Skip to content

Commit

Permalink
Validate conditions when checking resource types for a region
Browse files Browse the repository at this point in the history
  • Loading branch information
kddejong committed Apr 7, 2023
1 parent 5ec2c9d commit 603e397
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 385 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
"additionalProperties": false,
"awsType": true,
"else": {
"not": {
"required": [
Expand Down Expand Up @@ -55,7 +56,6 @@
"type": "object"
},
"Type": {
"awsType": true,
"type": "string"
},
"UpdatePolicy": {
Expand Down
30 changes: 20 additions & 10 deletions src/cfnlint/rules/resources/Configuration.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,23 +36,35 @@ def __init__(self):
def initialize(self, cfn):
super().initialize(cfn)
self.regions = cfn.regions
self.cfn = cfn

# pylint: disable=unused-argument
def _awsType(self, validator, iT, instance, schema):
if not validator.is_type(instance, "string"):
resource_type = instance.get("Type")
if not validator.is_type(resource_type, "string"):
return

resource_condition = instance.get("Condition")

for region in self.regions:
if instance in PROVIDER_SCHEMA_MANAGER.get_resource_types(region=region):
return
if not instance.startswith(
if validator.is_type(resource_condition, "string"):
if False in self.cfn.conditions.build_scenerios_on_region(
resource_condition, region
):
continue
if resource_type in PROVIDER_SCHEMA_MANAGER.get_resource_types(
region=region
):
continue
if not resource_type.startswith(
("Custom::", "AWS::Serverless::")
) and not instance.endswith("::MODULE"):
) and not resource_type.endswith("::MODULE"):
yield ValidationError(
f"Resource type `{instance}` does not exist in '{region}'"
f"Resource type `{resource_type}` does not exist in '{region}'"
)

# pylint: disable=unused-argument
def _check_resource(self, cfn, resource_name, resource_values):
def _check_resource(self, resource_name, resource_values):
"""Check Resource"""
matches = []

Expand Down Expand Up @@ -97,8 +109,6 @@ def match(self, cfn):
self.logger.debug(
"Validating resource %s base configuration", resource_name
)
matches.extend(
self._check_resource(cfn, resource_name, resource_values)
)
matches.extend(self._check_resource(resource_name, resource_values))

return matches
Loading

0 comments on commit 603e397

Please sign in to comment.