YAML anchors & key overrides

[krystof-k]

Is this feature request related to a new rule or cfn-lint capabilities?

rules

Describe the feature you'd like to request

I'm using YAML anchors like this:

Resources:
  Common:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: ./stack.yaml
      Parameters:
        &CommonParameters
        # Common parameters to be included in the stacks below
        Image: !Ref PG08Image
        # Specific parameters to be overridden in the stacks below
        Name: Common
  Web:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: ./stack.yaml
      Parameters:
        <<: *CommonParameters
        Name: Web

Which results in

E0000 Duplicate found "Name" (line 11)
template.yaml:11:9

Describe the solution you'd like

It would be great if this case (duplicate keys) is a separate rule and can be turned off. Turning of E0000 didn't work for me and I would probably not even want that.

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request

Would this feature include a breaking change?

• ⚠️ This feature might incur a breaking change

[krystof-k]

However when I run the lint on the packaged template (aws cloudformation package), it passes fine as the initial values are omitted. So this is not such a huge deal, although having be able to lint the source files would be nice.

[kddejong]

Going to think on this one. One of the issues we have is since we are parsing into a python dict we lose the second key. What this would probably look like is we continue to parse, raise the error and the final object. I think this would be possible

[LaikaN57]

@kddejong Any update on your thoughts here?

I would expect that cfn-lint would lint after YAML anchors are evaluated as this seems to be how most other CFN tools are working and the YAML anchor is a YAML paradigm which should be transparent to a YAML end-user consumer.

Anyways, interested in any updates you might have.

Additionally, this does not allow me to lint my CFN templates for any other errors that may be present.

[LaikaN57]

I did some testing of some various yaml parsing tools to hopefully help generate some solutions. Here is a snippet of the input template I used to test:

      Replicas:
        - &Replicas
          Region: {Ref: 'AWS::Region'}
          PointInTimeRecoverySpecification:
            PointInTimeRecoveryEnabled: {Ref: PointInTimeRecoveryEnabled}
          # [...]
        - Fn::If:
            - HasOhioReplica
            - <<: *Replicas
              Region: us-east-2
            - Ref: 'AWS::NoValue'

Processing with yq template.yaml gives the following... not very helpful to solving the issue.

      Replicas:
        - &Replicas
          Region: {Ref: 'AWS::Region'}
          PointInTimeRecoverySpecification:
            PointInTimeRecoveryEnabled: {Ref: PointInTimeRecoveryEnabled}
          # [...]
        - Fn::If:
            - HasOhioReplica
            - !!merge <<: *Replicas
              Region: us-east-2
            - Ref: 'AWS::NoValue'

Processing with PyYAML (python3 -c 'import yaml; print(yaml.dump(yaml.safe_load(open("template.yaml"))))') gives the following... which does seem to generate something cfn-lint may be happy with. Hopefully this helps generate some solutions.

      Replicas:
        - PointInTimeRecoverySpecification: &id002
            PointInTimeRecoveryEnabled:
              Ref: PointInTimeRecoveryEnabled
          Region:
            Ref: AWS::Region
          # [...]
        - Fn::If:
            - HasOhioReplica
            - GlobalSecondaryIndexes: *id001
              PointInTimeRecoverySpecification: *id002
              ReadProvisionedThroughputSettings: *id003
              Region: us-east-2
              Tags: *id004
            - Ref: AWS::NoValue