CloudFormation Template Schema upgrade (#389)

https://github.com/aws-cloudformation/cloudformation-template-schema/tree/main

Co-authored-by: kddejong <[email protected]>
Co-authored-by: Kevin DeJong <[email protected]>

Author: github-actions[bot]

server/schema/resources.schema.json

@@ -552,6 +552,12 @@
     }
   },
   "additionalProperties": false,
+  "tagging": {
+    "taggable": false,
+    "tagOnCreate": false,
+    "tagUpdatable": false,
+    "cloudFormationSystemTags": false
+  },
   "required": [
     "CertificateAuthorityArn",
     "CertificateSigningRequest",
@@ -573,7 +579,11 @@
   ],
   "writeOnlyProperties": [
     "/properties/ApiPassthrough",
-    "/properties/CertificateSigningRequest"
+    "/properties/CertificateSigningRequest",
+    "/properties/SigningAlgorithm",
+    "/properties/TemplateArn",
+    "/properties/Validity",
+    "/properties/ValidityNotBefore"
   ],
   "primaryIdentifier": [
     "/properties/Arn",
@@ -595,9 +605,6 @@
       "permissions": [
         "acm-pca:GetCertificate"
       ]
-    },
-    "update": {
-      "permissions": []
     }
   },
   "attributes": {

server/schema/resources/aws-acmpca-certificate.json

@@ -13,13 +13,16 @@
       "properties": {
         "Key": {
           "type": "string",
-          "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
+          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: No interruption"
         },
         "Value": {
           "type": "string",
           "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
         }
       },
+      "required": [
+        "Key"
+      ],
       "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     },
     "Subject": {
@@ -138,7 +141,7 @@
       "properties": {
         "Enabled": {
           "type": "boolean",
-          "markdownDescription": "\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption"
+          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: Boolean  \nUpdate requires: No interruption"
         },
         "ExpirationInDays": {
           "type": "integer",
@@ -160,6 +163,9 @@
           "$ref": "#/definitions/CrlDistributionPointExtensionConfiguration"
         }
       },
+      "required": [
+        "Enabled"
+      ],
       "markdownDescription": "Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     },
     "OcspConfiguration": {
@@ -169,13 +175,16 @@
       "properties": {
         "Enabled": {
           "type": "boolean",
-          "markdownDescription": "\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption"
+          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: Boolean  \nUpdate requires: No interruption"
         },
         "OcspCustomCname": {
           "type": "string",
           "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
         }
       },
+      "required": [
+        "Enabled"
+      ],
       "markdownDescription": "Helps to configure online certificate status protocol (OCSP) responder for your certificate authority\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     },
     "RevocationConfiguration": {
@@ -309,12 +318,11 @@
         },
         "NameAssigner": {
           "type": "string",
-          "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: No interruption"
+          "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
         }
       },
       "required": [
-        "PartyName",
-        "NameAssigner"
+        "PartyName"
       ],
       "markdownDescription": "Structure that contains X.509 EdiPartyName information.\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     },

server/schema/resources/aws-acmpca-certificateauthority.json

@@ -24,6 +24,12 @@
       "markdownDescription": "The status of the Certificate Authority.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
     }
   },
+  "tagging": {
+    "taggable": false,
+    "tagOnCreate": false,
+    "tagUpdatable": false,
+    "cloudFormationSystemTags": false
+  },
   "additionalProperties": false,
   "required": [
     "CertificateAuthorityArn",

server/schema/resources/aws-acmpca-certificateauthorityactivation.json

@@ -30,7 +30,12 @@
     }
   },
   "additionalProperties": false,
-  "taggable": false,
+  "tagging": {
+    "taggable": false,
+    "tagOnCreate": false,
+    "tagUpdatable": false,
+    "cloudFormationSystemTags": false
+  },
   "required": [
     "Actions",
     "CertificateAuthorityArn",

server/schema/resources/aws-acmpca-permission.json

@@ -65,7 +65,7 @@
     },
     "EngineVersion": {
       "type": "string",
-      "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: No interruption"
+      "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
     },
     "MaintenanceWindowStartTime": {
       "$ref": "#/definitions/MaintenanceWindow"
@@ -76,7 +76,7 @@
     },
     "AutoMinorVersionUpgrade": {
       "type": "boolean",
-      "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: Boolean  \nUpdate requires: No interruption"
+      "markdownDescription": "\n\n---\n\nRequired: No  \nType: Boolean  \nUpdate requires: No interruption"
     },
     "Logs": {
       "$ref": "#/definitions/LogList"
@@ -296,11 +296,9 @@
     }
   },
   "required": [
-    "EngineVersion",
     "DeploymentMode",
     "HostInstanceType",
     "EngineType",
-    "AutoMinorVersionUpgrade",
     "Users",
     "PubliclyAccessible",
     "BrokerName"

