core: CfnParser incorrectly drops UpdatePolicy elements that use intrinsic functions

[jaredlundell]

Describe the bug

The CfnParser class does not correctly parse UpdatePolicy attributes that use intrinsic functions. CloudFormation allows the use of intrinsic functions, such as Fn::If in Update Policy attributes (see CFN docs). If you have a CloudFormation template that uses intrinsics in an Update Policy and try to parse it using CfnInclude, the CfnParser will completely drop the unsupported Update Policy attributes from what gets included into the CfnInclude construct.

I've tracked down this behavior to the parseUpdatePolicy() method in the CfnParser class. It first invokes the parseValue() method, which will correctly return any Resolvable objects or intrinsics without modification. The problem comes from the parse methods for individual attributes, like parseAutoScalingRollingUpdate(). Those functions all expect to find the specific keys that the attribute supports, so if they get an intrinsic like Fn::If instead, they will return undefined, effectively removing the UpdatePolicy attribute from the parsed result.

Expected Behavior

When using CfnInclude with a template that includes UpdatePolicy attributes with intrinsics in them, the UpdatePolicy should be correctly parsed and included in the CDK construct.

Current Behavior

Any UpdatePolicy attributes that use intrinsics get lost when parsing with CfnInclude

Reproduction Steps

Create a CloudFormation template with an UpdatePolicy that looks like this:

{
  "Type": "AWS::AutoScaling::AutoScalingGroup",
  "Properties" : {...},
  "UpdatePolicy": {
    "AutoScalingRollingUpdate": {
      "Fn::If": [
        "AutoReplaceHosts",
        {
          "MinInstancesInService": {
          "Fn::If": [
            "SetMinInstancesInServiceToZero",
            0,
            1
          ]
        },
        "MaxBatchSize": {
          "Ref": "ReplaceHostsMaxBatchSize"
        },
        "PauseTime": {
          "Ref": "ASGTimeout"
        },
        "WaitOnResourceSignals": "true"
      },
      {
        "Ref": "AWS::NoValue"
      }
    ]
  }
}

Then include that template into a CDK app with CfnInclude:

const importedTemplate = new CfnInclude(stack, 'importedTemplate', {templateFile: 'path/to/template.json'});

If you look at the final stack definition template generated by the CDK you'll see that the AutoScalingGroup is missing the UpdatePolicy defined in the originally included CFN template.

Possible Solution

The logic in CfnParser.parseUpdatePolicy‎() should be updated to leave any parsed values that contain Resolvable objects or Intrinsics unmodified, similar to what the parseValue() function does. The biggest challenge here is going to be the type system -- parseUpdatePolicy returns a strongly typed CfnUpdatePolicy object and the type system there doesn't really account for intrinsics or tokens. Returning an IResolvable (via Token.asAny()) is probably the best alternative that stays within the type system, but I don't know what the downstream impact of that would be, since it would require changing the type definitions in CfnUpdatePolicy. The other alternative is to just cast it to CfnUpdatePolicy and ignore the fact that the types don't actually match.

Additional Information/Context

No response

CDK CLI Version

2.94

Framework Version

No response

Node.js Version

18.16.0

OS

Linux

Language

TypeScript

Language Version

No response

Other information

No response

[peterwoodworth]

Thanks for another thorough bug report and deep dive into the code, hopefully we'll be able to make time and help find a working solution soon

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.