cfn-model 0.0.9 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/cfn-model/model/bucket_policy.rb +4 -0
- data/lib/cfn-model/model/cfn_model.rb +18 -0
- data/lib/cfn-model/model/ec2_instance.rb +15 -0
- data/lib/cfn-model/model/ec2_network_interface.rb +18 -0
- data/lib/cfn-model/model/iam_group.rb +4 -10
- data/lib/cfn-model/model/iam_managed_policy.rb +2 -0
- data/lib/cfn-model/model/iam_policy.rb +2 -0
- data/lib/cfn-model/model/iam_role.rb +4 -10
- data/lib/cfn-model/model/iam_user.rb +5 -0
- data/lib/cfn-model/model/iam_user_to_group_addition.rb +10 -0
- data/lib/cfn-model/model/load_balancer.rb +37 -0
- data/lib/cfn-model/model/model_element.rb +4 -0
- data/lib/cfn-model/model/policy.rb +10 -0
- data/lib/cfn-model/model/queue_policy.rb +3 -0
- data/lib/cfn-model/model/security_group.rb +4 -0
- data/lib/cfn-model/model/topic_policy.rb +3 -0
- data/lib/cfn-model/parser/ec2_instance_parser.rb +10 -0
- data/lib/cfn-model/parser/ec2_network_interface_parser.rb +10 -0
- data/lib/cfn-model/parser/iam_group_parser.rb +17 -0
- data/lib/cfn-model/parser/iam_role_parser.rb +6 -6
- data/lib/cfn-model/parser/iam_user_parser.rb +13 -1
- data/lib/cfn-model/parser/load_balancer_parser.rb +10 -0
- data/lib/cfn-model/parser/load_balancer_v2_parser.rb +15 -0
- data/lib/cfn-model/parser/parser_registry.rb +6 -1
- data/lib/cfn-model/parser/security_group_parser.rb +4 -4
- data/lib/cfn-model/parser/with_policy_document_parser.rb +1 -1
- data/lib/cfn-model/schema/AWS_EC2_Instance.yml +146 -0
- data/lib/cfn-model/schema/AWS_EC2_NetworkInterface.yml +62 -0
- data/lib/cfn-model/schema/AWS_EC2_NetworkInterfaceAttachment.yml +24 -0
- data/lib/cfn-model/schema/AWS_EC2_SecurityGroup.yml +14 -0
- data/lib/cfn-model/schema/AWS_ElasticLoadBalancingV2_LoadBalancer.yml +56 -0
- data/lib/cfn-model/schema/AWS_ElasticLoadBalancing_LoadBalancer.yml +157 -1
- data/lib/cfn-model/schema/AWS_IAM_User.yml +2 -2
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b40be56bb9e42ec1fba35ad4529c386233317a61
|
|
4
|
+
data.tar.gz: f4c348c41667a8331a283773acc0e3eceece5d70
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5aae1c11924963643a52f60f94926412ae25142c37b46c80d29447562a48e89b4678d57a1363044e3778c875be6502f7535f46098686354e03475e871a8d5694
|
|
7
|
+
data.tar.gz: b05b8a0cef40e5ee4252586104a71b54221f4b232c787dad86c360b9d49b60531f725c2219235fd91a88a6b56d462e6c48c36abde1f90682a9a92fa4a0d25bf7
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
require_relative 'model_element'
|
|
2
2
|
|
|
3
3
|
class AWS::S3::BucketPolicy < ModelElement
|
|
4
|
+
# mapped from document
|
|
4
5
|
attr_accessor :bucket, :policyDocument
|
|
5
6
|
|
|
7
|
+
# PolicyDocument - objectified policyDocument
|
|
8
|
+
attr_accessor :policy_document
|
|
9
|
+
|
|
6
10
|
def initialize
|
|
7
11
|
@resource_type = 'AWS::S3::BucketPolicy'
|
|
8
12
|
end
|
|
@@ -40,6 +40,24 @@ class CfnModel
|
|
|
40
40
|
@resources.values.select { |resource| resource.resource_type == resource_type }
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def find_security_group_by_group_id(security_group_reference)
|
|
44
|
+
security_group_id = References.resolve_security_group_id(security_group_reference)
|
|
45
|
+
if security_group_id.nil?
|
|
46
|
+
# leave it alone since external ref or something we don't grok
|
|
47
|
+
security_group_reference
|
|
48
|
+
else
|
|
49
|
+
matched_security_group = security_groups.find do |security_group|
|
|
50
|
+
security_group.logical_resource_id == security_group_id
|
|
51
|
+
end
|
|
52
|
+
if matched_security_group.nil?
