sceptre
sceptre copied to clipboard
Sceptre
'YAML not well-formed' error when having comments before the start of document line `---`
Subject of the issue
YAML files having comments above the start of document line (---) are not validated.
Your environment
- version of sceptre: 3.1.0
- version of python: 3.9.0
- which OS/distro: Tested on Ubuntu Focal and Alpine.
Steps to reproduce
Running sceptre validate for any yaml template that has a comment before the start line. For example:
# This comment is valid!
---
AWSTemplateFormatVersion: "2010-09-09"
Description: S3 bucket
Resources:
S3ForIssue:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Sub "${AWS::StackName}-${AWS::Region}-s3bucketforissue"
AccessControl: Private
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
Removing the comment from the first line passes validation.
We have a few files with comments that worked with version 2.7.1 but all pipelines broke after we bumped to 3.1.0.
Expected behaviour
YAML files with comments before the document line pass validation.
Actual behaviour
Validation fails with:
"An error occurred (ValidationError) when calling the ValidateTemplate operation: Template format error: YAML not well-formed. (line 3, column 1)"
I suppose how the error is displayed is a separate issue, but it's worth mentioning that debugging which file has the problem in a system where many templates are being passed to a CI validation job has been a chore.
Hey, thanks for reporting this. I've got some homework for you. If you just do a yaml.load() on that template in a Python interpreter, what's the result? I'd suspect that --- indicates it's a separate document; It might return as a list. I have some suspicions about what's going on, but do that check for me and post the results.
yaml.load(open()) for the template above fails because of the !Sub tag. After removing it, this is the output (excluding the YAMLLoadWarning because of not specifying a loader):
{'AWSTemplateFormatVersion': '2010-09-09',
'Description': 'Manage S3 buckets for lambda zips',
'Resources': {'S3ForLambdaZips': {'Type': 'AWS::S3::Bucket',
'Properties': {'BucketName': '${AWS::StackName}-${AWS::Region}-justaname',
'AccessControl': 'Private',
'PublicAccessBlockConfiguration': {'BlockPublicAcls': True,
'BlockPublicPolicy': True,
'IgnorePublicAcls': True,
'RestrictPublicBuckets': True}}}}}
Interesting. I know we've added support for --- before, but I'm not sure we've ever tested what happens when a doc BEGINS with a comment and then ---. I think this will need to be investigated further. If you wanted to spearhead that research, I'd be happy to support the effort, consult, etc... If you're not in our slack channel, that's where most of us hang out. It sounds like there is some sort of bug involved here. The yaml spec is an interesting little beast.
As a first step to diagnosing this issue, have you tried running with the --debug flag? That should give you better error output.
For the record, if the output of yaml.load is as you say it is... I think it's possible that AWS changed the way templates are validated and made it a bit stricter, in which case there's not much we can do. But I'm just spitballing here.
