aws-ia / taskcat

Test all the CloudFormation things! (with TaskCat)
https://aws-ia.github.io/taskcat/
Apache License 2.0
1.17k stars 213 forks source link

Taskcat basic CloudFormation resource check failing on valid resource #758

Closed tlindsay42 closed 2 years ago

tlindsay42 commented 2 years ago

Describe the bug A clear and concise description of what the bug is.

While testing the VMware Tanzu Application Platform Quick Start for interop in GovCloud in PR #93, I received the following error indicating that Route 53 private hosted zones aren't supported in GovCloud, which is inaccurate. Afterward, I re-ran with the --lint-disabled parameter, and the deployment completed successfully.

version 0.9.31
[INFO   ] : Linting passed for file: /mnt/c/Users/trlindsa/git/quickstart-vmware-tanzu-application-platform/templates/aws-tap-entrypoint-new-vpc.template.yaml
[ERROR  ] : ---
[ERROR  ] : Linting detected issues in: /mnt/c/Users/trlindsa/git/quickstart-vmware-tanzu-application-platform/templates/aws-tap-entrypoint-existing-vpc.template.yaml
[ERROR  ] :     line 765 [3001] [Basic CloudFormation Resource Check] Invalid or unsupported Type AWS::Route53::HostedZone for resource
                                                            PrivateHostedZone in us-gov-east-1
[WARN   ] : No stacks were created... skipping cleanup.
[ERROR  ] : Lint failed with errors

To Reproduce Steps to reproduce the behavior:

  1. Are you testing a QuickStart or Custom template? https://github.com/aws-quickstart/quickstart-vmware-tanzu-application-platform/
  2. Attach or link a copy of the template if possible (remove any sensitive info) https://github.com/aws-quickstart/quickstart-vmware-tanzu-application-platform/blob/main/templates/aws-tap-entrypoint-new-vpc.template.yaml
  3. Provide the parameters that you passed. (remove any sensitive info) Same as in SwingLine CI.
  4. How did you install taskcat? (docker or pip3) pip3
  5. Are you using a profile, an instance role or access keys to run taskcat? Profile
  6. Is your AWS environment configured via aws configure? Yes

Expected behavior A clear and concise description of what you expected to happen.

The taskcat basic CloudFormation resource check should not fail for valid resources.

Screenshots If applicable, add screenshots to help explain your problem.

With linting enabled, the linter failed on the resource check image

With linting disabled, I made it through a full deploy & destroy image

**Version (Please make sure you are running the latest version of taskcat)

To find versions: Via taskcat: taskcat -V

  taskcat -v
   _            _             _   
  | |_ __ _ ___| | _____ __ _| |_
  | __/ _` / __| |/ / __/ _` | __|
  | || (_| \__ \   < (_| (_| | |_
   \__\__,_|___/_|\_\___\__,_|\__|

  version 0.9.31
  0.9.31

Via pip3: pip3 show taskcat

  pip3 show taskcat | head -2
  Name: taskcat
  Version: 0.9.31

Note: both version should match

To update taskcat run: for docker : docker pull taskcat/taskcat for pip3: pip3 install --upgrade taskcat

Additional context Add any other context about the problem here.

andrew-glenn commented 2 years ago

Are you able to verify independently with cfn-lint specifying the us-gov region in question?

What version of cfn-lint?

tlindsay42 commented 2 years ago

Whoops! Didn't know taskcat leveraged cfn-lint for that functionality. I'm able to reproduce in both us-gov-east-1 & us-gov-west-1 for cfn-lint versions 0.61.1 and 0.61.4. I'll open an issue over there when I'm back on Monday. Thanks @andrew-glenn!

$ cfn-lint -t ./templates/aws-tap-entrypoint-existing-vpc.template.yaml -r us-gov-west-1
E3001 Invalid or unsupported Type AWS::Route53::HostedZone for resource PrivateHostedZone in us-gov-west-1
./templates/aws-tap-entrypoint-existing-vpc.template.yaml:765:5

$ cfn-lint -t ./templates/aws-tap-entrypoint-existing-vpc.template.yaml -r us-gov-east-1
E3001 Invalid or unsupported Type AWS::Route53::HostedZone for resource PrivateHostedZone in us-gov-east-1
./templates/aws-tap-entrypoint-existing-vpc.template.yaml:765:5