-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] Support common text parsing / manipulation functions #140
Comments
Thanks for the feature request. |
At least for public resource types, we also have plans to improve the modeling of the property types themselves, which should help for those |
@iann0036 do you know of any types where only json strings are supported (I checked step functions and api gateway). A sub-optimal solution might to force the use of yaml / json objects (which could be achieved by removing quotes). |
@dchakrav-github There's a few use cases I can think of for regex capture / sub functionality. For example, matching an SQS Queue URL and ARN (i.e. capturing and comparing name / account ID) within related resources. @PatMyron @benbridts I don't know of any, but in the end developers can use string-encapsulated when it makes sense to, and I wouldn't want to change that behaviour. Like you said, it's sub-optimal. |
I just ran into a use case for this, let's say I have this data file:
And I want a rule to check that Being able to write something like
|
@iann0036 and @benbridts thanks for the clarification. Just clarifying so that we are on the same page
What would be the semantics for
|
Yes, although I think
would also make sense
I think having it fail makes the most sense, assuming the error is clear, that will lead to the least surprises.
I'd like to be able something like the below, but I think being able to use variables as part of a regex is a separate request.
|
This would be great feature! as we have JSON that is in a string and we need to parse it to check values:
We need to check account numbers for cross account to make sure valid accounts in our org and settings correct. Like the cross account examples for cloudformation in the examples folder. Thanks |
Support for recursive and named rules is complete and we will release it in next version. However, the same needs to be extended for functions which will release as a quick follow. |
Is there an update on using regex with variables?
|
Hi @iann0036 with the release of guard 3.0 we have added many such functions like this, including parsing json, regex replace, substring, join and more. Feel free to checkout our release notes for a much more detailed description. I am going to go ahead and close out this issue. Feel free to reopen this issue if need be. Thanks, |
Where can I find documentation about URL Decode function? |
Hi @lazize you can find that information here: https://github.com/aws-cloudformation/cloudformation-guard/blob/main/docs/FUNCTIONS.md#url_decode. Please let me know if you require any further assistance. Thanks, |
Is your feature request related to a problem? Please describe.
For many resources in CloudFormation, a property block can be defined as a JSON string, rather than a nested block. This makes it impossible to inspect a specific sub-property and enforce a ruleset against it.
Describe the solution you'd like
Add a set of in-built functions that could perform a text-based manipulation, which could include JSON parsing, URL encoding/decoding, and a Regex-style replacement.
Describe alternatives you've considered
Something out-of-band probably, or some complex Regex magic if I hated myself enough.
Additional context
The text was updated successfully, but these errors were encountered: