search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.5k stars 3.84k forks source link

ACL Rules property output (and typescript linting) incorrect #6077

Closed RachelleJanssen closed 4 years ago

RachelleJanssen commented 4 years ago

When creating a CfnWebACL from @aws-cdk/aws-wafv2 the output is incorrect and results in an Internal Failure when trying to run cdk deploy

Reproduction Steps

The typedef of CfnWebACL has a "rules" property, which is an object containing another "rules" property, which is an array of actual rules.

import * as cdk from "@aws-cdk/core";
import waf = require("@aws-cdk/aws-waf");
import wafv2 = require("@aws-cdk/aws-wafv2");

export class AwsCdkAclStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const acl = new wafv2.CfnWebACL(this, "ACL2", {
      defaultAction: {
        allow: true,
      },
      scope: "CLOUDFRONT",
      visibilityConfig: {
        cloudWatchMetricsEnabled: true,
        metricName: "waf",
        sampledRequestsEnabled: false,
      },
      rules: {
        rules: [
          // rules go here
        ],
      },
    });
  }
}

When running cdk , it outputs a similar wrapper which causes an internal failure on cloudformation

{
  "Resources": {
    "ACL2": {
      "Type": "AWS::WAFv2::WebACL",
      "Properties": {
        "DefaultAction": {
          "Allow": {}
        },
        "Scope": "CLOUDFRONT",
        "VisibilityConfig": {
          "CloudWatchMetricsEnabled": true,
          "MetricName": "waf",
          "SampledRequestsEnabled": false
        },
        "Rules": {
          "Rules": [
            // rule objects go here
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "AwsCdkAclStack/ACL2"
      }
    }
  }
}

Error Log

AwsCdkAclStack (ACLTestStack): deploying...
ACLTestStack: creating CloudFormation changeset...
 0/3 | 7:17:31 PM | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack | ACLTestStack User Initiated
 0/3 | 7:17:35 PM | CREATE_IN_PROGRESS   | AWS::CDK::Metadata | CDKMetadata 
 0/3 | 7:17:35 PM | CREATE_IN_PROGRESS   | AWS::WAFv2::WebACL | AwsCdkAclStack/ACL2 (ACL2)
 1/3 | 7:17:36 PM | CREATE_FAILED        | AWS::WAFv2::WebACL | AwsCdkAclStack/ACL2 (ACL2) Internal Failure
 2/3 | 7:17:37 PM | CREATE_FAILED        | AWS::CDK::Metadata | CDKMetadata Resource creation cancelled
 2/3 | 7:17:37 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | ACLTestStack The following resource(s) failed to create: [ACL2, CDKMetadata]. . Rollback requested by user.
 3/3 | 7:17:59 PM | DELETE_COMPLETE      | AWS::WAFv2::WebACL | AwsCdkAclStack/ACL2 (ACL2)
 3/3 | 7:17:59 PM | DELETE_IN_PROGRESS   | AWS::CDK::Metadata | CDKMetadata
 4/3 | 7:18:00 PM | DELETE_COMPLETE      | AWS::CDK::Metadata | CDKMetadata
 5/3 | 7:18:01 PM | ROLLBACK_COMPLETE    | AWS::CloudFormation::Stack | ACLTestStack

Environment

Other

By manually removing the object wrapper from the cdk.output file from

"Rules": {
  "Rules": []
}

to

"Rules": []

I'm able to use the cdk.output file in the cloudformation console to create the stack.

This is :bug: Bug Report

rix0rrr commented 4 years ago

Duplicate of https://github.com/aws/aws-cdk/issues/6056 and the other one has more useful discussion.