Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive for Primary Identifiers E3019 When using Fn::ForEach and value from a Mapping #3382

Closed
georgealton opened this issue Jun 24, 2024 · 0 comments · Fixed by #3392
Closed

False Positive for Primary Identifiers E3019 When using Fn::ForEach and value from a Mapping #3382

georgealton opened this issue Jun 24, 2024 · 0 comments · Fixed by #3392

Comments

@georgealton
Copy link

georgealton commented Jun 24, 2024
edited
Loading

CloudFormation Lint Version

cfn-lint 1.3.3

What operating system are you using?

Arch

Describe the bug

Using Fn::ForEach to generate Resources cfn-lint reports that the PrimaryIdentifier is not unique across resources. I've only tried this with AWS::IAM::Role so not sure how many Resource Types this affects.

E3019 Primary identifiers {'RoleName': 'Bravo'} should have unique values across the resources {'A', 'B'}

Expected behavior

When using Fn::ForEach cfn-lint should evaluate that PrimaryIdentifiers are unique.

Reproduction template

Mappings:
  Roles:
    A:
      RoleName: Alpha
    B:
      RoleName: Bravo


Transform: AWS::LanguageExtensions

Resources:
  Fn::ForEach::TestRole:
    - Role
    - - A
      - B
    - ${Role}:
        Type: AWS::IAM::Role
        Properties:
          RoleName: !FindInMap
            - Roles
            - !Ref Role
            - RoleName
          AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Principal:
                  AWS: '*'
                Effect: Allow
                Action: sts:AssumeRole

This only seems to occur when using a Mapping - the following does not produce an E3019

Transform: AWS::LanguageExtensions

Resources:
  Fn::ForEach::TestRole:
    - Role
    - - A
      - B
    - ${Role}:
        Type: AWS::IAM::Role
        Properties:
          RoleName: !Ref Role
          AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Principal:
                  AWS: '*'
                Effect: Allow
                Action: sts:AssumeRole
@georgealton georgealton changed the title False Positive for Primary Identifiers E3019 When using Fn::ForEach False Positive for Primary Identifiers E3019 When using Fn::ForEach and value from a Mapping Jun 24, 2024
@georgealton georgealton changed the title False Positive for Primary Identifiers E3019 When using Fn::ForEach and value from a Mapping False Positive for Primary Identifiers E30159 When using Fn::ForEach and value from a Mapping Jun 24, 2024
@georgealton georgealton changed the title False Positive for Primary Identifiers E30159 When using Fn::ForEach and value from a Mapping False Positive for Primary Identifiers E3019 When using Fn::ForEach and value from a Mapping Jun 24, 2024
@kddejong kddejong mentioned this issue Jun 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Better resolution of mappings in transform kddejong/cfn-python-lint
1 participant
@georgealton