Skip to content

Commit

Permalink
Remove experimental from W3037
Browse files Browse the repository at this point in the history
  • Loading branch information
kddejong committed Sep 16, 2024
1 parent f555712 commit 12576cb
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/cfnlint/rules/resources/iam/Permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ class Permissions(CfnLintKeyword):
description = "Check for valid IAM Permissions"
source_url = "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html"
tags = ["properties", "iam", "permissions"]
experimental = True

def __init__(self):
"""Init"""
Expand All @@ -33,6 +32,11 @@ def __init__(self):
def validate(
self, validator: Validator, _, instance: Any, schema: dict[str, Any]
) -> ValidationResult:
# Escape validation when using SAM transforms as a result of
# https://github.com/aws/serverless-application-model/issues/3633
if validator.context.transforms.has_sam_transform():
return

actions = ensure_list(instance)

for action in actions:
Expand All @@ -41,7 +45,7 @@ def validate(
if ":" not in action:
yield ValidationError(
(
f"{action!r} is not a valid action."
f"{action!r} is not a valid action. "
"Must be of the form service:action or '*'"
),
rule=self,
Expand Down
33 changes: 33 additions & 0 deletions test/unit/rules/resources/iam/test_iam_permissions_sam.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""

import pytest

from cfnlint.rules.resources.iam.Permissions import Permissions


@pytest.fixture(scope="module")
def rule():
rule = Permissions()
yield rule


@pytest.fixture
def template():
return {}
# {
# "Transform": "AWS::Serverless-2016-10-31",
# }


@pytest.mark.parametrize(
"name,instance,err_count",
[
("Empty string", "", 0),
],
)
def test_permissions(name, instance, err_count, rule, validator):
errors = list(rule.validate(validator, {}, instance, {}))
assert len(errors) == err_count, f"Test {name!r} got {errors!r}"

0 comments on commit 12576cb

Please sign in to comment.