Merge branch 'master' of github.com:lhitchon/config-lint

stelligent · Mar 24, 2018 · 361f374 · 361f374
2 parents 9fc3adb + 789d827
commit 361f374
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -49,7 +49,7 @@ The rules file specifies what files to process, and what validations to perform.
 |-----------|------------------------------------------------------------------------------------|
 |version    |Currently ignored                                                                   |
 |description|Text description for the file, not currently used                                   |
-|type       |Should be 'Terraform' or 'Kubernetes'                                               |
+|type       |Terraform, Kubernetes, SecurityGroups, AWSConfig                                    |
 |files      |Filenames must match one of these patterns to be processed by this set of rules     |
 |rules      |A list of rules, see next section                                                   |
 
@@ -63,8 +63,9 @@ Each rule contains the following attributes:
 |message    | A string to be printed when a validation error is detected                         |
 |resource   | The resource type to which the rule will be applied                                |
 |except     | An optional list of resource ids that should not be validated                      |
-|severity   | Should be 'WARNING' or 'FAILURE'                                                   |
+|severity   | FAILURE, WARNING, NON_COMPLIANT                                                    |
 |assertions | A list of assertions used to detect validation errors, see next section            |
+|invoke     | Alternative to assertions for a custom external API call to validate, see below    |
 |tags       | Optional list of tags, command line has option to limit scans to a subset of tags  |
 
 ## Attributes for each Assertion
@@ -77,6 +78,13 @@ Each assertion contains the following attributes:
 |op         | Operation to perform on the data returned by searching for the key                 |
 |value      | Literal value needed for most operations                                           |
 
+## Invoke external API for validation
+
+|Name       | Description                                                                        |
+|-----------|------------------------------------------------------------------------------------|
+|Url        | HTTP endpoint to invoke                                                            |
+|Payload    | Optional JMESPATH to use for payload, default is '@'                               |
+
 ## Examples
 
 To test that an AWS instance type has one of two values:
@@ -377,3 +385,4 @@ Rules:
 * The lambda function name is hard-coded in the Makefile
 * Region is hard-coded to us-east-1 for GetValueFromS3
 * Replace calls to panic with better error reporting
+* Invoke should be a POST, not a GET, and it should probably include the payload