fix

bridgecrewio · Nov 6, 2023 · cc0dea3 · cc0dea3
1 parent ee53c18
commit cc0dea3
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 26 deletions.
diff --git a/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py b/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py
@@ -1,29 +1,46 @@
-from aws_cdk import core
-from aws_cdk import aws_elasticache as elasticache
-
-class ElastiCacheReplicationGroupStack(core.Stack):
-
-    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
-        super().__init__(scope, id, **kwargs)
+from aws_cdk import aws_apigateway as apigateway
 
-        # Create an AWS ElastiCache Replication Group
-        replication_group = elasticache.CfnReplicationGroup(
-            self,
-            "MyElastiCacheReplicationGroup",
-            replication_group_id="my-replication-group",
-            replication_group_description="My ElastiCache Replication Group",
-            cache_node_type="cache.m4.large",
-            engine="redis",
-            engine_version="5.0.6",
-            port=6379,
-            num_cache_clusters=2,
-            automatic_failover_enabled=True,
-        )
+cfn_stage = apigateway.CfnStage(self, "MyCfnStage",
+    rest_api_id="restApiId",
 
-app = core.App()
-ElastiCacheReplicationGroupStack(app, "ElastiCacheReplicationGroupStack")
-app.synth()
+    # the properties below are optional
 
+    cache_cluster_enabled=False,
+    cache_cluster_size="cacheClusterSize",
+    canary_setting=apigateway.CfnStage.CanarySettingProperty(
+        deployment_id="deploymentId",
+        percent_traffic=123,
+        stage_variable_overrides={
+            "stage_variable_overrides_key": "stageVariableOverrides"
+        },
+        use_stage_cache=False
+    ),
+    client_certificate_id="clientCertificateId",
+    deployment_id="deploymentId",
+    description="description",
+    documentation_version="documentationVersion",
+    method_settings=[apigateway.CfnStage.MethodSettingProperty(
+        cache_data_encrypted=False,
+        cache_ttl_in_seconds=123,
+        caching_enabled=False,
+        data_trace_enabled=False,
+        http_method="httpMethod",
+        logging_level="loggingLevel",
+        metrics_enabled=False,
+        resource_path="resourcePath",
+        throttling_burst_limit=123,
+        throttling_rate_limit=123
+    )],
+    stage_name="stageName",
+    tags=[CfnTag(
+        key="key",
+        value="value"
+    )],
+    tracing_enabled=False,
+    variables={
+        "variables_key": "variables"
+    }
+)
 
 from aws_cdk import core
 from aws_cdk import aws_serverless as serverless

diff --git a/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml b/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml
@@ -19,9 +19,9 @@ definition:
               aws_cdk.aws_apigateway.CfnStage(<ANY>, access_log_setting=$P, <ANY>)
       - pattern: aws_cdk.aws_serverless.Api(<ANY>)
         conditions:
-          - not_pattern: | 
-              aws_cdk.aws_serverless.Api(<ANY>, default_stage={"access_log_setting": aws_cdk.aws_serverless.AccessLogSetting(<ANY>, destination_arn=<ANY> , <ANY>)} , <ANY>)
+          - not_pattern: |
+              aws_cdk.aws_serverless.Api(<ANY>, default_stage={<ANY>, "access_log_setting": aws_cdk.aws_serverless.AccessLogSetting(<ANY>, destination_arn=$ARG,<ANY>), <ANY>} , <ANY>)
           - not_pattern: |
               $P = aws_cdk.aws_serverless.AccessLogSetting(<ANY>, destination_arn=$ARG , <ANY>)
               <ANY>
-              aws_cdk.aws_serverless.Api(<ANY>, default_stage={"access_log_setting": $P}, <ANY>)
+              aws_cdk.aws_serverless.Api(<ANY>, default_stage={<ANY>, "access_log_setting": $P, <ANY>}, <ANY>)