Skip to content

Commit

Permalink
3.0.0 Beta release (#366)
Browse files Browse the repository at this point in the history 
* bumping up to 3.0.0-alpha (#347)

* bumping up to 3.0.0 alpha

* typo

* updating workflow

* Populated filename in the output (#358)

* Populated filename in the output

* Changed FileData into DataFile and handle error differently

* Refactored to use existing DataFile struct

---------

Co-authored-by: Akshay Rane <[email protected]>

* Support for some function expressions / stateful rules  (#361)

* init commit for function resolution / stateful rules

* more tests + making test rules better

* fixed bugs with validation of functions

* small cleanup

* fixes as per comments

* cleanup

* add todo

* typos

* fixed logical error breaking tests

* added test for test command with a function

* fixed unit test

* added comment to clearly explain whats happening in regex_replace cause no one actually understands regex

* Combined structured output and updated default rule clause name to include file name (#360)

* Populated filename in the output

* Structured combine

* Changed FileData into DataFile and handle error differently

* Resolved lifetime issue with FileReport combine method

* Updated status and method

* Refactored to use existing DataFile struct

* Changed FileData into DataFile and handle error differently

* Refactored to use existing DataFile struct

* Merged file report

* Interim commit for structured

* Resolved unit tests

* Temporary commit for default rule names

* Working prototype for formatting issue

---------

Co-authored-by: Akshay Rane <[email protected]>

* Clap Autocompletions (#340)

* temp

* fixing commands

* cleanup

* temp

* cleanup

* adding valuehints

* adding valuehints

* removed powershell

* cleanup

* removing derive

* removed unecessary ArgActions

* bumping up version

* refactor to use a function to generate commands

* removing unused imports

* removed random println

* updating readme

* fixes

* typo

* cleanup

* typo

* adding documentation for functions (#362)

* adding documentation for functions

* Combined structured output and updated default rule clause name to include file name (#360)

* Populated filename in the output

* Structured combine

* Changed FileData into DataFile and handle error differently

* Resolved lifetime issue with FileReport combine method

* Updated status and method

* Refactored to use existing DataFile struct

* Changed FileData into DataFile and handle error differently

* Refactored to use existing DataFile struct

* Merged file report

* Interim commit for structured

* Resolved unit tests

* Temporary commit for default rule names

* Working prototype for formatting issue

---------

Co-authored-by: Akshay Rane <[email protected]>

* clarifying docs

---------

Co-authored-by: Akshay Rane <[email protected]>
Co-authored-by: Akshay Rane <[email protected]>

* Deprecated migrate and previous engine (#364)

* Deprecated migrate and previous engine

* Removed a unit test for old engine

---------

Co-authored-by: Akshay Rane <[email protected]>

* 3.0.0 beta release changes (#365)

* Bump up version to 3.0.0-beta

* Updated README.md

* Add instances to rules integration tests (#351)

* Added 2 runners to integration tests for rules registry

* Fixed indent

* Added explicit shell name

* Moved shell to job parameters

* Added powershell commands for windows

* Removed test branch

* Updated README.md (#352)

* Updated README for Guard 3.0

* Update README.md

Co-authored-by: Ben Bridts <[email protected]>

---------

Co-authored-by: Ben Bridts <[email protected]>

---------

Co-authored-by: Akshay Rane <[email protected]>
Co-authored-by: razcloud <[email protected]>
Co-authored-by: Ben Bridts <[email protected]>

* feat: Add cfn-guard-lambda deployment with SAM CLI (#354)

* feat: Add cfn-guard-lambda deployment with SAM CLI

* Renamed the logical ID for lambda in template & updated README.md

* Updated the instructions and added least privileged IAM access policy

---------

Co-authored-by: Ben Bridts <[email protected]>
Co-authored-by: Akshay Rane <[email protected]>

* Revert "Added deprecated short flag for print-json in parse-tree"

