Skip to content

Commit

Permalink
Don't issue dynamicref issues in other fns (#3404)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kddejong
kddejong authored Jun 25, 2024
1 parent 80c5b8f commit db0097e
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 4 deletions.
4 changes: 4 additions & 0 deletions src/cfnlint/rules/parameters/DynamicReferenceSecret.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

from typing import Any

from cfnlint.helpers import FUNCTIONS
from cfnlint.jsonschema import ValidationError, Validator
from cfnlint.rules.jsonschema import CfnLintKeyword

Expand Down Expand Up @@ -44,6 +45,9 @@ def __init__(self) -> None:
self.parent_rules = ["E1020"]

def validate(self, validator: Validator, _, instance: Any, schema: Any):
functions = set(FUNCTIONS) - set(["Fn::If"])
if any(p in functions for p in validator.context.path.path):
return
value = instance.get("Ref")

if not validator.is_type(value, "string"):
Expand Down
19 changes: 15 additions & 4 deletions test/unit/rules/parameters/test_dynamic_reference_secret.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
SPDX-License-Identifier: MIT-0
"""

from collections import deque

import pytest

from cfnlint.context import create_context_for_template
from cfnlint.context import Path, create_context_for_template
from cfnlint.jsonschema import CfnTemplateValidator, ValidationError
from cfnlint.rules.parameters.DynamicReferenceSecret import DynamicReferenceSecret
from cfnlint.template import Template
Expand Down Expand Up @@ -39,31 +41,40 @@ def context(cfn):


@pytest.mark.parametrize(
"name,instance,expected",
"name,instance,path,expected",
[
(
"REFing a parameter without a string",
{"Ref": []},
deque([]),
[],
),
(
"REFing a resource=",
{"Ref": "MyResource"},
deque([]),
[],
),
(
"REFing a parameter",
{"Ref": "MyParameter"},
deque([]),
[
ValidationError(
"Use dynamic references over parameters for secrets",
rule=DynamicReferenceSecret(),
)
],
),
(
"REFing a parameter in a sub",
{"Ref": "MyParameter"},
deque(["Fn::Sub"]),
[],
),
],
)
def test_validate(name, instance, expected, rule, context, cfn):
validator = CfnTemplateValidator(context=context, cfn=cfn)
def test_validate(name, instance, path, expected, rule, context, cfn):
validator = CfnTemplateValidator(context=context.evolve(path=Path(path)), cfn=cfn)
errs = list(rule.validate(validator, {}, instance, {}))
assert errs == expected, f"Test {name!r} got {errs!r}"

0 comments on commit db0097e

Please sign in to comment.