aws-cdk-lib/aws-wafv2: CfnWebACL and Cloudformation properties not matching

[phyllis-noester]

Describe the bug

When we create a CfnWebACL with the rule specified below, we get the following Cloudformation error:

Properties validation failed for resource prodPrivateFirewall with message:
#/Rules/1/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: required key [Name] not found
#/Rules/1/Statement/ByteMatchStatement/FieldToMatch/SingleHeader: extraneous key [name] is not permitted

When trying to change it to Name as suggested, Typescript no longer compiles

Expected Behavior

CfnWebACL allows a Statement/ByteMatchStatement/FieldToMatch rule with a Name property.

Current Behavior

CDK expects the property name, while Cloudfront expects the property Name.

Reproduction Steps

Create the CfnWebACL with the following rule

const rule: CfnWebACL.RuleProperty = {
      action: { block: {} },
      name: 'rule-name',
      priority: ,
      statement: {
        byteMatchStatement: {
          fieldToMatch: {
            singleHeader: { name: 'Host' },
          },
          positionalConstraint: 'CONTAINS',
          searchString: 'some-string',
          textTransformations: [
            {
              priority: 0,
              type: 'NONE',
            },
          ],
        },
      },
      visibilityConfig: {
        cloudWatchMetricsEnabled: true,
        metricName: 'metric-name',
        sampledRequestsEnabled: true,
      },
    };

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.56.0

Framework Version

No response

Node.js Version

16

OS

macOS

Language

Typescript

Language Version

No response

Other information

No response

[peterwoodworth]

We fixed some issues related to Cfn resources since the version you're reporting this on. Could you please update versions to most recent? If that still doesn't work, could you post the full reproduction of creating this resource so that I can easily copy+paste? Thanks

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[eloymg]

similar #23709

[automartin5000]

@peterwoodworth I just updated to 2.61.1 and am still seeing #23709

[peterwoodworth]

Sorry for not following up on this quickly. This behavior is actually a result of the changes I was describing earlier - fieldToMatch is one of the affected typings that were changed, and going forward it should be defined as any rather than being strongly typed, with explicitly set casing on the property names.

[automartin5000]

Sorry for not following up on this quickly. This behavior is actually a result of the changes I was describing earlier - fieldToMatch is one of the affected typings that were changed, and going forward it should be defined as any rather than being strongly typed, with explicitly set casing on the property names.

Ok, yeah that's what I had actually done to work around it, didn't realize that was the recommended approach. Do you know why that was changed instead of using a defined type?

[peterwoodworth]

As mentioned above, this was intentional.

This occurred because the cfnspec caused a breaking change that changed it from being any type to being strongly typed. Sorry for any inconvenience, we're looking into making sure this doesn't happen again.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.