forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDependsOn.py
72 lines (62 loc) · 2.72 KB
/
DependsOn.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules import CloudFormationLintRule
from cfnlint.rules import RuleMatch
class DependsOn(CloudFormationLintRule):
"""Check Base Resource Configuration"""
id = 'E3005'
shortdesc = 'Check DependsOn values for Resources'
description = 'Check that the DependsOn values are valid'
source_url = 'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html'
tags = ['resources', 'dependson']
def check_value(self, key, path, resources, cfn):
"""Check resource names for DependsOn"""
matches = []
if not isinstance(key, (str)):
message = 'DependsOn values should be of string at {0}'
matches.append(RuleMatch(path, message.format('/'.join(map(str, path)))))
return matches
if key not in resources:
message = 'DependsOn should reference other resources at {0}'
matches.append(RuleMatch(path, message.format('/'.join(map(str, path)))))
else:
for scenario in cfn.is_resource_available(path, key):
if scenario:
scenario_text = ' and '.join(
[
f'when condition "{k}" is {scenario[k]}'
for k in sorted(scenario)
]
)
message = 'DependsOn {0} may not exist when condition {1} at {2}'
matches.append(
RuleMatch(
path,
message.format(
key, scenario_text, '/'.join(map(str, path))
),
)
)
return matches
def match(self, cfn):
matches = []
resources = cfn.get_resources()
for resource_name, resource_values in resources.items():
depends_ons = resource_values.get('DependsOn')
if depends_ons:
path = ['Resources', resource_name, 'DependsOn']
self.logger.debug(
'Validating DependsOn for %s base configuration', resource_name
)
if isinstance(depends_ons, list):
for index, depends_on in enumerate(depends_ons):
matches.extend(
self.check_value(
depends_on, path[:] + [index], resources, cfn
)
)
else:
matches.extend(self.check_value(depends_ons, path, resources, cfn))
return matches