3 D\I@s@dZddlZddlmZddlmZddlZGdddeZdS)a Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. N)CloudFormationLintRule) RuleMatchcs^eZdZdZdZdZdZdZdgZfdd Z d d Z d d Z ddZ ddZ ddZZS) Propertiesz!Check Base Resource ConfigurationZE3002zResource properties are validz&Making sure that resources properties zare properly configuredzohttps://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#properties resourcescs*tt|ji|_i|_i|_i|_dS)ZInitN)superr__init__cfn resourcetypes propertytypesparameternames)self) __class__/private/var/folders/pf/wv4htv3x0qs2c2mp0dnn0kchsvlck3/T/pip-install-emcbgzcf/cfn-lint/cfnlint/rules/resources/properties/Properties.pyr s zProperties.__init__cCsJg}t|ts|ddikrBd|djtt|f}|jt||t|trX|dkrX|St|trFt|dkrx|j D]\}}|t j j krt|trt|dkr|j |j|d||ddg|j |j|d ||dd gq||dkr|ddjtt||f}|jt||q|Wn(d|djtt|f}|jt|||S)aT Check primitive types. Only check that a primitive type is actual a primitive type: - If its JSON let it go - If its Conditions check each sub path of the condition - If its a object make sure its a valid function and function - If its a list raise an error RefzAWS::NotificationARNsz,Property should be of type %s not List at %s/ZJsonFn::If Fn::Base64 Fn::GetAtt Fn::GetAZsFn::ImportValueFn::Join Fn::Split Fn::FindInMap Fn::Select Fn::ContainsFn::SubFn::Cidrz&Property %s has an illegal function %sz)Property is an object instead of %s at %s) rrrrrrrrrrrrr ) isinstancelistjoinmapstrappendrdictlenitemscfnlinthelpersCONDITION_FUNCTIONSextendprimitivetypecheck)r valueprimtypeproppathmatchesmessagesub_key sub_valuerrrr.(s0     zProperties.primitivetypecheckc Csg}t||dkrXxb||jD]*\}} |tjjkrtt| dkrNx"t| ddD]\} } |dd|| dg} t| trxHt| D]<\} }| dd}|j| |j |j ||d|||dqWq`t| t rt| dkrx| jD]\}}|dks|dkr|dkrd}t|tr:|d }nt|t j rV|jd d }|r|jjjd ij|ijd }|jd sd}|jt| |j||djdd| Dqd}|jt| |j||djdd| DqWn.d}|jt| |j||djdd| Dq`d}|jt| |j||djdd| Dq`Wn$ddjtt|}|jt||q&|dkrD|dkrd}t| tr| d }nt| t j r| jd d }|rB|jjjd ij|ijd }|dkp|jd sBddjtt|}|jt||n$ddjtt|}|jt||q&|jjd| q&Wn$ddjtt|}|jt|||S)z+Checks lists that are a dict for conditionsrrNItemTypeFrz AWS::NoValuez Fn::GetAttr. ResourcesTypezCustom::z;Property {0} should be of type List for resource {1} at {2}rcss|]}t|VqdS)N)r%).0xrrr rsz6Properties.check_list_for_condition..css|]}t|VqdS)N)r%)r:r;rrrr<xscss|]}t|VqdS)N)r%)r:r;rrrr<~scss|]}t|VqdS)N)r%)r:r;rrrr<sz%Invalid !If condition specified at %sz Fn::FindInMapz#AWS::CloudFormation::CustomResourcez+Property is an object instead of List at %szXToo much logic to handle whats actually in the map "%s" so skipping any more validation.)r(r)r*r+r, enumerater!r"r&r- propertycheckr'six string_typessplitrtemplateget startswithrformatr#r$r%loggerdebug)r textprop parenttype resourcenameZpropspecpathr2r4r5Zif_iZif_vZcondition_pathindexitem arrproppathZd_kZd_v resource_nameZ resource_typer3rrrcheck_list_for_conditionPs        $($(    z#Properties.check_list_for_conditioncCs>dgdgdgdgd}|j|g}||kr:t|tjr:dSdS)zx Checks for exceptions to the spec - Start with handling exceptions for templated code. ZBodyS3LocationZCodeZContentZ SourceBundle)zAWS::ApiGateway::RestApizAWS::Lambda::FunctionzAWS::Lambda::LayerVersionz)AWS::ElasticBeanstalk::ApplicationVersionTF)rCr!r?r@)r rJproptyperHZtemplated_exceptions exceptionsrrrcheck_exceptionss   zProperties.check_exceptionsc Cs|j}g}|r|j} |} nH|j} tjd||} | | krT|| krD|} qbtjd||} ntjd||} | | jdi} | s| | jddkrt|tr| | jd} x||d}|dkrqT||kr|jjd|d}|r d|kr d|kr |dk r d}|jt||j||nd}|jt||j||nd}|jt||j||n8| |ddkr|j |j ||| |d|||dn2d| |krT| |d}|j |j||||qTW|S)zCheck individual propertiesz{0}.{1}rr9Listr6NZAdditionalPropertiesFz AWS::NoValuezExpecting an object at %srrValuePathz2Ran into function "%s". Skipping remaining checkszInvalid Property %sZPrimitiveItemTypez4Property {0} should be of type List for resource {1}rzAWS::NotificationARNsZ ParameterszListr'rTr#r$r&rr(r*r+r,rZget_condition_valuesZis_function_returning_objectrFrGrQr.rB)r rHrRrJrKrLrootr r2specs resourcetypeZ resourcespecZ property_typerMrNZsupports_additional_propertiesr3Z len_of_textrIr1Z cond_valuesZ cond_valuerOr0refZ param_typerrrr>s                    zProperties.propertycheckc Csg}||_tjj|jd}|d|_|d|_|jj|_x|j j D]r\}}d|krJd|krJ|j dd}|j dr||jkrd}||jkrJd |dg}|j |j|j did |||d qJW|S) zCheck CloudFormation PropertiesrZ ResourceTypesZ PropertyTypesrr9NzCustom::z#AWS::CloudFormation::CustomResourcer8T)rr*r+ZRESOURCE_SPECSZregionsr r Zget_parameter_namesr get_resourcesr)rCrDr-r>)r rr2Z resourcespecsrKZ resourcevaluer[rLrrrmatch9s"       zProperties.matchz=Making sure that resources properties are properly configured)__name__ __module__ __qualname____doc__idZ shortdesc descriptionZ source_urltagsrr.rQrTr>r_ __classcell__rr)r rrs (Tr)rcr?r*rrZcfnlint.helpersrrrrrs