Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Error encountered while parsing data file when using yaml anchor #578

Open
sj-versent opened this issue Oct 22, 2024 · 3 comments
Open

[BUG] Error encountered while parsing data file when using yaml anchor #578

sj-versent opened this issue Oct 22, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@sj-versent
Copy link

Describe the bug

When validating a source file of type YAML, if yaml anchors are in use then cfn-guard fails to parse the file and errors with Error occurred Parser Error

To Reproduce

  1. Source File
---

homeRegion: &HOME_REGION ap-southeast-2

vpcs:
  - name: myvpc
    tags:
      - key: Name
        value: myvpc
    account: myaccount
    region: *HOME_REGION
    defaultSecurityGroupRulesDeletion: true
  1. Rule file
rule check_defaultSecurityGroupRulesDeletion {
    vpcs.defaultSecurityGroupRulesDeletion == true
}
  1. The commands you used to invoke the tool
cfn-guard validate --data original.yaml --rules rule.guard
  1. The output of a -v log level if it's not related to cfn-guard-lambda, or the relevant CloudWatch log messages if it is related to the cfn-guard-lambda
cfn-guard validate -v  --data original.yaml --rules rule.guard
Error occurred Parser Error when parsing `Error encountered while parsing data file: original.yaml, data beginning with 
---

homeRegion: &HOME_REGION ap-southeast-2

vpcs:
  - name: myvpc
    tags:
      - key: Name
    
 ...`

Expected behavior

File is parsed correctly and rules triggered if appropraite

Operating System:

MacOS

OS Version

15.0.1 - Sequoia

Additional context

Commenting out the YAML anchor in the source file enables cfn-guard to process the file.
@sj-versent sj-versent added the bug Something isn't working label Oct 22, 2024
@joshfried-aws
Copy link
Contributor

Hi @sj-versent this is not a bub, cfn-guard does not currently support aliases or anchors https://github.com/aws-cloudformation/cloudformation-guard/blob/main/guard/src/rules/libyaml/loader.rs#L54

@sj-versent
Copy link
Author

Thanks for responding, @joshfried-aws ; it would be awesome to include that in the README if possible as I did go looking. I am happy to propose a PR if you would like.

Also note that the error code that is fired back to the user doesn't indicate that.

I'll come up with a possible workaround to strip out the aliases or anchors prior to processing. Thanks! Love the tool BTW 👍

@joshfried-aws
Copy link
Contributor

joshfried-aws commented Oct 23, 2024
edited
Loading

Hey @sj-versent thats a good idea, I thought it was in there somewhere. As for the error message this is actually because all errors that result from parsing of the yaml/json are converted into a generic ParseError https://github.com/aws-cloudformation/cloudformation-guard/blob/main/guard/src/commands/validate.rs#L769

Appreciate the love for the tool!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshfried-aws @sj-versent