deployment: Improve cloudformation assertions

openvidu-server/deployments/pro/aws/cfn-openvidu-server-pro-no-market.yaml.template

@@ -99,30 +99,29 @@ Parameters:
   ElasticsearchUser:
     Description: "Username for Elasticsearch and Kibana. ('ElasticSearch Enabled' must be true)"
     Type: String
-    AllowedPattern: ^((?!")(?! ).)+$
+    AllowedPattern: ^$|^[^" ]+$
     ConstraintDescription: Elasticsearch user is mandatory (no whitespaces or quotations allowed)
     Default: elasticadmin
 
   ElasticsearchPassword:
     Description: "Password for Elasticsearch and Kibana ('ElasticSearch Enabled' must be true)"
     Type: String
-    AllowedPattern: ^((?!")(?! ).)+$
+    AllowedPattern: ^$|^[^" ]+$
     NoEcho: true
-    ConstraintDescription: Elasticsearch password is mandatory (no whitespaces or quotations allowed)
+    ConstraintDescription: Elasticsearch password is mandatory and it should have at least 6 characters (no whitespaces or quotations allowed)
-    MinLength: 7
 
   # Elasticsearch configuration
   ElasticsearchUrl:
     Description: "If you have an external Elasticsearch service running, put here the url to the service. If empty, an Elasticsearch service will be deployed next to OpenVidu. ('ElasticSearch Enabled' must be true)"
     Type: String
-    AllowedPattern: (^(https?:\/\/)?([^:\/]+)(:([0-9]+))?(\/.*)?$)
+    AllowedPattern: (^(https?:\/\/)?([^:\/]+)(:([0-9]+))?(\/.*)?$|^$)
-    ConstraintDescription: "It is very important to specify the Elasticsearch URL with the port used by this service. For example: https://es-example:443"
+    ConstraintDescription: "It is very important to specify the Elasticsearch URL with the port used by this service. For example: https://es-example"
 
   KibanaUrl:
     Description: "If you have an external Kibana service running, put here the url to the service. If empty, a Kibana service will be deployed next to OpenVidu. ('ElasticSearch Enabled' must be true)"
     Type: String
-    AllowedPattern: (^(https?:\/\/)?([^:\/]+)(:([0-9]+))?(\/.*)?$)
+    AllowedPattern: (^(https?:\/\/)?([^:\/]+)(:([0-9]+))?(\/.*)?$|^$)
-    ConstraintDescription: "It is very important to specify the url with port used by this service. For example: https://kibana-example:443"
+    ConstraintDescription: "It is very important to specify the url with port used by this service. For example: https://kibana-example"
 
   # EC2 Instance configuration
 
@@ -212,14 +211,17 @@ Parameters:
     ConstraintDescription: "must be the name of an existing EC2 KeyPair"
 
   # Networking configuration
-
   OpenViduVPC:
     Description: "Dedicated VPC for OpenVidu cluster"
     Type: AWS::EC2::VPC::Id
+    AllowedPattern: ^.+$
+    ConstraintDescription: You must specify a VPC ID
 
   OpenViduSubnet:
     Description: "Subnet for OpenVidu cluster"
     Type: AWS::EC2::Subnet::Id
+    AllowedPattern: ^.+$
+    ConstraintDescription: You must specify a subnet ID
 
   # Other configuration
 
@@ -367,67 +369,63 @@ Rules:
 
