add in more new rule testing (#3072)

aws-cloudformation · Feb 23, 2024 · f0ebd5a · f0ebd5a
1 parent fa77ca3
commit f0ebd5a
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 0 deletions.
diff --git a/test/unit/rules/parameters/test_dynamic_reference_secret.py b/test/unit/rules/parameters/test_dynamic_reference_secret.py
@@ -0,0 +1,69 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+import pytest
+
+from cfnlint.context import create_context_for_template
+from cfnlint.jsonschema import CfnTemplateValidator, ValidationError
+from cfnlint.rules.parameters.DynamicReferenceSecret import DynamicReferenceSecret
+from cfnlint.template import Template
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = DynamicReferenceSecret()
+    yield rule
+
+
+@pytest.fixture(scope="module")
+def cfn():
+    return Template(
+        "",
+        {
+            "Parameters": {
+                "MyParameter": {
+                    "Type": "String",
+                }
+            },
+            "Resources": {},
+        },
+        regions=["us-east-1"],
+    )
+
+
+@pytest.fixture(scope="module")
+def context(cfn):
+    return create_context_for_template(cfn)
+
+
+@pytest.mark.parametrize(
+    "name,instance,expected",
+    [
+        (
+            "REFing a parameter without a string",
+            {"Ref": []},
+            [],
+        ),
+        (
+            "REFing a resource=",
+            {"Ref": "MyResource"},
+            [],
+        ),
+        (
+            "REFing a parameter",
+            {"Ref": "MyParameter"},
+            [
+                ValidationError(
+                    "Use dynamic references over parameters for secrets",
+                    rule=DynamicReferenceSecret(),
+                )
+            ],
+        ),
+    ],
+)
+def test_validate(name, instance, expected, rule, context, cfn):
+    validator = CfnTemplateValidator(context=context, cfn=cfn)
+    errs = list(rule.validate(validator, {}, instance, {}))
+    assert errs == expected, f"Test {name!r} got {errs!r}"
diff --git a/test/unit/rules/resources/backup/test_backup_plan_lifecycle_rule.py b/test/unit/rules/resources/backup/test_backup_plan_lifecycle_rule.py
@@ -38,6 +38,20 @@ def validator():
             },
             [],
         ),
+        (
+            {
+                "DeleteAfterDays": "foo",
+                "MoveToColdStorageAfterDays": 10,
+            },
+            [],
+        ),
+        (
+            {
+                "DeleteAfterDays": 100,
+                "MoveToColdStorageAfterDays": "foo",
+            },
+            [],
+        ),
         (
             {
                 "DeleteAfterDays": 10,

diff --git a/test/unit/rules/resources/properties/test_image_id.py b/test/unit/rules/resources/properties/test_image_id.py
@@ -49,6 +49,11 @@ def validator():
             {"Ref": "MyImageId"},
             [],
         ),
+        (
+            "Valid Ref to a Pseudo-Parameter",
+            {"Ref": "AWS::Region"},
+            [],
+        ),
         (
             "Invalid Ref to a parameter of the wrong type",
             {"Ref": "MyString"},