tree command misses some resource dependencies

Question

tree command misses some resource dependencies

dhx-mike-palandra opened this issue 3 months ago · comments

dhx-mike-palandra commented 3 months ago

$ rain --version
Rain v1.8.1 linux/amd64

Consider the following template:

Parameters:
  BackupPlanId:
    Type: String

Resources:
  BackupSelection:
    Type: AWS::Backup::BackupSelection
    Properties:
      BackupPlanId: !Ref BackupPlanId
      BackupSelection:
        IamRoleArn: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/service-role/AWSBackupDefaultServiceRole
        Resources:
          - !Sub arn:${AWS::Partition}:elasticfilesystem:${AWS::Region}:${AWS::AccountId}:file-system/${EfsFileSystem}
        SelectionName: !Sub ${AWS::StackName}

  EfsFileSystem:
    Type: AWS::EFS::FileSystem

rain tree outputs the following:

Resources:
  BackupSelection:
    DependsOn:
      Parameters:
        - AWS::Partition
        - AWS::StackName
        - BackupPlanId

Notice that the following dependencies are missing:

Parameter AWS::AccountId (referenced in Resources.BackupSelection.Properties.BackupSelection.IamRoleArn)
Resource EfsFileSystem (referenced in property Resources.BackupSelection.Properties.BackupSelection.Resources[0])

If Resources.BackupSelection.Properties.BackupSelection.Resources[0] is changed to !Sub ${EfsFileSystem.Arn}, the resource dependency is found:

Resources:
  BackupSelection:
    DependsOn:
      Parameters:
        - AWS::Partition
        - AWS::StackName
        - BackupPlanId
      Resources:
        - EfsFileSystem

dhx-mike-palandra · Answer 1 · Sat Mar 23 2024 02:29:12 GMT+0800 (China Standard Time)

Looks like it misses a dependency on AWS::Region too.

I have a feeling that the current code does not look past the first interpolation in a Fn::Sub string.