cfn-lint
cfn-lint copied to clipboard
aws-cloudformation
AllowedValues
Question:
There are a lot of Properties that have a specific list of allowed values, some example:
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-glue-connection-connectioninput.html#cfn-glue-connection-connectioninput-connectiontype
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dms-endpoint.html#cfn-dms-endpoint-sslmode
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-versioningconfig.html
- https://docs.aws.amazon.com/waf/latest/APIReference/API_Predicate.html#WAF-Type-Predicate-Type
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-allowedmethods
These valid values are not in the CloudFormation Specs. Is there a chance that this data is going to be added somewhere in a near future? @cmmeyer perhaps you know more about this?
It's in there! A todo list to keep an overview:
Source: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
- [x] Alexa
- [x] Amazon MQ
- [x] API Gateway
- [x] Application Auto Scaling
- [ ] AppMesh
- [x] AppStream 2.0
- [x] AppSync
- [x] Athena
- [x] Auto Scaling
- [x] AWS Batch
- [x] Budgets
- [x] Certificate Manager
- [x] AWS Cloud9
- [x] CloudFormation
- [x] CloudFront
- [x] AWS Cloud Map
- [x] CloudTrail
- [x] CloudWatch
- [x] CodeBuild
- [x] CodeCommit
- [x] CodeDeploy
- [x] CodePipeline
- [x] Amazon Cognito
- [x] AWS Config
- [x] Data Pipeline
- [x] DAX
- [x] Directory Service
- [x] Data Lifecycle Manager
- [x] DMS
- [x] DocumentDB
- [x] DynamoDB
- [x] EC2
- [x] ECR
- [x] ECS
- [x] EFS
- [ ] EKS
- [ ] ElastiCache
- [ ] Elasticsearch
- [ ] Elastic Beanstalk
- [ ] Elastic Load Balancing
- [ ] Elastic Load Balancing V2
- [ ] EMR
- [ ] FSx
- [ ] Amazon GameLift
- [x] Glue
- [x] GuardDuty
- [ ] IAM
- [x] Amazon Inspector
- [x] AWS IoT
- [x] AWS IoT 1-Click
- [x] AWS IoT Analytics
- [ ] Kinesis
- [x] KMS
- [ ] Lambda
- [x] Neptune
- [ ] OpsWorks
- [ ] OpsWorks-CM
- [ ] RDS
- [x] Amazon Redshift
- [x] Route 53
- [x] S3
- [x] SageMaker
- [x] Secrets Manager
- [x] Service Catalog
- [x] SES
- [x] SimpleDB
- [x] SNS
- [x] SQS
- [x] Step Functions
- [ ] Systems Manager
- [ ] WAF
- [ ] WAF Regional
- [x] WorkSpaces
If it won't be covered by the CloudFormation Spec I think something like #34 may make sense. An additional spec file that has this type of information. Something we could remove easily enough if it does get covered in the future. Ideally the CloudFormation Spec file would have all of this so we don't have create it though.
Last I heard this isn't something the Cfn team will be getting to this year, but I'm checking with them to make sure. I almost wonder if we want to maintain a value spec as a separate repo, since others may find value and be able to help us contribute.
We do have some concerns over the long term maintainability of this being separate from the CloudFormation Specs as we would be on the hook to maintain the data. We could build the model and let the community drive what values we are checking as they need. Every item we add to the list we will have to maintain it for its life.
Speaking to the internal team, they decided not pursue this for the reasons @kddejong outlined above.
