Release v2.0.3
Description of improvements released in version 2.0.3.
#158
You can now provide test names to each unit test in your test file. The test names will be displayed in the test execution report together with the unit test execution status. This enhances the readability of test file execution reports.
#159
Guard will now continue evaluation of a clause for all values produced by its query even after encountering a failed evaluation. You will be able to see details of failed values by using the --show-clause-failures flag with the validate command.
- The
validatecommand now supports JSON, YAML and single-line output formats; you can now use thejson,yamlandsingle-line-summaryvalues, respectively, for the-oor--output-formatoptions of thevalidatecommand. Example:
cfn-guard validate -r rules/ -d data/ --show-summary none --type CFNTemplate —output-format yaml
Output:
---
data_from: sample-template.yaml
rules_from: cluster.guard
not_compliant: {}
not_applicable:
- test
compliant: []
---
data_from: sample-template.yaml
rules_from: migrated-3.guard
not_compliant:
vol2:
- rule: aws_ec2_volume_checks
path: Properties.Encrypted
provided: false
expected: true
comparison:
operator: Eq
not_operator_exists: false
message: ""
not_applicable:
- aws_apigateway_deployment_checks
- aws_apigateway_stage_checks
- aws_dynamodb_table_checks
compliant:
- aws_events_rule_checks
- aws_iam_role_checks- You can now use the
-tor--typeoption for thevalidatecommand to specify the type of the data file against which you are evaluating your rules.CFNTemplateis the only value supported today. When you now specify, for example,--type CFNTemplateas an option to thevalidatecommand, Guard will output logical name of resources and relevant properties (e.g.,Resource [vol2] property [Properties.Encrypted] in template [sample-template.yaml]), as opposed to property paths and values (e.g.,Property [/Resources/vol2/Properties/Encrypted] in data [sample-template.yaml]). Example:
cfn-guard validate -r /tmp/rules/ -d /tmp/data/ --show-summary none —type CFNTemplate
Output:
Evaluation of rules cluster.guard for template sample-template.yaml, number of resource failures = 0
--
Rule [cluster.guard/test] is not applicable for template [sample-template.yaml]
--
Evaluation of rules migrated-3.guard for template sample-template.yaml, number of resource failures = 1
--
Resource [vol2] property [Properties.Encrypted] in template [sample-template.yaml] is not compliant with [migrated-3.guard/aws_ec2_volume_checks] because provided value [false] did not match with expected value [true]. Error message []
Resource [vol2] traversed until [Properties] for template [sample-template.yaml] wasn't compliant with [migrated-3.guard/aws_ec2_volume_checks] due to retrieval error. Error Message [Attempting to retrieve array index or key from map at path = /Resources/vol2/Properties , Type was not an array/object map, Remaining Query = Size]
Resource [vol2] property [Properties.Encrypted] in template [sample-template.yaml] is not compliant with [migrated-3.guard/mixed_types_checks] because provided value [false] did not match with expected value [true]. Error message []
--
Rule [migrated-3.guard/aws_iam_role_checks] is compliant for template [sample-template.yaml]
Rule [migrated-3.guard/aws_events_rule_checks] is compliant for template [sample-template.yaml]
--
Rule [migrated-3.guard/aws_apigateway_deployment_checks] is not applicable for template [sample-template.yaml]
Rule [migrated-3.guard/aws_apigateway_stage_checks] is not applicable for template [sample-template.yaml]
Rule [migrated-3.guard/aws_dynamodb_table_checks] is not applicable for template
- The command now supports suppressing summary information. You can choose whether or not you want to display the summary table when you run the
validatecommand; by default, summary is displayed (--show-summary all); alternatively, you can specify--show-summary pass,failto only summarize rules that did pass/fail), and with--show-summary noneyou turn off the visualization of the summary.