Fix merge for yaml parsing (#4028)

kddejong · web-flow · commit 78023984fc72 · 2025-03-18T17:21:05.000-07:00
diff --git a/src/cfnlint/decode/cfn_yaml.py b/src/cfnlint/decode/cfn_yaml.py
@@ -74,9 +74,15 @@ class NodeConstructor(SafeConstructor):
     def __init__(self, filename):
         # Call the base class constructor
         super().__init__()
-
         self.filename = filename
 
+    def flatten_mapping(self, node):
+        # Rewrote to handle merging and overwriting keys
+        if any(key_node.tag == "tag:yaml.org,2002:merge" for key_node, _ in node.value):
+            super().flatten_mapping(node)
+            setattr(node, "using_merge", True)
+        super().flatten_mapping(node)
+
     # To support lazy loading, the original constructors first yield
     # an empty object, then fill them in when iterated. Due to
     # laziness we omit this behaviour (and will only do "deep
@@ -109,46 +115,47 @@ def construct_yaml_map(self, node):
                         ),
                     ],
                 )
-            for key_dup in mapping:
-                if key_dup == key:
-                    if not matches:
-                        matches.extend(
-                            [
-                                build_match(
-                                    filename=self.filename,
-                                    message=(
-                                        f'Duplicate found "{key}" (line'
-                                        f" {key_dup.start_mark.line + 1})"
-                                    ),
-                                    line_number=key_dup.start_mark.line,
-                                    column_number=key_dup.start_mark.column,
-                                    key=key,
-                                ),
+            if not getattr(node, "using_merge", False):
+                for key_dup in mapping:
+                    if key_dup == key:
+                        if matches:
+                            matches.append(
                                 build_match(
                                     filename=self.filename,
                                     message=(
-                                        f'Duplicate found "{key}" (line'
+                                        f"Duplicate found {key!r} (line"
                                         f" {key_node.start_mark.line + 1})"
                                     ),
                                     line_number=key_node.start_mark.line,
                                     column_number=key_node.start_mark.column,
                                     key=key,
-                                ),
-                            ],
-                        )
-                    else:
-                        matches.append(
-                            build_match(
-                                filename=self.filename,
-                                message=(
-                                    f'Duplicate found "{key}" (line'
-                                    f" {key_node.start_mark.line + 1})"
-                                ),
-                                line_number=key_node.start_mark.line,
-                                column_number=key_node.start_mark.column,
-                                key=key,
-                            ),
-                        )
+                                )
+                            )
+                        else:
+                            matches.extend(
+                                [
+                                    build_match(
+                                        filename=self.filename,
+                                        message=(
+                                            f"Duplicate found {key!r} (line"
+                                            f" {key_dup.start_mark.line + 1})"
+                                        ),
+                                        line_number=key_dup.start_mark.line,
+                                        column_number=key_dup.start_mark.column,
+                                        key=key,
+                                    ),
+                                    build_match(
+                                        filename=self.filename,
+                                        message=(
+                                            f"Duplicate found {key!r} (line"
+                                            f" {key_node.start_mark.line + 1})"
+                                        ),
+                                        line_number=key_node.start_mark.line,
+                                        column_number=key_node.start_mark.column,
+                                        key=key,
+                                    ),
+                                ],
+                            )
             try:
                 mapping[key] = value
             except Exception as exc:
@@ -176,7 +183,8 @@ def construct_yaml_map(self, node):
 
         (obj,) = SafeConstructor.construct_yaml_map(self, node)
 
-        return dict_node(obj, node.start_mark, node.end_mark)
+        using_merge = False if not hasattr(node, "using_merge") else node.using_merge
+        return dict_node(obj, node.start_mark, node.end_mark, using_merge)
 
     def construct_yaml_str(self, node):
         obj = SafeConstructor.construct_yaml_str(self, node)
diff --git a/src/cfnlint/decode/node.py b/src/cfnlint/decode/node.py
@@ -54,14 +54,19 @@ class node_class(cls):
         """Node class created based on the input class"""
 
         def __init__(
-            self, x, start_mark: Mark | None = None, end_mark: Mark | None = None
+            self,
+            x,
+            start_mark: Mark | None = None,
+            end_mark: Mark | None = None,
+            using_merge: bool = False,
         ):
             try:
                 cls.__init__(self, x)
             except TypeError:
                 cls.__init__(self)
             self.start_mark = start_mark or Mark()
             self.end_mark = end_mark or Mark()
+            self.using_merge = using_merge
 
