Some properties of AWS::Serverless::HttpApi do not behave as expected when using AWS::NoValue

[MarcGuiselin]

Description:

Some properties of AWS::Serverless::HttpApi do not behave as expected when disabled using AWS::NoValue.

Steps to reproduce the issue:
Running sam deploy --guided with the following template.yaml:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      # Either
      Domain: !Ref AWS::NoValue
      # Or
      Domain:
        DomainName: !Ref AWS::NoValue
        CertificateArn: !Ref AWS::NoValue
      # Or
      DefinitionBody: !Ref AWS::NoValue
      DefinitionUri: !Ref AWS::NoValue
      # Or
      DefinitionBody: !Ref AWS::NoValue
      DefinitionUri: anything

Observed result:

Disabling the Domain property of a AWS::Serverless::HttpApi (for integration tests) by conditionally setting Domain to AWS::NoValue produces the following error:

Resource with id [HttpApi] is invalid. Custom Domains only works if both DomainName and CertificateArn are provided.

The subproperties DomainName and CertificateArn cannot be AWS::NoValue to try to get around the previous bug.

After further investigation, using both DefinitionBody and DefinitionUri even when one or both of them is set to AWS::NoValue produces a similar error:

Resource with id [HttpApi] is invalid. Specify either 'DefinitionUri' or 'DefinitionBody' property and not both.

Expected result:

Template conditionals are very powerful for various use cases; critically for testing vs production builds. I don't believe these should produce errors.

[jagin]

I can confirm:

Parameters:
  ApiDomainName:
    Type: String
    Description: API domain name

  ApiSSLCertificateArn:
    Type: String
    Description: ARN of the SSL certificate from ACM for the API domain

Conditions:
  HasApiDomainName: !Not [!Equals [!Ref ApiDomainName, ""]]

Resources:
  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      ...
      Domain:
        !If
        - HasApiDomainName
        - BasePath: /
          CertificateArn: !Ref ApiSSLCertificateArn
          DomainName: !Ref ApiDomainName
        - !Ref "AWS::NoValue"

ends with error:

Error: Failed to create changeset for the stack: my-stack, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [HttpApi] is invalid. Custom Domains only works if both DomainName and CertificateArn are provided.

wherever ApiDomainName is set or not.

[elbayaaa]

Thanks a lot guys. I was able to reproduce the issue. the problem is in this peace of code. We raise an exception if the Domain object is provided but without DomainName or CertificateArn. When you pass AWS::NoValue we receive a non-none object Domain={'Ref': 'AWS::NoValue'} that is why the exception is raised.

I'm labeling this for internal review as this is a common issue affecting many other areas as well.

[elbayaaa]

closing in favor of #1435