Open alex-frankel opened 2 years ago
jeskew
commented
2 years ago There are some safety mechanisms we could use when executing user-supplied regular expressions, such as setting a strict timeout. We may also be able to use a non-backtracking engine, though I believe that would not support the full PCRE2 standard.
bjompen
commented
2 years ago +1 for adding regex, as it would make parameter/validation so much better. As for language though, wouldn't it make more sense to have .net regex instead of PCRE2? The rest of bicep is .net, and i believe it is also is the flavour used in f.eg PowerShell, so it would be consistent in usage.
csaba-almasi
commented
1 year ago This would extremely useful in a lot of our templates in the following scenarios, with the 'fail early shift left' mentality:
markjbrown
commented
1 year ago +1 to this. I can use this for Microsoft.DocumentDB/mongoClusters which has a password policy for the cluster resource of 8-256 characters and 3 of the following: lower case, upper case, numeric and symbol.
It would be fantastic to have a parameter object where I could apply rules like these (aside from min/max length which we already have) and have it validate the user input before it gets sent to the RP.
I think this is tricky to implement in the ARM runtime as there are concerns over non-performant regex, but don't know the details well enough. Also seems like it may be related to #4158. cc @jeskew as FYI
Some context below from #2922:
Coming from the perspective of a longtime AWS CloudFormation and Terraform author now starting to use bicep - this type of password complexity validation can be achieved with a regular expression, as I've seen it done in these other tools.
So, what I think is really missing - like a SERIOUS design omission - is to have a regular expression based validation for parameters. This should have full support for all regex features, including backwards and forward references. It should support the PCRE2 standard as can be validated here: https://regex101.com
I noticed another another open issue to validate IP addresses and CIDRs, while looking to see if regex validation was an existing open issue. This is also something that can be done easily using regular expressions.
Given that this feature has been in CloudFormation templates, first JSON, then YAML, for at least 5 years that I'm personally aware of, it's sort of incredible - a glaring omission which surprised me - that this basic feature is not yet in bicep and arm. Please consider adding it, as it's incredibly useful in both preventing use of incorrect values, but also in precisely describing what values are allowed in a way beyond what's often possible to easily describe in words.
For example, I want to have a startDate parameter with the value entered as 'YYYY-MM-DD' - the fact I can't validate this simple pattern with a message to the user if they don't enter it correctly, is really surprising for a mature IaC template tool.
Originally posted by @michael-crawford in https://github.com/Azure/bicep/issues/2922#issuecomment-1245765330