""" Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 """ from cfnlint.helpers import valid_snapshot_types from cfnlint.rules import CloudFormationLintRule, RuleMatch class UpdateReplacePolicy(CloudFormationLintRule): """Check Base Resource Configuration""" id = "E3036" shortdesc = "Check UpdateReplacePolicy values for Resources" description = "Check that the UpdateReplacePolicy values are valid" source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html" tags = ["resources", "updatereplacepolicy"] def check_value(self, key, path, res_type, has_lang_exten_transform): """Check resource names for UpdateReplacePolicy""" matches = [] valid_values = ["Delete", "Retain", "Snapshot"] supported_functions = ["Fn::FindInMap", "Fn::If", "Ref"] supported_functions_joined = ", ".join(supported_functions) if has_lang_exten_transform and isinstance(key, dict): if len(key) == 1: for index_key, _ in key.items(): if index_key not in supported_functions: message = ( "UpdateReplacePolicy only supports one of the " + supported_functions_joined + " intrinsic functions for {0}" ) matches.append( RuleMatch(path, message.format("/".join(map(str, path)))) ) else: message = "UpdateReplacePolicy should have one mapping for {0}" matches.append( RuleMatch(path, message.format("/".join(map(str, path)))) ) else: if not isinstance(key, (str)): message = "UpdateReplacePolicy values should be of string at {0}" matches.append( RuleMatch(path, message.format("/".join(map(str, path)))) ) return matches if key not in valid_values: message = "UpdateReplacePolicy should be only one of {0} at {1}" matches.append( RuleMatch( path, message.format( ", ".join(map(str, valid_values)), "/".join(map(str, path)) ), ) ) if key == "Snapshot" and res_type not in valid_snapshot_types: message = "UpdateReplacePolicy cannot be Snapshot for resources of type {0} at {1}" matches.append( RuleMatch(path, message.format(res_type, "/".join(map(str, path)))) ) return matches def match(self, cfn): matches = [] resources = cfn.get_resources() for resource_name, resource_values in resources.items(): updatereplace_policies = resource_values.get("UpdateReplacePolicy") if updatereplace_policies: path = ["Resources", resource_name, "UpdateReplacePolicy"] res_type = resource_values.get("Type") self.logger.debug( "Validating UpdateReplacePolicy for %s base configuration", resource_name, ) if isinstance(updatereplace_policies, list): message = "Only one UpdateReplacePolicy allowed per resource at {0}" matches.append( RuleMatch(path, message.format("/".join(map(str, path)))) ) else: has_lang_exten_transform = cfn.has_language_extensions_transform() matches.extend( self.check_value( updatereplace_policies, path, res_type, has_lang_exten_transform, ) ) return matches
Name | Type | Size | Permission | Actions |
---|---|---|---|---|
__pycache__ | Folder | 0755 |
|
|
backup | Folder | 0755 |
|
|
certificatemanager | Folder | 0755 |
|
|
cloudformation | Folder | 0755 |
|
|
cloudfront | Folder | 0755 |
|
|
codepipeline | Folder | 0755 |
|
|
dynamodb | Folder | 0755 |
|
|
ecs | Folder | 0755 |
|
|
ectwo | Folder | 0755 |
|
|
elasticache | Folder | 0755 |
|
|
elb | Folder | 0755 |
|
|
events | Folder | 0755 |
|
|
iam | Folder | 0755 |
|
|
lmbd | Folder | 0755 |
|
|
properties | Folder | 0755 |
|
|
rds | Folder | 0755 |
|
|
route53 | Folder | 0755 |
|
|
stepfunctions | Folder | 0755 |
|
|
updatepolicy | Folder | 0755 |
|
|
ApproachingLimitName.py | File | 686 B | 0644 |
|
ApproachingLimitNumber.py | File | 690 B | 0644 |
|
BothUpdateReplacePolicyDeletionPolicyNeeded.py | File | 1.74 KB | 0644 |
|
CircularDependency.py | File | 1.18 KB | 0644 |
|
Configuration.py | File | 6.97 KB | 0644 |
|
DeletionPolicy.py | File | 3.91 KB | 0644 |
|
DependsOn.py | File | 2.7 KB | 0644 |
|
DependsOnObsolete.py | File | 3.01 KB | 0644 |
|
HardCodedArnProperties.py | File | 4.71 KB | 0644 |
|
LimitName.py | File | 704 B | 0644 |
|
LimitNumber.py | File | 692 B | 0644 |
|
Modules.py | File | 2.8 KB | 0644 |
|
Name.py | File | 688 B | 0644 |
|
NoEcho.py | File | 3.2 KB | 0644 |
|
PreviousGenerationInstanceType.py | File | 4.2 KB | 0644 |
|
ResourceSchema.py | File | 1.74 KB | 0644 |
|
RetentionPeriodOnResourceTypesWithAutoExpiringContent.py | File | 6.42 KB | 0644 |
|
ServerlessTransform.py | File | 1.59 KB | 0644 |
|
UniqueNames.py | File | 924 B | 0644 |
|
UpdateReplacePolicy.py | File | 4.07 KB | 0644 |
|
UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes.py | File | 2.09 KB | 0644 |
|
__init__.py | File | 106 B | 0644 |
|