Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[core] StringParameter.valueFromLookup should return a token as dummy value #6153

Closed
lbjay opened this issue Feb 6, 2020 · 2 comments
Closed

[core] StringParameter.valueFromLookup should return a token as dummy value #6153

lbjay opened this issue Feb 6, 2020 · 2 comments
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management @aws-cdk/core Related to core CDK functionality bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p2

Comments

@lbjay
Copy link

lbjay commented Feb 6, 2020

❓ General Issue

The Question

I'm trying to re-use some resources from a different stack/app by having the 1st stack "publish" some ids/arns as ssm params, then the 2nd stack imports the resources by first getting their id values using StringParameter.valueFromLookup. This seems to work fine so far with, e.g., Vpc.fromLookup, Cluster.fromClusterAttributes, but trying to do the same with an IAM Role using Role.fromRoleArn fails because fromRoleArn expects a valid ARN and it's getting a placeholder, like 'dummy-value-blah-blah'.

Environment

  • CDK CLI Version: 1.22.0 (build 309ac1b)
  • Module Version: 1.22.0
  • OS: Fedora 30
  • Language: TypeScript

Other information

Here's a quick example to reproduce:

#!/usr/bin/env node
import { Stack, Construct, App, StackProps } from '@aws-cdk/core';
import { StringParameter } from '@aws-cdk/aws-ssm';
import { Role } from '@aws-cdk/aws-iam';
import { Vpc } from '@aws-cdk/aws-ec2';

const vpcIdParam = 'MyVpcId';
const roleArnParam = 'MyImportedRoleArn';

export class RoleFromArnStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const vpcId = StringParameter.valueFromLookup(this, vpcIdParam);
    const roleArn = StringParameter.valueFromLookup(this, roleArnParam);

    // this works fine
    const vpc = <Vpc>Vpc.fromLookup(this, 'ImportedVpc', { vpcId });

    // this fails because it expects a valid ARN
    const role = <Role>Role.fromRoleArn(this, 'ImportedRole', roleArn);
  }
}

const stackProps = {
  env: {
    account: process.env.CDK_DEFAULT_ACCOUNT,
    region: process.env.CDK_DEFAULT_REGION,
  },
};

const app = new App();
new RoleFromArnStack(app, 'RoleFromArnStack', stackProps);
app.synth();

Bonus mystery!

If you comment out the const role = ... line, then run cdk synth, then uncomment and run again... it works!
@lbjay lbjay added the needs-triage This issue or PR still needs to be triaged. label Feb 6, 2020
@SomayaB SomayaB added @aws-cdk/aws-iam Related to AWS Identity and Access Management guidance Question that needs advice or information. labels Feb 10, 2020
@rix0rrr rix0rrr added bug This issue is a bug. p2 and removed guidance Question that needs advice or information. labels Feb 11, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Feb 11, 2020

Yep, this is an issue, caused by the program running twice (once with the value, once without).

The "obvious" solution (returning a Token when we don't have the "real" value yet) is probably going to cause different issues with constructs that validate that their inputs can't be tokens, so it's not actually all that clear what the solution should be.

@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 4, 2020
@rix0rrr rix0rrr changed the title Role.fromRoleArn fails when using value from StringParameter.valueFromLookup [core] StringParameter.valueFromLookup should return a token as dummy value Aug 12, 2020
@rix0rrr rix0rrr added the effort/small Small work item – less than a day of effort label Aug 12, 2020
@github-actions github-actions bot added the @aws-cdk/core Related to core CDK functionality label Aug 12, 2020
@eladb eladb removed their assignment Aug 17, 2020
@rix0rrr rix0rrr removed their assignment Jun 3, 2021
@github-actions
Copy link

github-actions bot commented Jun 3, 2022

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 3, 2022
@github-actions github-actions bot closed this as completed Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management @aws-cdk/core Related to core CDK functionality bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lbjay @rix0rrr @eladb @SomayaB