-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--strict-checks in ruleset itself #97
Labels
Comments
A bit confused on this. We currently expose the |
Think this is the main ask that doesn't already exist if I understand correctly: |
PatMyron
changed the title
--strict in ruleset itself
--strict-checks in ruleset itself
Nov 12, 2020
rahulgarg05
added
enhancement
New feature or request
and removed
bug
Something isn't working
labels
Dec 1, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
What I found surprising is that checks for specific CFN properties are evaluated lazy. What I would expect instead is that across all resources the given rule would be enforced.
Example:
If I define a rule as below:
If the resource that it's being evaluated against does not define
BillingMode
the rule check will be successful, but in this particular case what I am really trying to do is achieve consistency across my template and specify certain behaviour which will be ignored.To Reproduce
Please supply:
-vvv
log level if it's not related to cfn-guard-lambda, or the relevant CloudWatch log messages if it is related to the lambdaNOTE: Please be sure that the templates, rule sets and logs you provide as part of your bug report do not contain any sensitive information.
I had defined a ruleset as follows:
and run it against the template:
By running command:
The end result was successful validation.
Instead I was expecting an error:
Expected behavior
A clear and concise description of what you expected to happen.
I wanted to propose a change on how the rule is being evaluated by allowing to specify strict matching attributes against the rules.
Optionally this should be enabled per ruleset file by specifying the mode as first instruction of ruleset
or through alternative syntax.
Screenshots
If applicable, add screenshots to help explain your problem.
Operating System:
MacOS
OS Version
10.15.7
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: