Fix NetworkFirewall properties

- Added Property type for FirewallPolicy - Added Property type for RuleGroup - Added validation for RuleGroup.Type - Fix for linting - Fixes #1933
cloudtools · Jul 24, 2021 · 53e8e69 · 53e8e69
1 parent 49b6b54
commit 53e8e69
Showing 1 changed file with 42 additions and 2 deletions.
diff --git a/troposphere/networkfirewall.py b/troposphere/networkfirewall.py
@@ -13,6 +13,22 @@
 from .validators import boolean, integer
 
 
+VALID_RULE_GROUP_TYPES = (
+    "STATEFUL",
+    "STATELESS"
+)
+
+
+def validate_rule_group_type(rule_group_type):
+    """Validate Type for RuleGroup"""
+    if rule_group_type not in VALID_RULE_GROUP_TYPES:
+        raise ValueError(
+            "RuleGroup Type must be one of %s"
+            % ", ".join(VALID_RULE_GROUP_TYPES)
+        )
+    return rule_group_type
+
+
 class SubnetMapping(AWSProperty):
     props = {
         "SubnetId": (str, True),
@@ -73,7 +89,7 @@ class StatelessRuleGroupReference(AWSProperty):
     }
 
 
-class FirewallPolicy(AWSProperty):
+class FirewallPolicyProperty(AWSProperty):
     props = {
         "StatefulRuleGroupReferences": ([StatefulRuleGroupReference], False),
         "StatelessCustomActions": ([CustomAction], False),
@@ -83,6 +99,17 @@ class FirewallPolicy(AWSProperty):
     }
 
 
+class FirewallPolicy(AWSObject):
+    resource_type = "AWS::NetworkFirewall::FirewallPolicy"
+
+    props = {
+        "Description": (str, False),
+        "FirewallPolicyName": (str, True),
+        "Tags": (Tags, False),
+        "FirewallPolicy": (FirewallPolicyProperty, True),
+    }
+
+
 class LogDestinationConfig(AWSProperty):
     props = {
         "LogDestination": (dict, True),
@@ -199,8 +226,21 @@ class RulesSource(AWSProperty):
     }
 
 
-class RuleGroup(AWSProperty):
+class RuleGroupProperty(AWSProperty):
     props = {
         "RuleVariables": (RuleVariables, False),
         "RulesSource": (RulesSource, True),
     }
+
+
+class RuleGroup(AWSObject):
+    resource_type = "AWS::NetworkFirewall::RuleGroup"
+
+    props = {
+        "Capacity": (integer, True),
+        "Description": (str, False),
+        "RuleGroup": (RuleGroupProperty, False),
+        "RuleGroupName": (str, True),
+        "Tags": (Tags, False),
+        "Type": (validate_rule_group_type, True)
+    }