forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Document.py
84 lines (72 loc) · 2.61 KB
/
Document.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from __future__ import annotations
from typing import Any
import cfnlint.data.schemas.other.ssm
from cfnlint.decode import decode_str
from cfnlint.jsonschema import ValidationError, ValidationResult, Validator
from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema, SchemaDetails
from cfnlint.schema.resolver import RefResolver
class Document(CfnLintJsonSchema):
id = "E3051"
shortdesc = "Validate the structure of a SSM document"
description = (
"SSM documents are nested JSON/YAML in CloudFormation "
"this rule adds validation to those documents"
)
source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html"
tags = ["properties", "ssm", "document"]
def __init__(self):
super().__init__(
["Resources/AWS::SSM::Document/Properties/Content"],
schema_details=SchemaDetails(
module=cfnlint.data.schemas.other.ssm,
filename="document.json",
),
)
store = {
"document": self.schema,
}
self.resolver = RefResolver.from_schema(self.schema, store=store)
# pylint: disable=unused-argument
def validate(
self,
validator: Validator,
_: Any,
instance: Any,
schema: dict[str, Any],
) -> ValidationResult:
# First time child rules are configured against the rule
# so we can run this now
if validator.is_type(instance, "string"):
ssm_validator = validator.evolve(
context=validator.context.evolve(
functions=[],
strict_types=True,
),
resolver=self.resolver,
schema=self.schema,
)
instance, errs = decode_str(instance)
if errs:
yield ValidationError(
"Document is not of type 'object'",
validator="type",
rule=self,
)
return
else:
ssm_validator = validator.evolve(
cfn=validator.cfn,
context=validator.context.evolve(
strict_types=True,
),
resolver=self.resolver,
schema=self.schema,
)
for err in ssm_validator.iter_errors(instance):
if not err.validator.startswith("fn_") and err.validator not in ["cfnLint"]:
err.rule = self
yield err