This reverts commit 93548a4

* Updated names of binaries to reflect v3

* Updated README.md to add new features

* Added rogue_one branch to docker workflow

* Bump enumflags2 to 0.7.7

---------

Co-authored-by: Akshay Rane <[email protected]>
Co-authored-by: razcloud <[email protected]>
Co-authored-by: Ben Bridts <[email protected]>
Co-authored-by: Ben Bridts <[email protected]>

---------

Co-authored-by: Akshay Rane <[email protected]>
Co-authored-by: Akshay Rane <[email protected]>
Co-authored-by: razcloud <[email protected]>
Co-authored-by: Ben Bridts <[email protected]>
Co-authored-by: Ben Bridts <[email protected]>
  • Loading branch information
@joshfried-aws @akshayrane
@razcloud @benbridts
6 people authored Jun 9, 2023
1 parent e0d7f6b commit a3992ca
Show file tree
Hide file tree
Showing 83 changed files with 3,260 additions and 4,426 deletions.
88 changes: 77 additions & 11 deletions .github/workflows/pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Rust

on:
push:
branches: [ main, development ]
branches: [ main, development, rogue_one ]
pull_request:
branches: [ main, development ]
branches: [ main, development, rogue_one ]

env:
CARGO_TERM_COLOR: always
Expand All @@ -19,7 +19,7 @@ jobs:
run: cargo build --release --verbose
- name: Run unit tests
run: cargo test --verbose

shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
Expand All @@ -39,9 +39,12 @@ jobs:
- name: Rustfmt Check
uses: actions-rust-lang/rustfmt@v1

aws-guard-rules-registry-ubuntu-integration-tests:
name: Integration tests against aws-guard-rules-registry on Ubuntu
runs-on: ubuntu-latest
aws-guard-rules-registry-integration-tests-linux:
strategy:
matrix:
os: [ ubuntu-latest, macos-latest ]
runs-on: ${{ matrix.os }}
name: Integration tests against aws-guard-rules-registry
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
Expand Down Expand Up @@ -69,11 +72,11 @@ jobs:
- name: Run integration tests using parse-tree command
run: |
cd aws-guard-rules-registry/rules
FAILED_RULES=()
SKIPPED_RULES=()
rules=( $(find . -type f -name "*.guard") )
for rule in "${rules[@]}"
do
if [ $(sed -e '/^[ \s]*#.*$/d' $rule | sed -r '/^\s*$/d' | wc -l) -eq 0 ]; then
Expand All @@ -84,7 +87,7 @@ jobs:
FAILED_RULES+=("$rule")
fi
done
SKIPPED_RULE_COUNT=${#SKIPPED_RULES[@]}
if [ $SKIPPED_RULE_COUNT -gt 0 ]; then
echo "The following $SKIPPED_RULE_COUNT rule(s) were skipped because they contained only comments:"
Expand All @@ -93,9 +96,9 @@ jobs:
echo "$skipped_rule"
done
fi
FAILED_RULE_COUNT=${#FAILED_RULES[@]}
if [ $FAILED_RULE_COUNT -gt 0 ]; then
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
for failed_rule in "${FAILED_RULES[@]}"
Expand All @@ -106,5 +109,68 @@ jobs:
else
echo "All the rules have succeeded the parse-tree integration tests."
fi
aws-guard-rules-registry-integration-tests-windows:
runs-on: windows-latest
name: Integration tests against aws-guard-rules-registry for Windows
steps:
- uses: actions/checkout@v3
name: Checkout cfn-guard
with:
path: cloudformation-guard
- name: Build binary
run: |
cd cloudformation-guard/guard/
cargo build --release
- uses: actions/checkout@v3
name: Checkout aws-guard-rules-registry
with:
repository: aws-cloudformation/aws-guard-rules-registry
path: aws-guard-rules-registry
ref: main
- name: Run integration tests using test command
run: |
if (cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules) {
echo "The integration tests for test command have passed."
}
else {
echo "The integration tests for test command have failed."
exit 1
}
- name: Run integration tests using parse-tree command
run: |
cd aws-guard-rules-registry/rules
$FAILED_RULES = @()
$SKIPPED_RULES = @()
$rules = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File)
Foreach ($rule in $rules) {
$rule_files_without_comments = (Get-Content $rule.FullName) -replace '^[ \s]*#.*$', ''
if ([String]::IsNullOrWhiteSpace($rule_files_without_comments)){
$SKIPPED_RULES += "$rule"
}
elseif (../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule.FullName) {
continue
} else {
$FAILED_RULES += "$rule"
}
}
$SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length
if ($SKIPPED_RULE_COUNT -gt 0) {
echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:"
echo $SKIPPED_RULES
}
$FAILED_RULE_COUNT = $FAILED_RULES.Length
if ($FAILED_RULE_COUNT -gt 0) {
echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
echo $FAILED_RULES
exit 1
} else {
echo "All the rules have succeeded the parse-tree integration tests."
}
2 changes: 1 addition & 1 deletion .github/workflows/publish_docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: Deploy to ECR Public Gallery

