cfn-lint icon indicating copy to clipboard operation
cfn-lint copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

(AWS::SSM::Document) `Invalid request provided: schemaVersion should be String` not recognized by cfn-lint

Open r-heimann opened this issue 2 years ago • 4 comments

CloudFormation Lint Version

cfn-lint 0.77.4

What operating system are you using?

Windows 10

Describe the bug

cfn-lint is unable to recognize that schemaVersion: needs to be a string:

  SSMDocument:
    Type: AWS::SSM::Document
    Properties:
      DocumentType: "Command"
      Content:
        schemaVersion: 2.2
        mainSteps:
          - action: aws:runShellScript...

CloudFormation is throwing the following exception:

Resource handler returned message: "Invalid request provided: schemaVersion should be String
(Service: Ssm, Status Code: 400, Request ID: 6123eabf-1adf-4b9e-a2db-XXXXXXXX)"
(RequestToken: ac277c66-4ced-8306-88b3-XXXXXXXX, HandlerErrorCode: InvalidRequest)

Expected behavior

cfn-lint should display this as an error.

Reproduction template

  SSMDocument:
    Type: AWS::SSM::Document
    Properties:
      DocumentType: "Command"
      Content:
        schemaVersion: 2.2
        mainSteps:
          - action: aws:runShellScript...

r-heimann avatar May 04 '23 06:05 r-heimann

we would like to help cover this but we will need to develop some content ourselves for this. Currently Content in the spec is listed as json which means the CloudFormation specs don't include the properties and what their types are.

We do this for step functions, IAM policies, and some other areas but we have not tackled the SSM doc content as of yet.

kddejong avatar May 08 '23 16:05 kddejong

@kddejong I would like to contribute to this issue. I saw we have defined 'Content' as json in cfn-lint\test\fixtures\specs\us-east-1.json. Can you please guide me towards the implementation we have done for step functions and IAM policies in such similar situations?

ArjunMenon-bit avatar Nov 18 '23 07:11 ArjunMenon-bit

If we create some JSON schemas we can use those to validate SSM documents. Looks like that was started here but hasn't been updated in a while. https://github.com/aws/amazon-ssm-document-language-service/blob/master/src/schema/ssmDocumentSchema.ts

kddejong avatar Dec 22 '23 21:12 kddejong

I tried to dig through the code and similar issues from the past. Would it be the right understanding to add this json schema to all the files under cfn-lint\src\cfnlint\data\CloudSpecs*.json ?

ArjunMenon-bit avatar Mar 09 '24 06:03 ArjunMenon-bit

@ArjunMenon-bit in v1 we can add json schema docs to src/cfnlint/data/schemas/other/ssm

kddejong avatar Jul 05 '24 16:07 kddejong

I started some schema documents in this branch and location: https://github.com/aws-cloudformation/cfn-lint/tree/feature/schemas/ssm/src/cfnlint/data/schemas/other/ssm

The problem is there are a lot of versions and not a lot of documentation to fill in the gaps.

kddejong avatar Jul 06 '24 16:07 kddejong

Submitted a PR that is a minimal start to validating SSM documents.

kddejong avatar Jul 06 '24 17:07 kddejong