def test_should_throw_error_for_cf_file_containing_leading_zeroes(self):
filename = getFileOrDefault('tests/test-data/cf.yaml',
'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], ['W1337'],
[])
regions = ['eu-west-1']
matches = cfnlint.core.run_checks(filename, template, rules, regions)
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == 'E1338'
]
self.assertEqual(len(filteredMatches), 3)
self.assertTrue('value 0600586' in filteredMatches[0].message)
self.assertEqual(filteredMatches[0].path_string,
'Mappings/dev/examplemall-locationA/machineid')
self.assertTrue('value 02500381' in filteredMatches[1].message)
self.assertEqual(filteredMatches[1].path_string,
'Mappings/dev/examplemall-locationB/machineid')
self.assertTrue('value 01' in filteredMatches[2].message)
self.assertEqual(
filteredMatches[2].path_string,
'Resources/ScheduledSalesPollerRole01/Properties/Targets/Id')
def test_should_throw_error_for_new_lambda_with_old_sub_filter_pattern(self):
filename = getFileOrDefault('tests/test-data/logGroups.yaml', 'test-data/logGroups.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules([getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [])
matches = cfnlint.core.run_checks(filename, template, rules, ['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [match for match in matches if match.rule.id == self.RULE_ID]
self.assertEqual(len(filteredMatches), 1)
self.assertIsNotNone(findMatchBySubstring('YetAnotherExampleSubscriptionFilter', filteredMatches))
def test_should_throw_error_if_provisioned_throughput_attrs_are_found(self):
filename = getFileOrDefault('tests/test-data/cf.yaml', 'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules([getDirOrDefault('cflint/rules/', '../cflint/rules/')], ['W1337'], [])
regions = ['eu-west-1']
matches = cfnlint.core.run_checks(filename, template, rules, regions)
self.assertGreater(len(matches), 0)
filteredMatches = [match for match in matches if match.rule.id == RULE_ID]
self.assertEqual(len(filteredMatches), 2)
def test_should_warn_for_usage_of_reserved_names_in_lambda_env_vars(self):
filename = getFileOrDefault('tests/test-data/cf.yaml', 'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules([getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [self.RULE_ID])
matches = cfnlint.core.run_checks(filename, template, rules, ['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [match for match in matches if match.rule.id == self.RULE_ID]
self.assertEqual(len(filteredMatches), 2)
self.assertIn('Found usage of reserved environment variable name(s) PATH, this can cause runtime errors.',
filteredMatches[0].message)
self.assertIn('Found usage of reserved environment variable name(s) LANG, this can cause runtime errors.',
filteredMatches[1].message)
def test_should_handle_cf_file_with_mixed_policies(self):
filename = getFileOrDefault('tests/test-data/oldServerless.yml',
'test-data/oldServerless.yml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [])
regions = ['eu-west-1']
matches = cfnlint.core.run_checks(filename, template, rules, regions)
filteredMatches = [
match for match in matches if match.rule.id == 'W1337'
]
self.assertEqual(len(filteredMatches), 0)
def test_should_throw_error_for_cf_file_containing_log_groups_without_retention_periods(
self):
filename = getFileOrDefault('tests/test-data/logGroups.yaml',
'test-data/logGroups.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [])
matches = cfnlint.core.run_checks(filename, template, rules,
['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == self.RULE_ID
]
self.assertEqual(len(filteredMatches), 2)
def test_something(self):
filename = getFileOrDefault('tests/test-data/networking.yaml',
'test-data/networking.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [])
matches = cfnlint.core.run_checks(filename, template, rules,
['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == self.RULE_ID
]
self.assertEqual(len(filteredMatches), 3)
self.assertEqual(filteredMatches[0].path_string, 'Resources/RestApi3')
self.assertEqual(filteredMatches[1].path_string, 'Resources/RestApi4')
self.assertEqual(filteredMatches[2].path_string, 'Resources/RestApi5')
def test_should_throw_error_for_cf_file_containing_matching_config(self):
filename = getFileOrDefault('tests/test-data/cf.yaml',
'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [],
[self.RULE_ID])
matches = cfnlint.core.run_checks(filename, template, rules,
['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == self.RULE_ID
]
self.assertEqual(len(filteredMatches), 2)
self.assertIn('Found lambda using deprecated runtime "nodejs8.10"',
filteredMatches[0].message)
def test_should_find_matches_for_cf_file_with_full_access_policies(self):
filename = getFileOrDefault('tests/test-data/cf.yaml',
'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], ['E1338'],
[])
regions = ['eu-west-1']
matches = cfnlint.core.run_checks(filename, template, rules, regions)
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == 'W1337'
]
self.assertEqual(len(filteredMatches), 10)
self.assertIn('AmazonSQSFullAccess', filteredMatches[0].message)
self.assertIn('AmazonDynamoDBFullAccess', filteredMatches[0].message)
def test_should_throw_error_for_cf_file_containing_malformed_filter_pattern(
self):
filename = getFileOrDefault('tests/test-data/cf.yaml',
'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [],
[self.RULE_ID])
matches = cfnlint.core.run_checks(filename, template, rules,
['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == self.RULE_ID
]
self.assertEqual(len(filteredMatches), 1)
self.assertIn(
'One or more column names of ExampleTable contain reserved keywords: INDEX',
filteredMatches[0].message)
def test_should_throw_error_for_cf_file_containing_malformed_filter_pattern(
self):
filename = getFileOrDefault('tests/test-data/cf.yaml',
'test-data/cf.yaml')
template = cfnlint.decode.cfn_yaml.load(filename)
cfnlint.core.configure_logging(None)
rules = cfnlint.core.get_rules(
[getDirOrDefault('cflint/rules/', '../cflint/rules/')], [], [])
matches = cfnlint.core.run_checks(filename, template, rules,
['eu-west-1'])
self.assertGreater(len(matches), 0)
filteredMatches = [
match for match in matches if match.rule.id == self.RULE_ID
]
self.assertEqual(len(filteredMatches), 1)
self.assertEqual(
filteredMatches[0].message,
"The FilterPattern of MallSalesReportSftpUploaderLogForwardSubscri\
ption was [time, uuid, app=overwatch, metric] which does not match the expected patterns ['[time, uuid, \
app=overwatch*, metric]', '[time, uuid, app=overwatch*, data]', '[time, uuid, level, app=overwatch*, metric]', \
'[time, uuid, level, app=overwatch*, data]']. This will prevent logs from being propagated to Kibana."
)