Not alert on asterisk resources (#4024)

Author: kddejong

src/cfnlint/rules/resources/iam/StatementResources.py

@@ -5,6 +5,7 @@
 
 from __future__ import annotations
 
+import logging
 from collections import deque
 from typing import Any
 
@@ -14,6 +15,8 @@
 from cfnlint.rules.helpers import get_value_from_path
 from cfnlint.rules.jsonschema.CfnLintKeyword import CfnLintKeyword
 
+LOGGER = logging.getLogger(__name__)
+
 
 class _Arn:
 
@@ -164,8 +167,9 @@ def validate(
                                     rule=self,
                                 )
                 else:
-                    yield ValidationError(
-                        f"action {action!r} requires a resource of '*'",
-                        path=deque(["Resource"]),
-                        rule=self,
-                    )
+                    LOGGER.debug(f"action {action!r} requires a resource of '*'")
+                    # yield ValidationError(
+                    #    f"action {action!r} requires a resource of '*'",
+                    #    path=deque(["Resource"]),
+                    #    rule=self,
+                    # )

test/unit/rules/resources/iam/test_statement_resources.py

@@ -118,11 +118,11 @@ def template():
                 "Resource": [{"Ref": "LogGroup"}],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -131,11 +131,11 @@ def template():
                 "Resource": [{"Foo": "Bar"}],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -144,11 +144,11 @@ def template():
                 "Resource": ["arn:aws:cloudformation:us-east-1:123456789012:*"],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -160,11 +160,11 @@ def template():
                 "Resource": ["arn:aws:cloudformation:us-east-1:123456789012:*"],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -173,11 +173,11 @@ def template():
                 "Resource": ["arn:aws:cloudformation:us-east-1:123456789012:*"],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -196,11 +196,11 @@ def template():
                 "Resource": ["arn:aws:cloudformation:*:*:stack/*"],
             },
             [
-                ValidationError(
-                    "action 'cloudformation:CreateStackSet' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'cloudformation:CreateStackSet' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
         (
@@ -335,21 +335,18 @@ def template():
                 "Resource": {"Fn::GetAtt": "LogGroup.Arn"},
             },
             [
-                ValidationError(
-                    "action 'logs:DescribeLogGroups' requires a resource of '*'",
-                    rule=StatementResources(),
-                    path=deque(["Resource"]),
-                ),
+                # ValidationError(
+                #    "action 'logs:DescribeLogGroups' requires a resource of '*'",  # noqa: E501
+                #    rule=StatementResources(),
+                #    path=deque(["Resource"]),
+                # ),
             ],
         ),
     ],
 )
 def test_rule(instance, expected, rule, validator):
     errors = list(rule.validate(validator, {}, instance, {}))
 
-    for err in errors:
-        print(err.message)
-        print(err.path)
     assert errors == expected, f"Got {errors!r}"