Since this will not be resolved (at least not any time soon), let's close this
process of writing src/cfnlint/data/ExtendedSpecs/all/ and generating src/cfnlint/data/CloudSpecs/ described here:
https://github.com/aws-cloudformation/cfn-python-lint/issues/903#issuecomment-595356853
I'd like to start leveraging botocore enums instead of maintaining all the AllowedValues in the Linter source code itself
especially since that was the most commonly maintained concise constraint format last time I checked:
src/cfnlint/data/ExtendedSpecs/all $ git grep 'AllowedValues":' | wc -l
AllowedValues: 187
NumberMin/NumberMax: 46
AllowedPatternRegex: 12
StringMin/StringMax: 8
ListMin/ListMax: 4
JsonMax: 2
mapping of some of the largest AllowedValues lists to botocore enum equivalents
pcregrep -M -B 2 'AllowedValues": \[(\n.*,){5}' src/cfnlint/data/ExtendedSpecs/all/03_value_types/* src/cfnlint/data/ExtendedSpecs/all/03_value_types.json
https://github.com/aws-cloudformation/cfn-python-lint/blob/fc41b0a495153f8895c63521b8cccbee614c7522/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_config.json#L4
config/2014-11-12 ~~(missing a couple values added here)~~
Continued...
https://github.com/aws-cloudformation/cfn-python-lint/blob/d4eb29e17e9ad2829072ade7b39367b310402974/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_apigateway.json#L25
https://github.com/aws-cloudformation/cfn-python-lint/blob/32bc877d4eb556d8bdf3f7f40a171826de0f20d0/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudwatch.json#L60
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L378
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L588
https://github.com/aws-cloudformation/cfn-python-lint/blob/f209ddfef9bcc1a005adfebcfcc16220b18deddb/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_applicationautoscaling.json#L14
application-autoscaling/2016-02-06
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_codedeploy.json#L56
https://github.com/aws-cloudformation/cfn-python-lint/blob/35866b559fd7c3c4cc1b19f88f2a6f6be4503b23/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cognito.json#L35
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_autoscalingplans.json#L4
https://github.com/aws-cloudformation/cfn-python-lint/blob/32bc877d4eb556d8bdf3f7f40a171826de0f20d0/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudwatch.json#L20
https://github.com/aws-cloudformation/cfn-python-lint/blob/4b65edb615ab9e960d117219ffc619209baa5084/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_codebuild.json#L69
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L664
https://github.com/aws-cloudformation/cfn-python-lint/blob/f5baaaab078c5c1e2089d6803be7b36e4380b9ab/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_appsync.json#L4
https://github.com/aws-cloudformation/cfn-python-lint/blob/879c1cef00f6aa63b74177ea6809f8721f57351c/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_budget.json#L4
https://github.com/aws-cloudformation/cfn-python-lint/blob/879c1cef00f6aa63b74177ea6809f8721f57351c/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_codepipeline.json#L4
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_guardduty.json#L50
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudfront.json#L121
not found:
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudfront.json#L144
https://github.com/aws-cloudformation/cfn-python-lint/pull/1472, https://github.com/aws-cloudformation/cfn-python-lint/pull/1473, https://github.com/aws-cloudformation/cfn-python-lint/pull/1725: https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L64
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_logs.json#L12
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudfront.json#L34
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudfront.json#L15
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L694
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L791
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L553
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L577
https://github.com/aws-cloudformation/cfn-python-lint/blob/67fc5bb210b020e3226261f966a01726d574475d/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_guardduty.json#L36
https://github.com/aws-cloudformation/cfn-python-lint/pull/1573:
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L755
https://github.com/aws-cloudformation/cfn-python-lint/pull/1680:
https://github.com/aws-cloudformation/cfn-python-lint/blob/f5baaaab078c5c1e2089d6803be7b36e4380b9ab/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_amazonmq.json#L23
https://github.com/aws-cloudformation/cfn-python-lint/blob/32bc877d4eb556d8bdf3f7f40a171826de0f20d0/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_cloudwatch.json#L48
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L50
https://github.com/aws-cloudformation/cfn-python-lint/blob/bb1a9c4875a9207da893d1eb68028606b7ff8350/src/cfnlint/data/ExtendedSpecs/all/03_value_types.json#L896
import requests
def f(service, type):
r = requests.get('https://raw.githubusercontent.com/boto/botocore/master/botocore/data/' + service + '/service-2.json').json()
print(r['shapes'][type]['enum'])
f('config/2014-11-12', 'ResourceType')
Closing this issue. We can deal with additional allowed values as needed. New version of the schema specs should allow a lot of these allowed values to come from there. We will still need to add some for region based allowed values.