search

unbounce / iidy

iidy (Is it done yet?) -- CloudFormation with Confidence
MIT License
52 stars 7 forks source link

Odd behaviour from render when piping to cfn-lint vs outputting to file & then linting #272

Open marksweb opened 2 years ago

marksweb commented 2 years ago

This is the same issue as raised in #238

I'm attempting to debug some unusual behaviour happening on my mac, which doesn't occur for a colleague on a linux machine.

Officially my iidy version is 1.11.0, but I've built from source at commit 892629099a4d719cf74d57809f95831a5d6ccbc9

For reference my cfn-lint is 0.44.5.

We lint our templates before working on stacks, as I'm sure most people do;

CommandsBefore:
  - "iidy render ../templates/stack.yml | cfn-lint"

Running this I get errors;

% iidy update-stack realbuzz-events.yml
== Executing CommandsBefore from argsfile ============================

-- Command 1 --------------------------------------------------
iidy render ../templates/stack.yml | cfn-lint
-- Command 1 Output -------------------------
W2001 Parameter WebALBACMCertificateArn not used.
None:69:3

E1010 Invalid GetAtt WebStaticCDN.DomainName for resource JumpHostTaskDefintion
None:547:17

E1010 Invalid GetAtt WebStaticCDN.DomainName for resource AppTask
None:715:17

E1010 Invalid GetAtt WebStaticCDN.DomainName for resource CeleryTask
None:1020:17

E3001 Resource not properly configured at WebALBSecurityGroupIngressHTTP
None:2135:3

error Error running command (exit code 6):
iidy render ../templates/stack.yml | cfn-lint

To try to debug this I wanted to output the render to a file & linting that, however, it's successful.

% iidy render ../templates/stack.yml > /tmp/compiled-terminal.yml
% cfn-lint /tmp/compiled-terminal.yml                            
%

On inspecting the compiled file for the error;

E3001 Resource not properly configured at WebALBSecurityGroupIngressHTTP
None:2135:3

This is the line; 000100d0: 2057 6562 414c 4253 6563 7572 6974 7947 WebALBSecurityG

tavisrudd commented 2 years ago

Hi @marksweb, our lint rules had gotten out of date with upstream. I'm working on an update to them this week. In the meantime you can pass the argument --lint-template false to bypass them.

tavisrudd commented 2 years ago

Hi @marksweb, I think I misunderstood this issue on first read. Would you mind testing it on the latest cfn-lint and iidy v1.12.0? If it's still broken can you email me a copy of your template to try debugging? Tavis

marksweb commented 2 years ago

@tavisrudd I've finally found some time to try this out & it's still not happy with our templates, so I can email one over.

tavisrudd commented 2 years ago

@tavisrudd I've finally found some time to try this out & it's still not happy with our templates, so I can email one over.

Yes please: tavis at unbounce