Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to use --override-spec in cfn-lint v1+ #3893

Open
chensun01 opened this issue Dec 31, 2024 · 0 comments
Open

How to use --override-spec in cfn-lint v1+ #3893

chensun01 opened this issue Dec 31, 2024 · 0 comments
Labels
investigating question Further information is requested

Comments

@chensun01
Copy link

Environment
cfn-lint version: 1.22.3
OS: macOS / Ubuntu
Python version: 3.9.6
Installation method: pip install cfn-lint

Description
I'm trying to upgrade from cfn-lint 0.87.x to 1.x
For adding compatibility with custom macro resources we are trying to add custom properties to some resource types, for example "AWS::EC2::NetworkAcl" via the --override-spec command. We currently integrate cfn-lint 0.x with our CI pipelines successfully as of today. While with the same command on cfn-lint v1+, it is not working.

Here's a simple example, override-file.json:

{
    "ResourceTypes": {
        "AWS::EC2::NetworkAcl": {
            "Documentation": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkacl.html",
            "Properties": {
                "Inbound": {
                    "Required": false
                },
                "Outbound": {
                    "Required": false
                },
                "Association": {
                    "Required": false
                }
            }
        }
    }
}

CFN template test-vpc.yaml:

... ...
  NaclPublic:
    Type: AWS::EC2::NetworkAcl
    Condition: HasPublicSubnets
    Properties:
      VpcId: !Ref VPC
      Inbound:
        - "100,-1,allow,10.0.0.0/8,0-65535"
      Outbound:
        - "100,-1,allow,10.0.0.0/8,0-65535"
      Association:
        - SubnetAPub
        - SubnetBPub
        - SubnetCPub
      Tags:
      - Key: AccessControl
        Value: PUBLIC
        ... ...

Transform:
  - NaclExpander

cfn-lint command:
cfn-lint test-vpc.yaml --override-spec override-file.json

Expected Behavior
The --override-spec flag should successfully load the custom spec file and apply it, returning no error as cfn-lint v0.87.x.

Current Behavior
The --override-spec parameter is apparently ignored. cfn-lint does not seem to process the custom spec file.
Error log:

E3002 Additional properties are not allowed ('Inbound' was unexpected)
test-vpc.yaml:195:7

E3002 Additional properties are not allowed ('Outbound' was unexpected)
test-vpc.yaml:200:7

E3002 Additional properties are not allowed ('Association' was unexpected)
test-vpc.yaml:205:7
@chensun01 chensun01 added the question Further information is requested label Dec 31, 2024
@chensun01 chensun01 changed the title --override-spec not working in cfn-lint v1+ How to use --override-spec in cfn-lint v1+ Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigating question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kddejong @chensun01