cdk-nag icon indicating copy to clipboard operation
cdk-nag copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

Node not recognized as CfnResource when using externally imported custom nagpack

Open MartNoten opened this issue 2 years ago • 3 comments

General Issue

Node not recognized as CfnResource when using externally imported custom nagpack

The Question

Hi there,

We want to leverage a custom build nagpack for our developers to check their resources against our internal rules.

Currently we've created a repository with a structure similar to how you've set up the nagpacks:

The index.ts contains the following class to import the custom-rules:

import { IConstruct } from 'constructs';
import {
  NagPack,
  NagPackProps,
  NagMessageLevel,
  NagRuleCompliance,
  NagRuleResult,
  NagRules,
  rules,
} from 'cdk-nag';

import { CfnResource } from 'aws-cdk-lib';
import {customWarningRules} from './packs/rules'

export class LZChecks extends NagPack {
  constructor(props?: NagPackProps) {
    super(props);
    this.packName = 'AwsSolutions';
  }
  
  public visit(node: IConstruct): void {

    if (node instanceof CfnResource) {
      this.checkAWSSolutionsPack(node);
    }

  }

  private checkAWSSolutionsPack(node:CfnResource){
    customWarningRules.forEach(rule => {
      this.applyRule({...rule, node: node});
    });
  }
}

The pack is then imported in another library (cdk app) currently like so:

#!/usr/bin/env node
import * as cdk from 'aws-cdk-lib';
import { HelloCdkStack } from '../lib/hello-cdk-stack';

import {LZChecks} from '../../shared-cdk-nag-2';
import { Aspects } from 'aws-cdk-lib';

const app = new cdk.App();
Aspects.of(app).add(new LZChecks({ verbose: true }))
new HelloCdkStack(app, 'CdkTestStack', {});

However, the rules are never applied as the following if statement is never true:

 if (node instanceof CfnResource) {
}

Has the community ever seen something similar or are we just overlooking something trivial?

  • Do note I removed some company specific naming in the code samples above so any typo's might inaccurately reflect the actual code.

Thanks in advance

cdk-nag version

^2.27.1

Language

Typescript

Other information

No response

MartNoten avatar Jul 05 '23 21:07 MartNoten

I know of several cases where others have successfully made their own packs and custom rules without issue.

the following if statement is never true

Do you happen to be using pnpm as a package manager? I wonder if the issue is related to this https://github.com/cdklabs/cdk-nag/issues/1219

dontirun avatar Jul 09 '23 04:07 dontirun

Hi @dontirun - thanks for making the time to circle back. No, we're just using a default NPM setup

MartNoten avatar Jul 12 '23 13:07 MartNoten