forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRefInCondition.py
37 lines (29 loc) · 1.36 KB
/
RefInCondition.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules import CloudFormationLintRule, RuleMatch
class RefInCondition(CloudFormationLintRule):
"""Check if Ref value is a string"""
id = "E1026"
shortdesc = "Cannot reference resources in the Conditions block of the template"
description = "Check that any Refs in the Conditions block uses no resources"
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-conditions.html#w2ab2c21c28c21c45"
tags = ["conditions", "functions", "ref"]
def match(self, cfn):
matches = []
ref_objs = cfn.search_deep_keys("Ref")
resource_names = cfn.get_resource_names()
for ref_obj in ref_objs:
if ref_obj[0] == "Conditions":
value = ref_obj[-1]
if isinstance(value, (str, int)):
if value in resource_names:
message = "Cannot reference resource {0} in the Conditions block of the template at {1}"
matches.append(
RuleMatch(
ref_obj[:-1],
message.format(value, "/".join(map(str, ref_obj[:-1]))),
)
)
return matches