HCL: HEREDOC invalid escaping

universam1 commented 2 weeks ago

Expected Behavior

For a multiline string, which is rendered into a HEREDOC for HCL output, the quotes should not be escaped. Vault policy or AWS IAM policy render invalid.

Actual Behavior

Synth renders invalid strings, that are causing errors to apply at Vault or AWS.

Code: 400. Errors: * failed to parse policy: At 2:19: illegal char

Steps to Reproduce


y := `
path "secret/*" {
   capabilities = ["create", "read", "update", "delete", "list"]
}
`
policy.NewPolicy(stack, jsii.String("policy"), &policy.PolicyConfig{
    Name:   jsii.String("test),
    Policy: jsii.String(y),
})

Results into: cdktf synth -hcl Note the escaped quotes:

resource "vault_policy" "policy" {
  name   = "test"
  policy = <<EOF

        path \"secret/*\" {
          capabilities = [\"create\", \"read\", \"update\", \"delete\", \"list\"]
        }

EOF
}

Versions

language Golang "version": "0.20.8" same problem with 0.21.0-pre.123

Providers

aws
vault

Workarounds

try to use a single line statement, like a minified json.

Anything Else?

No response

References

try the example of https://github.com/ahmadalibagheri/cdktf-go-aws-iam

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

universam1 commented 2 weeks ago

Another example issue for AWS IAM Policy:

    iampolicy.NewIamPolicy(stack, jsii.String("test"), &iampolicy.IamPolicyConfig{
        Name: jsii.String("CDKtf-Golang-policy-Demo"),
        Policy: jsii.String(`{
            "Version": "2012-10-17",
            "Statement": [{
                "Action": "*",
                "Resource": ["arn:aws:ec2:*:*:client-vpn-endpoint/*"],
                "Effect": "Allow"
            }]
        }`),
        Description: jsii.String("This policy is for Golang demo"),
    })

renders into escaped quotes in a heredoc which is invalid:

resource "aws_iam_policy" "test" {
  description = "This policy is for Golang demo"
  name        = "CDKtf-Golang-policy-Demo"
  policy      = <<EOF
{
            \"Version\": \"2012-10-17\",
            \"Statement\": [{
                \"Action\": \"*\",
                \"Resource\": [\"arn:aws:ec2:*:*:client-vpn-endpoint/*\"],
                \"Effect\": \"Allow\"
            }]
        }
EOF
}

universam1 commented 2 weeks ago

Note, even JSON synth is invalid! The references are escaped with double $ signs \"$$

    "vault_policy": {
      "test": {
        "//": {
          "metadata": {
            "path": "o11n:union/policyo11n.artifactory@p",
            "uniqueId": "policyo11nartifactoryp"
          }
        },
        "name": "o11n.artifactory@p",
        "policy": "path \"$${vault_aws_secret_backend_role.vroleo11nartifactorypjw-cd-cicd-01.backend}/+/$${vault_aws_secret_backend_role.vroleo11nartifactorypjw-cd-cicd-01.name}\" {\n  capabilities = [\"read\"]\n}\npath \"$${vault_aws_secret_backend_role.vroleo11nartifactorypjw-cd-lab-...."
      },

ehvidal commented 2 weeks ago

Seeing the same problem. Looking forward for a solution. Thank you very much! 😃

hashicorp / terraform-cdk