joshfried-aws
commented
6 months ago Hey @ysdholak thanks for reaching out.
I think the most likely approach we would take if we were to implement something like this would to not necessarily make the variables mutable, but to provide some sort of mechanism to achieve this functionality.
I think the approach that would best fit would be to provide a function which allows users to add items to the list.
This function would take n >= 2 arguments, where the first argument is the original list, and the next n-1 arguments are the items we want to add to the list. This function would not actually change the original list, what it would do is it would return a new list with all the elements form the first list, and all the elements that were passed as arguments.
For example say we were to have the following
let list = ["foo", "bar"]
let list = append(%list, "baz")
%list == ["foo", "bar", "baz"] What do you think of this approach?
**Is your feature request related to a problem? Yes
A clear and concise description of what the problem is.
I've worked through many rules where we need to add or delete data from variables based on occurrences in all Resources.
Describe the solution you'd like
Make variables mutable, so data can be added or deleted as user wants and can get better control over rules and cover wide set of rules. Currently, it is immutable and so once defined it cannot be changed.
Describe alternatives you've considered
NA
Additional context
The best example was, I am trying to write a rule for AWS::EC2:NetworkNaclEntry resources and it fails if same resource ids uses same rule number. So I need to keep track of Refs to Resources Ids and their Rule numbers encountered so far and if for same reource, if rule number is repeated, rule fails.
In current cfn-guard versions, this wouldn't be possible.
Also, let me know if you need more info. Thanks!