-
Notifications
You must be signed in to change notification settings - Fork 598
/
DynamicReferenceSecretsManagerPath.py
44 lines (37 loc) · 1.44 KB
/
DynamicReferenceSecretsManagerPath.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from typing import Any
from cfnlint.jsonschema import ValidationError, Validator
from cfnlint.rules import CloudFormationLintRule
class DynamicReferenceSecretsManagerPath(CloudFormationLintRule):
id = "E1051"
shortdesc = (
"Validate dynamic references to secrets manager are only in resource properties"
)
description = (
"Dynamic references from secrets manager can only be used "
"in resource properties"
)
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager"
tags = ["functions", "dynamic reference"]
def validate(self, validator: Validator, s: Any, instance: Any, schema: Any):
if len(validator.context.path.path) >= 3:
if (
validator.context.path.path[0] == "Resources"
and validator.context.path.path[2] == "Properties"
):
return
if (
validator.context.path.path[0] == "Parameters"
and validator.context.path.path[2] == "Default"
):
return
yield ValidationError(
(
f"Dynamic reference {instance!r} to secrets manager can only be "
"used in resource properties"
),
rule=self,
)