   # Check recording
   RecordingValidation:
-    RuleCondition:
+    RuleCondition: !Or [ !Equals [!Ref Recording, 'disabled' ], !Equals [!Ref Recording, 'local' ] ]
-      Fn::Or: [ !Equals [!Ref Recording, 'disabled' ], !Equals [!Ref Recording, 'local' ] ]
     Assertions:
-      - AssertDescription: If recording Storage is 'disabled' or 'local', you don't need to specify a S3 bucket.
+      - AssertDescription: Parameter 'S3 Bucket where recordings will be stored' (S3RecordingsBucketName) is not needed when 'Recording' is 'disabled' or 'local'.
-        Assert:
+        Assert: !Equals [ !Ref S3RecordingsBucketName, '' ]
-          Fn::Equals: [ !Ref S3RecordingsBucketName, "" ]
+
   # Check when Elasticsearch is enabled that all the parameters are present
   ElasticsearchValidation:
-    RuleCondition:
+    RuleCondition: !Equals [ !Ref ElasticsearchEnabled, 'true' ]
-      Fn::Equals: [ !Ref ElasticsearchEnabled, 'true' ]
     Assertions:
-      - AssertDescription: If Elasticsearch is enabled, you need to specify a Elasticsearch username.
+      - AssertDescription: Paramter 'Elasticsearch and Kibana username' (ElasticsearchUser) is needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'true'.
-        Assert:
+        Assert: !Not [ !Equals [!Ref ElasticsearchUser, ''] ]
-          Fn::Not: [ !Equals [!Ref ElasticsearchUser, ''] ]
+      - AssertDescription: Parameter 'Elasticsearch and Kibana password' (ElasticsearchPassword) is needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'true'.
-      - AssertDescription: If Elasticsearch is enabled, you need to specify a Elasticsearch password.
+        Assert: !Not [ !Equals [!Ref ElasticsearchPassword, ''] ]
-        Assert:
+
-          Fn::Not: [ !Equals [!Ref ElasticsearchPassword, ''] ]
   # Check when Elasticsearch is disabled that any parameter of elasticsearch is not present
   ElasticsearchDisabledValidation:
-    RuleCondition:
+    RuleCondition: !Equals [ !Ref ElasticsearchEnabled, 'false' ]
-      Fn::Equals: [ !Ref ElasticsearchEnabled, 'false' ]
     Assertions:
-      - AssertDescription: If Elasticsearch is disabled, you don't need to specify a Elasticsearch URL.
+      - AssertDescription: Parameter 'Elasticsearch URL' (ElasticsearchUrl) is not needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'false'.
-        Assert:
+        Assert: !Equals [ !Ref ElasticsearchUrl, "" ]
-          Fn::Equals: [ !Ref ElasticsearchUrl, "" ]
+      - AssertDescription: Parameter 'Kibana URL' (KibanaUrl) is not needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'false'.
-      - AssertDescription: If Elasticsearch is disabled, you don't need to specify a Kibana URL.
+        Assert: !Equals [ !Ref KibanaUrl, "" ]
-        Assert:
+      - AssertDescription: Parameter 'Elasticsearch and Kibana username' (ElasticsearchUser) is not needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'false'.
-          Fn::Equals: [ !Ref KibanaUrl, "" ]
+        Assert: !Equals [ !Ref ElasticsearchUser, "" ]
-      - AssertDescription: If Elasticsearch is disabled, you don't need to specify a Elasticsearch username.
+      - AssertDescription: Parameter 'Elasticsearch and Kibana password' (ElasticsearchPassword) is not needed when 'Enable Elasticsearch and Kibana' (ElasticsearchEnabled) is 'false'.
-        Assert:
+        Assert: !Equals [ !Ref ElasticsearchPassword, "" ]
-          Fn::Equals: [ !Ref ElasticsearchUser, "" ]
+
-      - AssertDescription: If Elasticsearch is disabled, you don't need to specify a Elasticsearch password.
+  # Check selfsigend parameters
-        Assert:
+  SelfSignedValidation:
-          Fn::Equals: [ !Ref ElasticsearchPassword, "" ]
+    RuleCondition: !Equals [!Ref WhichCert, 'selfsigned' ]
-  # Check Elastic IP is defined if letsencrypt or owncert is selected
-  ElasticIPValidation:
-    RuleCondition:
-      Fn::Or: [ !Equals [!Ref WhichCert, 'letsencrypt' ], !Equals [!Ref WhichCert, 'owncert' ] ]
     Assertions:
-      - AssertDescription: If you want to use Let's Encrypt or your own certificate, you need to specify a Elastic IP.
+      - AssertDescription: Parameter 'URL to the CRT file' (OwnCertCRT) is not necessary when using 'selfsigned' as 'Certificate Type' (WhichCert).
-        Assert:
+        Assert: !Equals [ !Ref OwnCertCRT, '' ]
-          Fn::Not: [ !Equals [!Ref PublicElasticIP, ''] ]
+      - AssertDescription: Parameter 'URL to the key file' (OwnCertKEY) is not necessary when using 'selfsigned' as 'Certificate Type' (WhichCert).
-  # Check Let's Encrypt email is defined if letsencrypt is selected
+        Assert: !Equals [!Ref OwnCertKEY, '']
-  LetsEncryptEmailValidation:
+      - AssertDescription: Parameter 'Email for Let's Encrypt' (LetsEncryptEmail) is not necessary when using 'selfsigned' as 'Certificate Type' (WhichCert).
-    RuleCondition:
+        Assert: !Equals [!Ref LetsEncryptEmail, '']
-      Fn::Equals: [ !Ref WhichCert, 'letsencrypt' ]
+
+  # Check Letsencrypt parameters
+  LetsEncryptValidation:
+    RuleCondition: !Equals [!Ref WhichCert, 'letsencrypt' ]
     Assertions:
-      - AssertDescription: If you want to use Let's Encrypt, you need to specify a Let's Encrypt email.
+      - AssertDescription: Parameter 'AWS Elastic IP' (PublicElasticIP) is needed when using 'letsencrypt' as 'Certificate Type' (WhichCert).
-        Assert:
+        Assert: !Not [ !Equals [ !Ref PublicElasticIP, '' ] ]
-          Fn::Not: [ !Equals [!Ref LetsEncryptEmail, ''] ]
+      - AssertDescription: Parameter 'Email for Let's Encrypt' (LetsEncryptEmail) is needed when using 'letsencrypt' as 'Certificate Type' (WhichCert).
+        Assert: !Not [ !Equals [!Ref LetsEncryptEmail, ''] ]
+
   # Check OwnCertCRT and OwnCertKEY are defined if owncert is selected
   OwnCertValidation:
-    RuleCondition:
+    RuleCondition: !Equals [ !Ref WhichCert, 'owncert' ]
-      Fn::Equals: [ !Ref WhichCert, 'owncert' ]
     Assertions:
-      - AssertDescription: If you want to use your own certificate, you need to specify a CRT file.
+      - AssertDescription: Parameter 'AWS Elastic IP' (PublicElasticIP) is needed when using 'owncert' as 'Certificate Type' (WhichCert).
-        Assert:
+        Assert: !Not [ !Equals [ !Ref PublicElasticIP, '' ] ]
-          Fn::Not: [ !Equals [!Ref OwnCertCRT, ''] ]
+      - AssertDescription: Parameter 'URL to the CRT file' (OwnCertCRT) is needed when using 'owncert' as 'Certificate Type' (WhichCert).
-      - AssertDescription: If you want to use your own certificate, you need to specify a KEY file.
+        Assert: !Not [ !Equals [!Ref OwnCertCRT, ''] ]
-        Assert:
+      - AssertDescription: Parameter 'URL to the key file' (OwnCertKEY) is needed when using 'owncert' as 'Certificate Type' (WhichCert).
-          Fn::Not: [ !Equals [!Ref OwnCertKEY, ''] ]
+        Assert: !Not [ !Equals [!Ref OwnCertKEY, ''] ]
 
 Resources: