feat:Add a flag to support lambda output parsing #2

shreyasdamle · 2021-10-16T01:40:03Z

Description of changes:

Added a boolean flag parse_output to cfn_guard::run_checks. If true, it returns the parsed output. This is a breaking change for customers who are using cfn_guard as a library.
Removed unused function (validate_and_return_json) from validate.rs
Updated README for lambda.

Tests:
Payload (parse_output = true):

{"data": "{\"Resources\":{\"NewVolume\":{\"Type\":\"AWS::EC2::Volume\",\"Properties\":{\"Size\":500,\"Encrypted\":false,\"AvailabilityZone\":\"us-west-2b\"}},\"NewVolume2\":{\"Type\":\"AWS::EC2::Volume\",\"Properties\":{\"Size\":50,\"Encrypted\":false,\"AvailabilityZone\":\"us-west-2c\"}}}}", "rules" : [ "Resources.*[ Type == /EC2::Volume/ ].Properties.Encrypted == true" ], "parsed_output": true}

Output (parse_output = true):

{
  "message": [
    {
      "name": "",
      "metadata": {},
      "status": "FAIL",
      "not_compliant": [
        {
          "Rule": {
            "name": "default",
            "metadata": {},
            "messages": {
              "custom_message": null,
              "error_message": null
            },
            "checks": [
              {
                "Clause": {
                  "Binary": {
                    "context": " Resources.*. (filter-clauses).Properties.Encrypted EQUALS  Bool((Path(\"\"), true))",
                    "messages": {
                      "custom_message": "",
                      "error_message": "Check was not compliant as property value [Path=/Resources/NewVolume/Properties/Encrypted Value=false] not equal to value [Path= Value=true]."
                    },
                    "check": {
                      "Resolved": {
                        "from": {
                          "path": "/Resources/NewVolume/Properties/Encrypted",
                          "value": false
                        },
                        "to": {
                          "path": "",
                          "value": true
                        },
                        "comparison": [
                          "Eq",
                          false
                        ]
                      }
                    }
                  }
                }
              },
              {
                "Clause": {
                  "Binary": {
                    "context": " Resources.*. (filter-clauses).Properties.Encrypted EQUALS  Bool((Path(\"\"), true))",
                    "messages": {
                      "custom_message": "",
                      "error_message": "Check was not compliant as property value [Path=/Resources/NewVolume2/Properties/Encrypted Value=false] not equal to value [Path= Value=true]."
                    },
                    "check": {
                      "Resolved": {
                        "from": {
                          "path": "/Resources/NewVolume2/Properties/Encrypted",
                          "value": false
                        },
                        "to": {
                          "path": "",
                          "value": true
                        },
                        "comparison": [
                          "Eq",
                          false
                        ]
                      }
                    }
                  }
                }
              }
            ]
          }
        }
      ],
      "not_applicable": [],
      "compliant": []
    }
  ]
}

Payload (parse_output = false):

{"data": "{\"Resources\":{\"NewVolume\":{\"Type\":\"AWS::EC2::Volume\",\"Properties\":{\"Size\":500,\"Encrypted\":false,\"AvailabilityZone\":\"us-west-2b\"}},\"NewVolume2\":{\"Type\":\"AWS::EC2::Volume\",\"Properties\":{\"Size\":50,\"Encrypted\":false,\"AvailabilityZone\":\"us-west-2c\"}}}}", "rules" : [ "Resources.*[ Type == /EC2::Volume/ ].Properties.Encrypted == true" ], "parsed_output": false}

Output (parse_output = false)

{
  "message": [
    {
      "context": "File(rules=1)",
      "container": {
        "FileCheck": {
          "name": "",
          "status": "FAIL",
          "message": null
        }
      },
      "children": [
        {
          "context": "default",
          "container": {
            "RuleCheck": {
              "name": "default",
              "status": "FAIL",
              "message": null
            }
          },
          "children": [
            {
              "context": "GuardAccessClause#block Resources.*. (filter-clauses).Properties.Encrypted EQUALS  Bool((Path(\"\"), true))",
              "container": {
                "GuardClauseBlockCheck": {
                  "at_least_one_matches": false,
                  "status": "FAIL",
                  "message": null
                }
              },
              "children": [
                {
                  "context": "Filter/Map#1",
                  "container": {
                    "Filter": "PASS"
                  },
                  "children": [
                    {
                      "context": "GuardAccessClause#block Type EQUALS  Regex((Path(\"\"), \"EC2::Volume\"))",
                      "container": {
                        "GuardClauseBlockCheck": {
                          "at_least_one_matches": false,
                          "status": "PASS",
                          "message": null
                        }
                      },
                      "children": [
                        {
                          "context": " Type EQUALS  Regex((Path(\"\"), \"EC2::Volume\"))",
                          "container": {
                            "ClauseValueCheck": "Success"
                          },
                          "children": []
                        }
                      ]
                    }
                  ]
                },
                {
                  "context": "Filter/Map#1",
                  "container": {
                    "Filter": "PASS"
                  },
                  "children": [
                    {
                      "context": "GuardAccessClause#block Type EQUALS  Regex((Path(\"\"), \"EC2::Volume\"))",
                      "container": {
                        "GuardClauseBlockCheck": {
                          "at_least_one_matches": false,
                          "status": "PASS",
                          "message": null
                        }
                      },
                      "children": [
                        {
                          "context": " Type EQUALS  Regex((Path(\"\"), \"EC2::Volume\"))",
                          "container": {
                            "ClauseValueCheck": "Success"
                          },
                          "children": []
                        }
                      ]
                    }
                  ]
                },
                {
                  "context": " Resources.*. (filter-clauses).Properties.Encrypted EQUALS  Bool((Path(\"\"), true))",
                  "container": {
                    "ClauseValueCheck": {
                      "Comparison": {
                        "comparison": [
                          "Eq",
                          false
                        ],
                        "from": {
                          "Resolved": {
                            "path": "/Resources/NewVolume/Properties/Encrypted",
                            "value": false
                          }
                        },
                        "to": {
                          "Resolved": {
                            "path": "",
                            "value": true
                          }
                        },
                        "message": null,
                        "custom_message": null,
                        "status": "FAIL"
                      }
                    }
                  },
                  "children": []
                },
                {
                  "context": " Resources.*. (filter-clauses).Properties.Encrypted EQUALS  Bool((Path(\"\"), true))",
                  "container": {
                    "ClauseValueCheck": {
                      "Comparison": {
                        "comparison": [
                          "Eq",
                          false
                        ],
                        "from": {
                          "Resolved": {
                            "path": "/Resources/NewVolume2/Properties/Encrypted",
                            "value": false
                          }
                        },
                        "to": {
                          "Resolved": {
                            "path": "",
                            "value": true
                          }
                        },
                        "message": null,
                        "custom_message": null,
                        "status": "FAIL"
                      }
                    }
                  },
                  "children": []
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

feat:Add a flag to support lambda output parsing

fa410cd

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat:Add a flag to support lambda output parsing #2

feat:Add a flag to support lambda output parsing #2

Uh oh!

shreyasdamle commented Oct 16, 2021 •

edited

Loading

Uh oh!

Uh oh!

feat:Add a flag to support lambda output parsing #2

Are you sure you want to change the base?

feat:Add a flag to support lambda output parsing #2

Uh oh!

Conversation

shreyasdamle commented Oct 16, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

shreyasdamle commented Oct 16, 2021 •

edited

Loading