-
Notifications
You must be signed in to change notification settings - Fork 598
/
Copy pathDeletionPolicy.py
49 lines (41 loc) · 1.64 KB
/
DeletionPolicy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.helpers import valid_snapshot_types
from cfnlint.jsonschema import Validator
from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema
class DeletionPolicy(CfnLintJsonSchema):
"""Check Base Resource Configuration"""
id = "E3035"
shortdesc = "Check DeletionPolicy values for Resources"
description = "Check that the DeletionPolicy values are valid"
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html"
tags = ["resources", "deletionpolicy"]
def __init__(self) -> None:
super().__init__(
keywords=["Resources/*/DeletionPolicy"],
all_matches=True,
)
# pylint: disable=unused-argument, arguments-renamed
def validate(self, validator: Validator, dP: str, instance, schema):
enum = ["Delete", "Retain", "RetainExceptOnCreate"]
resource_name = validator.context.path.path[1]
if (
isinstance(resource_name, str)
and validator.context.resources[resource_name].type in valid_snapshot_types
):
enum.append("Snapshot")
validator = validator.evolve(
context=validator.context.evolve(
functions=[
"Fn::Sub",
"Fn::Select",
"Fn::FindInMap",
"Fn::If",
"Ref",
]
),
schema={"type": "string", "enum": enum},
)
yield from self._iter_errors(validator, instance)