Update cfn-model to 0.5.4 (Fixes #422) (#493)

stelligent · Nov 5, 2020 · 66beea9 · 66beea9
1 parent 4867271
commit 66beea9
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 1 deletion.
diff --git a/cfn-nag.gemspec b/cfn-nag.gemspec
@@ -25,7 +25,7 @@ Gem::Specification.new do |s|
   # versus what we used to run tests in cfn-nag before publishing cfn-nag
   # they are coupled and we are doing a good bit of experimenting in cfn-model
   # i might consider collapsing them again....
-  s.add_runtime_dependency('cfn-model', '0.5.2')
+  s.add_runtime_dependency('cfn-model', '0.5.4')
   s.add_runtime_dependency('logging', '~> 2.2.2')
   s.add_runtime_dependency('netaddr', '~> 2.0.4')
   s.add_runtime_dependency('optimist', '~> 3.0.0')

diff --git a/spec/cfn_nag_integration/cfn_nag_serverless_transform_spec.rb b/spec/cfn_nag_integration/cfn_nag_serverless_transform_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+require 'cfn-nag/cfn_nag_config'
+require 'cfn-nag/cfn_nag'
+
+describe CfnNag do
+  before(:all) do
+    CfnNagLogging.configure_logging(debug: false)
+    @cfn_nag = CfnNag.new(config: CfnNagConfig.new)
+  end
+
+  # the heavy lifting for dealing with metadata is down in cfn-model.  just make sure we've got a good version
+  # of the parser that doesn't blow up
+  context 'serverless function with metadata', :lambda do
+    it 'parses properly' do
+      template_name = 'yaml/sam/metadata.yml'
+      actual_aggregate_results = @cfn_nag.audit_aggregate_across_files input_path: test_template_path(template_name)
+
+      expected_aggregate_results = [
+        {
+          filename: test_template_path(template_name),
+          file_results: {
+            failure_count: 0,
+            violations: [
+              Violation.new(
+                id: 'W58', type: Violation::WARNING,
+                message: LambdaFunctionCloudWatchLogsRule.new.rule_text,
+                logical_resource_ids: %w[SomeFunction2],
+                line_numbers: [-1]
+              )
+            ]
+          }
+        }
+      ]
+
+      expect(actual_aggregate_results).to eq expected_aggregate_results
+    end
+  end
+end
diff --git a/spec/test_templates/yaml/sam/metadata.yml b/spec/test_templates/yaml/sam/metadata.yml
@@ -0,0 +1,41 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Transform: 'AWS::Serverless-2016-10-31'
+Parameters:
+  Site:
+    Type: String
+  FunctionRoleArn:
+    Type: String
+Globals:
+  Api:
+    EndpointConfiguration: REGIONAL
+  Function:
+    Runtime: java8
+    MemorySize: 1408
+    Timeout: 30
+    CodeUri:
+      Bucket: !Sub "bucket.lambda.${Site}"
+      Key: !Sub "lambda/code/${Site}/jar-with-dependencies.jar"
+Resources:
+  SomeFunction:
+    Type: 'AWS::Serverless::Function'
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: W58
+            reason: I know what I am doing
+    Properties:
+      FunctionName: !Sub "${Site}-Function"
+      Handler: "com.test.Function::handleRequest"
+      Tracing: Active
+      Role: !Ref FunctionRoleArn
+      Tags:
+        warmup: 'True'
+  SomeFunction2:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      FunctionName: !Sub "${Site}-Function"
+      Handler: "com.test.Function::handleRequest"
+      Tracing: Active
+      Role: !Ref FunctionRoleArn
+      Tags:
+        warmup: 'True'