         def __deepcopy__(self, memo):
             result = dict_node(self, self.start_mark, self.end_mark)
diff --git a/src/cfnlint/rules/aws_cli/UsingMerge.py b/src/cfnlint/rules/aws_cli/UsingMerge.py
@@ -0,0 +1,48 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+from __future__ import annotations
+
+from typing import Any
+
+from cfnlint.rules import CloudFormationLintRule, RuleMatch
+from cfnlint.template import Template
+
+
+class UsingMerge(CloudFormationLintRule):
+    id = "W1100"
+    shortdesc = "Validate if the template is using YAML merge"
+    description = (
+        "The CloudFormation service does not support YAML anchors, "
+        "aliases, or merging. This rule validates if the "
+        "merge capability is being used"
+    )
+    source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-formats.html"
+    tags = ["yaml"]
+
+    def _nested_obj(self, obj: Any, path: list[str | int]) -> list[RuleMatch]:
+        matches = []
+        if isinstance(obj, dict):
+            if hasattr(obj, "using_merge") and obj.using_merge:
+                matches.append(
+                    RuleMatch(
+                        path=path,
+                        message=(
+                            "This code is using yaml marge capabilities "
+                            "and can only be deployed using the "
+                            "'package' cli command"
+                        ),
+                    )
+                )
+            for k, v in obj.items():
+                matches.extend(self._nested_obj(v, path + [k]))
+        elif isinstance(obj, list):
+            for i, e in enumerate(obj):
+                matches.extend(self._nested_obj(e, path + [i]))
+        return matches
+
+    def match(self, cfn: Template):
+
+        return self._nested_obj(cfn.template, [])
diff --git a/src/cfnlint/rules/aws_cli/__init__.py b/src/cfnlint/rules/aws_cli/__init__.py
diff --git a/test/unit/module/cfn_yaml/test_yaml.py b/test/unit/module/cfn_yaml/test_yaml.py
@@ -75,3 +75,47 @@ def test_map_failure(self):
             cfnlint.decode.cfn_yaml.load,
             filename,
         )
+
+    def test_yaml_merge(self):
+        raw_template = """
+        Resources:
+            Parameter1:
+                Type: AWS::SSM::Parameter
+                Properties: &ssm-parameters
+                    Type: String
+                    Value: 1
+
+            Parameter2:
+                Type: AWS::SSM::Parameter
+                Properties:
+                    <<: *ssm-parameters
+                    Value: 2
+        """
+
+        result = cfnlint.decode.cfn_yaml.loads(raw_template)
+
+        self.assertTrue(
+            result.get("Resources").get("Parameter2").get("Properties").using_merge
+        )
+
+        self.assertDictEqual(
+            result,
+            {
+                "Resources": {
+                    "Parameter1": {
+                        "Type": "AWS::SSM::Parameter",
+                        "Properties": {
+                            "Type": "String",
+                            "Value": 1,
+                        },
+                    },
+                    "Parameter2": {
+                        "Type": "AWS::SSM::Parameter",
+                        "Properties": {
+                            "Type": "String",
+                            "Value": 2,
+                        },
+                    },
+                }
+            },
+        )
diff --git a/test/unit/rules/aws_cli/__init__.py b/test/unit/rules/aws_cli/__init__.py
diff --git a/test/unit/rules/aws_cli/test_using_merge.py b/test/unit/rules/aws_cli/test_using_merge.py
@@ -0,0 +1,67 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import pytest
+
+from cfnlint.context import create_context_for_template
+from cfnlint.decode.cfn_yaml import loads
+from cfnlint.rules import RuleMatch
+from cfnlint.rules.aws_cli.UsingMerge import UsingMerge
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = UsingMerge()
+    yield rule
+
+
+@pytest.fixture(scope="module")
+def context(cfn):
+    return create_context_for_template(cfn)
+
+
+@pytest.mark.parametrize(
+    "name,template,expected",
+    [
+        (
+            "A good template",
+            loads(
+                """
+            One:
+                A: 1
+            """
+            ),
+            [],
+        ),
+        (
+            "A merge template",
+            loads(
+                """
+            One:
+                &foo
+                A: 1
+            Two:
+                <<: *foo
+                A: 2
+            """
+            ),
+            [
+                RuleMatch(
+                    path=["Two"],
+                    message=(
+                        "This code is using yaml marge capabilities "
+                        "and can only be deployed using the "
+                        "'package' cli command"
+                    ),
+                )
+            ],
+        ),
+    ],
+    indirect=["template"],
+)
+def test_validate(name, template, expected, rule, cfn):
+    errs = list(rule.match(cfn))
+
+    assert errs == expected, f"Test {name!r} got {errs!r}"
