search

unbounce / iidy

iidy (Is it done yet?) -- CloudFormation with Confidence
MIT License
52 stars 7 forks source link

The yaml key `Resources` can be used in sub sections of templates but causes iidy to visit the node differently #257

Closed warrenwegs closed 2 years ago

warrenwegs commented 3 years ago

When specifying this template piece

Resources:
  EKSCluster:
    Type: "AWS::EKS::Cluster"
    Properties:
      Name: !Ref ClusterName
      RoleArn: !GetAtt ControlPlaneRole.Arn
      Version: !Ref EksVersion
      EncryptionConfig:
        - Provider:
            keyArn: arn:aws:kms:us-east-1:096717394838:key/7ea87488-5138-4730-81dd-1164af3d9b89
          Resources:
            - secrets

The Resources section under EncryptionConfig is parsed with the special visitResourceNode function which fails because the value is a string 

Error: Invalid resource type: undefined at Root.Resources.EKSCluster.Properties.EncryptionConfig.0.Resources: "secrets"
    at _.fromPairs._.map (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:701:23)
    at arrayMap (/Users/warrenwegner/unbounce/iidy/node_modules/lodash/lodash.js:639:23)
    at Function.map (/Users/warrenwegner/unbounce/iidy/node_modules/lodash/lodash.js:9580:14)
    at Visitor._visitResourceNode (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:677:11)
    at Visitor.visitResourceNode (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:671:25)
    at result (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:516:29)
    at Visitor.visitNode (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:540:11)
    at Visitor.visitMapNode (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:614:58)
    at Visitor.visitPlainMap (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:592:25)
    at result (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:529:29)
    at Visitor.visitNode (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:540:11)
    at _.map (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:620:43)
    at arrayMap (/Users/warrenwegner/unbounce/iidy/node_modules/lodash/lodash.js:639:23)
    at Function.map (/Users/warrenwegner/unbounce/iidy/node_modules/lodash/lodash.js:9580:14)
    at Visitor.visitArray (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:620:18)
    at result (/Users/warrenwegner/unbounce/iidy/lib/preprocess/visitor.js:526:29)

Current workaround is to escape that section like 

EncryptionConfig: !$escape
        - Provider:
            keyArn: arn:aws:kms:us-east-1:096717394838:key/7ea87488-5138-4730-81dd-1164af3d9b89
          Resources:
            - secrets