SONARIAC-1869 Create rule S7452 AWS resource tags should have valid format (#4821)

* Create rule S7452 * SONARIAC-1869 Create rule S7452 AWS resource tags should have valid format --------- Co-authored-by: petertrr <petertrr@users.noreply.github.com> Co-authored-by: Peter Trifanov <peter.trifanov@sonarsource.com>
2025-03-25 15:32:07 +00:00 · 2025-03-25 15:32:07 +00:00 · f15fa27234
commit f15fa27234
parent 84d701ffe5
8 changed files with 144 additions and 0 deletions
--- a/rules/S7452/cloudformation/metadata.json
+++ b/rules/S7452/cloudformation/metadata.json
@ -0,0 +1,2 @@
+{
+}
--- a/rules/S7452/cloudformation/rule.adoc
+++ b/rules/S7452/cloudformation/rule.adoc
@ -0,0 +1,51 @@
+include::../description.adoc[]
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,yaml,diff-id=1,diff-type=noncompliant]
+----
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  S3Bucket:
+    Type: 'AWS::S3::Bucket'
+    Properties:
+      BucketName: "mybucketname"
+      Tags:
+        - Key: "anycompany;cost-center" # Noncompliant, semicolon is not allowed
+          Value: "Accounting"
+        - Key: "anycompany:~EnvironmentType~" # Noncompliant, tilde is not allowed
+          Value: "PROD"
+----
+
+==== Compliant solution
+
+[source,yaml,diff-id=1,diff-type=compliant]
+----
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  S3Bucket:
+    Type: 'AWS::S3::Bucket'
+    Properties:
+      BucketName: "mybucketname"
+      Tags:
+        - Key: "anycompany:cost-center"
+          Value: "Accounting"
+        - Key: "anycompany:EnvironmentType"
+          Value: "PROD"
+----
+
+include::../see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+endif::env-github,rspecator-view[]
--- a/rules/S7452/description.adoc
+++ b/rules/S7452/description.adoc
@ -0,0 +1,11 @@
+Amazon Web Services (AWS) resources tags are metadata labels with keys and optional values used to categorize and manage resources.
+
+== Why is this an issue?
+
+Proper tagging enhances resource discovery, lifecycle management, and overall productivity within the AWS environment. If tags do not comply with the AWS format, it can lead to confusion and inefficiency in managing resources, as well as unexpected behavior of the system.
+
+AWS resource tags should comply with the format stated in AWS documentation. That is, tag keys should:
+
+* Be between 1 and 128 characters long
+* Consist of Unicode letters, digits, white spaces, and the following characters: `_ . : / = + - @ "`
+* Not start with `aws:`
--- a/rules/S7452/message.adoc
+++ b/rules/S7452/message.adoc
@ -0,0 +1,7 @@
+=== Message
+
+Rename tag key "XXX" to comply with required format.
+
+=== Highlighting
+
+Highlight the key of the tag that has incorrect format.
--- a/rules/S7452/metadata.json
+++ b/rules/S7452/metadata.json
@ -0,0 +1,25 @@
+{
+  "title": "AWS resource tags should have valid format",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+  ],
+  "extra": {
+  },
+  "defaultSeverity": "Minor",
+  "ruleSpecification": "RSPEC-7452",
+  "sqKey": "S7452",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "unknown",
+  "code": {
+    "impacts": {
+      "MAINTAINABILITY": "MEDIUM"
+    },
+    "attribute": "FORMATTED"
+  }
+}
--- a/rules/S7452/see.adoc
+++ b/rules/S7452/see.adoc
@ -0,0 +1,3 @@
+== Resources
+=== Documentation
+* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html[AWS resource tags]
--- a/rules/S7452/terraform/metadata.json
+++ b/rules/S7452/terraform/metadata.json
@ -0,0 +1,2 @@
+{
+}
--- a/rules/S7452/terraform/rule.adoc
+++ b/rules/S7452/terraform/rule.adoc
@ -0,0 +1,43 @@
+include::../description.adoc[]
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,terraform,diff-id=1,diff-type=noncompliant]
+----
+resource "aws_s3_bucket" "examplebucket" {
+  bucket = "mybucketname"
+
+  tags = {
+    "anycompany:~cost-center~" = "Accounting"
+  }
+}
+----
+
+==== Compliant solution
+
+[source,terraform,diff-id=1,diff-type=compliant]
+----
+resource "aws_s3_bucket" "examplebucket" {
+  bucket = "mybucketname"
+
+  tags = {
+    "anycompany:cost-center" = "Accounting"
+  }
+}
+----
+
+include::../see.adoc[]
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../message.adoc[]
+
+endif::env-github,rspecator-view[]