From cc0dea3838f003b8810d2f01a7db84931242175a Mon Sep 17 00:00:00 2001 From: razreik Date: Mon, 6 Nov 2023 17:32:40 +0200 Subject: [PATCH] fix --- .../APIGatewayAccessLogging/fail__2__.py | 63 ++++++++++++------- .../python/APIGatewayAccessLogging.yaml | 6 +- 2 files changed, 43 insertions(+), 26 deletions(-) diff --git a/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py b/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py index bd3df5703f4..021fd35b899 100644 --- a/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py +++ b/cdk_integration_tests/src/python/APIGatewayAccessLogging/fail__2__.py @@ -1,29 +1,46 @@ -from aws_cdk import core -from aws_cdk import aws_elasticache as elasticache - -class ElastiCacheReplicationGroupStack(core.Stack): - - def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: - super().__init__(scope, id, **kwargs) +from aws_cdk import aws_apigateway as apigateway - # Create an AWS ElastiCache Replication Group - replication_group = elasticache.CfnReplicationGroup( - self, - "MyElastiCacheReplicationGroup", - replication_group_id="my-replication-group", - replication_group_description="My ElastiCache Replication Group", - cache_node_type="cache.m4.large", - engine="redis", - engine_version="5.0.6", - port=6379, - num_cache_clusters=2, - automatic_failover_enabled=True, - ) +cfn_stage = apigateway.CfnStage(self, "MyCfnStage", + rest_api_id="restApiId", -app = core.App() -ElastiCacheReplicationGroupStack(app, "ElastiCacheReplicationGroupStack") -app.synth() + # the properties below are optional + cache_cluster_enabled=False, + cache_cluster_size="cacheClusterSize", + canary_setting=apigateway.CfnStage.CanarySettingProperty( + deployment_id="deploymentId", + percent_traffic=123, + stage_variable_overrides={ + "stage_variable_overrides_key": "stageVariableOverrides" + }, + use_stage_cache=False + ), + client_certificate_id="clientCertificateId", + deployment_id="deploymentId", + description="description", + documentation_version="documentationVersion", + method_settings=[apigateway.CfnStage.MethodSettingProperty( + cache_data_encrypted=False, + cache_ttl_in_seconds=123, + caching_enabled=False, + data_trace_enabled=False, + http_method="httpMethod", + logging_level="loggingLevel", + metrics_enabled=False, + resource_path="resourcePath", + throttling_burst_limit=123, + throttling_rate_limit=123 + )], + stage_name="stageName", + tags=[CfnTag( + key="key", + value="value" + )], + tracing_enabled=False, + variables={ + "variables_key": "variables" + } +) from aws_cdk import core from aws_cdk import aws_serverless as serverless diff --git a/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml b/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml index e26e74e3925..8c7f07cc461 100644 --- a/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml +++ b/checkov/cdk/checks/python/APIGatewayAccessLogging.yaml @@ -19,9 +19,9 @@ definition: aws_cdk.aws_apigateway.CfnStage(, access_log_setting=$P, ) - pattern: aws_cdk.aws_serverless.Api() conditions: - - not_pattern: | - aws_cdk.aws_serverless.Api(, default_stage={"access_log_setting": aws_cdk.aws_serverless.AccessLogSetting(, destination_arn= , )} , ) + - not_pattern: | + aws_cdk.aws_serverless.Api(, default_stage={, "access_log_setting": aws_cdk.aws_serverless.AccessLogSetting(, destination_arn=$ARG,), } , ) - not_pattern: | $P = aws_cdk.aws_serverless.AccessLogSetting(, destination_arn=$ARG , ) - aws_cdk.aws_serverless.Api(, default_stage={"access_log_setting": $P}, ) + aws_cdk.aws_serverless.Api(, default_stage={, "access_log_setting": $P, }, )