From 31054c62538e52205981067c4d9419800e5949b2 Mon Sep 17 00:00:00 2001 From: Kevin DeJong Date: Thu, 4 Jul 2024 09:55:26 -0700 Subject: [PATCH] Add two new rules to validate fargate tasks --- .../fargate_cpu_memory.json | 255 ++++++++++-------- .../fargate_properties.json | 42 +++ .../rules/resources/ecs/FargateCpuMemory.py | 2 +- .../resources/ecs/TaskFargateProperties.py | 46 ++++ .../ecs/test_ecs_fargate_cpu_memory.py | 38 ++- .../ecs/test_ecs_task_fargate_properties.py | 98 +++++++ 6 files changed, 365 insertions(+), 116 deletions(-) create mode 100644 src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_properties.json create mode 100644 src/cfnlint/rules/resources/ecs/TaskFargateProperties.py create mode 100644 test/unit/rules/resources/ecs/test_ecs_task_fargate_properties.py diff --git a/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_cpu_memory.json b/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_cpu_memory.json index b5e0aa8692..cd91577f28 100644 --- a/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_cpu_memory.json +++ b/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_cpu_memory.json @@ -1,114 +1,149 @@ { - "if": { - "properties": { - "RequiresCompatibilities": { - "type": "array", - "contains": { - "type": "string", - "enum": ["FARGATE"] - } - }, - "Cpu": { - "type": ["string", "integer"] - }, - "Memory": { - "type": ["string", "integer"] - } - }, - "required": ["RequiresCompatibilities", "Cpu", "Memory"] + "if": { + "properties": { + "Cpu": { + "type": [ + "string", + "integer" + ] + }, + "Memory": { + "type": [ + "string", + "integer" + ] + }, + "RequiresCompatibilities": { + "contains": { + "enum": [ + "FARGATE" + ], + "type": "string" }, - "then": { - "anyOf": [ - { - "properties": { - "Cpu": { - "enum": ["256", 256] - }, - "Memory": { - "enum": [ - "512", - "1024", - "2048", - 512, - 1024, - 2048 - ] - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["512", 512] - }, - "Memory": { - "minimum": 1024, - "maximum": 4096, - "multipleOf": 1024 - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["1024", 1024] - }, - "Memory": { - "minimum": 2048, - "maximum": 8192, - "multipleOf": 1024 - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["2048", 2048] - }, - "Memory": { - "minimum": 4096, - "maximum": 16384, - "multipleOf": 1024 - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["4096", 4096] - }, - "Memory": { - "minimum": 8192, - "maximum": 30720, - "multipleOf": 1024 - - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["8192", 8192] - }, - "Memory": { - "minimum": 16384, - "maximum": 61440, - "multipleOf": 4096 - } - } - }, - { - "properties": { - "Cpu": { - "enum": ["16384", 16384] - }, - "Memory": { - "minimum": 32768, - "maximum": 122880, - "multipleOf": 8192 - } - } - } - ] + "type": "array" + } + }, + "required": [ + "RequiresCompatibilities", + "Cpu", + "Memory" + ] + }, + "then": { + "anyOf": [ + { + "properties": { + "Cpu": { + "enum": [ + 256 + ] + }, + "Memory": { + "enum": [ + 512, + 1024, + 2048 + ] + } } + }, + { + "properties": { + "Cpu": { + "enum": [ + 512 + ] + }, + "Memory": { + "maximum": 4096, + "minimum": 1024, + "multipleOf": 1024 + } + } + }, + { + "properties": { + "Cpu": { + "enum": [ + 1024 + ] + }, + "Memory": { + "maximum": 8192, + "minimum": 2048, + "multipleOf": 1024 + } + } + }, + { + "properties": { + "Cpu": { + "enum": [ + 2048 + ] + }, + "Memory": { + "maximum": 16384, + "minimum": 4096, + "multipleOf": 1024 + } + } + }, + { + "properties": { + "Cpu": { + "enum": [ + 4096 + ] + }, + "Memory": { + "maximum": 30720, + "minimum": 8192, + "multipleOf": 1024 + } + } + }, + { + "properties": { + "Cpu": { + "enum": [ + 8192 + ] + }, + "Memory": { + "maximum": 61440, + "minimum": 16384, + "multipleOf": 4096 + } + } + }, + { + "properties": { + "Cpu": { + "enum": [ + 16384 + ] + }, + "Memory": { + "maximum": 122880, + "minimum": 32768, + "multipleOf": 8192 + } + } + } + ], + "properties": { + "Cpu": { + "enum": [ + 256, + 512, + 1024, + 2048, + 4096, + 8192, + 16384 + ] + } + } + } } diff --git a/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_properties.json b/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_properties.json new file mode 100644 index 0000000000..bdcfb82445 --- /dev/null +++ b/src/cfnlint/data/schemas/extensions/aws_ecs_taskdefinition/fargate_properties.json @@ -0,0 +1,42 @@ +{ + "if": { + "properties": { + "RequiresCompatibilities": { + "contains": { + "enum": [ + "FARGATE" + ], + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "RequiresCompatibilities" + ] + }, + "then": { + "not": { + "required": [ + "PlacementConstraints" + ] + }, + "properties": { + "Cpu": { + "enum": [ + 256, + 512, + 1024, + 2048, + 4096, + 8192, + 16384 + ] + } + }, + "required": [ + "Cpu", + "Memory" + ] + } +} diff --git a/src/cfnlint/rules/resources/ecs/FargateCpuMemory.py b/src/cfnlint/rules/resources/ecs/FargateCpuMemory.py index db684e554c..af5c7626c6 100644 --- a/src/cfnlint/rules/resources/ecs/FargateCpuMemory.py +++ b/src/cfnlint/rules/resources/ecs/FargateCpuMemory.py @@ -15,7 +15,7 @@ class FargateCpuMemory(CfnLintJsonSchema): id = "E3047" shortdesc = ( - "Validate ECS Fargate tasks have the right " "combination of CPU and memory" + "Validate ECS Fargate tasks have the right combination of CPU and memory" ) description = ( "When using a ECS Fargate task there is a specfic combination " diff --git a/src/cfnlint/rules/resources/ecs/TaskFargateProperties.py b/src/cfnlint/rules/resources/ecs/TaskFargateProperties.py new file mode 100644 index 0000000000..37cba5b5d7 --- /dev/null +++ b/src/cfnlint/rules/resources/ecs/TaskFargateProperties.py @@ -0,0 +1,46 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from __future__ import annotations + +from collections import deque +from typing import Any + +import cfnlint.data.schemas.extensions.aws_ecs_taskdefinition +from cfnlint.jsonschema import ValidationResult +from cfnlint.jsonschema.protocols import Validator +from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema, SchemaDetails + + +class TaskFargateProperties(CfnLintJsonSchema): + id = "E3048" + shortdesc = "Validate ECS Fargate tasks have required properties and values" + description = ( + "When using a ECS Fargate task there is a specfic combination " + "of required properties and values" + ) + source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-memory" + tags = ["properties", "ecs", "service", "container", "fargate"] + + def __init__(self) -> None: + super().