Update rule documentation (aws-cloudformation#712)

marcieltorres · Mar 12, 2019 · 2cd1dac · 2cd1dac
1 parent 8707ab8
commit 2cd1dac
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/docs/cfn-resource-specification.md b/docs/cfn-resource-specification.md
@@ -19,4 +19,9 @@ The Properties rule ([`E3002`](/docs/rules.md#E3002)) checks if the basic proper
 
 ### AllowedValue
 There are properties that need to specified with a specific enumerator, like the [Lambda Runtime](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime). This information is not part of the default Specification.
-The linter extends the specification with these allowed values. The AllowedValue rule ([E3030](/docs/rules.md#E3030)) checks if specified values contain allowed values. 
+The linter extends the specification with these allowed values. The AllowedValue rule ([E3030](/docs/rules.md#E3030)) checks if specified values contain allowed values.
+
+### AllowedPattern
+There are properties that are restricted with a pattern ([Regular Expression](https://en.wikipedia.org/wiki/Regular_expression)), like the [Cognito Userpool EmailVerificationMessage](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html#CognitoUserPools-CreateUserPool-request-EmailVerificationMessage). This information is not part of the default specification.
+The Linter extends the specification with these patterns in a generic rule. The AllowedPattern rule ([E3031](/docs/rules.md#E3031)) checks if specific values adhere to the specified regex.
+*Since regular expression can be complex to read, the rules also supports the specification of a "human readable" value that is used in the error message*
diff --git a/docs/rules.md b/docs/rules.md
@@ -29,7 +29,7 @@ Rule `E3012` is used to check the types for value of a resource property.  A num
 
 
 ## Rules
-The following **104** rules are applied by this linter:
+The following **106** rules are applied by this linter:
 
 | Rule ID  | Title | Description | Source | Tags |
 | -------- | ----- | ----------- | ------ | ---- |
@@ -72,7 +72,7 @@ The following **104** rules are applied by this linter:
 | E2506 <a name="E2506"></a> | Resource EC2 Security Group Ingress Properties | See if EC2 Security Group Ingress Properties are set correctly. Check that "SourceSecurityGroupId" or "SourceSecurityGroupName" are  are exclusive and using the type of Ref or GetAtt  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html) | `resources`,`securitygroup` |
 | E2507 <a name="E2507"></a> | Check if IAM Policies are properly configured | See if there elements inside an IAM policy are correct | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html) | `properties`,`iam` |
 | E2508 <a name="E2508"></a> | Check IAM resource limits | See if IAM resources do not breach limits | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) | `resources`,`iam` |
-| E2509 <a name="E2509"></a> | Validate SecurityGroup description | Check if SecurityGroup descriptions are correctly configured | [Source](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html) | `resources`,`securitygroup` |
+| E2509 <a name="E2509"></a> | Validate SecurityGroup description length | Check if SecurityGroup descriptions are not longer that 255 characters | [Source](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html) | `resources`,`securitygroup` |
 | E2510 <a name="E2510"></a> | Resource EC2 PropertiesEc2Subnet Properties | See if EC2 Subnet Properties are set correctly | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html) | `properties`,`subnet` |
 | E2520 <a name="E2520"></a> | Check Properties that are mutually exclusive | Making sure CloudFormation properties that are exclusive are not defined | [Source](https://github.com/aws-cloudformation/cfn-python-lint) | `resources` |
 | E2521 <a name="E2521"></a> | Check Properties that are required together | Make sure CloudFormation resource properties are included together when required | [Source](https://github.com/aws-cloudformation/cfn-python-lint) | `resources` |
@@ -97,9 +97,11 @@ The following **104** rules are applied by this linter:
 | E3020 <a name="E3020"></a> | Validate Route53 RecordSets | Check if all RecordSets are correctly configured | [Source](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) | `resources`,`route53`,`record_set` |
 | E3021 <a name="E3021"></a> | Check Events Rule Targets are less than or equal to 5 | CloudWatch Events Rule can only support up to 5 targets | [Source](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/cloudwatch_limits_cwe.html) | `resources`,`events` |
 | E3022 <a name="E3022"></a> | Resource SubnetRouteTableAssociation Properties | Validate there is only one SubnetRouteTableAssociation per subnet | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html) | `resources`,`subnet`,`route table` |
+| E3023 <a name="E3023"></a> | Validate that AlarmIdentifier is specified when using CloudWatch Metrics | When using a CloudWatch Metric for Route53 Health Checks you must also specify the AlarmIdentifier | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-healthcheck-healthcheckconfig.html#cfn-route53-healthcheck-healthcheckconfig-alarmidentifier) | `resources`,`route53`,`alarm_identifier` |
 | E3024 <a name="E3024"></a> | Validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST | When using ProvisionedThroughput with BillingMode PAY_PER_REQUEST will result in BillingMode being changed to PROVISIONED | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) | `resources`,`dynamodb`,`provisioned_throughput`,`billing_mode` |
 | E3025 <a name="E3025"></a> | RDS instance type is compatible with the RDS type | Check the RDS instance types are supported by the type of RDS engine. Only if the values are strings will this be checked. | [Source](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) | `resources`,`rds` |
 | E3030 <a name="E3030"></a> | Check if properties have a valid value | Check if properties have a valid value in case of an enumator | [Source](https://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#allowedvalue) | `resources`,`property`,`allowed value` |
+| E3031 <a name="E3031"></a> | Check if property values adhere to a specific pattern | Check if properties have a valid value in case of a pattern (Regular Expression) | [Source](https://github.com/awslabs/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#allowedpattern) | `resources`,`property`,`allowed pattern`,`regex` |
 | E3035 <a name="E3035"></a> | Check DeletionPolicy values for Resources | Check that the DeletionPolicy values are valid | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) | `resources`,`deletionpolicy` |
 | E3036 <a name="E3036"></a> | Check UpdateReplacePolicy values for Resources | Check that the UpdateReplacePolicy values are valid | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) | `resources`,`updatereplacepolicy` |
 | E4001 <a name="E4001"></a> | Metadata Interface have appropriate properties | Metadata Interface properties are properly configured | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudformation-interface.html) | `metadata` |

diff --git a/src/cfnlint/rules/resources/properties/AllowedPattern.py b/src/cfnlint/rules/resources/properties/AllowedPattern.py
@@ -25,10 +25,10 @@
 class AllowedPattern(CloudFormationLintRule):
     """Check if properties have a valid value"""
     id = 'E3031'
-    shortdesc = 'Check if properties have a valid value'
-    description = 'Check if properties have a valid value in case of an enumator'
-    source_url = 'https://github.com/awslabs/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#allowedvalue'
-    tags = ['resources', 'property', 'allowed value']
+    shortdesc = 'Check if property values adhere to a specific pattern'
+    description = 'Check if properties have a valid value in case of a pattern (Regular Expression)'
+    source_url = 'https://github.com/awslabs/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#allowedpattern'
+    tags = ['resources', 'property', 'allowed pattern', 'regex']
 
     def initialize(self, cfn):
         """Initialize the rule"""