From f15fa27234f725aac8673dce7176ed841eb8841c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 15:32:07 +0000 Subject: [PATCH] SONARIAC-1869 Create rule S7452 AWS resource tags should have valid format (#4821) * Create rule S7452 * SONARIAC-1869 Create rule S7452 AWS resource tags should have valid format --------- Co-authored-by: petertrr Co-authored-by: Peter Trifanov --- rules/S7452/cloudformation/metadata.json | 2 + rules/S7452/cloudformation/rule.adoc | 51 ++++++++++++++++++++++++ rules/S7452/description.adoc | 11 +++++ rules/S7452/message.adoc | 7 ++++ rules/S7452/metadata.json | 25 ++++++++++++ rules/S7452/see.adoc | 3 ++ rules/S7452/terraform/metadata.json | 2 + rules/S7452/terraform/rule.adoc | 43 ++++++++++++++++++++ 8 files changed, 144 insertions(+) create mode 100644 rules/S7452/cloudformation/metadata.json create mode 100644 rules/S7452/cloudformation/rule.adoc create mode 100644 rules/S7452/description.adoc create mode 100644 rules/S7452/message.adoc create mode 100644 rules/S7452/metadata.json create mode 100644 rules/S7452/see.adoc create mode 100644 rules/S7452/terraform/metadata.json create mode 100644 rules/S7452/terraform/rule.adoc diff --git a/rules/S7452/cloudformation/metadata.json b/rules/S7452/cloudformation/metadata.json new file mode 100644 index 0000000000..7a73a41bfd --- /dev/null +++ b/rules/S7452/cloudformation/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S7452/cloudformation/rule.adoc b/rules/S7452/cloudformation/rule.adoc new file mode 100644 index 0000000000..e375700505 --- /dev/null +++ b/rules/S7452/cloudformation/rule.adoc @@ -0,0 +1,51 @@ +include::../description.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,yaml,diff-id=1,diff-type=noncompliant] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + S3Bucket: + Type: 'AWS::S3::Bucket' + Properties: + BucketName: "mybucketname" + Tags: + - Key: "anycompany;cost-center" # Noncompliant, semicolon is not allowed + Value: "Accounting" + - Key: "anycompany:~EnvironmentType~" # Noncompliant, tilde is not allowed + Value: "PROD" +---- + +==== Compliant solution + +[source,yaml,diff-id=1,diff-type=compliant] +---- +AWSTemplateFormatVersion: 2010-09-09 +Resources: + S3Bucket: + Type: 'AWS::S3::Bucket' + Properties: + BucketName: "mybucketname" + Tags: + - Key: "anycompany:cost-center" + Value: "Accounting" + - Key: "anycompany:EnvironmentType" + Value: "PROD" +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +endif::env-github,rspecator-view[] \ No newline at end of file diff --git a/rules/S7452/description.adoc b/rules/S7452/description.adoc new file mode 100644 index 0000000000..3a17016e62 --- /dev/null +++ b/rules/S7452/description.adoc @@ -0,0 +1,11 @@ +Amazon Web Services (AWS) resources tags are metadata labels with keys and optional values used to categorize and manage resources. + +== Why is this an issue? + +Proper tagging enhances resource discovery, lifecycle management, and overall productivity within the AWS environment. If tags do not comply with the AWS format, it can lead to confusion and inefficiency in managing resources, as well as unexpected behavior of the system. + +AWS resource tags should comply with the format stated in AWS documentation. That is, tag keys should: + +* Be between 1 and 128 characters long +* Consist of Unicode letters, digits, white spaces, and the following characters: `_ . : / = + - @ "` +* Not start with `aws:` \ No newline at end of file diff --git a/rules/S7452/message.adoc b/rules/S7452/message.adoc new file mode 100644 index 0000000000..730d43730c --- /dev/null +++ b/rules/S7452/message.adoc @@ -0,0 +1,7 @@ +=== Message + +Rename tag key "XXX" to comply with required format. + +=== Highlighting + +Highlight the key of the tag that has incorrect format. \ No newline at end of file diff --git a/rules/S7452/metadata.json b/rules/S7452/metadata.json new file mode 100644 index 0000000000..daa1d80c49 --- /dev/null +++ b/rules/S7452/metadata.json @@ -0,0 +1,25 @@ +{ + "title": "AWS resource tags should have valid format", + "type": "CODE_SMELL", + "status": "ready", + "remediation": { + "func": "Constant\/Issue", + "constantCost": "5min" + }, + "tags": [ + ], + "extra": { + }, + "defaultSeverity": "Minor", + "ruleSpecification": "RSPEC-7452", + "sqKey": "S7452", + "scope": "All", + "defaultQualityProfiles": ["Sonar way"], + "quickfix": "unknown", + "code": { + "impacts": { + "MAINTAINABILITY": "MEDIUM" + }, + "attribute": "FORMATTED" + } +} diff --git a/rules/S7452/see.adoc b/rules/S7452/see.adoc new file mode 100644 index 0000000000..c21f98dc59 --- /dev/null +++ b/rules/S7452/see.adoc @@ -0,0 +1,3 @@ +== Resources +=== Documentation +* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html[AWS resource tags] \ No newline at end of file diff --git a/rules/S7452/terraform/metadata.json b/rules/S7452/terraform/metadata.json new file mode 100644 index 0000000000..7a73a41bfd --- /dev/null +++ b/rules/S7452/terraform/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S7452/terraform/rule.adoc b/rules/S7452/terraform/rule.adoc new file mode 100644 index 0000000000..398914e924 --- /dev/null +++ b/rules/S7452/terraform/rule.adoc @@ -0,0 +1,43 @@ +include::../description.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,terraform,diff-id=1,diff-type=noncompliant] +---- +resource "aws_s3_bucket" "examplebucket" { + bucket = "mybucketname" + + tags = { + "anycompany:~cost-center~" = "Accounting" + } +} +---- + +==== Compliant solution + +[source,terraform,diff-id=1,diff-type=compliant] +---- +resource "aws_s3_bucket" "examplebucket" { + bucket = "mybucketname" + + tags = { + "anycompany:cost-center" = "Accounting" + } +} +---- + +include::../see.adoc[] + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../message.adoc[] + +endif::env-github,rspecator-view[] \ No newline at end of file