1

Context:

  • TLS provider: SelfSignedCert
  • AWS provider: ECS Fargate task
    const cert = new SelfSignedCert(this.stack, `${certName}-sscert`, {
      keyAlgorithm: 'RSA',
      privateKeyPem: privateKey.privateKeyPem,
      subject: [{
        commonName,
        organization
      }],
      validityPeriodHours,
      allowedUses
    });

    const containerDefinitionConfig = {
      path: {
        path: ecsJsonTaskDefPath,
      },
      args: {
        ...
        'certPem': cert.certPem,
        ...
      }
    };

If I try to run it like that, I get the following error:

Error: ECS Task Definition container_definitions is invalid: Error decoding JSON: invalid character '\n' in string literal

I tried using:

  • cert.certPem.replace(/\n/g', '\\n') directly on the value -- pointless because it's a token and the replace function only applies to the token ref, not the value itself. So I get the same error from above.
  • Fn.replace(cert.certPem, '/\n/', '\\n') but it's complaining with Error: '\n' can not be used as value directly since it has unescaped double quotes in it. To safely use the value please use Fn.rawString on your string.
  • Fn.rawString(cert.certPem) doesn't fail but sets the env var as "${tls_self_signed_cert.seb-alice-sscert.cert_pem}"

Versions:

"cdktf": "^0.9.0",

  "terraformProviders": [
    "aws@~> 3.74.0",
    "random@~> 3.1.0",
    "tls@~> 3.1.0"
  ],
Sebastian
  • 108
  • 1
  • 2
  • 11

1 Answers1

1

I believe it's complains about the first \n in the replace function: Fn.replace(cert.certPem, Fn.rawString('/\n/'), Fn.rawString('\\n'))

Daniel Schmidt
  • 11,605
  • 5
  • 38
  • 70
  • Thanks @Daniel Schmidt! it was that indeed. the docs are a bit fuzzy about this bit. However, the second arg was _slightly_ different: Fn.rawString('\\\\\\\n') (still don't know why I needed so many backslashes to make it work) – Sebastian Feb 18 '22 at 16:15
  • Escaping between so many formats is a bit weird, any ideas how one can improve the API / docs in this regard? – Daniel Schmidt Feb 18 '22 at 20:03
  • I'd say two things that could be beneficial are: 1) improve the error message: the second error suggesting to use Fn.rawString is a bit misleading -- I thought it was talking about the value I wanted to modify, not the replacements. 2) maybe do the escaping behind the scenes? If I read your solution, it makes sense and it's easy to understand. now having so many backslashes is mental :) hope that helps! – Sebastian Feb 25 '22 at 17:12
  • Cool, I added an issue for that: https://github.com/hashicorp/terraform-cdk/issues/1601 – Daniel Schmidt Feb 28 '22 at 15:28