(escape-hatch): no ability to read properties #29258
Comments
biffgaut
added
feature-request
github-actions
bot
added
the
@aws-cdk/aws-iam
|
(perhaps this functionality already exists and I just haven't found it) |
I guess you will need to use Aspect to find out the synthesized documents and iterate the documents to determine which one to override. I don't have immediate example now but I guess this should be possible. |
pahud
added
p2
effort/medium
|
Adding in additional use case here: for groups using Aspects to detect and remediate policy issues, not being able to have a getProperty on CFNResource causes issues with built-ins. In particular, my organization has a requirement for all Lambda's to sit inside of a VPC. Some calls in CDK use custom resources with a direct CfnResource instead of a CfnFunction to prevent circular dependencies. This causes some issues as CfnResource doesn't have anything exposed to read properties (i.e. the cfnProperties field is protected and there is no related accessor). As there is no way to cast from a CfnResource to CfnFunction (as they are initialized as CfnResource), we can't validate the properties for the check or remediation. I would imagine the simple solution would be create a getProperty field that resolves based off of first if it's in protected updatedPropertes (from what I can read, this sounds like it encompasses the overrides listed above), the secondarily from the protected cfnProperties. |
|
Correction, it uses the protected rawOverrides. I'm not as familiar with the internal library/typescript, but would it not be as simple as: public getProperty(path: string) {
const parts = splitOnPeriods(path);
var property = this.rawOverrides;
//Attempt from this.rawOverrides first
parts.forEach( (part) => { property = property?.[part] } );
if(property){
// Was in rawOverride list
// TODO Fix with context of addDeletionOverrides throwing undefined into the property list
return property;
}
// not in raw override
property = this.cfnProperties;
parts.forEach( (part) => { property = property?.[part] } );
return property;
}Hmm I'm wondering if there is a nested update operator in typescript so instead we can just do a copy of cfnProperties followed by the nested update with rawOverride. Would deal with the deletion override and remove silly repeat lines |
Describe the feature
While I can use the escape hatch to override internal properties in my stack:
There doesn't appear to be a way to read a property value. I would like to see something along the lines of:
While I would think there are many applications of such a capability, it's particularly important for my use case. I am trying to modify/replace a specific statement in an array of statements in a policy document. Using a fixed ordinal number won't work as this number can change because of other places in my code or changes in the CDK implementation. I was able to achieve my goal using .FromJson() and .ToJson(), but it seems to me if addPropertyOverride() is available then the complementary functionality would be expected.
Use Case
(repeated from above)
I am trying to modify/replace a specific statement in an array of statements in a policy document. Using a fixed ordinal number won't work as this number can change because of other places in my code or changes in the CDK implementation.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
2.126.0
Environment details (OS name and version, etc.)
MacOS: 13.6.4 (22G513)
The text was updated successfully, but these errors were encountered: