-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ServerlessRestApi
for SAM templates.
#337
Comments
@gsmith077 I attempted to reproduce the error you received, however using the example template you linked above and the example template generated from
|
Dug in a bit more to create this. Looks like it's recognized correctly in the context of an output. In an earlier section of the code, we have a block like this; PathMapping:
Type: "AWS::ApiGateway::BasePathMapping"
Properties:
BasePath: test-app
DomainName: !Ref DomainName
RestApiId: !Ref ServerlessRestApi The We have an output at the end of the template; Outputs:
Api:
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/test-app/" This reference seems to be fine. I'm wondering if it's something handled differently between a |
@pshelby there were some changes to the model around ignoring things not too long ago. it's entirely possible this is OBE. if you can't reproduce, please close out the issue. |
I have recreated this issue with a template from AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
sam-app
Sample SAM Template for sam-app
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
Resources:
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: hello_world/
Handler: app.lambda_handler
Runtime: python3.7
Events:
HelloWorld:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /hello
Method: get
PathMapping:
Type: "AWS::ApiGateway::BasePathMapping"
Condition: CreateProdResources
Properties:
# Next line causes the FATAL FAIL in cfn_nag_scan
RestApiId: !Ref ServerlessRestApi
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
HelloWorldApi:
Description: "API Gateway endpoint URL for Prod stage for Hello World function"
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/hello/"
HelloWorldFunction:
Description: "Hello World Lambda Function ARN"
Value: !GetAtt HelloWorldFunction.Arn
HelloWorldFunctionIamRole:
Description: "Implicit IAM Role created for Hello World function"
Value: !GetAtt HelloWorldFunctionRole.Arn I also replaced the Addendum: I just validated the template with both |
…te is transformed which contains a ServerlessRestApi reference.
Since these 'generated resources' are part of the SAM magic, they weren't fully supported during the cfn-model Serverless transformation. I just created stelligent/cfn-model#62 to enhance support in cfn-model for the Api generated resources. Once cfn-model is updated, I'll update the required version in cfn_nag and validate. |
…for proper URI names, and adding a second function to the test template for single API demo purposes.
* stelligent/cfn_nag#337 Adding 'generated resources' when a SAM template is transformed which contains a ServerlessRestApi reference. * Correcting syntax of PathMapping resource. * stelligent/cfn_nag#337 Passing function name through to API creation for proper URI names, and adding a second function to the test template for single API demo purposes.
…ers when the CFN template has already been parsed with line numbers. Also adding StageDescription for AWS::ApiGateway::Deployment to pass all cfn_nag rules.
…th line numbers enabled.
…63) * stelligent/cfn_nag#337 Updating Serverless transform to add line numbers when the CFN template has already been parsed with line numbers. Also adding StageDescription for AWS::ApiGateway::Deployment to pass all cfn_nag rules. * stelligent/cfn_nag#337 Adding rspec test for Serverless transforms with line numbers enabled. * stelligent/cfn_nag#337 Cleaning up code for readability in serverless transform. * stelligent/cfn_nag#337 More cleaning for readability in serverless transform.
…erlessRestApi reference. Bumping cfn-model version to latest.
…fix for resource types and line numbers.
…t cfn-model (#387) * Updating deprecated 'version' property to 'ruby-version' for setup-ruby action. * #337 Creating rspec test for Serverless transform with ServerlessRestApi reference. Bumping cfn-model version to latest. * #337 Bumping cfn-model version to 0.4.18, which contains a fix for resource types and line numbers.
Error encountered:
Steps to reproduce:
Transform: AWS::Serverless-2016-10-31
ServerlessRestApi
Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Stage/encrypt"
cfn_nag_scan --input-path affected-template.yaml
Further Context:
An issue has been made for SAM to improve documentation of this psuedo-parameter, which is demonstrated in the example application. However, there are currently no other references to this parameter from the official documentation.
At this time, attempting to check the affected template will generate no results aside from the fatal fail message, included above. I was able to work around this by providing a known good logical id to generate valid findings, but this might not be practical for other use cases.
The text was updated successfully, but these errors were encountered: