aws-ia / taskcat

Test all the CloudFormation things! (with TaskCat)
https://aws-ia.github.io/taskcat/
Apache License 2.0
1.17k stars 213 forks source link

Valid YML flagged as non-valid and linting error that makes it through #744

Open DarwinJS opened 2 years ago

DarwinJS commented 2 years ago

Describe the bug

With the latest qs-cfn-lint-rules (commit: e76e881bde4ed692ac284d0573ea8621d51c1d8a)

This fails:

            105_gitlab_distro_mapping:
              command: !Sub |
                IFS='.' read -r major minor patch <<< '${GitLabVersion}'; if [ ${major} -ge 15 ]; then sed -i 's/\/el\/7/\/amazon\/2/g' /etc/yum.repos.d/gitlab_gitlab*.repo; else sed -i 's/\/amazon\/2/\/el\/7/g' /etc/yum.repos.d/gitlab_gitlab*.repo; fi

With the linting error:

[ERROR  ] : ---
[ERROR  ] : Linting detected issues in: /mnt/templates/workload/gitlab-gitaly-template.yaml
[ERROR  ] :     line 246 [1019] [Sub validation of parameters] Parameter major for Fn::Sub not found at Resources/GitalyAutoScalingGroup/Me
                                                     tadata/AWS::CloudFormation::Init/02_prereqs/commands/104_gitlab_distro_mappi
                                                     ng/command/Fn::Sub

The syntax is valid and documented in many places.

This "Join" version makes it through the linting - but then in CloudFormation the lack of double back slash generates a yaml error when the stack runs:

            105_gitlab_distro_mapping:
              command:
                Fn::Join:
                  - ""
                  - - "IFS='.' read -r major minor patch <<< '"
                    - Ref: "GitLabVersion"
                    - "'; if [ ${major} -ge 15 ]; then sed -i 's/\/el\/7/\/amazon\/2/g' /etc/yum.repos.d/gitlab_gitlab*.repo; else sed -i 's/\/amazon\/2/\/el\/7/g' /etc/yum.repos.d/gitlab_gitlab*.repo; fi"

To Reproduce Steps to reproduce the behavior:

  1. Use the Join version of the code exactly
  2. Notice that linting let's it pass
  3. Notice that the cloudformation template gets a malformed yaml error.

Expected behavior The Sub form should pass cfn-lint / taskcat linting. Perhaps the lack of escaping \ should be caught as a yaml syntax error.

Screenshots If applicable, add screenshots to help explain your problem.

**Version (Please make sure you are running the latest version of taskcat)

To find versions: Via taskcat: taskcat -V Via pip3: pip3 show taskcat

Note: both version should match

To update taskcat run: for docker : docker pull taskcat/taskcat for pip3: pip3 install --upgrade taskcat

Additional context Add any other context about the problem here.