Skip to content
This repository has been archived by the owner on Apr 16, 2022. It is now read-only.

Cloudfront DistribConfig - ARN validation failure on intrinsic functions #143

Open
willgarcia opened this issue Apr 20, 2018 · 4 comments
Open

Cloudfront DistribConfig - ARN validation failure on intrinsic functions #143

willgarcia opened this issue Apr 20, 2018 · 4 comments
Labels
accepting-patch bug enhancement

Comments

@willgarcia
Copy link

willgarcia commented Apr 20, 2018
edited
Loading

First of all, thanks for this tool 👍

The following template:

Description: TEST
Parameters:
  ACMCertificateARN:
    Description: ARN for certificate to be used by CloudFront
    Type: String

Resources:
  DistributionConfig:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true
        ViewerCertificate:
          AcmCertificateArn: !Ref ACMCertificateARN

fails to validate:

0 warn
1 crit
Resource: Resources > DistributionConfig > Properties > DistributionConfig > ViewerCertificate > AcmCertificateArn
Message: Expecting an ARN, got 'string_input_ACMCertificateARN'
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html

Template invalid!

And, replacing the Ref function that references a template parameter (AcmCertificateArn: !Ref ACMCertificateARN) by a string works.

At this stage, I'm unsure of the cause of this validation failure. I suspect that the validator.isArn function is expecting a string starting with arn:aws as per

cfn-lint/src/validator.ts

Line 1436 in 2e2a767

(o: any) => (typeof o === 'string') && o.indexOf('arn:aws') == 0,
.
@martysweet
Copy link
Owner

Hi @willgarcia,

Thanks! You should be able to define a simple ARN on the CLI with --parameters ACMCertificateARN="arn:aws:something:something:something".

As cfn-lint attempts to find all errors, if a parameter isn't given, the system will guess. In the case of empty parameters, it will be type_input_ParameterName as you have seen.

If a parameter default is given, cfn-lint will use this value by default.

Hope this helps!

@alexjurkiewicz
Copy link

I ran into this too. Please consider changing the error message so that it's more clear what the appropriate response is (either use --params or --no-guess-params)

@jonscheiding jonscheiding mentioned this issue Jun 20, 2018
Closed
@fhewitt
Copy link

fhewitt commented Nov 16, 2018
edited
Loading

I tried some variations, but I wasn't able to apply the workaround with the API (where's the --no-gess-params option in ValidationOptions?) Reverted to pre-guessing version :(

@martysweet
Copy link
Owner

@fhewitt, can you confirm cfn-lint works properly using the CLI, just the API does not allow the no guessing option to be set?

https://github.com/martysweet/cfn-lint/blob/master/src/api.ts#L3-L16

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
accepting-patch bug enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexjurkiewicz @willgarcia @fhewitt @martysweet