Add parent property to ResourceValidationArgs

[automagic]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I would be useful to be able to validate if a resource is correctly parented. We can do this for StackPolicies (the field exists on PolicyResource), but we do not have this at the individual level within ResourceValidationArgs or PolicyResourceOptions.

Since both PolicyResource and ResourceValidationOptions have a reference to PolicyResourceOptions it may make sense to have it there instead.

Use-case:

We may want to check if a particular resource type is contained within a component resource, e.g. "AWS secrets manager secrets must be created with 'MySpecialSecretManager' component resource as the parent"

Example:

def s3_bucket_parent_validator(args, report_violation: ReportViolation):
    # Check if the resource is an S3 bucket and if it has a parent set
    if isinstance(args.resource, aws.s3.Bucket):
        if not hasattr(args.resource, "opts") or not getattr(args.resource.opts, "parent", None):
            report_violation("S3 bucket must have a parent resource set")

Affected area/feature

ResourceVal

[justinvp]

For now, the workaround is to use a stack validation policy to check the parent.