search

aws-cloudformation / cfn-lint

CloudFormation Linter
MIT No Attribution
2.4k stars 577 forks source link

cfn-lint not recognizing that test is a valid parameter of an Autoscaling Group's #3422

Closed isuftin closed 6 days ago

isuftin commented 6 days ago

CloudFormation Lint Version

1.3.4

What operating system are you using?

MacOS, Alpine Linux

Describe the bug

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands

It looks like later versions of cfn-init are returning E3009 Additional properties are not allowed ('test' was unexpected) when we have a test in our launchtemplate command definition.

Expected behavior

No error

Reproduction template

---
AWSTemplateFormatVersion: '2010-09-09'
Description: Test Template
Transform: AWS::LanguageExtensions
Resources:
  LaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateData:
        BlockDeviceMappings:
          - DeviceName: /dev/sda1
            Ebs:
              Encrypted: true
              DeleteOnTermination: true
              VolumeSize: 128
        EbsOptimized: true
        IamInstanceProfile:
          Name: !Sub '{{resolve:ssm:/iam/roleec2instanceprofile}}'
        ImageId: !Sub '{{resolve:ssm:/ami/redhat9:26}}'
        Monitoring:
          Enabled: true
        InstanceType: c7i.2xlarge
        KeyName: some-key-name
        SecurityGroupIds:
          - !Sub '{{resolve:ssm:/securitygroups/ssh}}'
        UserData:
          Fn::Base64: !Sub |
            #!/bin/bash -xe

            Some User Data
    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          ascending:
            - 'setup'
        setup:
          files:
            /root/setup.sh:
              content: |
                #!/bin/bash -ex

                some script
              owner: root
              group: root
              mode: '000774'
              test: test ! -e /root/setup.sh
          commands:
            00-setup:
              command: /root/setup.sh
isuftin commented 6 days ago

For giggles I tried to change the command test runs to something nonsensical (test: something nonsensical) and still got the same error description. I did this to make sure that the test command was not what was being flagged here but for sure is the parameter.

kddejong commented 6 days ago

I'm assuming test is valid? I'm not seeing it in this list https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-files

isuftin commented 6 days ago

@kddejong Yeah you're absolutely right. We've had it wrong in our template the whole time with no ill effects. I guess kudos to cfn-lint for catching that! :D

Noob move on our end. Will close issue.

Thank you.