V1 - Update some functions and improve testing (#3278)

* Update some functions and improve testing * Update format regex patterns and write docs
aws-cloudformation · Jun 6, 2024 · c40eb89 · c40eb89
1 parent 3bc5d8a
commit c40eb89
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 12 deletions.
diff --git a/docs/format_keyword.md b/docs/format_keyword.md
@@ -0,0 +1,25 @@
+# The format keyword
+
+The `format` keyword in JSON Schema is used to define a regular expression pattern that a string value should match. It provides a way to validate that a string adheres to a specific format or pattern.
+
+In `cfn-lint`, we have extended the `format` keyword to support custom formats that are specific to AWS resources. These custom formats help validate values against specific patterns or constraints defined by AWS.
+
+## Custom Formats
+
+`cfn-lint` supports the following custom formats:
+
+### AWS::EC2::VPC.Id
+
+This format ensures that the value is a valid VPC ID, which is a string of the pattern `vpc-[0-9a-f]{8}` or `vpc-[0-9a-f]{17}`.
+
+### AWS::EC2::SecurityGroup.GroupId
+
+This format validates that the value is a valid Security Group ID, which is a string of the pattern `sg-[0-9a-f]{8}` or `sg-[0-9a-f]{17}`.
+
+### AWS::EC2::SecurityGroup.GroupName
+
+This format validates that the value is a valid Security Group Name, which must be a string of 1 to 255 characters, starting with a letter, and containing only letters, numbers, and certain special characters.
+
+### AWS::EC2::Image.Id
+
+This format validates that the value is a valid Amazon Machine Image (AMI), which is a string of the pattern `ami-[0-9a-f]{8}` or `ami-[0-9a-f]{17}`.  More info in [docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html)
diff --git a/src/cfnlint/rules/formats/ImageId.py b/src/cfnlint/rules/formats/ImageId.py
@@ -18,7 +18,7 @@ class ImageId(FormatKeyword):
     shortdesc = "Validate AMI id format"
     description = "Check that a AMI id matches a pattern"
     tags = []
-    source_url = "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+    source_url = "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
 
     def __init__(self):
         super().__init__(format="AWS::EC2::Image.Id")
@@ -27,7 +27,7 @@ def format(self, validator: Validator, instance: Any) -> bool:
         if not isinstance(instance, str):
             return True
 
-        if re.match(r"^ami-(([0-9a-z]{8})|([0-9a-z]{17}))$", instance):
+        if re.match(r"^ami-([0-9a-z]{8}|[0-9a-z]{17})$", instance):
             return True
 
         return False
diff --git a/src/cfnlint/rules/formats/SecurityGroupId.py b/src/cfnlint/rules/formats/SecurityGroupId.py
@@ -21,15 +21,16 @@ class SecurityGroupId(FormatKeyword):
         "group or has the valid pattern"
     )
     tags = []
+    source_url = "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::SecurityGroup.GroupId"
 
     def __init__(self):
-        super().__init__(format="SecurityGroupId")
+        super().__init__(format="AWS::EC2::SecurityGroup.GroupId")
 
     def format(self, validator: Validator, instance: Any) -> bool:
         if not isinstance(instance, str):
             return True
 
-        if re.match(r"^sg-[a-z0-9]{8,17}$", instance):
+        if re.match(r"^sg-([a-z0-9]{8}|[a-z0-9]{17})$", instance):
             return True
 
         return False
diff --git a/src/cfnlint/rules/formats/SecurityGroupName.py b/src/cfnlint/rules/formats/SecurityGroupName.py
@@ -18,9 +18,10 @@ class SecurityGroupName(FormatKeyword):
     shortdesc = "Validate security group name"
     description = "Security group names have to valid pattern"
     tags = []
+    source_url = "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::SecurityGroup.GroupName"
 
     def __init__(self):
-        super().__init__(format="SecurityGroupName")
+        super().__init__(format="AWS::EC2::SecurityGroup.GroupName")
 
     def format(self, validator: Validator, instance: Any) -> bool:
         if not isinstance(instance, str):

diff --git a/src/cfnlint/rules/formats/VpcId.py b/src/cfnlint/rules/formats/VpcId.py
@@ -18,6 +18,7 @@ class VpcId(FormatKeyword):
     shortdesc = "Validate VPC id format"
     description = "Check that a VPC id matches a pattern"
     tags = []
+    source_url = "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::VPC.Id"
 
     def __init__(self):
         super().__init__(format="AWS::EC2::VPC.Id")

diff --git a/test/fixtures/results/quickstart/nist_application.json b/test/fixtures/results/quickstart/nist_application.json
@@ -444,7 +444,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {
@@ -669,7 +669,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {
@@ -1697,7 +1697,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {

diff --git a/test/fixtures/results/quickstart/nist_vpc_management.json b/test/fixtures/results/quickstart/nist_vpc_management.json
@@ -441,7 +441,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {

diff --git a/test/fixtures/results/quickstart/non_strict/nist_application.json b/test/fixtures/results/quickstart/non_strict/nist_application.json
@@ -444,7 +444,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {
@@ -640,7 +640,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {
@@ -902,7 +902,7 @@
             "Description": "Check that a AMI id matches a pattern",
             "Id": "E1152",
             "ShortDescription": "Validate AMI id format",
-            "Source": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/resource-ids.html"
+            "Source": "https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/format_keyword.md#AWS::EC2::Image.Id"
         }
     },
     {