__init__( + keywords=["Resources/AWS::ECS::TaskDefinition/Properties"], + schema_details=SchemaDetails( + module=cfnlint.data.schemas.extensions.aws_ecs_taskdefinition, + filename="fargate_properties.json", + ), + all_matches=True, + ) + + def validate( + self, validator: Validator, keywords: Any, instance: Any, schema: dict[str, Any] + ) -> ValidationResult: + for err in super().validate(validator, keywords, instance, schema): + if err.validator == "not": + err.message = "'PlacementConstraints' isn't supported for Fargate tasks" + err.path = deque(["PlacementConstraints"]) + yield err + continue + yield err diff --git a/test/unit/rules/resources/ecs/test_ecs_fargate_cpu_memory.py b/test/unit/rules/resources/ecs/test_ecs_fargate_cpu_memory.py index 00ae803655..7aacac0af5 100644 --- a/test/unit/rules/resources/ecs/test_ecs_fargate_cpu_memory.py +++ b/test/unit/rules/resources/ecs/test_ecs_fargate_cpu_memory.py @@ -92,13 +92,41 @@ def rule(): ) ], ), + ( + { + "RequiresCompatibilities": ["FARGATE", "Foo"], + "Cpu": 4096, + "Memory": 512, + }, + [ + ValidationError( + "Cpu 4096 is not compatible with memory 512", + rule=FargateCpuMemory(), + path=deque([]), + validator="anyOf", + schema_path=deque(["then", "anyOf"]), + ) + ], + ), + ( + { + "RequiresCompatibilities": ["FARGATE", "Foo"], + "Cpu": 4096, + "Memory": 16385, + }, + [ + ValidationError( + "Cpu 4096 is not compatible with memory 16385", + rule=FargateCpuMemory(), + path=deque([]), + validator="anyOf", + schema_path=deque(["then", "anyOf"]), + ) + ], + ), ], ) def test_validate(instance, expected, rule, validator): errs = list(rule.validate(validator, "", instance, {})) - for err in errs: - print(err.schema_path) - print(err.validator) - print(err.rule) - print(err.path) + assert errs == expected, f"Expected {expected} got {errs}" diff --git a/test/unit/rules/resources/ecs/test_ecs_task_fargate_properties.py b/test/unit/rules/resources/ecs/test_ecs_task_fargate_properties.py new file mode 100644 index 0000000000..803fbb63a4 --- /dev/null +++ b/test/unit/rules/resources/ecs/test_ecs_task_fargate_properties.py @@ -0,0 +1,98 @@ +""" +Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: MIT-0 +""" + +from collections import deque + +import pytest + +from cfnlint.jsonschema import ValidationError +from cfnlint.rules.resources.ecs.TaskFargateProperties import TaskFargateProperties + + +@pytest.fixture(scope="module") +def rule(): + rule = TaskFargateProperties() + yield rule + + +@pytest.mark.parametrize( + "instance,expected", + [ + ( + { + "RequiresCompatibilities": ["FARGATE"], + "Cpu": 256, + "Memory": "512", + }, + [], + ), + ( + { + "RequiresCompatibilities": ["FARGATE"], + "Cpu": 16384, + }, + [ + ValidationError( + "'Memory' is a required property", + rule=TaskFargateProperties(), + path=deque([]), + validator="required", + schema_path=deque(["then", "required"]), + ) + ], + ), + ( + { + "RequiresCompatibilities": ["FARGATE"], + "Memory": "512", + }, + [ + ValidationError( + "'Cpu' is a required property", + rule=TaskFargateProperties(), + path=deque([]), + validator="required", + schema_path=deque(["then", "required"]), + ) + ], + ), + ( + { + "RequiresCompatibilities": ["FARGATE"], + "Memory": "512", + "Cpu": 256, + "PlacementConstraints": "foo", + }, + [ + ValidationError( + ("'PlacementConstraints' isn't supported for Fargate tasks"), + rule=TaskFargateProperties(), + path=deque(["PlacementConstraints"]), + validator="not", + schema_path=deque(["then", "not"]), + ) + ], + ), + ( + { + "RequiresCompatibilities": ["FARGATE"], + "Cpu": 128, + "Memory": "512", + }, + [ + ValidationError( + "128 is not one of [256, 512, 1024, 2048, 4096, 8192, 16384]", + rule=TaskFargateProperties(), + path=deque(["Cpu"]), + validator="enum", + schema_path=deque(["then", "properties", "Cpu", "enum"]), + ) + ], + ), + ], +) +def test_validate(instance, expected, rule, validator): + errs = list(rule.validate(validator, "", instance, {})) + assert errs == expected, f"Expected {expected} got {errs}"