taskcat icon indicating copy to clipboard operation
taskcat copied to clipboard
verified publisher icon aws-ia

Valid YML flagged as non-valid and linting error that makes it through

Open DarwinJS opened this issue 3 years ago • 0 comments

Describe the bug

With the latest qs-cfn-lint-rules (commit: e76e881bde4ed692ac284d0573ea8621d51c1d8a)

This fails:

            105_gitlab_distro_mapping:
              command: !Sub |
                IFS='.' read -r major minor patch <<< '${GitLabVersion}'; if [ ${major} -ge 15 ]; then sed -i 's/\/el\/7/\/amazon\/2/g' /etc/yum.repos.d/gitlab_gitlab*.repo; else sed -i 's/\/amazon\/2/\/el\/7/g' /etc/yum.repos.d/gitlab_gitlab*.repo; fi

With the linting error:

[ERROR  ] : ---
[ERROR  ] : Linting detected issues in: /mnt/templates/workload/gitlab-gitaly-template.yaml
[ERROR  ] :     line 246 [1019] [Sub validation of parameters] Parameter major for Fn::Sub not found at Resources/GitalyAutoScalingGroup/Me
                                                     tadata/AWS::CloudFormation::Init/02_prereqs/commands/104_gitlab_distro_mappi
                                                     ng/command/Fn::Sub

The syntax is valid and documented in many places.

This "Join" version makes it through the linting - but then in CloudFormation the lack of double back slash generates a yaml error when the stack runs:

            105_gitlab_distro_mapping:
              command:
                Fn::Join:
                  - ""
                  - - "IFS='.' read -r major minor patch <<< '"
                    - Ref: "GitLabVersion"
                    - "'; if [ ${major} -ge 15 ]; then sed -i 's/\/el\/7/\/amazon\/2/g' /etc/yum.repos.d/gitlab_gitlab*.repo; else sed -i 's/\/amazon\/2/\/el\/7/g' /etc/yum.repos.d/gitlab_gitlab*.repo; fi"

To Reproduce Steps to reproduce the behavior:

  1. Use the Join version of the code exactly
  2. Notice that linting let's it pass
  3. Notice that the cloudformation template gets a malformed yaml error.

Expected behavior The Sub form should pass cfn-lint / taskcat linting. Perhaps the lack of escaping \ should be caught as a yaml syntax error.

Screenshots If applicable, add screenshots to help explain your problem.

**Version (Please make sure you are running the latest version of taskcat)

  • Taskcat Version (ex: [2018.817.210357])

Note: Python Version (python3 required)

To find versions: Via taskcat: taskcat -V Via pip3: pip3 show taskcat

Note: both version should match

To update taskcat run: for docker : docker pull taskcat/taskcat for pip3: pip3 install --upgrade taskcat

Additional context Add any other context about the problem here.

DarwinJS avatar Jul 08 '22 11:07 DarwinJS