From ddd2cf95c54eb98bc74e56bc8235386b996402f2 Mon Sep 17 00:00:00 2001 From: Kevin DeJong Date: Thu, 19 Oct 2023 10:42:46 -0700 Subject: [PATCH] Update guard hook --- .../cfn_guard_rs/python/cfn_guard_rs/api.py | 6 ++- .../python/cfn_guard_rs/interface.py | 44 +++++++++++++------ .../cfn_guard_rs_hook/guard_hook.py | 18 +++++--- 3 files changed, 48 insertions(+), 20 deletions(-) diff --git a/packages/cfn_guard_rs/python/cfn_guard_rs/api.py b/packages/cfn_guard_rs/python/cfn_guard_rs/api.py index dddb52f5..8baa3110 100644 --- a/packages/cfn_guard_rs/python/cfn_guard_rs/api.py +++ b/packages/cfn_guard_rs/python/cfn_guard_rs/api.py @@ -40,11 +40,12 @@ def run_checks(data: dict, rules: str) -> FileReport: """ try: raw_output = run_checks_rs(json.dumps(data), rules, False) + LOG.debug("Raw output: %s", raw_output) output = json.loads(raw_output) return FileReport.from_object(output) except json.JSONDecodeError as err: - LOG.debug( + LOG.info( "JSON decoding error when processing return value [%s] got error: %s", raw_output, err, @@ -55,9 +56,10 @@ def run_checks(data: dict, rules: str) -> FileReport: except CfnGuardParseError as err: raise errors.ParseError(str(err)) except Exception as err: - LOG.debug( + LOG.info( "Received unknown exception [%s] while running checks, got error: %s", type(err), err, + exc_info=True, ) raise errors.UnknownError(str(err)) diff --git a/packages/cfn_guard_rs/python/cfn_guard_rs/interface.py b/packages/cfn_guard_rs/python/cfn_guard_rs/interface.py index 1a2243ea..f81ca7f4 100644 --- a/packages/cfn_guard_rs/python/cfn_guard_rs/interface.py +++ b/packages/cfn_guard_rs/python/cfn_guard_rs/interface.py @@ -29,7 +29,10 @@ class Messages: error_message: str | None = field(default=None) @classmethod - def from_object(cls, obj) -> "Messages": + def from_object(cls, obj) -> "Messages" | None: + if obj is None: + return None + return cls( custom_message=obj.get("custom_message"), error_message=obj.get("error_message"), @@ -74,7 +77,7 @@ class GuardBlockReport(ValueComparisons): unresolved: Any = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "GuardBlockReport" | None: if obj is None: return obj @@ -100,7 +103,7 @@ class DisjunctionsReport: checks: ClauseReport = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "DisjunctionsReport" | None: if obj is None: return obj @@ -115,7 +118,10 @@ class UnaryComparison: comparison: Tuple[str, bool] = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "UnaryComparison" | None: + if obj is None: + return None + return cls( value=obj.get("value"), comparison=tuple(obj.get("comparison")), @@ -131,7 +137,7 @@ class UnResolved: reason: Any = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "UnResolved" | None: if obj is None: return None return cls( @@ -147,7 +153,10 @@ class ValueUnResolved: comparison: Any = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "ValueUnResolved" | None: + if obj is None: + return None + return cls( value=obj.get("value"), comparison=obj.get("comparison"), @@ -163,7 +172,7 @@ class UnaryCheck(ValueComparisons): UnresolvedContext: Any | None = field(default=None) @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "UnaryCheck" | None: if obj is None: return obj @@ -195,7 +204,7 @@ class UnaryReport: check: UnaryCheck = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "UnaryReport" | None: if obj is None: return None @@ -213,7 +222,7 @@ class BinaryComparison: comparison: Any = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "BinaryComparison" | None: if obj is None: return None return cls( @@ -230,6 +239,9 @@ def __init__(self, **kwargs) -> None: @classmethod def from_object(cls, obj) -> "InComparison" | None: + if obj is None: + return None + return cls( from_=obj.get("from"), to_=obj.get("to"), @@ -244,7 +256,10 @@ class BinaryCheck(ValueComparisons): InResolved: Any = field(default=None) @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "BinaryCheck" | None: + if obj is None: + return None + return cls( Resolved=BinaryComparison.from_object(obj.get("Resolved")), UnResolved=UnResolved.from_object(obj.get("UnResolved")), @@ -275,7 +290,7 @@ class BinaryReport: check: BinaryCheck = field() @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "BinaryReport" | None: if obj is None: return obj return cls( @@ -293,7 +308,7 @@ class GuardClauseReport(ValueComparisons): Binary: BinaryReport | None = field(default=None) @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "GuardClauseReport" | None: if obj is None: return obj @@ -345,7 +360,10 @@ class ClauseReport(ValueComparisons): Clause: GuardClauseReport | None = field(default=None) @classmethod - def from_object(cls, obj): + def from_object(cls, obj) -> "ClauseReport" | None: + if obj is None: + return None + return cls( Rule=RuleReport.from_object(obj.get("Rule")), Disjunctions=DisjunctionsReport.from_object(obj.get("Disjunctions")), diff --git a/packages/cfn_guard_rs_hook/cfn_guard_rs_hook/guard_hook.py b/packages/cfn_guard_rs_hook/cfn_guard_rs_hook/guard_hook.py index 29b95659..f6c4e92c 100644 --- a/packages/cfn_guard_rs_hook/cfn_guard_rs_hook/guard_hook.py +++ b/packages/cfn_guard_rs_hook/cfn_guard_rs_hook/guard_hook.py @@ -284,20 +284,28 @@ def __run_checks(self, template: dict, type_configuration: Any) -> ProgressEvent progress.errorCode = HandlerErrorCode.NonCompliant progress.message = "" for not_compliant in guard_result.not_compliant: + LOG.debug("Not Compliant: %s", not_compliant) rule = not_compliant.Rule if rule is None: progress.message += "Found not compliant without rule. " continue for err in rule.checks: - path = err.value_from.get("path") + LOG.debug("Rule check: %s", err) clause = err.Clause if clause is None: progress.message += "Found not compliant without a clause. " continue - progress.message += ( - f"Rule [{rule.name}] failed on " - f"property [{path}] and got error [{clause.messages}]. " - ) + if err.value_from: + progress.message += ( + f"Rule [{rule.name}] failed on " + f"property [{err.value_from.get('path')}] " + f"and got error [{clause.messages}]. " + ) + else: + progress.message += ( + f"Rule [{rule.name}] failed " + f"with error [{clause.messages}]. " + ) progress.message = progress.message.strip() LOG.debug("Progress Event: %s", progress) return progress