search

aws-cloudformation / cfn-lint

CloudFormation Linter
MIT No Attribution
2.44k stars 592 forks source link

cfn-lint works from the command line, not from pre-commit #1531

Closed mariaolivero-RL closed 4 years ago

mariaolivero-RL commented 4 years ago

*cfn-lint version: "version": "==0.28.1"

Description of issue. tldr: cfn-lint works from the command line, not from pre-commit

From the command line, my appended rules work fine: (accounting) ➜ accounting git:(b2982b1) ✗ cfn-lint -t functions.yml resources.yml --append-rules=linttrap.DynamoDBName --append-rules=linttrap.S3bucketEncryption --append-rules=linttrap.DynamoDBStream E4003 Ridgeline Security: You are missing a stream type on dynamo db table. These are required for global tables. Please contact @security with any questions resources.yml:50:5

E4002 Ridgeline Security: You are missing a name on dynamo db table. These are required for global tables. Please contact @security with any questions resources.yml:67:7

E4005 Ridgeline Security: You are missing encryption on a s3 bucket. This could potentially expose all of our data to the internet. No bueno. Please contact @security with any questions resources.yml:121:5

That's just what I wanted. Pre-commit is configured as follows:

  - repo: https://github.com/awslabs/cfn-python-lint
    rev: v0.28.1 # The version of cfn-lint to use
    hooks:
      - id: cfn-python-lint
        files: (functions|resources|cloudformation|template)\.(yaml|yml|json)$
        additional_dependencies:
            - linttrap
        args:
          [
            --append-rules=linttrap.S3bucketEncryption,
            --append-rules=linttrap.DynamoDBName,
            --append-rules=linttrap.DynamoDBStream
          ]

Trying to things via pre-commit yields: AWS CloudFormation Linter................................................Failed hookid: cfn-python-lint

2020-05-14 07:56:13,815 - cfnlint - ERROR - Tried to append rules but got an error: No module named 'linttrap.DynamoDBName'

If I comment out the two dynamo db checks and rerun just the s3 encryption extension I get this: AWS CloudFormation Linter................................................Failed hookid: cfn-python-lint

{} {'MariaSFTPTestBucket': {'Type': 'AWS::S3::Bucket', 'Properties': {'BucketName': {'Fn::Sub': '${TenantName}-maria'}}}} E0002 Unknown exception while processing rule E4002: 'NoneType' object has no attribute 'get' resources.yml:1:1

I run pre-commit via: pipenv run pre-commit run --all-files --hook-stage push

Any suggestions? maria.olivero@ridgelineapps.com

mariaolivero-RL commented 4 years ago

Never mind - rm -rf ~/.cache/pre-commit will fix it. Who knew pre-commit had his own cache separate from pipenv. Geez!

PatMyron commented 4 years ago

Who knew pre-commit had his own cache

did not know that, thanks for updating with the answer!

kddejong commented 4 years ago

Thanks @mariaolivero