Fixed E2521 to check against other properties instead of values (aws-…

…cloudformation#366) * Fixed E2521 to check against other properties instead of values * Added public rds template as a positive test for E2521 * Removed changes to Exclusive.json, will address in a separate ticket * Removed extraneous lines from test template * Removed extraneous lines from test template
andyloughran · Sep 27, 2018 · 9a24d25 · 9a24d25
1 parent f2baadf
commit 9a24d25
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 4 deletions.
diff --git a/src/cfnlint/data/AdditionalSpecs/Inclusive.json b/src/cfnlint/data/AdditionalSpecs/Inclusive.json
@@ -10,6 +10,14 @@
         "MasterUsername"
       ]
     },
+    "AWS::RDS::DBInstance": {
+      "MasterUsername": [
+        "MasterUserPassword"
+      ],
+      "MasterUserPassword": [
+        "MasterUsername"
+      ]
+    },
     "AWS::OpsWorks::Stack": {
       "VpcId": [
         "DefaultSubnetId"

diff --git a/src/cfnlint/rules/resources/properties/Exclusive.py b/src/cfnlint/rules/resources/properties/Exclusive.py
@@ -46,7 +46,7 @@ def check(self, properties, exclusions, path):
             if prop in exclusions:
                 for excl_property in exclusions[prop]:
                     if excl_property in properties:
-                        message = 'Parameter {0} should NOT exist with {1} for {2}'
+                        message = 'Property {0} should NOT exist with {1} for {2}'
                         matches.append(RuleMatch(
                             path + [prop],
                             message.format(excl_property, prop, '/'.join(map(str, path)))

diff --git a/src/cfnlint/rules/resources/properties/Inclusive.py b/src/cfnlint/rules/resources/properties/Inclusive.py
@@ -46,11 +46,11 @@ def check(self, properties, inclusions, path):
             return matches
 
         for items, p in properties.items_safe(path=path, type_t=(dict)):
-            for k, v in items.items():
+            for k in items.keys():
                 if k in inclusions:
                     for incl_property in inclusions[k]:
-                        if incl_property not in v:
-                            message = 'Parameter {0} should exist with {1} for {2}'
+                        if incl_property not in items.keys():
+                            message = 'Property {0} should exist with {1} for {2}'
                             matches.append(RuleMatch(
                                 p,
                                 message.format(incl_property, k, '/'.join(map(str, p)))

diff --git a/test/fixtures/templates/public/rds-cluster.yaml b/test/fixtures/templates/public/rds-cluster.yaml
@@ -0,0 +1,28 @@
+---
+AWSTemplateFormatVersion: '2010-09-09'
+Description: MU database in a specific environment
+Parameters:
+  DatabaseMasterUsername:
+    Type: String
+    NoEcho: true
+    Description: Username of database
+  DatabaseName:
+    Type: String
+    Description: Name of database
+  DatabaseMasterPassword:
+    Type: String
+    NoEcho: true
+    Description: Password of database
+
+Resources:
+  DBCluster:
+    Type: AWS::RDS::DBCluster
+    Properties:
+      MasterUsername: !Ref DatabaseMasterUsername
+      MasterUserPassword: !Ref DatabaseMasterPassword
+      DatabaseName: !Ref DatabaseName
+      Engine: aurora
+      EngineMode: serverless
+      Tags:
+      - Key: Name
+        Value: !Ref DatabaseName