Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] enable the check of TemplateBody in different "Types" #2539

Open
2 tasks
AndreasAugustin opened this issue Dec 21, 2022 · 1 comment
Open
2 tasks

[FEATURE] enable the check of TemplateBody in different "Types" #2539

AndreasAugustin opened this issue Dec 21, 2022 · 1 comment
Assignees
@kddejong
Labels
new rule New rule p1 Medium Priority

Comments

@AndreasAugustin
Copy link

Is this feature request related to a new rule or cfn-lint capabilities?

New capability

Describe the feature you'd like to request

There exist some CloudFormation types which allow you to add a "TemplateBody". This TemplateBody is itself a CloudFormation Template as a string.
Examples Types are:

When running cfn-lint the TemplateBody is not checked for correctness (it is a string).

Describe the solution you'd like

It would help a lot if the TemplateBody would be checked like the main template.

I can imagine a solution like

  • parsing the templatebody string to json or yaml
  • run the whole checker logic for the parsed object

Remark
within AWS::CloudFormation::StackSet any template could be the content. For AWS::Config::OrganizationConformancePack the body need to be of kind conformance pack.
Samples can be found here

It would be nice if in addtion in case of AWS::Config::OrganizationConformancePack it is checked if the TemplateBody has the right content in terms of it is a conformance pack

Additional context

Example template. The TemplateBody can also be yaml.

TestStackSet1:
  Type: 'AWS::CloudFormation::StackSet'
  DeletionPolicy: Retain
  Properties:
    StackSetName: TestStackSet12345
    Description: Updatedescription1
    PermissionModel: SELF_MANAGED
    ManagedExecution:
      Active: true
    Tags:
      - Key: tag1
        Value: value1
    TemplateBody: |
      {
        "AWSTemplateFormatVersion": "2010-09-09",
        "Resources": {
          "testWaitHandle": {
            "Type": "AWS::CloudFormation::WaitConditionHandle"
          }
        }
      }

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • ⚠️ This feature might incur a breaking change
@kddejong kddejong added the new rule New rule label Jan 5, 2023
@kddejong kddejong self-assigned this Jan 5, 2023
@kddejong
Copy link
Contributor

Few things I need to figure out for this rule:

  1. Do we use the same rule configuration the sub template. The rules themselves have no idea about the configuration of other rules which means this may have to exist inside the runner. The problem with it being in the runner is that we can't adjust the path to the failures so the location will be off (or need to be fixed)
  2. If we make it a CloudFormation rule that re-runs a check using a process similar to the api code what rule number do we use in the response?

@kddejong kddejong added the p1 Medium Priority label Apr 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kddejong kddejong

Labels
new rule New rule p1 Medium Priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndreasAugustin @kddejong