=None)?

In other languages too this generates the class which results in incorrect Cloudformation as described in the case?

Mateusz-Stasielowicz commented 6 months ago

@pahud I faced the same issue but using Java with CDK 2.133.0.

In Java there is no simple solution like providing JSON object.

Is there a plan to fix this issue in the near future?

nicobanderas commented 2 months ago

@Mateusz-Stasielowicz I faced the same issue with Java CDK, as a workaround you could use a Map like:


CfnUser.Builder.create(scope, "MyId")
.userId("user-1")
.engine("redis")
.userName("user-1")
.accessString("on ~* +@all")
.authenticationMode(Map.of("Type", "iam"))
.build();
pahud commented 2 months ago

@Mateusz-Stasielowicz

Thank you. The doc for Java could be very confusing. I will bring this up to the team. Meanwhile, please try the workaround by @Mateusz-Stasielowicz and let me know if it works for you.

github-actions[bot] commented 2 months ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

dmarkowvw commented 1 week ago

This still seems to be an issue in TypeScript "aws-cdk": "2.151.0", "aws-cdk-lib": "2.151.0"