forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDynamicReferenceSsmPath.py
40 lines (34 loc) · 1.63 KB
/
DynamicReferenceSsmPath.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from typing import Any
from cfnlint.jsonschema import ValidationError, Validator
from cfnlint.rules import CloudFormationLintRule
class DynamicReferenceSsmPath(CloudFormationLintRule):
id = "E1052"
shortdesc = "Validate dynamic references to SSM are in a valid location"
description = (
"Dynamic references to SSM parameters are only supported "
"in certain locations"
)
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm"
tags = ["functions", "dynamic reference"]
def validate(self, validator: Validator, s: Any, instance: Any, schema: Any):
if len(validator.context.path.path) > 0:
if validator.context.path.path[0] == "Parameters":
if len(validator.context.path.path) >= 3:
if validator.context.path.path[2] in ["Default", "AllowedValues"]:
return
elif validator.context.path.path[0] == "Resources":
if len(validator.context.path.path) >= 3:
if validator.context.path.path[2] in ["Properties", "Metadata"]:
return
elif validator.context.path.path[0] == "Outputs":
if len(validator.context.path.path) >= 3:
if validator.context.path.path[2] in ["Value"]:
return
yield ValidationError(
(f"Dynamic reference {instance!r} to SSM parameters are not allowed here"),
rule=self,
)