Fix an issue with SSM params for ForEach (#3294)

kddejong · web-flow · commit f90216b1bdc3 · 2024-06-11T13:39:12.000-07:00
* Fix an issue with SSM params for ForEach
* Fix an issue with regional schema validation on RDS
diff --git a/src/cfnlint/rules/resources/rds/DbClusterInstanceClassEnum.py b/src/cfnlint/rules/resources/rds/DbClusterInstanceClassEnum.py
@@ -25,3 +25,13 @@ def __init__(self) -> None:
                 "dbclusterinstanceclass_enum.json",
             ),
         )
+
+    def validate(self, validator, keywords, instance, schema):
+        # RDS pricing schemas are based on values
+        validator = validator.evolve(
+            context=validator.context.evolve(
+                functions=[],
+            )
+        )
+
+        yield from super().validate(validator, keywords, instance, schema)
diff --git a/src/cfnlint/rules/resources/rds/DbInstanceDbInstanceClassEnum.py b/src/cfnlint/rules/resources/rds/DbInstanceDbInstanceClassEnum.py
@@ -30,6 +30,12 @@ def validate(self, validator, keywords, instance, schema):
         if not validator.is_type(instance, "object"):
             return
 
+        validator = validator.evolve(
+            context=validator.context.evolve(
+                functions=[],
+            )
+        )
+
         if validator.is_type(instance.get("Engine"), "string"):
             instance["Engine"] = instance["Engine"].lower()
 
diff --git a/src/cfnlint/template/transforms/_language_extensions.py b/src/cfnlint/template/transforms/_language_extensions.py
@@ -51,6 +51,7 @@ def language_extension(cfn: Any) -> TransformResult:
     try:
         return transform.transform(cfn)
     except (_ValueError, _TypeError, _ResolveError) as e:
+        LOGGER.debug(e, exc_info=True)
         # pylint: disable=import-outside-toplevel
         from cfnlint.match import Match  # pylint: disable=cyclic-import
         from cfnlint.rules.TransformError import (  # pylint: disable=cyclic-import
@@ -83,6 +84,7 @@ def language_extension(cfn: Any) -> TransformResult:
             )
         ], None
     except Exception as e:  # pylint: disable=broad-exception-caught
+        LOGGER.debug(e, exc_info=True)
         # pylint: disable=import-outside-toplevel
         from cfnlint.match import Match  # pylint: disable=cyclic-import
         from cfnlint.rules.TransformError import (  # pylint: disable=cyclic-import
@@ -375,6 +377,15 @@ def value(
             except _ResolveError as e:
                 if len(self._map) == 4 and default_on_resolver_failure:
                     return self._map[3].value(cfn, params, only_params)
+                # no default value and map 1 exists
+                try:
+                    for _, v in mapping.get(
+                        t_map[1].value(cfn, params, only_params), {}
+                    ).items():
+                        if isinstance(v, list):
+                            return v
+                except _ResolveError:
+                    pass
                 raise _ResolveError("Can't resolve Fn::FindInMap", self._obj) from e
 
         if len(self._map) == 4 and default_on_resolver_failure:
@@ -453,6 +464,8 @@ def value(
         if not p:
             raise _ResolveError("Can't resolve Fn::Ref", self._obj)
         t = p.get("Type", "String")
+        if t.startswith("AWS::SSM::Parameter"):
+            raise _ResolveError("Can't resolve Fn::Ref", self._obj)
         default = p.get("Default")
         if default:
             if "List" in t:
diff --git a/test/unit/module/template/transforms/test_language_extensions.py b/test/unit/module/template/transforms/test_language_extensions.py
@@ -105,6 +105,11 @@ def setUp(self) -> None:
                     "AccountIds": {
                         "Type": "CommaDelimitedList",
                     },
+                    "SSMParameter": {
+                        "Type": "AWS::SSM::Parameter::Value<String>",
+                        "Default": "/global/account/accounttype",
+                        "AllowedValues": ["/global/account/accounttype"],
+                    },
                 },
             }
         )
@@ -154,6 +159,10 @@ def test_ref(self):
             ],
         )
 
+        fe = _ForEachValue.create({"Ref": "SSMParameter"})
+        with self.assertRaises(_ResolveError):
+            fe.value(self.cfn)
+
 
 class TestFindInMap(TestCase):
     def setUp(self) -> None:
@@ -174,6 +183,13 @@ def setUp(self) -> None:
                 "Mappings": {
                     "Bucket": {"Production": {"Names": ["foo", "bar"]}},
                     "AnotherBucket": {"Production": {"Names": ["a", "b"]}},
+                    "Config": {
+                        "DBInstances": {
+                            "Development": "1",
+                            "Stage": ["1", "2"],
+                            "Production": ["1", "2", "3"],
+                        }
+                    },
                 },
             }
         )
@@ -273,6 +289,19 @@ def test_find_in_map_values_without_default(self):
         with self.assertRaises(_ResolveError):
             map.value(self.cfn, None, False, False)
 
+    def test_find_in_map_values_without_default_resolve_error(self):
+        map = _ForEachValueFnFindInMap(
+            "a", ["Bucket", "Production", {"Ref": "SSMParameter"}]
+        )
+
+        self.assertEqual(map.value(self.cfn, None, False, True), ["foo", "bar"])
+
+        map = _ForEachValueFnFindInMap(
+            "a", ["Config", "DBInstances", {"Ref": "SSMParameter"}]
+        )
+
+        self.assertEqual(map.value(self.cfn, None, False, True), ["1", "2"])
+
     def test_mapping_not_found(self):
         map = _ForEachValueFnFindInMap(
             "a", ["Foo", {"Ref": "Foo"}, "Key", {"DefaultValue": "bar"}]
