Supporting intrinsic function in DeletionPolicy and UpdateReplacePolicy (#2784)

Co-authored-by: Kevin DeJong <[email protected]>

Author: mluk-aws

src/cfnlint/rules/resources/DeletionPolicy.py

@@ -15,7 +15,7 @@ class DeletionPolicy(CloudFormationLintRule):
     source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html"
     tags = ["resources", "deletionpolicy"]
 
-    def check_value(self, key, path, res_type, has_lang_exten_transform):
+    def check_value(self, key, path, res_type):
         """Check resource names for DeletionPolicy"""
         matches = []
 
@@ -25,7 +25,7 @@ def check_value(self, key, path, res_type, has_lang_exten_transform):
 
         supported_functions_joined = ", ".join(supported_functions)
 
-        if has_lang_exten_transform and isinstance(key, dict):
+        if isinstance(key, dict):
             if len(key) == 1:
                 for index_key, _ in key.items():
                     if index_key not in supported_functions:
@@ -88,11 +88,6 @@ def match(self, cfn):
                         RuleMatch(path, message.format("/".join(map(str, path))))
                     )
                 else:
-                    has_lang_exten_transform = cfn.has_language_extensions_transform()
-                    matches.extend(
-                        self.check_value(
-                            deletion_policies, path, res_type, has_lang_exten_transform
-                        )
-                    )
+                    matches.extend(self.check_value(deletion_policies, path, res_type))
 
         return matches

src/cfnlint/rules/resources/UpdateReplacePolicy.py

@@ -15,7 +15,7 @@ class UpdateReplacePolicy(CloudFormationLintRule):
     source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html"
     tags = ["resources", "updatereplacepolicy"]
 
-    def check_value(self, key, path, res_type, has_lang_exten_transform):
+    def check_value(self, key, path, res_type):
         """Check resource names for UpdateReplacePolicy"""
         matches = []
 
@@ -25,7 +25,7 @@ def check_value(self, key, path, res_type, has_lang_exten_transform):
 
         supported_functions_joined = ", ".join(supported_functions)
 
-        if has_lang_exten_transform and isinstance(key, dict):
+        if isinstance(key, dict):
             if len(key) == 1:
                 for index_key, _ in key.items():
                     if index_key not in supported_functions:
@@ -87,14 +87,8 @@ def match(self, cfn):
                         RuleMatch(path, message.format("/".join(map(str, path))))
                     )
                 else:
-                    has_lang_exten_transform = cfn.has_language_extensions_transform()
                     matches.extend(
-                        self.check_value(
-                            updatereplace_policies,
-                            path,
-                            res_type,
-                            has_lang_exten_transform,
-                        )
+                        self.check_value(updatereplace_policies, path, res_type)
                     )
 
         return matches

test/fixtures/templates/bad/resources_deletionpolicy.yaml

@@ -21,17 +21,28 @@ Resources:
       DBInstanceClass: db.m1.small
       Engine: MySQL
     DeletionPolicy: CopyRegion
-  RefPolicy:
-    Type: AWS::RDS::DBInstance
-    Properties:
-      AllocatedStorage: '5'
-      DBInstanceClass: db.m1.small
-      Engine: MySQL
-    DeletionPolicy: !Ref DBPolicy
   MyIAMUser:
     Type: AWS::IAM::User
     Properties:
       # Username field not supported for secure strings
       UserName: 'bob'
     DeletionPolicy: Snapshot
-
+  UnsupportedIntrinsic:
+    Type: AWS::CloudFormation::WaitConditionHandle
+    DeletionPolicy:
+      Fn::Cidr:
+        - "192.168.0.0/24"
+        - 6
+        - 5
+  InvalidMapping:
+    Type: AWS::RDS::DBInstance
+    Properties:
+      AllocatedStorage: '5'
+      DBInstanceClass: db.m1.small
+      Engine: MySQL
+    DeletionPolicy:
+      A: a1
+      B:
+        - b1
+        - b2
+    UpdateReplacePolicy: "Retain"

