Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GENERAL ISSUE] - cfn-guard-lambda response parsing seems like a bit much #574

Open
boonew2 opened this issue Oct 7, 2024 · 3 comments
Open
Labels

Comments

@boonew2
Copy link

boonew2 commented Oct 7, 2024

Describe the issue
The cfn-guard-lambda response is very verbose and seems to require a good chunk of knowledge about the inner workings of the tool to parse and that feels cumbersome enough that I am hoping to double check that I am using the available tools appropriately.

To avoid the xy problem i'll describe the general problem I'm trying to solve:

  • we have a lot of small repos that each have their own cfn templates and I was hoping to use cfn-guard to enforce some org wide rules against some resources that may be in the templates.
  • to run cfn-guard against the myriad of repos i was planning to create a github org wide webhook on PR events that would hit a lambda that would be deployed with the org ruleset and run it against a template (if in the PR diff) via a separate cfn-guard-lambda
  • the webhook lambda would parse the results and relay them as a github check to the PR

As I'm digging into parsing the nested response of the lambda it feels like i'm going to be recreating a component of what cfn-guard natively already does in order to capture what rules actually failed, with their messages, and where they failed in the template.

Any examples
Output from cfn-guard cli:
cfn-guard-cli.txt

Output from cfn-guard lambda (same ruleset/template):
cfn-guard-lambda.json

The information is all there in the lambda output so I don't think this is a bug or anything. I'm half asking for a sanity check that there isn't a way to use the cfn-guard lambda that bubbles up the summary like the cli does and ultimately probably going to ask for a feature request to create that or at least some example code in the docs as a reference point

@boonew2
Copy link
Author

boonew2 commented Dec 5, 2024

@joshfried-aws (pinging you just because it looks like you've been responding on about every other issue)
Have any advice/feedback?

@joshfried-aws
Copy link
Contributor

Hi @boonew2 since the lambda crate is assumed to be working in a web context, the output for it was made to use json since this is the easiest way to have other programs interpret/parse those results. Are you able elaborate on your use case for the single-line-summary use case?

@boonew2
Copy link
Author

boonew2 commented Jan 10, 2025

@joshfried-aws not sure how much more i can elaborate on it than what is in the opening comment. Just trying to make the lambda work on github PRs and respond with a human friendly message that a dev can act on ( i don't think it needs to be single line). The cli does a good job giving a pretty human friendly summary and it just seems weird to manually recreate that when the functionality is already somewhere in there

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants