cfn-lint

Features

• Update Specs to the versions released October 19th, 2018

Fixes

• Fix rule E2541 to not fail on non-string values

Features

• Created a process to patch the CloudFormation Spec and patched a bunch of issues
• Support pre-commit hooks for linting templates
• Add rule E3021 to that 5 or less targets are added to a CloudWatch Event
• Add rule E1029 to look for Sub variables that aren't inside a Sub
• Add rule I3011 to validate that DynamDB Tables have deletion policy specified as the default is to delete the database.
• Add support for info errors

Fixes

• Update search_deep_keys to look for items in the Global section which is lost in a Transformation
• Clean up failures when loading files that are not yaml or json

Features

• Support parsing multiple files from the command line
• New rule E3016 to validate a resources UpdatePolicy configuration

Fixes

• Removes sub parameter check from rule E1012. The same check is covered by
  E1019
• Fix rule E1010 when using a string not an array with Fn::Sub
• Fix rule E3020 ignore intrinsic functions when checking values

Features

• Update the custom objects for the template to directly allow the calling of getting items and checking items that is condition safe
• Update CloudFormation Specs to 2018-09-21 released specs

Fixes

• Fix rule E2540 to not fail when the stage names aren't strings
• Fix rule E3002 to not fail when processing Ref AWS::NoValue
• Core functionality updated to fail when extending rules directory doesn't exist
• Fix rule E3002 metadata isn't supported as a resource property
• Fix rule E2509 to not error when using a function for description

Fixes

• Fix rule W2501 to support dashes in KMS Key name
• Fix rule E2543 to not fail when the type of a step isn't known
• Fix rule E2507 to have an exception for ECR Policies. Resource isn't required.
• Several Python cleanup items around initializing lists, how version is loaded, and dropping 'discover' in testing

Fixes

• Fix core decoding so the true error of a template parsing issue is visible to the user

0.7.0

Features

• New Rule W1019 to make sure any Sub variables are used in the string
• New Rule E2532 to start basic validation of state machine syntax
• New Rule W1020 to see if Sub is needed and variables are being used
• New Rule E1028 validate that first element in a Fn::If array is a string
• New Rule W3002 to warn when templated templates are used
• Update Rule E2507 to check resource base policies
• Add Rule W2511 to warn when using an older version of IAM Policy Version

Fixes

• Update Rule E3002 to allow for templated code
• Update Rule E1024 to allow Cidr function to use GetAtt
• Fix core functionality to not error if the template is an array or string instead of an object

Fixes

• Fixes an issue where Template.get_values would return Ref: AWS::NoValue. This will no longer be returned as it is considered to be a Null value.

0.6.0

Features

• Update formatters to be similar from JSON and text outputs and modularize for easier growth later
• Don't raise an error with E3020 when doing ACM DNS validation registration
• Add rule E7003 to validate that mapping keys are strings.
• Add rule E1027 to validate that dynamic reference secure strings are to supported properties
• Add rule E1004 to validate that the Template Description is only a string
• Add rule E6005 to validate that an Output Description is only a string
• Add rule E6012 to validate that an Output Description is less than the maximum length

Fixes

• Fix core libraries to handle conditions around resource properties so that the resource and property checks still run
• Fix core libraries to handle the special property type Tag so that its checked when a rule is doing a Property Check

Fixes

• Support additional attributes in spec file for E3002
• Check custom resources as if they are 'AWS::CloudFormation::CustomResource' in rule E3003
• Fix W6001 when an ImportValue is used to another function
• Fix W2501 to support the new dynamic reference feature

Features

• Update rule E3020 to support CAA and CNAME record checks
• Update specs to ones released on August 16, 2018

Features

• Load all instances of CloudFormationLintRule in a file. Class doesn't need to match the filename anymore
• Allow load yaml to accept a string allowing people to use cfn-lint as a module
• Add rule W6001 to test outputs that are just using an import value
• Update specs to ones released on August 10, 2018

Fixes

• Update E2507 to support conditions and using get_values to test all condition paths
• Update E2521, E2523 to support conditions and using get_values to test all condition paths
• Rewrite E2503 to support intrinsic functions and conditions and lower case protocols
• Fix E1018 to support Sub inside a Split function
• Fix E3003 description messages to be more informative
• Fix E3001 to not require parameters when CreationPolicy is used
• Fix SAM region when no region is available from a local AWS profile or environment variable.

Features

• Update rule E3020 to support AAAA record checks

Fixes

• Fix many rules that would fail if a sub parameter had a space at the beginning or end
• Fix crashing issues when trying to get resources that aren't properly configured

Features

• Update CloudFormation Specs to July 20th, 2018

Fixes

• Fix an issue with Exclusive resource properties and RDS with Snapshot and Password

Features

• Update CloudFormation specs to July 16th, 2018
• Support comma lists for regions, append rules, and ignore check parameters
• Added documentation explaining Resource Specification based rules

Fixes

• Fix a bunch of typos across many different rules
• Support DeepCopy with Template and custom String classes used for marking up templates
• Fix Rule E3002 to support CommaDelimitedList when looking for List Parameters
• Fix core engine to check that something is a Dict instead of assuming it is

Features

• Update CloudFormation Specs to July 12th, 2018
• Rule E7012 added to check the limits of attributes in a Mapping
• Rule E2012 added to check maximum size of a parameter value
• Rule E1003 added to check the maximum length of the template Description
• Guide created to help new users write new rules

Fixes

• Catch KeyError when trying to discover the line and column number of an error
• Update Lambda rules to support dotnet core
• Fix rule E1017 so we unpack first element of select as a dict
• Fix rule E1024 to support ImportValue and appropriately checking number for the last element

Features

• Support for Yaml C Parser when available.
• Catch rule processing errors and raise a lint error in their place.
• Add rules for the limit on Parameter, Mapping, Resource and Output names
• Add Rule W3005 to warn for when DependsOn is specified but not needed
• Add Rule E2509 to check if Security Group Descriptions are properly configured
• Add source_url to rules so rule reference documentation can be provided

Fixes

• Fixed issues when Conditions had lists for values
• Fixed issue where underscore was allowed for AlphaNumeric names

Features

• Try/Catch added to rule processing so code failures in rules won't crash cfn-lint
• Parse YAML files using C parser when available. Greatly speeds up YAML parsing.

Fixes

• Template class updated to handle conditions where lists are in the true/false values
• Fix regex for checking Resource, Output, etc. names to not include underscore

Features

• Update rule E3020 to validate A recordsets

Fixes

• Require "aws-sam-translator" dependency be at least 1.6.0
• Add support for wildcards in rule E3013
• Support conditions in Lists for rule E3002
• Include filename when we run into Null and Duplicate values when parsing yaml
• Rule W2510 now allows for AllowedValues instead of just Min/MaxValue for compliance of Lambda MemorySize
• Rule E2530 updated to checked AllowedValues for compliance of Lambda MemorySize

Features

• Serverless Transforms now handled by SAM libraries
• Add Rule E2508: Add checks for IAM
  • Managed Policies attached to IAM user, group or role can't be more than 10
  • An IAM user can be a member of no more than 10 groups
  • There can only be 1 role in an instance profile
  • AssumeRolePolicyDocument size is less than <2048 characters
• Add Rule E1002: Check overall template size to make sure its below
• Add Rule E3013: CloudFront aliases should contain valid domain names
• Add Rule E3020: Check if all RecordSets are correctly configured
  • Strings end and start with double quotes
  • Size is less than 256 characters
  • Record Types are within the specification
• Short hand parameter switches and no longer need --template

Fixes

• Don't report a Condition not being used if it is used by another Condition