server/schema/resources/aws-amazonmq-broker.json

@@ -5,7 +5,7 @@
   "properties": {
     "EngineVersion": {
       "type": "string",
-      "markdownDescription": "\n\n---\n\nRequired: Yes  \nType: String  \nUpdate requires: Replacement"
+      "markdownDescription": "\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: Replacement"
     },
     "Description": {
       "type": "string",
@@ -58,7 +58,6 @@
     }
   },
   "required": [
-    "EngineVersion",
     "EngineType",
     "Data",
     "Name"

server/schema/resources/aws-amazonmq-configuration.json

@@ -1,34 +1,21 @@
 {
-  "typeName": "AWS::ApiGateway::Account",
-  "description": "The ``AWS::ApiGateway::Account`` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one ``AWS::ApiGateway::Account`` resource per region per account.",
   "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-apigateway",
-  "additionalProperties": false,
-  "properties": {
-    "CloudWatchRoleArn": {
-      "description": "The ARN of an Amazon CloudWatch role for the current Account.",
-      "type": "string",
-      "markdownDescription": "The ARN of an Amazon CloudWatch role for the current Account.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
-    }
+  "tagging": {
+    "taggable": false
   },
-  "primaryIdentifier": [
-    "/properties/Id"
-  ],
-  "readOnlyProperties": [
-    "/properties/Id"
-  ],
   "handlers": {
+    "read": {
+      "permissions": [
+        "apigateway:GET"
+      ]
+    },
     "create": {
       "permissions": [
         "apigateway:PATCH",
         "iam:GetRole",
         "iam:PassRole"
       ]
     },
-    "read": {
-      "permissions": [
-        "apigateway:GET"
-      ]
-    },
     "update": {
       "permissions": [
         "apigateway:PATCH",
@@ -37,7 +24,25 @@
       ]
     },
     "delete": {
-      "permissions": []
+      "permissions": [
+        "apigateway:PATCH"
+      ]
+    }
+  },
+  "typeName": "AWS::ApiGateway::Account",
+  "readOnlyProperties": [
+    "/properties/Id"
+  ],
+  "description": "The ``AWS::ApiGateway::Account`` resource specifies the IAM role that Amazon API Gateway uses to write API logs to Amazon CloudWatch Logs. To avoid overwriting other roles, you should only have one ``AWS::ApiGateway::Account`` resource per region per account.",
+  "additionalProperties": false,
+  "primaryIdentifier": [
+    "/properties/Id"
+  ],
+  "properties": {
+    "CloudWatchRoleArn": {
+      "description": "The ARN of an Amazon CloudWatch role for the current Account.",
+      "type": "string",
+      "markdownDescription": "The ARN of an Amazon CloudWatch role for the current Account.\n\n---\n\nRequired: No  \nType: String  \nUpdate requires: No interruption"
     }
   },
   "attributes": {

server/schema/resources/aws-apigateway-account.json

@@ -99,6 +99,18 @@
       "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     }
   },
+  "tagging": {
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags",
+    "permissions": [
+      "apigateway:PUT",
+      "apigateway:DELETE",
+      "apigateway:GET"
+    ]
+  },
   "createOnlyProperties": [
     "/properties/GenerateDistinctId",
     "/properties/Name",

server/schema/resources/aws-apigateway-apikey.json

@@ -41,6 +41,18 @@
       "markdownDescription": "\n\n---\n\nRequired: No  \nUpdate requires: No interruption"
     }
   },
+  "tagging": {
+    "taggable": true,
+    "tagOnCreate": true,
+    "tagUpdatable": true,
+    "cloudFormationSystemTags": true,
+    "tagProperty": "/properties/Tags",
+    "permissions": [
+      "apigateway:PUT",
+      "apigateway:DELETE",
+      "apigateway:GET"
+    ]
+  },
   "primaryIdentifier": [
     "/properties/ClientCertificateId"
   ],