on:
push:
branches: [ main ]
branches: [ main, rogue_one ]

jobs:

Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,24 +27,24 @@ jobs:
macos: |
rustup target add x86_64-apple-darwin
cargo build --release --target x86_64-apple-darwin
mkdir cfn-guard-v2-${{ matrix.os }}
cp ./target/x86_64-apple-darwin/release/cfn-guard ./cfn-guard-v2-${{ matrix.os }}/
cp README.md ./cfn-guard-v2-${{ matrix.os }}/
tar czvf ./cfn-guard-v2-${{ matrix.os }}.tar.gz ./cfn-guard-v2-${{ matrix.os }}
mkdir cfn-guard-v3-${{ matrix.os }}
cp ./target/x86_64-apple-darwin/release/cfn-guard ./cfn-guard-v3-${{ matrix.os }}/
cp README.md ./cfn-guard-v3-${{ matrix.os }}/
tar czvf ./cfn-guard-v3-${{ matrix.os }}.tar.gz ./cfn-guard-v3-${{ matrix.os }}
linux: |
rustup target add x86_64-unknown-linux-musl
cargo build --release --target x86_64-unknown-linux-musl
mkdir cfn-guard-v2-${{ matrix.os }}
cp ./target/x86_64-unknown-linux-musl/release/cfn-guard ./cfn-guard-v2-${{ matrix.os }}/
cp README.md ./cfn-guard-v2-${{ matrix.os }}/
tar czvf ./cfn-guard-v2-${{ matrix.os }}.tar.gz ./cfn-guard-v2-${{ matrix.os }}
mkdir cfn-guard-v3-${{ matrix.os }}
cp ./target/x86_64-unknown-linux-musl/release/cfn-guard ./cfn-guard-v3-${{ matrix.os }}/
cp README.md ./cfn-guard-v3-${{ matrix.os }}/
tar czvf ./cfn-guard-v3-${{ matrix.os }}.tar.gz ./cfn-guard-v3-${{ matrix.os }}
- name: Upload Release Asset
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.get_release.outputs.upload_url }}
asset_path: ./cfn-guard-v2-${{ matrix.os }}.tar.gz
asset_name: cfn-guard-v2-${{ matrix.os }}.tar.gz
asset_path: ./cfn-guard-v3-${{ matrix.os }}.tar.gz
asset_name: cfn-guard-v3-${{ matrix.os }}.tar.gz
asset_content_type: application/octet-stream
59 changes: 40 additions & 19 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
build-CloudFormationGuardLambda:
# installing rust every time you build is not great, but it's better than having
# to install a toolchain yourself. In most cases builds will be infrequent.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source ${HOME}/.cargo/env && rustup target add x86_64-unknown-linux-musl
source ${HOME}/.cargo/env && cd guard-lambda && cargo build --release --target x86_64-unknown-linux-musl
cp -r /tmp/samcli/scratch/target/x86_64-unknown-linux-musl/release/cfn-guard-lambda $(ARTIFACTS_DIR)/bootstrap
Loading

0 comments on commit a3992ca

Please sign in to comment.