Change TAG012 from Warning to Non Compliant (#66)

wenyez · web-flow · commit 29cfbcd4b75d · 2024-07-01T09:13:20.000-07:00
diff --git a/src/rpdk/guard_rail/rule_library/tags/schema-linter-core-tagging-rules.guard b/src/rpdk/guard_rail/rule_library/tags/schema-linter-core-tagging-rules.guard
@@ -137,7 +137,7 @@ rule ensure_property_tags_exists_v2 when tagging exists {
         tagging.permissions exists
         <<
         {
-            "result": "WARNING",
+            "result": "NON_COMPLIANT",
             "check_id": "TAG012",
             "message": "Resource MUST provide `permissions` if `tagging.taggable` is true"
         }
diff --git a/tests/integ/runner/test_integ_runner.py b/tests/integ/runner/test_integ_runner.py
@@ -247,7 +247,12 @@
                         check_id="TAG013",
                         message="`tagProperty` MUST specify property defined in the schema",
                         path="/tagging/tagProperty",
-                    )
+                    ),
+                    GuardRuleResult(
+                        check_id="TAG012",
+                        message="Resource MUST provide `permissions` if `tagging.taggable` is true",
+                        path="",
+                    ),
                 },
             },
             {},
@@ -270,7 +275,12 @@
                         check_id="TAG014",
                         message="`tagProperty` MUST NOT be a part of `writeOnlyProperties`",
                         path="/tagging/tagProperty",
-                    )
+                    ),
+                    GuardRuleResult(
+                        check_id="TAG012",
+                        message="Resource MUST provide `permissions` if `tagging.taggable` is true",
+                        path="",
+                    ),
                 },
             },
             {},
@@ -389,19 +399,22 @@ def test_exec_compliance_stateless_aws_verifiedpermissions_policy(
                 ]
             ),
             [],
-            {},
             {
                 "ensure_property_tags_exists_v2": {
-                    GuardRuleResult(
-                        check_id="TAG011",
-                        message="Resource MUST implement Tags property if `tagging.taggable` is true",
-                        path="",
-                    ),
                     GuardRuleResult(
                         check_id="TAG012",
                         message="Resource MUST provide `permissions` if `tagging.taggable` is true",
                         path="",
                     ),
+                }
+            },
+            {
+                "ensure_property_tags_exists_v2": {
+                    GuardRuleResult(
+                        check_id="TAG011",
+                        message="Resource MUST implement Tags property if `tagging.taggable` is true",
+                        path="",
+                    )
                 },
             },
         ),

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ rule ensure_property_tags_exists_v2 when tagging exists {`
`137`	`137`	`tagging.permissions exists`
`138`	`138`	`<<`
`139`	`139`	`{`
`140`		`- "result": "WARNING",`
	`140`	`+ "result": "NON_COMPLIANT",`
`141`	`141`	`"check_id": "TAG012",`
`142`	`142`	"message": "Resource MUST provide `permissions` if `tagging.taggable` is true"
`143`	`143`	`}`