search

aws-cloudformation / cfn-lint

CloudFormation Linter
MIT No Attribution
2.4k stars 577 forks source link

Regression: cfnlint.core.get_checks() fails to ignore checks in 1.3.x #3427

Closed kimsappi closed 5 days ago

kimsappi commented 5 days ago

CloudFormation Lint Version

1.3.7

What operating system are you using?

Debian

Describe the bug

Even though error codes (e.g. ["E3002"]) are set to be ignored, the errors are still caught. The rule is disabled in RulesCollection. Ignoring checks works correctly with the CLI client.

Here is example code to reproduce the behaviour:

import cfnlint
import cfnlint.core
import subprocess
import tempfile

data = """
AWSTemplateFormatVersion: 2010-09-09

Resources:
  ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
      NonExistentProperty: value
"""

subprocess.run(["cfn-lint", "-v"])

with tempfile.NamedTemporaryFile("w") as f:
    f.write(data)
    f.flush()
    print("CLI result:")
    subprocess.run(["cfn-lint", "-i", "E3002", "--", f.name])

template = cfnlint.decode.cfn_yaml.loads(data)
rules = cfnlint.core.get_rules([], ["E3002"], [])
# Disable with 0.x since this doesn't exist.
# if rules.is_rule_enabled(rules.rules.get("E3002")):
#     raise ValueError("E3002 should be disabled")
matches = cfnlint.core.run_checks("template.yaml", template, rules, ["us-east-1"])
print("\nPython result:")
print(matches)

The above provides different output with cfn-lint 1.37.7 and 0.87.7:

$ python3 fail_to_ignore.py 
cfn-lint 0.87.7
CLI result:

Python result:
[]
$ python3 fail_to_ignore.py
cfn-lint 1.3.7
CLI result:

Python result:
[[E3002: Resource properties are invalid] (Additional properties are not allowed ('NonExistentProperty' was unexpected)) matched template.yaml:8]

Expected behavior

Error codes provided to cfnlint.core.get_rules() should not result in lint errors.

Reproduction template

AWSTemplateFormatVersion: 2010-09-09

Resources:
  ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
      NonExistentProperty: value
kddejong commented 5 days ago

Taking a look into this. My first note would be around using the API as we have tried to make some of these integrations easier for you. The API will build the rules for you, decode the file, etc.

data = """
AWSTemplateFormatVersion: 2010-09-09

Resources:
  ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
      NonExistentProperty: value
"""

config = cfnlint.config.ManualArgs(
    regions=["us-east-1"],
    ignore_checks=["E3002"],
)
matches = cfnlint.api.lint(data, config=config)
kimsappi commented 5 days ago

Yes, we found the new API as well. Looks like you've already fixed the problem anyway (I tested my example code with the change in place, and it works).