Open thegonch opened 4 years ago
@thegonch Another workaround is to call those commands using bundle exec ...
. That will execute them from the locally installed cfn_nag
gem, which is from the source.
Here are some examples of calling those commands with bundle exec
within the VS Code remote dev container:
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag --version
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag (Gem::GemNotFoundException)
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag --version
0.0.0
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag spec/test_templates/yaml/sam/globals.yml
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag (Gem::GemNotFoundException)
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
Failures count: 0
Warnings count: 0
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag_rules
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag_rules:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag_rules (Gem::GemNotFoundException)
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag_rules
WARNING VIOLATIONS:
W1 Specifying credentials in the template itself is probably not the safest thing
W2 Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB
W5 Security Groups found with cidr open to world on egress
W9 Security Groups found with ingress cidr that is not /32
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ cfn_nag_scan --input-path spec/test_templates/yaml/sam/globals.yml
Traceback (most recent call last):
2: from /usr/local/bundle/bin/cfn_nag_scan:23:in `<main>'
1: from /usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:302:in `activate_bin_path'
/usr/local/lib/ruby/site_ruby/2.5.0/rubygems.rb:283:in `find_spec_for_exe': can't find gem cfn-nag (>= 0.a) with executable cfn_nag_scan (Gem::GemNotFoundException)
cfn_nag_dev@caefac1f2dd9:/workspaces/cfn_nag$ bundle exec cfn_nag_scan --input-path spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
spec/test_templates/yaml/sam/globals.yml
------------------------------------------------------------
Failures count: 0
Warnings count: 0
Currently none of the cfn_nag commands (e.g. cfn_nag, cfn_nag_rules, cfn_nag_scan) will work from directly within the VSCode Remote Development container. Being able to execute these from within the container would be useful to keep all actions siloed. One way we could get around this (as suggested by @phelewski) is to add them as rake commands. We can start off by trying to create a rake task for cfn_nag_rules.