fix(config): explicit ruleScope value overwritten on CloudFormationStackDriftDetectionCheck

[sHtev]

If ruleScope is set in the props of CloudFormationStackDriftDetectionCheck, and ownStackOnly is not set then the current code:

    this.ruleScope = RuleScope.fromResource( ResourceType.CLOUDFORMATION_STACK, props.ownStackOnly ? Stack.of(this).stackId : undefined );

overwrites this.ruleScope with a resource RuleScope with an undefined resource id.

This makes it impossible to scope the drift check based on tags or resource ids other than that of the current stack.

The change in this PR explicitly checks for the ownStackOnly prop before overriding the ruleScope, and sets a sensible default if ruleScope itself is undefined to mirror existing default behaviour.

An example with a tag-filtering RuleScope has been added to the unit tests.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[sHtev]

Note: the integration test currently has a warning it is undeployable, I hope this does not stop this needed fix being applied

[sHtev]

FWIW the integration test does work for me locally (node16, node18 and node20)

[aws-cdk-automation]

This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

[sHtev]

Exemption Request if someone could help me understand why the codebuild fails when integration works locally that would be great

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[aws-cdk-automation]

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: c9d866c
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[paulhcsun]

Hi @sHtev, apologies for not getting around to this, if you're still interested in working on this I've taken a look at the codebuild failure, usually integ test failures in the PR pipeline are because the snapshots you've added don't match up with what's being created by the pipeline. Could you just double check that the snapshots included in the PR are the most recent snapshots you have from running the integ tests locally?

[paulhcsun]

Closing this PR for staleness. Please open a new PR if you'd like to continue working on this @sHtev.