Relax E3041 to support AWS::Route53::RecordSet resources that specify DNS root records (#3376) (#3377)

jakob-keller · web-flow · commit b0782f87c49a · 2024-06-22T06:55:15.000-07:00
diff --git a/docs/rules.md b/docs/rules.md
@@ -137,7 +137,7 @@ The following **208** rules are applied by this linter:
 | [E3038<a name="E3038"></a>](../src/cfnlint/rules/resources/ServerlessTransform.py) | Check if Serverless Resources have Serverless Transform | Check that a template with Serverless Resources also includes the Serverless Transform |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html) | `resources`,`transform` |
 | [E3039<a name="E3039"></a>](../src/cfnlint/rules/resources/dynamodb/AttributeMismatch.py) | AttributeDefinitions / KeySchemas mismatch | Verify the set of Attributes in AttributeDefinitions and KeySchemas match |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) | `resources`,`dynamodb` |
 | [E3040<a name="E3040"></a>](../src/cfnlint/rules/resources/properties/ReadOnly.py) | Validate we aren't configuring read only properties | Read only properties can be configured in a CloudFormation template but they aren't sent to the resource provider code and can cause drift. |  | [Source](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-schema.html#schema-properties-readonlyproperties) | `resources`,`properties` |
-| [E3041<a name="E3041"></a>](../src/cfnlint/rules/resources/route53/RecordSetName.py) | RecordSet HostedZoneName is a superdomain of Name | In a RecordSet, the HostedZoneName must be a superdomain of the Name being validated |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-name) | `resource`,`properties`,`route53` |
+| [E3041<a name="E3041"></a>](../src/cfnlint/rules/resources/route53/RecordSetName.py) | RecordSet HostedZoneName is a superdomain of or equal to Name | In a RecordSet, the HostedZoneName must be a superdomain of or equal to the Name being validated |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-name) | `resource`,`properties`,`route53` |
 | [E3042<a name="E3042"></a>](../src/cfnlint/rules/resources/ecs/TaskDefinitionEssentialContainer.py) | Validate at least one essential container is specified | Check that every TaskDefinition specifies at least one essential container |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html#cfn-ecs-taskdefinition-containerdefinition-essential) | `properties`,`ecs`,`task`,`container`,`fargate` |
 | [E3043<a name="E3043"></a>](../src/cfnlint/rules/resources/cloudformation/NestedStackParameters.py) | Validate parameters for in a nested stack | Evalute if parameters for a nested stack are specified and if parameters are specified for a nested stack that aren't required. |  | [Source](https://github.com/awslabs/cfn-python-lint) | `resources`,`cloudformation` |
 | [E3044<a name="E3044"></a>](../src/cfnlint/rules/resources/ecs/FargateDeploymentSchedulingStrategy.py) | ECS service using FARGATE or EXTERNAL can only use SchedulingStrategy of REPLICA | When using a TargetType of Fargate or External the SchedulingStrategy has to be Replica |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-schedulingstrategy) | `properties`,`ecs`,`service`,`container`,`fargate` |
diff --git a/src/cfnlint/rules/resources/route53/RecordSetName.py b/src/cfnlint/rules/resources/route53/RecordSetName.py
@@ -16,10 +16,10 @@ class RecordSetName(CfnLintKeyword):
     """Check if a Route53 Resoruce Records Name is valid with a HostedZoneName"""
 
     id = "E3041"
-    shortdesc = "RecordSet HostedZoneName is a superdomain of Name"
+    shortdesc = "RecordSet HostedZoneName is a superdomain of or equal to Name"
     description = (
-        "In a RecordSet, the HostedZoneName must be a superdomain of the Name being"
-        " validated"
+        "In a RecordSet, the HostedZoneName must be a superdomain of or equal to"
+        " the Name being validated"
     )
     source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-name"
     tags = ["resource", "properties", "route53"]
@@ -39,24 +39,22 @@ def validate(
             name = props.get("Name", None)
             hz_name = props.get("HostedZoneName", None)
             if isinstance(name, str) and isinstance(hz_name, str):
-                if hz_name[-1] != ".":
+                if not hz_name.endswith("."):
                     yield ValidationError(
                         f"{hz_name!r} must end in a dot",
                         path=deque(["HostedZoneName"]),
                         instance=props.get("HostedZoneName"),
                     )
+                    hz_name = f"{hz_name}."
 
-                if hz_name[-1] == ".":
-                    hz_name = hz_name[:-1]
-                hz_name = f".{hz_name}"
-                if name[-1] == ".":
-                    name = name[:-1]
+                if not name.endswith("."):
+                    name = f"{name}."
 
-                if hz_name not in [name, name[-len(hz_name) :]]:
+                if name != hz_name and not name.endswith(f".{hz_name}"):
                     yield ValidationError(
                         (
                             f"{props.get('Name')!r} must be a subdomain "
-                            f"of {props.get('HostedZoneName')!r}"
+                            f"of or equal to {props.get('HostedZoneName')!r}"
                         ),
                         path=deque(["Name"]),
                         instance=props.get("Name"),
diff --git a/test/unit/rules/resources/route53/test_recordset_name.py b/test/unit/rules/resources/route53/test_recordset_name.py
@@ -27,6 +27,13 @@ def rule():
             },
             [],
         ),
+        (
+            {
+                "HostedZoneName": "bar.",
+                "Name": "bar",
+            },
+            [],
+        ),
         (
             {
                 "HostedZoneName": "bar.",
@@ -60,7 +67,7 @@ def rule():
             },
             [
                 ValidationError(
-                    "'bar.foo.' must be a subdomain of 'bar.'",
+                    "'bar.foo.' must be a subdomain of or equal to 'bar.'",
                     path=deque(["Name"]),
                 )
             ],
@@ -72,7 +79,7 @@ def rule():
             },
             [
                 ValidationError(
-                    "'foobar.' must be a subdomain of 'bar.'",
+                    "'foobar.' must be a subdomain of or equal to 'bar.'",
                     path=deque(["Name"]),
                 )
             ],

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,13 @@ def rule():`
`27`	`27`	`},`
`28`	`28`	`[],`
`29`	`29`	`),`
	`30`	`+ (`
	`31`	`+ {`
	`32`	`+ "HostedZoneName": "bar.",`
	`33`	`+ "Name": "bar",`
	`34`	`+ },`
	`35`	`+ [],`
	`36`	`+ ),`
`30`	`37`	`(`
`31`	`38`	`{`
`32`	`39`	`"HostedZoneName": "bar.",`
`@@ -60,7 +67,7 @@ def rule():`
`60`	`67`	`},`
`61`	`68`	`[`
`62`	`69`	`ValidationError(`
`63`		`- "'bar.foo.' must be a subdomain of 'bar.'",`
	`70`	`+ "'bar.foo.' must be a subdomain of or equal to 'bar.'",`
`64`	`71`	`path=deque(["Name"]),`
`65`	`72`	`)`
`66`	`73`	`],`
`@@ -72,7 +79,7 @@ def rule():`
`72`	`79`	`},`
`73`	`80`	`[`
`74`	`81`	`ValidationError(`
`75`		`- "'foobar.' must be a subdomain of 'bar.'",`
	`82`	`+ "'foobar.' must be a subdomain of or equal to 'bar.'",`
`76`	`83`	`path=deque(["Name"]),`
`77`	`84`	`)`
`78`	`85`	`],`