test/fixtures/templates/bad/resources_lang_extensions_updatereplacepolicy.yaml

@@ -21,17 +21,27 @@ Resources:
       DBInstanceClass: db.m1.small
       Engine: MySQL
     UpdateReplacePolicy: CopyRegion
-  RefPolicy:
-    Type: AWS::RDS::DBInstance
-    Properties:
-      AllocatedStorage: '5'
-      DBInstanceClass: db.m1.small
-      Engine: MySQL
-    UpdateReplacePolicy: !Ref DBPolicy
   MyIAMUser:
     Type: AWS::IAM::User
     Properties:
       # Username field not supported for secure strings
       UserName: 'bob'
     UpdateReplacePolicy: Snapshot
-
+  UnsupportedIntrinsic:
+    Type: AWS::CloudFormation::WaitConditionHandle
+    UpdateReplacePolicy:
+      Fn::Cidr:
+        - "192.168.0.0/24"
+        - 6
+        - 5
+  InvalidMapping:
+    Type: AWS::RDS::DBInstance
+    Properties:
+      AllocatedStorage: '5'
+      DBInstanceClass: db.m1.small
+      Engine: MySQL
+    UpdateReplacePolicy:
+      A: a1
+      B:
+        - b1
+        - b2

test/fixtures/templates/bad/resources_updatereplacepolicy.yaml

@@ -1,5 +1,4 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Transform: AWS::LanguageExtensions
 Conditions:
   IsUsEast1: !Equals [!Ref 'AWS::Region', 'us-east-1']
 Parameters:

test/fixtures/templates/bad/test_lang_extensions_deletionpolicy.yaml

@@ -1,5 +1,4 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Transform: AWS::LanguageExtensions
 Conditions:
   IsUsEast1: !Equals [!Ref 'AWS::Region', 'us-east-1']
 Parameters:

test/fixtures/templates/good/resources_lang_extensions_deletionpolicy.yaml renamed to test/fixtures/templates/good/resources_deletionpolicy.yaml

@@ -17,7 +17,7 @@ def setUp(self):
         super(TestResourceDeletionPolicy, self).setUp()
         self.collection.register(DeletionPolicy())
         self.success_templates = [
-            "test/fixtures/templates/good/resources_lang_extensions_deletionpolicy.yaml"
+            "test/fixtures/templates/good/resources_deletionpolicy.yaml"
         ]
 
     def test_file_positive(self):
@@ -27,11 +27,5 @@ def test_file_positive(self):
     def test_file_negative(self):
         """Test failure"""
         self.helper_file_negative(
-            "test/fixtures/templates/bad/resources_deletionpolicy.yaml", 4
-        )
-
-    def test_lang_extensions_file_negative(self):
-        """Test failure"""
-        self.helper_file_negative(
-            "test/fixtures/templates/bad/test_lang_extensions_deletionpolicy.yaml", 3
+            "test/fixtures/templates/bad/resources_deletionpolicy.yaml", 5
         )

test/fixtures/templates/good/resources_lang_extensions_updatereplacepolicy.yaml renamed to test/fixtures/templates/good/resources_updatereplacepolicy.yaml

@@ -17,7 +17,7 @@ def setUp(self):
         super(TestResourceUpdateReplacePolicy, self).setUp()
         self.collection.register(UpdateReplacePolicy())
         self.success_templates = [
-            "test/fixtures/templates/good/resources_lang_extensions_updatereplacepolicy.yaml"
+            "test/fixtures/templates/good/resources_updatereplacepolicy.yaml"
         ]
 
     def test_file_positive(self):
@@ -27,12 +27,5 @@ def test_file_positive(self):
     def test_file_negative(self):
         """Test failure"""
         self.helper_file_negative(
-            "test/fixtures/templates/bad/resources_updatereplacepolicy.yaml", 4
-        )
-
-    def test_lang_extensions_file_negative(self):
-        """Test failure"""
-        self.helper_file_negative(
-            "test/fixtures/templates/bad/resources_lang_extensions_updatereplacepolicy.yaml",
-            3,
+            "test/fixtures/templates/bad/resources_updatereplacepolicy.yaml", 5
         )