cloudformation-guard `cfn-guard validate --print-json` does not include `CDK-Path`

`cfn-guard validate --print-json` does not include `CDK-Path`

Open alexpulver opened this issue 3 years ago • 1 comments

Running the 2.1.0 version on the below example produces both non-JSON and JSON outputs. The lower JSON output doesn't contain the CDK-Path element (in case of CDK-generated templates).

Command

cfn-guard validate -d template.json -r rules.guard -p > output.json

template.json

{
  "Resources": {
    "WebsiteBucket4326D7C2": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "AccessControl": "PublicRead"
      },
      "Metadata": {
        "aws:cdk:path": "LandingPageFrontend/Website/Bucket/Resource"
      }
    }
  }
}

rules.guard

let aws_s3_bucket_resources = Resources.*[ Type == 'AWS::S3::Bucket' ]

rule aws_s3_bucket_versioning_defined {
  when %aws_s3_bucket_resources not empty {
    %aws_s3_bucket_resources {
      Properties {
        VersioningConfiguration exists <<VersioningConfiguration is not defined>>
      }
    }
  }
}

Originally posted by @alexpulver in https://github.com/aws-cloudformation/cloudformation-guard/issues/203#issuecomment-1171954265

Jul 01 '22 05:07 alexpulver

Noted @alexpulver Will bring this back to the team.

Jul 05 '22 16:07 razcloud

Hi @alexpulver as @akshayrane mentioned here--print-json is there to help users better understand how the rule was evaluated by printing out the AST. Thus it isnt expected to have the CDK path in the AST.

I will close out this issue, and track #251.

Thanks

Jul 13 '23 14:07 joshfried-aws

cloudformation-guard cloudformation-guard copied to clipboard

`cfn-guard validate --print-json` does not include `CDK-Path`

cloudformation-guard
cloudformation-guard copied to clipboard