aws-cloudformation/cloudformation-cli

CloudFormation service cast most types into strings

Opened this issue · 0 comments

eduardomourar commented

It is probably a known limitation, but I could not find another public issue to track this.

Whenever you develop a resource provider you define a detailed JSON schema, but that schema is not being fully used by the CloudFormation service. For instance, if one is defined like this (full version here):

{
    "typeName": "OC::Organizations::PasswordPolicy",
    "properties": {
        "MinimumPasswordLength": {
            "type": "integer"
        },
        "RequireLowercaseCharacters": {
            "type": "boolean"
        },
        ...
    },
    ...
}

If I try to create that resource in AWS using the following template:

AWSTemplateFormatVersion: '2010-09-09'

Resources:
  PasswordPolicy:
    Type: OC::Organizations::PasswordPolicy
    Properties:
      MinimumPasswordLength: 8
      RequireLowercaseCharacters: True

I would expect to receive the input JSON below:

{
    "requestData": {
        "resourceProperties": {
            "MinimumPasswordLength": 8,
            "RequireLowercaseCharacters": true,
            ...
        },
        ...
    },
    ...
}

Instead CloudFormation sends this event data where every property is being cast to string:

{
    "awsAccountId": <REDACTED>,
    "bearerToken": <REDACTED>,
    "region": "eu-central-1",
    "responseEndpoint": "https://cloudformation.eu-central-1.amazonaws.com",
    "action": "CREATE",
    "nextToken": null,
    "resourceType": "OC::Organizations::PasswordPolicy",
    "resourceTypeVersion": "00000029",
    "requestData": {
        "logicalResourceId": "PasswordPolicy",
        "resourceProperties": {
            "MinimumPasswordLength": "8",
            "RequireLowercaseCharacters": "true",
            "RequireNumbers": "true",
            "RequireUppercaseCharacters": "false",
            "AllowUsersToChangePassword": "true",
            "RequireSymbols": "false"
        },
        "previousResourceProperties": null,
        "callerCredentials": { <REDACTED> },
        "platformCredentials": { <REDACTED> },
        "providerCredentials": { <REDACTED> },
        "providerLogGroupName": "oc-organizations-passwordpolicy-logs",
        "systemTags": {
            "aws:cloudformation:stack-name": <REDACTED>,
            "aws:cloudformation:stack-id": <REDACTED>,
            "aws:cloudformation:logical-id": "PasswordPolicy"
        },
        "stackTags": null,
        "previousStackTags": null
    },
    "stackId": <REDACTED>
}

A behavior like this makes a lot harder to develop the resource provider as well as the language plugin itself.