cfn-model 0.0.0

data/lib/cfn-model/schema/AWS_SNS_TopicPolicy.yml

@@ -0,0 +1,23 @@
+---
+type: map
+mapping:
+  Type:
+    type: str
+    required: yes
+    pattern: /AWS::SNS::TopicPolicy/
+  Properties:
+    type: map
+    required: yes
+    mapping:
+      PolicyDocument:
+        type:   any
+        required: yes
+      Topics:
+        type:   seq
+        required: yes
+        sequence:
+          - type:   any
+      =:
+        type: any
+  =:
+    type: any

data/lib/cfn-model/schema/AWS_SQS_QueuePolicy.yml

@@ -0,0 +1,23 @@
+---
+type: map
+mapping:
+  Type:
+    type: str
+    required: yes
+    pattern: /AWS::SQS::QueuePolicy/
+  Properties:
+    type: map
+    required: yes
+    mapping:
+      PolicyDocument:
+        type:   any
+        required: yes
+      Queues:
+        type:   seq
+        required: yes
+        sequence:
+          - type:   any
+      =:
+        type: any
+  =:
+    type: any

data/lib/cfn-model/schema/schema.yml.erb

@@ -0,0 +1,17 @@
+type: map
+mapping:
+
+  Parameters:
+    type: map
+    required: no
+    mapping:
+      # insert parmaetrs here
+
+  Resources:
+    type: map
+    required: yes
+    mapping:
+     # insert resource
+
+  =:
+    type: any

data/lib/cfn-model/validator/cloudformation_validator.rb

@@ -0,0 +1,12 @@
+require_relative 'schema_generator'
+require 'kwalify'
+
+class CloudFormationValidator
+  def validate(cloudformation_string)
+    schema = SchemaGenerator.new.generate cloudformation_string
+
+    validator = Kwalify::Validator.new(schema)
+
+    validator.validate(YAML.load(cloudformation_string))
+  end
+end

data/lib/cfn-model/validator/reference_validator.rb

@@ -0,0 +1,83 @@
+require 'set'
+
+class ReferenceValidator
+  def unresolved_references(cloudformation_hash)
+    if cloudformation_hash['Parameters'].nil?
+      parameter_keys = []
+    else
+      parameter_keys = cloudformation_hash['Parameters'].keys
+    end
+
+    resource_keys = cloudformation_hash['Resources'].keys
+    missing_refs = all_references(cloudformation_hash) - Set.new(parameter_keys + resource_keys)
+    missing_refs
+  end
+
+  private
+
+  def all_references(cloudformation_hash)
+    result = Set.new
+    cloudformation_hash['Resources'].values.each do |resource_hash|
+      result |= all_ref(resource_hash['Properties'])
+      result |= all_get_att(resource_hash['Properties'])
+    end
+    result
+  end
+
+  def all_ref(properties_hash)
+    refs = Set.new
+
+    unless properties_hash.nil?
+      properties_hash.values.each do |value|
+        if value.is_a? Hash
+          sub_hash = value
+
+          if sub_hash.size == 1 && !sub_hash['Ref'].nil?
+            unless sub_hash['Ref'].is_a? String
+              raise ParserError.new("Ref target must be string literal: #{sub_hash}")
+            end
+
+            unless pseudo_reference?(sub_hash['Ref'])
+              refs << sub_hash['Ref']
+            end
+          else
+            refs |= all_ref(sub_hash)
+          end
+        end
+      end
+    end
+    refs
+  end
+
+  def all_get_att(properties_hash)
+    refs = Set.new
+
+    unless properties_hash.nil?
+      properties_hash.values.each do |value|
+        if value.is_a? Hash
+          sub_hash = value
+
+          # ! GetAtt too
+          if sub_hash.size == 1 && !sub_hash['Fn::GetAtt'].nil?
+            if sub_hash['Fn::GetAtt'].is_a? Array
+              refs << sub_hash['Fn::GetAtt'][0]
+            elsif sub_hash['Fn::GetAtt'].is_a? String
+              if sub_hash['Fn::GetAtt'] =~ /([^.]*)\.(.*)/
+                refs << $1
+              end
+
+            end
+          else
+            refs |= all_get_att(sub_hash)
+          end
+        end
+      end
+    end
+
+    refs
+  end
+
+  def pseudo_reference?(ref)
+    ref =~ /AWS::.*/
+  end
+end

