Validate conditions when checking resource types for a region

aws-cloudformation · Apr 7, 2023 · d5e3c96 · d5e3c96
1 parent 5ec2c9d
commit d5e3c96
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 388 deletions.
diff --git a/src/cfnlint/data/AdditionalSchemas/resource/configuration.json b/src/cfnlint/data/AdditionalSchemas/resource/configuration.json
@@ -1,5 +1,6 @@
 {
  "additionalProperties": false,
+ "awsType": true,
  "else": {
   "not": {
    "required": [
@@ -55,7 +56,6 @@
    "type": "object"
   },
   "Type": {
-   "awsType": true,
    "type": "string"
   },
   "UpdatePolicy": {

diff --git a/src/cfnlint/rules/parameters/AllowedPattern.py b/src/cfnlint/rules/parameters/AllowedPattern.py
@@ -2,7 +2,7 @@
 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 SPDX-License-Identifier: MIT-0
 """
-from typing import Generator, Iterable
+from typing import Generator, List, Union
 
 import regex as re
 
@@ -29,8 +29,8 @@ def initialize(self, cfn: Template):
         self.parameters = cfn.get_parameters()
 
     def _pattern(
-        self, instance: str, patrn: str, path: Iterable[str]
-    ) -> Generator[ValidationError]:
+        self, instance: str, patrn: str, path: List[Union[str, int]]
+    ) -> Generator[ValidationError, None, None]:
         if not re.search(patrn, instance):
             yield ValidationError(
                 f"{instance!r} does not match {patrn!r}",

diff --git a/src/cfnlint/rules/resources/Configuration.py b/src/cfnlint/rules/resources/Configuration.py
@@ -32,27 +32,40 @@ def __init__(self):
             cfn=None,
             rules=None,
         )(schema=schema)
+        self.cfn = None
 
     def initialize(self, cfn):
         super().initialize(cfn)
         self.regions = cfn.regions
+        self.cfn = cfn
 
     # pylint: disable=unused-argument
     def _awsType(self, validator, iT, instance, schema):
-        if not validator.is_type(instance, "string"):
+        resource_type = instance.get("Type")
+        if not validator.is_type(resource_type, "string"):
             return
+
+        resource_condition = instance.get("Condition")
+
         for region in self.regions:
-            if instance in PROVIDER_SCHEMA_MANAGER.get_resource_types(region=region):
-                return
-            if not instance.startswith(
+            if validator.is_type(resource_condition, "string"):
+                if False in self.cfn.conditions.build_scenerios_on_region(
+                    resource_condition, region
+                ):
+                    continue
+            if resource_type in PROVIDER_SCHEMA_MANAGER.get_resource_types(
+                region=region
+            ):
+                continue
+            if not resource_type.startswith(
                 ("Custom::", "AWS::Serverless::")
-            ) and not instance.endswith("::MODULE"):
+            ) and not resource_type.endswith("::MODULE"):
                 yield ValidationError(
-                    f"Resource type `{instance}` does not exist in '{region}'"
+                    f"Resource type `{resource_type}` does not exist in '{region}'"
                 )
 
     # pylint: disable=unused-argument
-    def _check_resource(self, cfn, resource_name, resource_values):
+    def _check_resource(self, resource_name, resource_values):
         """Check Resource"""
         matches = []
 
@@ -97,8 +110,6 @@ def match(self, cfn):
                 self.logger.debug(
                     "Validating resource %s base configuration", resource_name
                 )
-                matches.extend(
-                    self._check_resource(cfn, resource_name, resource_values)
-                )
+                matches.extend(self._check_resource(resource_name, resource_values))
 
         return matches