No software is perfect, here is a list of known issues /gotchas that is worth noting with potential workarounds when you do encounter them (and for some, where you don’t really have a solution)
- Queries assigned to variables (see Guard: Variable, Projections and Interpolations) can be accessed using two forms when defining clauses, E.g.
let api_gws = Resources.*[ Type == 'AWS::ApiGateway::RestApi' ]
%api_gws.Properties.EndpointConfiguration.Types[*] == "PRIVATE"`
or
%api_gws {
Properties.EndpointConfiguration.Types[*] == "PRIVATE"
}
The block form iterates over all AWS::ApiGateway::RestApi resources found in the input. The first form short circuits and returns immediately after the first resource failure.
Workaround: use the block form to traverse all values to show all resource failures and not just the first one that failed. We are tracking to resolve this issue.
- Need
whenguards with filter expressions- When a query uses filters likeResources.*[ Type == 'AWS::ApiGateway::RestApi' ], if there are noApiGatwayresources, then Guard will fail the clause today when performing the check
%api_gws.Properties.EndpointConfiguration.Types[*] == "PRIVATE"
Workaround: assign filters to variables and use
whencondition check e.g.
let api_gws = Resources.*[ Type == 'AWS::ApiGateway::RestApi' ]
when %api_gws !empty { ...}
- When performing
!=comparison, if the values are incompatible like comparing astringtoint, an error is thrown internally but currently suppressed and converted tofalseto satisfy the requirements of Rust’s PartialEq. We are tracking to release a fix for this issue soon. existsandemptychecks do not display the JSON pointer path inside the document in the error messages. Both these clauses often have retrieval errors which does not maintain this traversal information today. We are tracking to resolve this issue.- Currently, for
stringliterals, Guard does not support embedded escaped strings. We are tracking to resolve this issue soon.