data/lib/cfn-model/validator/resource_type_validator.rb

@@ -0,0 +1,34 @@
+require 'cfn-model/parser/parser_error'
+
+class ResourceTypeValidator
+
+  def self.validate(cloudformation_yml)
+    hash = YAML.load cloudformation_yml
+    if hash == false || hash.nil?
+      raise ParserError.new 'yml empty'
+    end
+
+    if hash['Resources'].nil? or hash['Resources'].empty?
+      raise ParserError.new 'Illegal cfn - no Resources'
+    end
+
+    resources = hash['Resources']
+
+    resources.each do |resource_id, resource|
+      if resource['Type'].nil?
+        raise ParserError.new "Illegal cfn - missing Type: id: #{resource_id}"
+      end
+    end
+
+    parameters = hash['Parameters']
+    unless parameters.nil?
+      parameters.each do |parameter_id, parameter|
+        if parameter['Type'].nil?
+          raise ParserError.new "Illegal cfn - missing Parameter Type: id: #{parameter_id}"
+        end
+      end
+    end
+
+    hash
+  end
+end

data/lib/cfn-model/validator/schema_generator.rb

@@ -0,0 +1,86 @@
+require_relative 'resource_type_validator'
+require 'yaml'
+
+##
+# This generator is a bit of hacking to trick kwalify into validating yaml for a cfn template.
+#
+# because cfn uses open-ended key names for the resources.... a static schema can't be used
+# with kwalify.  so first we make sure there is a basic structure of resources with Type values
+# then we generate the schema from the document for the keys and cross-reference with schema
+# files per resource type
+class SchemaGenerator
+  def generate(cloudformation_yml)
+
+    # make sure structure of Resources is decent and that every record has a Type at least
+    cloudformation_hash = ResourceTypeValidator.validate cloudformation_yml
+
+    parameters_schema = generate_schema_for_parameter_keys cloudformation_hash
+    resources_schema = generate_schema_for_resource_keys cloudformation_hash
+
+    main_schema = YAML.load IO.read(schema_file('schema.yml.erb'))
+    if parameters_schema.empty?
+      main_schema['mapping'].delete 'Parameters'
+    else
+      main_schema['mapping']['Parameters']['mapping'] = parameters_schema
+    end
+    main_schema['mapping']['Resources']['mapping'] = resources_schema
+    main_schema
+  end
+
+  private
+
+  ##
+  # this is fairly superfluous.  there's not much structure here
+  # except that Types are Strings.... anything else is up to a rule
+  # to wade through all the optional crap (like looking for NoEcho)
+  def generate_schema_for_parameter_keys(cloudformation_hash)
+    return {} if cloudformation_hash['Parameters'].nil?
+
+    parameters_schema = {
+      '=' => { 'type' => 'any'}
+    }
+
+    cloudformation_hash['Parameters'].each do |parameter_key, parameter|
+      parameters_schema[parameter_key] = {
+        'type' => 'map',
+        'mapping' => {
+          'Type' => {
+            'type' => 'str'
+          },
+          '=' => {
+            'type' => 'any'
+          }
+        }
+      }
+    end
+    parameters_schema
+  end
+
+  def generate_schema_for_resource_keys(cloudformation_hash)
+    resources_schema = {
+      '=' => { 'type' => 'any'}
+    }
+
+    cloudformation_hash['Resources'].each do |resource_id, resource|
+      schema_hash = schema_for_type(resource['Type'])
+      unless schema_hash.nil?
+        resources_schema[resource_id] = schema_hash
+      end
+    end
+    resources_schema
+  end
+
+  def schema_file(file)
+    "#{__dir__}/../schema/#{file.gsub(/::/, '_')}"
+  end
+
+  def schema_for_type(type)
+    schema_file_path = schema_file("#{type}.yml")
+
+    if !File.exist? schema_file_path
+      nil
+    else
+      YAML.load IO.read(schema_file_path)
+    end
+  end
+end

data/lib/cfn-model.rb

@@ -0,0 +1,2 @@
+require 'cfn-model/parser/cfn_parser'
+require 'cfn-model/model/cfn_model'

metadata

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification
+name: cfn-model
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Eric Kascic
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-07-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: kwalify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.7.2
+description: An object model for CloudFormation templates
+email: 
+executables:
+- cfn_parse
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/cfn_parse
+- lib/cfn-model.rb
+- lib/cfn-model/model/bucket_policy.rb
+- lib/cfn-model/model/cfn_model.rb
+- lib/cfn-model/model/ec2_instance.rb
+- lib/cfn-model/model/ec2_network_interface.rb
+- lib/cfn-model/model/iam_group.rb
+- lib/cfn-model/model/iam_managed_policy.rb
+- lib/cfn-model/model/iam_policy.rb
+- lib/cfn-model/model/iam_role.rb
+- lib/cfn-model/model/iam_user.rb
+- lib/cfn-model/model/iam_user_to_group_addition.rb
+- lib/cfn-model/model/load_balancer.rb
+- lib/cfn-model/model/model_element.rb
+- lib/cfn-model/model/policy.rb
+- lib/cfn-model/model/policy_document.rb
+- lib/cfn-model/model/principal.rb
+- lib/cfn-model/model/queue_policy.rb
+- lib/cfn-model/model/references.rb
+- lib/cfn-model/model/security_group.rb
+- lib/cfn-model/model/security_group_egress.rb
+- lib/cfn-model/model/security_group_ingress.rb
+- lib/cfn-model/model/statement.rb
+- lib/cfn-model/model/topic_policy.rb
+- lib/cfn-model/parser/cfn_parser.rb
+- lib/cfn-model/parser/ec2_instance_parser.rb
+- lib/cfn-model/parser/ec2_network_interface_parser.rb
+- lib/cfn-model/parser/iam_group_parser.rb
+- lib/cfn-model/parser/iam_role_parser.rb
+- lib/cfn-model/parser/iam_user_parser.rb
+- lib/cfn-model/parser/load_balancer_parser.rb
+- lib/cfn-model/parser/load_balancer_v2_parser.rb
+- lib/cfn-model/parser/parser_error.rb
+- lib/cfn-model/parser/parser_registry.rb
+- lib/cfn-model/parser/policy_document_parser.rb
+- lib/cfn-model/parser/security_group_parser.rb
+- lib/cfn-model/parser/with_policy_document_parser.rb
+- lib/cfn-model/schema/AWS_CloudFront_Distribution.yml
+- lib/cfn-model/schema/AWS_EC2_Instance.yml
+- lib/cfn-model/schema/AWS_EC2_NetworkInterface.yml
+- lib/cfn-model/schema/AWS_EC2_NetworkInterfaceAttachment.yml
+- lib/cfn-model/schema/AWS_EC2_SecurityGroup.yml
+- lib/cfn-model/schema/AWS_EC2_SecurityGroupEgress.yml
+- lib/cfn-model/schema/AWS_EC2_SecurityGroupIngress.yml
+- lib/cfn-model/schema/AWS_ElasticLoadBalancingV2_LoadBalancer.yml
+- lib/cfn-model/schema/AWS_ElasticLoadBalancing_LoadBalancer.yml
+- lib/cfn-model/schema/AWS_IAM_Group.yml
+- lib/cfn-model/schema/AWS_IAM_ManagedPolicy.yml
+- lib/cfn-model/schema/AWS_IAM_Policy.yml
+- lib/cfn-model/schema/AWS_IAM_Role.yml
+- lib/cfn-model/schema/AWS_IAM_User.yml
+- lib/cfn-model/schema/AWS_IAM_UserToGroupAddition.yml
+- lib/cfn-model/schema/AWS_Lambda_Permission.yml
+- lib/cfn-model/schema/AWS_S3_BucketPolicy.yml
+- lib/cfn-model/schema/AWS_SNS_TopicPolicy.yml
+- lib/cfn-model/schema/AWS_SQS_QueuePolicy.yml
+- lib/cfn-model/schema/schema.yml.erb
+- lib/cfn-model/validator/cloudformation_validator.rb
+- lib/cfn-model/validator/reference_validator.rb
+- lib/cfn-model/validator/resource_type_validator.rb
+- lib/cfn-model/validator/schema_generator.rb
+homepage: https://github.com/stelligent/cfn-model
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: cfn-model
+test_files: []