Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAFv2 error E3002 #1286

Closed
johnk-novu opened this issue Jan 6, 2020 · 4 comments · Fixed by #1300
Closed

WAFv2 error E3002 #1286

johnk-novu opened this issue Jan 6, 2020 · 4 comments · Fixed by #1300
Labels
spec CloudFormation Specification Bug

Comments

@johnk-novu
Copy link

cfn-lint version: (cfn-lint --version) 0.26.2

Description of issue.

I get an error when running cfn-lint against a template with WAFv2 resources. The template provisions the resources in AWS as expected.

$ cfn-lint templates/template.yml
E3002 Expecting an object at Resources/AlbWafRegexPatternSet/Properties/RegularExpressionList
templates/template.yml:256:7

template snippet:

  AlbWafRegexPatternSet:
    Type: 'AWS::WAFv2::RegexPatternSet'
    Properties:
      Description: !Sub "${FullEnv}-${AppName} WAF Regex Pattern Set"
      Name: !Sub "${FullEnv}-${AppName}-regex-pattern-set"
      RegularExpressionList:
        - RegexString: '^.*$'
      Scope: 'REGIONAL'

WAFv2 Cloudformation documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html
@PatMyron
Copy link
Contributor

PatMyron commented Jan 6, 2020

Confirmed, run into this myself testing both AWS::WAFv2::IPSet.Addresses and AWS::WAFv2::RegexPatternSet.RegularExpressionList:

https://github.com/PatMyron/cloud/blob/e412b86e70ff61fe6d523abf5553170e1193ed04/cloudformation/minimal.yaml#L642-L655

@kddejong
Copy link
Contributor

kddejong commented Jan 6, 2020
edited
Loading

@PatMyron we may have to patch this one.

"AWS::WAFv2::RegexPatternSet.RegularExpressionList": {
  "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-regexpatternset-regularexpressionlist.html",
  "Properties": {
    "RegularExpressionList": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-regexpatternset-regularexpressionlist.html#cfn-wafv2-regexpatternset-regularexpressionlist-regularexpressionlist",
      "ItemType": "Regex",
      "Required": false,
      "Type": "List",
      "UpdateType": "Mutable"
    }
  }
}

The way the spec is written we would have is something like this.

AlbWafRegexPatternSet:
    Type: 'AWS::WAFv2::RegexPatternSet'
    Properties:
      Description: !Sub "${FullEnv}-${AppName} WAF Regex Pattern Set"
      Name: !Sub "${FullEnv}-${AppName}-regex-pattern-set"
      RegularExpressionList:
        RegularExpressionList: 
        - RegexString: '^.*$'
      Scope: 'REGIONAL'

@kddejong
Copy link
Contributor

Looks like we are patching this. I'll try to get that written this weekend and in for a release early next week

@kddejong
Copy link
Contributor

Looks like the documentation matches the spec here too.

@kddejong kddejong mentioned this issue Jan 11, 2020
Merged
@PatMyron PatMyron added the spec CloudFormation Specification Bug label Jan 11, 2020
@kddejong kddejong mentioned this issue Jan 14, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
spec CloudFormation Specification Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix issues with spec in wafv2 RegularExpressionList kddejong/cfn-python-lint
3 participants
@PatMyron @johnk-novu @kddejong