Skip to content
This repository has been archived by the owner on Apr 16, 2022. It is now read-only.

ARN validation failure on imported values #175

Closed
jonscheiding opened this issue Jun 20, 2018 · 4 comments
Closed

ARN validation failure on imported values #175

jonscheiding opened this issue Jun 20, 2018 · 4 comments
Labels
enhancement in-progress Work is being done
Milestone
v1.8.0

Comments

@jonscheiding
Copy link
Contributor

I'm getting validation errors when trying to use !ImportValue for properties that expect an ARN.

Sample template:

Resources:
  DomainName:
    Type: AWS::ApiGateway::DomainName
    Properties:
      RegionalCertificateArn: !ImportValue ExportedRegionalCertificateArn
      DomainName: some.domain.com
      EndpointConfiguration:
        Types:
          - REGIONAL

I get the following result:

1 crit
Resource: Resources > DomainName > Properties > RegionalCertificateArn
Message: Expecting an ARN, got 'IMPORTEDVALUEExportedRegionalCertificateArn'
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html

I tried doing something similar with a different type of resource that also expects an ARN:

Resources:
  User:
    Type: "AWS::IAM::User"
    Properties: 
      ManagedPolicyArns:
        - !ImportValue ExportedManagedPolicyArn
      UserName: "someuser"

This passed, but it passes even if I put in a garbage non-ARN, so it doesn't appear to be doing the validation at all.

I am using cfn-lint@1.7.2.

Similar to #143, but so far I don't see a workaround. I'm happy to work on a PR, if this is indeed erroneous behavior.

Thanks!
@jonscheiding
Copy link
Contributor Author

I just noticed the item about injection for ImportValue in the feature backlog. Does that mean there's no reasonable workaround at this time?

@jonscheiding jonscheiding changed the title ARN validation failure on imported values (only on some resource types?) ARN validation failure on imported values Jun 20, 2018
@martysweet
Copy link
Owner

Hi @jonscheiding,

That's correct. This is something that needs to be added on the CLI.

Should just be:

  • Add to CLI to make a dict
  • On ImportValue Intrinsic, check the dict for value, otherwise compute value (like it's already doing)

@jonscheiding
Copy link
Contributor Author

@martysweet Thanks for the response!

I would like to work on this, but it may be a while coming as I don't have a lot of bandwidth right now. I'll open a PR once I get some progress.

@jonscheiding jonscheiding mentioned this issue Jul 25, 2018
Merged
@martysweet martysweet added the in-progress Work is being done label Aug 1, 2018
@martysweet martysweet added this to the v1.8.0 milestone Aug 2, 2018
martysweet pushed a commit that referenced this issue Aug 2, 2018
@jonscheiding @martysweet
Implemented argument to provide import values (#185)
50b94c5 
* #175 Implemented argument to provide import values

* #175 Removed TODO comment for thing that I did

* Addressing minor comments #175

* Added a test for unquoted numeric importValues #175

* Improve fallthrough comment

* Add import values documentation

* Update CHANGELOG.md
@martysweet
Copy link
Owner

Hi @jonscheiding, this is now released in v1.8.0! Thanks for the contribution!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement in-progress Work is being done
Projects
None yet
Milestone
v1.8.0
Development

No branches or pull requests
2 participants
@jonscheiding @martysweet