Update custom resource schema (#3966)

* Update custom resource schema

* Update the schema validation for custom resources

Author: kddejong

scripts/update_snapshot_results.sh

@@ -13,6 +13,7 @@ cfn-lint test/fixtures/templates/integration/aws-ec2-instance.yaml -e -c I --for
 cfn-lint test/fixtures/templates/integration/aws-ec2-launchtemplate.yaml -e -c I --format json > test/fixtures/results/integration/aws-ec2-launchtemplate.json
 cfn-lint test/fixtures/templates/integration/aws-ec2-subnet.yaml -e -c I --format json > test/fixtures/results/integration/aws-ec2-subnet.json
 cfn-lint test/fixtures/templates/integration/aws-dynamodb-table.yaml -e -c I --format json > test/fixtures/results/integration/aws-dynamodb-table.json
+cfn-lint test/fixtures/templates/integration/custom-resources.yaml -e -c I --format json > test/fixtures/results/integration/custom-resources.json
 
 # public/
 cfn-lint test/fixtures/templates/public/lambda-poller.yaml -e -c I --format json > test/fixtures/results/public/lambda-poller.json

src/cfnlint/data/schemas/patches/providers/all/aws_cloudformation_customresource/additionalproperties.json

@@ -0,0 +1,17 @@
+[
+ {
+  "op": "add",
+  "path": "/patternProperties",
+  "value": {
+   ".*": {
+    "type": [
+     "string",
+     "integer",
+     "number",
+     "array",
+     "object"
+    ]
+   }
+  }
+ }
+]

src/cfnlint/data/schemas/patches/providers/all/aws_cloudformation_customresource/patternproperties.json

@@ -1,8 +1,19 @@
 {
- "additionalProperties": true,
+ "additionalProperties": false,
  "createOnlyProperties": [
   "/properties/ServiceToken"
  ],
+ "patternProperties": {
+  ".*": {
+   "type": [
+    "string",
+    "integer",
+    "number",
+    "array",
+    "object"
+   ]
+  }
+ },
  "primaryIdentifier": [
   "/properties/Id"
  ],

src/cfnlint/data/schemas/providers/us_east_1/aws-cloudformation-customresource.json

@@ -0,0 +1,33 @@
+[
+    {
+        "Filename": "test/fixtures/templates/integration/custom-resources.yaml",
+        "Id": "8beb84d0-7cba-9d1d-8455-7646435abda6",
+        "Level": "Error",
+        "Location": {
+            "End": {
+                "ColumnNumber": 15,
+                "LineNumber": 12
+            },
+            "Path": [
+                "Resources",
+                "CustomResource",
+                "Properties",
+                "KmsKeyId",
+                "Fn::GetAtt",
+                1
+            ],
+            "Start": {
+                "ColumnNumber": 7,
+                "LineNumber": 12
+            }
+        },
+        "Message": "'ArnA' is not one of ['Arn', 'KeyId'] in ['us-east-1']",
+        "ParentId": null,
+        "Rule": {
+            "Description": "Validates that GetAtt parameters are to valid resources and properties of those resources",
+            "Id": "E1010",
+            "ShortDescription": "GetAtt validation of parameters",
+            "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html"
+        }
+    }
+]

test/fixtures/results/integration/custom-resources.json

@@ -241,6 +241,69 @@
             "Source": "https://aws.amazon.com/blogs/devops/optimize-aws-cloudformation-templates/"
         }
     },
+    {
+        "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
+        "Id": "4d08be7f-87eb-7a95-c47e-db51a14f7c1e",
+        "Level": "Informational",
+        "Location": {
+            "End": {
+                "ColumnNumber": 15,
+                "LineNumber": 781
+            },
+            "Path": [
+                "Resources",
+                "GetRSA",
+                "Properties",
+                "ResourceProperties",
+                "RequestId",
+                "Fn::Join",
+                0
+            ],
+            "Start": {
+                "ColumnNumber": 13,
+                "LineNumber": 781
+            }
+        },
+        "Message": "Prefer using Fn::Sub over Fn::Join with an empty delimiter",
+        "ParentId": null,
+        "Rule": {
+            "Description": "Prefer a sub instead of Join when using a join delimiter that is empty",
+            "Id": "I1022",
+            "ShortDescription": "Use Sub instead of Join",
+            "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html"
+        }
+    },
+    {
+        "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
+        "Id": "f77be627-51a5-5c13-2173-95647f45d22a",
+        "Level": "Informational",
+        "Location": {
+            "End": {
+                "ColumnNumber": 13,
+                "LineNumber": 787
+            },
+            "Path": [
+                "Resources",
+                "GetRSA",
+                "Properties",
+                "ResponseURL",
+                "Fn::Join",
+                0
+            ],
+            "Start": {
+                "ColumnNumber": 11,
+                "LineNumber": 787
+            }
+        },
+        "Message": "Prefer using Fn::Sub over Fn::Join with an empty delimiter",
+        "ParentId": null,
+        "Rule": {
+            "Description": "Prefer a sub instead of Join when using a join delimiter that is empty",
+            "Id": "I1022",
+            "ShortDescription": "Use Sub instead of Join",
+            "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html"
+        }
+    },
     {
         "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
         "Id": "93eee50b-4524-efef-9d81-b9918acca9d8",

test/fixtures/results/quickstart/non_strict/openshift.json

@@ -303,6 +303,69 @@
             "Source": "https://aws.amazon.com/blogs/devops/optimize-aws-cloudformation-templates/"
         }
     },
+    {
+        "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
+        "Id": "4d08be7f-87eb-7a95-c47e-db51a14f7c1e",
+        "Level": "Informational",
+        "Location": {
+            "End": {
+                "ColumnNumber": 15,
+                "LineNumber": 781
+            },
+            "Path": [
+                "Resources",
+                "GetRSA",
+                "Properties",
+                "ResourceProperties",
+                "RequestId",
+                "Fn::Join",
+                0
+            ],
+            "Start": {
+                "ColumnNumber": 13,
+                "LineNumber": 781
+            }
+        },
+        "Message": "Prefer using Fn::Sub over Fn::Join with an empty delimiter",
+        "ParentId": null,
+        "Rule": {
+            "Description": "Prefer a sub instead of Join when using a join delimiter that is empty",
+            "Id": "I1022",
+            "ShortDescription": "Use Sub instead of Join",
+            "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html"
+        }
+    },
+    {
+        "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
+        "Id": "f77be627-51a5-5c13-2173-95647f45d22a",
+        "Level": "Informational",
+        "Location": {
+            "End": {
+                "ColumnNumber": 13,
+                "LineNumber": 787
+            },
+            "Path": [
+                "Resources",
+                "GetRSA",
+                "Properties",
+                "ResponseURL",
+                "Fn::Join",
+                0
+            ],
+            "Start": {
+                "ColumnNumber": 11,
+                "LineNumber": 787
+            }
+        },
+        "Message": "Prefer using Fn::Sub over Fn::Join with an empty delimiter",
+        "ParentId": null,
+        "Rule": {
+            "Description": "Prefer a sub instead of Join when using a join delimiter that is empty",
+            "Id": "I1022",
+            "ShortDescription": "Use Sub instead of Join",
+            "Source": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html"
+        }
+    },
     {
         "Filename": "test/fixtures/templates/quickstart/openshift.yaml",
         "Id": "93eee50b-4524-efef-9d81-b9918acca9d8",

test/fixtures/results/quickstart/openshift.json

@@ -333,6 +333,15 @@
             "type": "boolean",
             "const": false
         },
+        "patternProperties": {
+            "type": "object",
+            "patternProperties": {
+                ".*": {
+                    "$ref": "#/definitions/properties"
+                }
+            },
+            "additionalProperties": false
+        },
         "properties": {
             "type": "object",
             "patternProperties": {

test/fixtures/schemas/providers/base.definition.schema.v1.json

@@ -174,6 +174,9 @@
             "$comment": "All properties of a resource must be expressed in the schema - arbitrary inputs are not allowed",
             "$ref": "base.definition.schema.v1.json#/properties/additionalProperties"
         },
+        "patternProperties": {
+            "$ref": "base.definition.schema.v1.json#/properties/patternProperties"
+        },
         "properties": {
             "$ref": "base.definition.schema.v1.json#/properties/properties"
         },

test/fixtures/schemas/providers/provider.definition.schema.v1.json

@@ -0,0 +1,12 @@
+Resources:
+  KmsKey:
+    DeletionPolicy: Delete
+    UpdateReplacePolicy: Delete
+    Type: AWS::KMS::Key
+    Properties: {}
+
+  CustomResource:
+    Type: AWS::CloudFormation::CustomResource
+    Properties:
+      ServiceToken: test
+      KmsKeyId: !GetAtt KmsKey.ArnA