Skip to content

Commit

Permalink
Update E3054 to not alert on awsvpc (#3593)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kddejong
kddejong authored Aug 13, 2024
1 parent 5b268db commit 3409497
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 13 deletions.
35 changes: 22 additions & 13 deletions src/cfnlint/rules/resources/ecs/ServiceFargate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,26 +77,35 @@ def _get_task_definition_properties(
)
if not task_definition:
return

for capabilities, capabilities_validator in get_value_from_path(
task_definition_validator,
task_definition,
path=deque(["Properties", "RequiresCompatibilities"]),
):
if capabilities is None:
yield capabilities, capabilities_validator
continue
if not isinstance(capabilities, list):
continue
for capibility, _ in get_value_from_path(
for network_mode, network_mode_validator in get_value_from_path(
capabilities_validator,
capabilities,
path=deque(["*"]),
task_definition,
path=deque(["Properties", "NetworkMode"]),
):
if isinstance(capibility, dict) or capibility == "FARGATE":
break
else:
yield capabilities, capabilities_validator

if network_mode == "awsvpc" or network_mode_validator.is_type(
network_mode, "object"
):
continue
if capabilities is None:
yield capabilities, capabilities_validator
continue
if not isinstance(capabilities, list):
continue
for capibility, _ in get_value_from_path(
network_mode_validator,
capabilities,
path=deque(["*"]),
):
if isinstance(capibility, dict) or capibility == "FARGATE":
break
else:
yield capabilities, capabilities_validator

def validate(
self, validator: Validator, _: Any, instance: Any, schema: dict[str, Any]
Expand Down
77 changes: 77 additions & 0 deletions test/unit/rules/resources/ecs/test_service_fargate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,83 @@ def rule():
deque(["Resources", "Service", "Properties"]),
[],
),
(
{
"Resources": {
"TaskDefinition": jsonpatch.apply_patch(
dict(_task_definition),
[
{
"op": "add",
"path": "/Properties/NetworkMode",
"value": "awsvpc",
},
{
"op": "remove",
"path": "/Properties/RequiresCompatibilities",
},
],
),
"Service": dict(_service),
},
},
deque(["Resources", "Service", "Properties"]),
[],
),
(
{
"Parameters": {"MyNetworkMode": {"Type": "String"}},
"Resources": {
"TaskDefinition": jsonpatch.apply_patch(
dict(_task_definition),
[
{
"op": "add",
"path": "/Properties/NetworkMode",
"value": {"Ref": "MyNetworkMode"},
},
{
"op": "remove",
"path": "/Properties/RequiresCompatibilities",
},
],
),
"Service": dict(_service),
},
},
deque(["Resources", "Service", "Properties"]),
[],
),
(
{
"Resources": {
"TaskDefinition": jsonpatch.apply_patch(
dict(_task_definition),
[
{
"op": "add",
"path": "/Properties/NetworkMode",
"value": "host",
},
{
"op": "remove",
"path": "/Properties/RequiresCompatibilities",
},
],
),
"Service": dict(_service),
},
},
deque(["Resources", "Service", "Properties"]),
[
ValidationError(
("'RequiresCompatibilities' is a required property"),
validator="required",
rule=ServiceFargate(),
path_override=deque(["Resources", "TaskDefinition", "Properties"]),
)
],
),
],
indirect=["template"],
)
Expand Down

0 comments on commit 3409497

Please sign in to comment.