Skip to content

feat(core): plugin violations can be suppressed#37808

Merged
mergify[bot] merged 5 commits into
mainfrom
conroy/plugin-suppression
May 11, 2026
Merged

feat(core): plugin violations can be suppressed#37808
mergify[bot] merged 5 commits into
mainfrom
conroy/plugin-suppression

Conversation

@kaizencc
Copy link
Copy Markdown
Contributor

@kaizencc kaizencc commented May 8, 2026
edited
Loading

Reason for this change

Part of the Validations RFC. Enables suppression of validation plugin findings via Validations.of().acknowledge(). Reroll of #37781

Description of changes

  • collectAcknowledgedRuleIds() walks the construct tree collecting acknowledged rule IDs from metadata
  • After all plugins report, violations matching acknowledged IDs are filtered out
  • Rule matching: <pluginName>::<ruleName> (e.g. CfnGuardValidator::S3_BUCKET_VERSIONING)
  • Fatal violations (severity === 'fatal') cannot be suppressed
  • Works for any plugin — no dependency on the default validation engine

Usage

Validations.of(myConstruct).acknowledge({
  id: 'CfnGuardValidator::S3_BUCKET_VERSIONING',
  reason: 'Handled by org-level policy'
});

Description of how you validated changes

  • tsc --noEmit passes
  • 41 validation tests pass (2 new: suppression works, fatal cannot be suppressed)

Checklist

@kaizencc
feat(core): add suppression filtering for plugin violations
76026a4 
Add post-plugin suppression filtering so that violations from any
plugin can be suppressed via Validations.of().acknowledge().

- collectAcknowledgedRuleIds() walks the construct tree collecting
  acknowledged rule IDs from metadata
- Violations matched as <pluginName>::<ruleName> against acknowledged set
- Fatal violations cannot be suppressed
- Works for any plugin: default::E9001, CfnGuardValidator::RULE, etc.
- Test uses Validations.of().addPlugins() (not deprecated Beta1 prop)
@kaizencc kaizencc requested a review from a team as a code owner May 8, 2026 19:10
@kaizencc kaizencc added pr-linter/exempt-readme The PR linter will not require README changes pr-linter/exempt-integ-test The PR linter will not require integ test changes labels May 8, 2026
@github-actions github-actions Bot added the p2 label May 8, 2026
@mergify mergify Bot added the contribution/core This is a PR that came from AWS. label May 8, 2026
@mergify mergify Bot temporarily deployed to automation May 8, 2026 19:11 Inactive
@mergify mergify Bot temporarily deployed to automation May 8, 2026 19:11 Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026
edited
Loading

⚠️ The following issue reference(s) in your PR description are not valid issues:

Please make sure your PR references an existing issue using the format Closes #123.

@kaizencc kaizencc changed the title feat(core): add suppression filtering for plugin violations feat(core): plugin violations can be suppressed May 8, 2026
@kaizencc
feat: normalize spaces to dashes in suppression IDs
e8ad9cf 
Plugin names and rule names with spaces use dashes in the
suppression ID. For example, a plugin named 'My Plugin' with
rule 'MY RULE' is suppressed with 'My-Plugin::MY-RULE'.
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 11, 2026

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 11, 2026
edited
Loading

Merge Queue Status

  • Entered queue2026-05-11 14:46 UTC · Rule: default-squash
  • Checks passed · in-place
  • Merged2026-05-11 16:19 UTC · at 604bcdf70c6a9fab04b87eb9c3c7fe69b83bf25d · squash

This pull request spent 1 hour 33 minutes 12 seconds in the queue, including 31 minutes 30 seconds running CI.

Required conditions to merge

@mergify mergify Bot temporarily deployed to automation May 11, 2026 15:48 Inactive
@mergify mergify Bot temporarily deployed to automation May 11, 2026 15:48 Inactive
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented May 11, 2026

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify Bot merged commit a47ad39 into main May 11, 2026
19 of 20 checks passed
@mergify mergify Bot deleted the conroy/plugin-suppression branch May 11, 2026 16:19
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 11, 2026

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions Bot locked as resolved and limited conversation to collaborators May 11, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr-linter/exempt-integ-test The PR linter will not require integ test changes pr-linter/exempt-readme The PR linter will not require README changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kaizencc @rix0rrr @aws-cdk-automation