Adding tests around tagProperty (#53)

Author: ammokhov

docs/BASIC_LINTING.md

@@ -47,6 +47,8 @@
 | | `TAG009` | `"Resource MUST provide 'cloudFormationSystemTags' {true\|false} if 'tagging.taggable' is true"` |
 | | `TAG010` | `"Resource MUST provide 'tagProperty' {/properties/Tags} if 'tagging.taggable' is true"` |
 | | `TAG011` | `"Resource MUST implement Tags property if 'tagging.taggable' is true"` |
+| | `TAG013` | `"'tagProperty' MUST specify property defined in the schema"` |
+| | `TAG014` | `"'tagProperty' MUST NOT be a part of 'writeOnlyProperties'"` |
 
 #### Permissions
 | Rule Name   |      Check Id      |  Message |

src/rpdk/guard_rail/rule_library/tags/schema-linter-core-tagging-rules.guard

@@ -112,6 +112,28 @@ rule ensure_property_tags_exists_v2 when tagging exists {
         }
         >>
 
+        when tagging.tagProperty exists {
+            let paths = paths
+            tagging.tagProperty IN %paths
+            <<
+            {
+                "result": "NON_COMPLIANT",
+                "check_id": "TAG013",
+                "message": "`tagProperty` MUST specify property defined in the schema"
+            }
+            >>
+
+            when writeOnlyProperties exists {
+                tagging.tagProperty !IN writeOnlyProperties
+                <<
+                {
+                    "result": "NON_COMPLIANT",
+                    "check_id": "TAG014",
+                    "message": "`tagProperty` MUST NOT be a part of `writeOnlyProperties`"
+                }
+                >>
+            }
+        }
         tagging.permission exists
         <<
         {

tests/integ/data/schema-malformed-tag-property.json

@@ -0,0 +1,13 @@
+{
+    "properties": {
+        "Tags": {},
+        "Arn": {}
+    },
+    "tagging": {
+        "taggable": true,
+        "tagOnCreate": true,
+        "tagUpdatable": true,
+        "cloudFormationSystemTags": false,
+        "tagProperty": "/properties/Tags2"
+    }
+}

tests/integ/data/schema-tag-property-writeonly.json

@@ -0,0 +1,16 @@
+{
+    "properties": {
+        "Tags": {},
+        "Arn": {}
+    },
+    "writeOnlyProperties": [
+        "/properties/Tags"
+    ],
+    "tagging": {
+        "taggable": true,
+        "tagOnCreate": true,
+        "tagUpdatable": true,
+        "cloudFormationSystemTags": false,
+        "tagProperty": "/properties/Tags"
+    }
+}

tests/integ/runner/test_integ_runner.py

@@ -168,6 +168,52 @@
             },
             {},
         ),
+        (
+            collect_schemas(
+                schemas=[
+                    "file:/"
+                    + str(
+                        Path(os.path.dirname(os.path.realpath(__file__))).joinpath(
+                            "../data/schema-malformed-tag-property.json"
+                        )
+                    )
+                ]
+            ),
+            [],
+            {
+                "ensure_property_tags_exists_v2": {
+                    GuardRuleResult(
+                        check_id="TAG013",
+                        message="`tagProperty` MUST specify property defined in the schema",
+                        path="/tagging/tagProperty",
+                    )
+                },
+            },
+            {},
+        ),
+        (
+            collect_schemas(
+                schemas=[
+                    "file:/"
+                    + str(
+                        Path(os.path.dirname(os.path.realpath(__file__))).joinpath(
+                            "../data/schema-tag-property-writeonly.json"
+                        )
+                    )
+                ]
+            ),
+            [],
+            {
+                "ensure_property_tags_exists_v2": {
+                    GuardRuleResult(
+                        check_id="TAG014",
+                        message="`tagProperty` MUST NOT be a part of `writeOnlyProperties`",
+                        path="/tagging/tagProperty",
+                    )
+                },
+            },
+            {},
+        ),
         (
             collect_schemas(
                 schemas=[