fix(cfn-include): detect a resource cycle in the included template (#…

…19871) Add code that detects when the CloudFormation template being included contains a cycle between any of its resources. While that's not allowed in pure CloudFormation, Serverless templates can unfortunately contain cycles before they are processed. Fixes #16654 ---- ### All Submissions: * [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Apr 12, 2022 · 2c2bc0b · 2c2bc0b · AlexanderADietrich · Sep 9, 2022
1 parent 5472b11
commit 2c2bc0b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/packages/@aws-cdk/cloudformation-include/lib/cfn-include.ts b/packages/@aws-cdk/cloudformation-include/lib/cfn-include.ts
@@ -584,7 +584,12 @@ export class CfnInclude extends core.CfnElement {
     return cfnCondition;
   }
 
-  private getOrCreateResource(logicalId: string): core.CfnResource {
+  private getOrCreateResource(logicalId: string, cycleChain: string[] = []): core.CfnResource {
+    cycleChain = cycleChain.concat([logicalId]);
+    if (cycleChain.length !== new Set(cycleChain).size) {
+      throw new Error(`Found a cycle between resources in the template: ${cycleChain.join(' depends on ')}`);
+    }
+
     const ret = this.resources[logicalId];
     if (ret) {
       return ret;
@@ -618,7 +623,7 @@ export class CfnInclude extends core.CfnElement {
         if (!(lId in (self.template.Resources || {}))) {
           return undefined;
         }
-        return self.getOrCreateResource(lId);
+        return self.getOrCreateResource(lId, cycleChain);
       },
 
       findRefTarget(elementName: string): core.CfnElement | undefined {

diff --git a/packages/@aws-cdk/cloudformation-include/test/invalid-templates.test.ts b/packages/@aws-cdk/cloudformation-include/test/invalid-templates.test.ts
@@ -139,6 +139,12 @@ describe('CDK Include', () => {
       includeTestTemplate(stack, 'short-form-get-att-no-dot.yaml');
     }).toThrow(/Short-form Fn::GetAtt must contain a '.' in its string argument, got: 'Bucket1Arn'/);
   });
+
+  test('detects a cycle between resources in the template', () => {
+    expect(() => {
+      includeTestTemplate(stack, 'cycle-in-resources.json');
+    }).toThrow(/Found a cycle between resources in the template: Bucket1 depends on Bucket2 depends on Bucket1/);
+  });
 });
 
 function includeTestTemplate(scope: constructs.Construct, testTemplate: string): inc.CfnInclude {

diff --git a/packages/@aws-cdk/cloudformation-include/test/test-templates/invalid/cycle-in-resources.json b/packages/@aws-cdk/cloudformation-include/test/test-templates/invalid/cycle-in-resources.json
@@ -0,0 +1,16 @@
+{
+  "Resources": {
+    "Bucket1": {
+      "Type": "AWS::S3::Bucket",
+      "Properties": {
+        "BucketName": {
+          "Ref": "Bucket2"
+        }
+      }
+    },
+    "Bucket2": {
+      "Type": "AWS::S3::Bucket",
+      "DependsOn": "Bucket1"
+    }
+  }
+}