Skip to content

Commit

Permalink
Apply the rules to Ingress and Egress resources
Browse files Browse the repository at this point in the history
  • Loading branch information
@kddejong
kddejong committed Jan 21, 2024
1 parent c1349a7 commit 8d49ff0
Show file tree
Hide file tree
Showing 13 changed files with 109 additions and 24 deletions.
23 changes: 22 additions & 1 deletion scripts/update_schemas_manually.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -750,6 +750,19 @@
),
],
),
ResourcePatch(
resource_type="AWS::EC2::SecurityGroupEgress",
patches=[
Patch(
path="/properties/FromPort",
values={"minimum": -1},
),
Patch(
path="/properties/ToPort",
values={"minimum": -1},
),
],
),
ResourcePatch(
resource_type="AWS::EC2::SecurityGroupIngress",
patches=[
Expand All @@ -762,9 +775,17 @@
"SourcePrefixListId",
"SourceSecurityGroupId",
"SourceSecurityGroupName",
]
],
},
),
Patch(
path="/properties/FromPort",
values={"minimum": -1},
),
Patch(
path="/properties/ToPort",
values={"minimum": -1},
),
],
),
ResourcePatch(
Expand Down
2 changes: 1 addition & 1 deletion ...nloadsMetadata/23be708e675cb6098b08969e4dbbc3f54cfc32461d10e077e7e5de1fc25d8b8f.meta.json
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"etag": "\"abbad2d61bce41659bca87b27e9ee78f\"", "url": "https://schema.cloudformation.us-gov-west-1.amazonaws.com/CloudformationSchema.zip"}
{"etag": "\"176f4e2894ec2acb6290a05a269e6140\"", "url": "https://schema.cloudformation.us-gov-west-1.amazonaws.com/CloudformationSchema.zip"}
28 changes: 14 additions & 14 deletions ...lint/data/schemas/extensions/aws_ec2_securitygroup/protocols_and_port_ranges_exclude.json
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"if": {
"not": {
"properties": {
"IpProtocol": {
"properties": {
"IpProtocol": {
"not": {
"enum": [
1,
"1",
Expand All @@ -13,18 +13,18 @@
17,
"17",
"udp"
],
"type": [
"string",
"integer"
]
}
},
"required": [
"IpProtocol"
],
"type": "object"
}
},
"type": [
"string",
"integer"
]
}
},
"required": [
"IpProtocol"
],
"type": "object"
},
"then": {
"properties": {
Expand Down
Empty file added src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupegress/__init__.py
View file
Empty file.
11 changes: 11 additions & 0 deletions src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupegress/cfn_schemas.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[
{
"op": "add",
"path": "/cfnSchema",
"value": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
]
}
]
12 changes: 12 additions & 0 deletions src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupegress/manual.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[
{
"op": "add",
"path": "/properties/FromPort/minimum",
"value": -1
},
{
"op": "add",
"path": "/properties/ToPort/minimum",
"value": -1
}
]
11 changes: 11 additions & 0 deletions ...cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupingress/cfn_schemas.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[
{
"op": "add",
"path": "/cfnSchema",
"value": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
]
}
]
10 changes: 10 additions & 0 deletions src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupingress/manual.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,15 @@
"SourceSecurityGroupId",
"SourceSecurityGroupName"
]
},
{
"op": "add",
"path": "/properties/FromPort/minimum",
"value": -1
},
{
"op": "add",
"path": "/properties/ToPort/minimum",
"value": -1
}
]
8 changes: 0 additions & 8 deletions src/cfnlint/data/schemas/providers/us_east_1/aws-ec2-securitygroup.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,6 @@
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
],
"dependencies": {
"FromPort": [
"ToPort"
],
"ToPort": [
"FromPort"
]
},
"properties": {
"CidrIp": {
"type": "string"
Expand Down
7 changes: 7 additions & 0 deletions src/cfnlint/data/schemas/providers/us_east_1/aws-ec2-securitygroupegress.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
{
"additionalProperties": false,
"cfnSchema": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
],
"createOnlyProperties": [
"/properties/IpProtocol",
"/properties/DestinationSecurityGroupId",
Expand Down Expand Up @@ -67,6 +72,7 @@
},
"FromPort": {
"description": "The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.",
"minimum": -1,
"type": "integer"
},
"GroupId": {
Expand All @@ -83,6 +89,7 @@
},
"ToPort": {
"description": "The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.",
"minimum": -1,
"type": "integer"
}
},
Expand Down
7 changes: 7 additions & 0 deletions src/cfnlint/data/schemas/providers/us_east_1/aws-ec2-securitygroupingress.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
{
"additionalProperties": false,
"cfnSchema": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
],
"createOnlyProperties": [
"/properties/GroupName",
"/properties/IpProtocol",
Expand Down Expand Up @@ -28,6 +33,7 @@
"type": "string"
},
"FromPort": {
"minimum": -1,
"type": "integer"
},
"GroupId": {
Expand Down Expand Up @@ -55,6 +61,7 @@
"type": "string"
},
"ToPort": {
"minimum": -1,
"type": "integer"
}
},
Expand Down
7 changes: 7 additions & 0 deletions src/cfnlint/data/schemas/providers/us_gov_east_1/aws-ec2-securitygroupegress.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
{
"additionalProperties": false,
"cfnSchema": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
],
"createOnlyProperties": [
"/properties/IpProtocol",
"/properties/DestinationSecurityGroupId",
Expand Down Expand Up @@ -31,6 +36,7 @@
"type": "string"
},
"FromPort": {
"minimum": -1,
"type": "integer"
},
"GroupId": {
Expand All @@ -43,6 +49,7 @@
"type": "string"
},
"ToPort": {
"minimum": -1,
"type": "integer"
}
},
Expand Down
7 changes: 7 additions & 0 deletions src/cfnlint/data/schemas/providers/us_gov_west_1/aws-ec2-securitygroupegress.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
{
"additionalProperties": false,
"cfnSchema": [
"aws_ec2_securitygroup/protocols_and_port_ranges_include",
"aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
"aws_ec2_securitygroup/all_to_and_from_ports"
],
"createOnlyProperties": [
"/properties/IpProtocol",
"/properties/DestinationSecurityGroupId",
Expand Down Expand Up @@ -31,6 +36,7 @@
"type": "string"
},
"FromPort": {
"minimum": -1,
"type": "integer"
},
"GroupId": {
Expand All @@ -43,6 +49,7 @@
"type": "string"
},
"ToPort": {
"minimum": -1,
"type": "integer"
}
},
Expand Down

0 comments on commit 8d49ff0

Please sign in to comment.