Skip to content

Commit 2e8bd3d

Browse files
kddejongkddejong
authored
Bring back stateful resources json (#3728)
1 parent 42423b7 commit 2e8bd3d

File tree

2 files changed

+45
-33
lines changed

2 files changed

+45
-33
lines changed

src/cfnlint/data/AdditionalSpecs/StatefulResources.json

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"ResourceTypes": {
3+
"AWS::Backup::BackupVault": {},
4+
"AWS::CloudFormation::Stack": {},
5+
"AWS::Cognito::UserPool": {},
6+
"AWS::DocDB::DBCluster": {},
7+
"AWS::DocDB::DBInstance": {},
8+
"AWS::DynamoDB::GlobalTable": {},
9+
"AWS::DynamoDB::Table": {},
10+
"AWS::EC2::Volume": {},
11+
"AWS::EFS::FileSystem": {},
12+
"AWS::EMR::Cluster": {},
13+
"AWS::ElastiCache::CacheCluster": {},
14+
"AWS::ElastiCache::ReplicationGroup": {},
15+
"AWS::Elasticsearch::Domain": {},
16+
"AWS::FSx::FileSystem": {},
17+
"AWS::KMS::Key": {},
18+
"AWS::Kinesis::Stream": {},
19+
"AWS::Logs::LogGroup": {},
20+
"AWS::Neptune::DBCluster": {},
21+
"AWS::Neptune::DBInstance": {},
22+
"AWS::OpenSearchService::Domain": {},
23+
"AWS::Organizations::Account": {},
24+
"AWS::QLDB::Ledger": {},
25+
"AWS::RDS::DBCluster": {},
26+
"AWS::RDS::DBInstance": {},
27+
"AWS::Redshift::Cluster": {},
28+
"AWS::S3::Bucket": {
29+
"DeleteRequiresEmptyResource": true
30+
},
31+
"AWS::SDB::Domain": {},
32+
"AWS::SQS::Queue": {},
33+
"AWS::SecretsManager::Secret": {}
34+
}
35+
}

src/cfnlint/rules/resources/UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes.py

Lines changed: 10 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@
55

66
from typing import Any
77

8+
import cfnlint.data.AdditionalSpecs
9+
from cfnlint.helpers import load_resource
810
from cfnlint.jsonschema import Validator
911
from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema
1012

1113

1214
class UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes(CfnLintJsonSchema):
13-
"""Check for UpdateReplacePolicy / DeletionPolicy"""
14-
1515
id = "I3011"
1616
shortdesc = "Check stateful resources have a set UpdateReplacePolicy/DeletionPolicy"
1717
description = (
@@ -28,36 +28,13 @@ def __init__(self):
2828
all_matches=True,
2929
)
3030

31-
self.config["types"] = [
32-
"AWS::Backup::BackupVault",
33-
"AWS::CloudFormation::Stack",
34-
"AWS::Cognito::UserPool",
35-
"AWS::DocDB::DBCluster",
36-
"AWS::DocDB::DBInstance",
37-
"AWS::DynamoDB::GlobalTable",
38-
"AWS::DynamoDB::Table",
39-
"AWS::EC2::Volume",
40-
"AWS::EFS::FileSystem",
41-
"AWS::EMR::Cluster",
42-
"AWS::ElastiCache::CacheCluster",
43-
"AWS::ElastiCache::ReplicationGroup",
44-
"AWS::Elasticsearch::Domain",
45-
"AWS::FSx::FileSystem",
46-
"AWS::KMS::Key",
47-
"AWS::Kinesis::Stream",
48-
"AWS::Logs::LogGroup",
49-
"AWS::Neptune::DBCluster",
50-
"AWS::Neptune::DBInstance",
51-
"AWS::OpenSearchService::Domain",
52-
"AWS::Organizations::Account",
53-
"AWS::QLDB::Ledger",
54-
"AWS::RDS::DBCluster",
55-
"AWS::RDS::DBInstance",
56-
"AWS::Redshift::Cluster",
57-
# "AWS::S3::Bucket", # can't be deleted without being empty
58-
"AWS::SDB::Domain",
59-
"AWS::SQS::Queue",
60-
"AWS::SecretsManager::Secret",
31+
spec = load_resource(cfnlint.data.AdditionalSpecs, "StatefulResources.json")
32+
self.likely_stateful_resource_types = [
33+
resource_type
34+
for resource_type, descr in spec["ResourceTypes"].items()
35+
# Resources that won't be deleted if they're not empty (ex: S3)
36+
# don't need to be checked for policies, as chance of mistakes are low.
37+
if not descr.get("DeleteRequiresEmptyResource", False)
6138
]
6239

6340
self._schema = {"required": ["DeletionPolicy", "UpdateReplacePolicy"]}
@@ -68,7 +45,7 @@ def validate(self, validator: Validator, s: Any, instance: Any, schema: Any):
6845
if not isinstance(resource_type, str):
6946
return
7047

71-
if resource_type not in self.config.get("types"): # type: ignore
48+
if resource_type not in self.likely_stateful_resource_types: # type: ignore
7249
return
7350

7451
for err in super().validate(validator, s, instance, self._schema):

0 commit comments

Comments
 (0)