Comments (21)
rajddas
commented on May 28, 2024
4
Also it would be great if we allow the parameter json files needed for CodePipeline Cloudformation Action. Like this :
{
"Parameters" : {
"Owner": "ABC",
"CostCenter": "1234567890"
}
}
from cloudformation-guard.
konkerama
commented on May 28, 2024
2
@PatMyron indeed supporting all these "dynamic" features of Cloudformation will be necessary for a tool like this. From my point of view, the Input Parameter support has the highest priority of those features and its the bare minimum functionality we require to include it as a compliance mechanism in our CICD Pipelines
from cloudformation-guard.
razcloud
commented on May 28, 2024
2
We do not have an ETA on this as of today; however, we are discussing internally to determine how best to approach this.
from cloudformation-guard.
el-veee
commented on May 28, 2024
1
I also see this feature as essential, both for testing new templates and running validation checks on pre-existing templates.
Parameters are essential in all but the simplest of cloudformation templates, and therefore cloudformation-guard MUST support it to be usable on a large scale.
Perhaps CLI args can be passed in for each parameter, and cfn guard creates a new template with the previously-parameterized values now hardcoded into the template. CFN guard then runs checks on that template?
Where parameters support have default values, CFN guard will default to those values unless overridden? This would reduce the need to specify many parameter values for each test
from cloudformation-guard.
sriram9707
commented on May 28, 2024
1
is this something handled in release 2.0 ?
from cloudformation-guard.
nathanataws
commented on May 28, 2024
This is a very reasonable use-case. We're kicking this kind of thing around already. Let's use this issue to track the work.
from cloudformation-guard.
rajddas
commented on May 28, 2024
Guys is there any ETA on this feature release?
from cloudformation-guard.
nathanataws
commented on May 28, 2024
No ETA yet but still a high priority.
from cloudformation-guard.
PatMyron
commented on May 28, 2024
This raises larger questions of CloudFormation template syntax: dynamic references, intrinsic functions, psuedoparameters, parameters, mappings, conditions, transforms, etc.
from cloudformation-guard.
rajddas
commented on May 28, 2024
Any update on this feature request?
from cloudformation-guard.
n1t1nv3rma
commented on May 28, 2024
Any update on this? Basically we would like CFN-guard to resolve the "Ref" from "Parameters" and allow us to validate the input value. W/o this feature, I don't see major uptake on this. Thanks
from cloudformation-guard.
shreyasmm
commented on May 28, 2024
we use taskcat in CI/CD Pipelines for testing Cloudformation templates, we have written a lot of taskcat files for templates with different test cases like eg enable/disable encryption, encryption with kms/user manged keys.
it would be good if we reuse/provide those taskcat files as input to cfn-guard, thanks
https://github.com/aws-quickstart/taskcat
from cloudformation-guard.
sriram9707
commented on May 28, 2024
is there any update on this please. Eagerly waiting for utilizing it.
from cloudformation-guard.
dchakrav-github
commented on May 28, 2024
@sriram9707 @lachlan-vass @konkerama Currently this would require re-implementing the entire CFN server-side resolution semantics again in Guard. Would it be okay if we provided a separate binary/library that does CFN resolution semantics given a template and parameter file in JSON/YAML (complete support for intrinsic resolutions, will not have support for Macros/Transforms, however initially) and have that piped to guard. E.g.
cfn-resolve -t template -p parameters.yaml | cfn-guard -r rules
from cloudformation-guard.
el-veee
commented on May 28, 2024
The usage of what you're proposing still looks quite simple. I'm fine with it
from cloudformation-guard.
sriram9707
commented on May 28, 2024
is there any ETA on this ? @dchakrav-github
from cloudformation-guard.
sriram9707
commented on May 28, 2024
@dchakrav-github @PatMyron any ETA for this ?. we have been trying to leverage cfn guard thorugh our pipeline which will have template and respective parameters file. or is there any workaround for this ?
from cloudformation-guard.
fabiodouek
commented on May 28, 2024
Was there any progress on this, or same position as one year ago?
from cloudformation-guard.
razcloud
commented on May 28, 2024
Hi @fabiodouek This item is currently in our backlog. We do not have an estimate on when this feature will be delivered.
from cloudformation-guard.
sha-aegon
commented on May 28, 2024
Is the above issue resolved on latest Cloud Formation Guard version i.e 2.1.3 as it is basic use case in most of the cfn templates ?
from cloudformation-guard.
joshfried-aws
commented on May 28, 2024
@sha-aegon Hi, this is still in our backlog. We do not have an estimate for when this will be implemented/released.
Thanks
from cloudformation-guard.
Related Issues (20)
- [Enhancement] Add support for windows
- Add support for SARIF [Enhancement] HOT 2
- [GENERAL ISSUE] Documentation HOT 4
- [BUG] cfn-guard error via GitHub Actions HOT 2
- [Enhancement] Only show errors/failures in output HOT 5
- [BUG] Failed rule does not print details of the failure HOT 6
- [Enhancement] Add cspell action to check for spelling errors
- [Documentation] Update docs for all public facing functions, and structs
- [BUG] SAM CLI deployed lambda returns InvalidEntryPoint error HOT 3
- [Enhancement] Add support to retrieve the key of a given node HOT 1
- [BUG] '!=' does not work as expected even for same type while using 2 literals. HOT 2
- [Enhancement] Make variables mutable HOT 1
- [Enhancement] Support for CloudFormation Pseudo Parameters
- [GENERAL ISSUE] String concatenation with literal and variable HOT 2
- [BUG] OR is not working HOT 8
- [BUG] "true" does not equal true HOT 2
- Best practice for cfn-guard rules for CDK synthesized resources that are wrapped in a CustomResource, e.g. aws-eks.Cluster HOT 1
- [BUG] Problem with --show-summary HOT 2
- Question about specificity in wildcards. HOT 4
- Trying to search an If statement for a value HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloudformation-guard.