cfn_nag icon indicating copy to clipboard operation
cfn_nag copied to clipboard
verified publisher icon stelligent

(<unknown>): found unexpected ':' while scanning a plain scalar

Open bainss opened this issue 5 years ago • 4 comments

Whilst running cfn_nag_scan locally works fine...

❯ cfn_nag_scan --input-path templates/* --blacklist-path spec/suppress-list.yaml
------------------------------------------------------------
templates/bal-performance.yaml
------------------------------------------------------------
Failures count: 0
Warnings count: 0

however using the github workflow...


Run stelligent/cfn_nag@master
  with:
    input_path: templates/*
    extra_args: --blacklist-path spec/suppress-list.yaml
/usr/bin/docker run --name cc49562ee46fc109fe45c8ac7cdee4cae0a75e_4e23a0 --label cc4956 --workdir /github/workspace --rm -e INPUT_INPUT_PATH -e INPUT_EXTRA_ARGS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/bal-cloudformation/bal-cloudformation":"/github/workspace" cc4956:2ee46fc109fe45c8ac7cdee4cae0a75e
------------------------------------------------------------
templates/bal-performance.yaml
------------------------------------------------------------------------------------------------------------------------
| FAIL FATAL
|
| (<unknown>): found unexpected ':' while scanning a plain scalar at line 53 

line 53
  CreateTestingResources: !Equals [ !Ref AWS::AccountId, !FindInMap [EnvironmentTypeMappings, testing, accountId] ]

bainss avatar Jan 13 '21 22:01 bainss

Hi, can you share more details about the failing template or a minimal example template that reproduces this issue? Thanks!

arothian avatar Jan 18 '21 23:01 arothian

Add double quotes for AWS::AccountId. CreateTestingResources: !Equals [ !Ref "AWS::AccountId", !FindInMap [EnvironmentTypeMappings, testing, accountId] ]

I had the exact same issue today.

fernandohonig avatar Jan 24 '21 16:01 fernandohonig

Bumping this issue, as I experience it when I attempt to run cfn_nag as a stage in CodePipeline. Run locally - it executes fine, and produces expected output. However, when run in the pipeline - I encounter:

-- 191 | CloudFormation/CreateTransitGatewayEnvironmentByRegion.yaml 192 | ------------------------------------------------------------------------------------------------------------------------ 193 | | FAIL FATAL 194 | | 195 | | (): found unexpected ':' while scanning a plain scalar at line 763 column 44 196 |   197 | Failures count: 1 198 | Warnings count: 0

This seems to happen with any of my templates - and always on a line with an Intrinsic Function or Substitution. I suspect the answer may lie in "template parameter values", as discussed here:

https://github.com/stelligent/cfn_nag#setting-template-parameter-values

But I'm having trouble wrapping my head around it.

Trying an experiment with some additional quotes, as suggested above.

Interesting: adding the quotes worked - except where doing a !Sub ${AWS::Region} -- in which case, adding them caused cfn-lint (!) to throw a different error. I'm off to the races - thanks for the tip above!

snowake4me avatar Feb 07 '22 18:02 snowake4me

Try wrap info double quotes like "some_line"

WoLkErSs avatar Oct 07 '22 10:10 WoLkErSs