Switch E3683 to E3684 for health check protocol (#4094)

Author: kddejong

src/cfnlint/data/schemas/extensions/aws_elasticloadbalancingv2_targetgroup/healthcheckprotocol_restrictions.json

@@ -0,0 +1,37 @@
+{
+ "if": {
+  "properties": {
+   "HealthCheckProtocol": {
+    "type": "string"
+   }
+  },
+  "required": [
+   "HealthCheckProtocol"
+  ]
+ },
+ "then": {
+  "allOf": [
+   {
+    "else": {
+     "properties": {
+      "Matcher": false,
+      "ProtocolVersion": false
+     }
+    },
+    "if": {
+     "properties": {
+      "HealthCheckProtocol": {
+       "enum": [
+        "HTTP",
+        "HTTPS"
+       ]
+      }
+     },
+     "required": [
+      "HealthCheckProtocol"
+     ]
+    }
+   }
+  ]
+ }
+}

src/cfnlint/data/schemas/extensions/aws_elasticloadbalancingv2_targetgroup/protocol_restrictions.json

@@ -11,27 +11,6 @@
  },
  "then": {
   "allOf": [
-   {
-    "else": {
-     "properties": {
-      "Matcher": false,
-      "ProtocolVersion": false
-     }
-    },
-    "if": {
-     "properties": {
-      "Protocol": {
-       "enum": [
-        "HTTP",
-        "HTTPS"
-       ]
-      }
-     },
-     "required": [
-      "Protocol"
-     ]
-    }
-   },
    {
     "if": {
      "properties": {

src/cfnlint/rules/resources/elasticloadbalancingv2/TargetGroupHealthCheckProtocolRestrictions.py

@@ -0,0 +1,44 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+from typing import Any
+
+import cfnlint.data.schemas.extensions.aws_elasticloadbalancingv2_targetgroup
+from cfnlint.jsonschema import ValidationResult, Validator
+from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema, SchemaDetails
+
+
+class TargetGroupHealthCheckProtocolRestrictions(CfnLintJsonSchema):
+    id = "E3684"
+    shortdesc = "Validate target group health check protocol property restrictions"
+    description = (
+        "When a TargetGroup health check protocol is specified there are "
+        "restrictions on other properties."
+    )
+    tags = ["resources"]
+
+    def __init__(self) -> None:
+        super().__init__(
+            keywords=[
+                "Resources/AWS::ElasticLoadBalancingV2::TargetGroup/Properties",
+            ],
+            schema_details=SchemaDetails(
+                module=cfnlint.data.schemas.extensions.aws_elasticloadbalancingv2_targetgroup,
+                filename="healthcheckprotocol_restrictions.json",
+            ),
+            all_matches=True,
+        )
+
+    def validate(
+        self, validator: Validator, keywords: Any, instance: Any, schema: dict[str, Any]
+    ) -> ValidationResult:
+        for err in super().validate(validator, keywords, instance, schema):
+            if not err.schema:
+                err.message = (
+                    f"Additional properties are not allowed ({err.path[0]!r} "
+                    "was unexpected)"
+                )
+                err.validator = "additionalProperties"
+            yield err

test/unit/rules/resources/elbv2/test_target_group_healthcheckprotocol_restrictions.py

@@ -0,0 +1,57 @@
+"""
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+SPDX-License-Identifier: MIT-0
+"""
+
+from collections import deque
+
+import pytest
+
+from cfnlint.jsonschema import ValidationError
+
+# ruff: noqa: E501
+from cfnlint.rules.resources.elasticloadbalancingv2.TargetGroupHealthCheckProtocolRestrictions import (
+    TargetGroupHealthCheckProtocolRestrictions,
+)
+
+
+@pytest.fixture(scope="module")
+def rule():
+    rule = TargetGroupHealthCheckProtocolRestrictions()
+    yield rule
+
+
+@pytest.mark.parametrize(
+    "instance,expected",
+    [
+        (
+            {"HealthCheckProtocol": "HTTPS", "Matcher": {}},
+            [],
+        ),
+        (
+            {"HealthCheckProtocol": "TCP"},
+            [],
+        ),
+        (
+            [],
+            [],
+        ),
+        (
+            {"HealthCheckProtocol": "TCP", "Matcher": {}},
+            [
+                ValidationError(
+                    "Additional properties are not allowed ('Matcher' was unexpected)",
+                    rule=TargetGroupHealthCheckProtocolRestrictions(),
+                    validator="additionalProperties",
+                    path=deque(["Matcher"]),
+                    schema_path=deque(
+                        ["then", "allOf", 0, "else", "properties", "Matcher"]
+                    ),
+                )
+            ],
+        ),
+    ],
+)
+def test_backup_lifecycle(instance, expected, rule, validator):
+    errs = list(rule.validate(validator, "", instance, {}))
+    assert errs == expected, f"Expected {expected} got {errs}"

test/unit/rules/resources/elbv2/test_target_group_protocol_restrictions.py

@@ -49,21 +49,7 @@ def rule():
                     path=deque(["Port"]),
                     validator="enum",
                     schema_path=deque(
-                        ["then", "allOf", 1, "then", "properties", "Port", "enum"]
-                    ),
-                )
-            ],
-        ),
-        (
-            {"Protocol": "TLS", "Matcher": {}},
-            [
-                ValidationError(
-                    "Additional properties are not allowed ('Matcher' was unexpected)",
-                    rule=TargetGroupProtocolRestrictions(),
-                    validator="additionalProperties",
-                    path=deque(["Matcher"]),
-                    schema_path=deque(
-                        ["then", "allOf", 0, "else", "properties", "Matcher"]
+                        ["then", "allOf", 0, "then", "properties", "Port", "enum"]
                     ),
                 )
             ],