|
|
53
|
+
# leave it alone since external ref or something we don't grok
|
|
54
|
+
security_group_reference
|
|
55
|
+
else
|
|
56
|
+
matched_security_group
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
43
61
|
def to_s
|
|
44
62
|
@resources.to_s
|
|
45
63
|
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
require_relative 'model_element'
|
|
2
|
+
|
|
3
|
+
class AWS::EC2::Instance < ModelElement
|
|
4
|
+
attr_accessor :securityGroupIds, :networkInterfaces
|
|
5
|
+
|
|
6
|
+
# SecurityGroup objects based upon securityGroupIds
|
|
7
|
+
attr_accessor :security_groups
|
|
8
|
+
|
|
9
|
+
def initialize
|
|
10
|
+
@securityGroupIds = []
|
|
11
|
+
@networkInterfaces = []
|
|
12
|
+
@security_groups = []
|
|
13
|
+
@resource_type = 'AWS::EC2::Instance'
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
require_relative 'model_element'
|
|
2
|
+
|
|
3
|
+
class AWS::EC2::NetworkInterface < ModelElement
|
|
4
|
+
attr_accessor :groupSet, :ipv6Addresses, :privateIpAddresses, :tags
|
|
5
|
+
attr_accessor :description, :ipv6AddressCount, :privateIpAddress, :secondaryPrivateIpAddressCount, :sourceDestCheck, :subnetId
|
|
6
|
+
|
|
7
|
+
# SecurityGroup objects based upon groupSet
|
|
8
|
+
attr_accessor :security_groups
|
|
9
|
+
|
|
10
|
+
def initialize
|
|
11
|
+
@groupSet = []
|
|
12
|
+
@ipv6Addresses = []
|
|
13
|
+
@privateIpAddresses = []
|
|
14
|
+
@tags = []
|
|
15
|
+
@security_groups = []
|
|
16
|
+
@resource_type = 'AWS::EC2::NetworkInterface'
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -3,19 +3,13 @@ require_relative 'model_element'
|
|
|
3
3
|
class AWS::IAM::Group < ModelElement
|
|
4
4
|
attr_accessor :groupName, :managedPolicyArns, :path, :policies
|
|
5
5
|
|
|
6
|
+
# synthesized version of policies
|
|
7
|
+
attr_accessor :policy_objects
|
|
8
|
+
|
|
6
9
|
def initialize
|
|
7
10
|
@managedPolicyArns = []
|
|
8
11
|
@policies = []
|
|
12
|
+
@policy_objects = []
|
|
9
13
|
@resource_type = 'AWS::IAM::Group'
|
|
10
14
|
end
|
|
11
15
|
end
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
class AWS::IAM::UserToGroupAddition < ModelElement
|
|
15
|
-
attr_accessor :groupName, :users
|
|
16
|
-
|
|
17
|
-
def initialize
|
|
18
|
-
@users = []
|
|
19
|
-
@resource_type = 'AWS::IAM::UserToGroupAddition'
|
|
20
|
-
end
|
|
21
|
-
end
|
|
@@ -1,20 +1,14 @@
|
|
|
1
1
|
require_relative 'model_element'
|
|
2
2
|
|
|
3
|
-
class AWS::IAM::Role
|
|
3
|
+
class AWS::IAM::Role < ModelElement
|
|
4
4
|
attr_accessor :roleName, :assumeRolePolicyDocument, :policies, :path, :managedPolicyArns
|
|
5
5
|
|
|
6
|
+
attr_accessor :policy_objects, :assume_role_policy_document
|
|
7
|
+
|
|
6
8
|
def initialize
|
|
7
9
|
@policies = []
|
|
8
10
|
@managedPolicyArns = []
|
|
11
|
+
@policy_objects = []
|
|
9
12
|
@resource_type = 'AWS::IAM::Role'
|
|
10
13
|
end
|
|
11
14
|
end
|
|
12
|
-
|
|
13
|
-
class Policy
|
|
14
|
-
attr_accessor :policyName, :policyDocument
|
|
15
|
-
|
|
16
|
-
def ==(another_policy)
|
|
17
|
-
policyName == another_policy.policyName &&
|
|
18
|
-
policyDocument == another_policy.policyDocument
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -3,9 +3,14 @@ require_relative 'model_element'
|
|
|
3
3
|
class AWS::IAM::User < ModelElement
|
|
4
4
|
attr_accessor :groups, :loginProfile, :path, :policies, :userName
|
|
5
5
|
|
|
6
|
+
# synthesized version of policies
|
|
7
|
+
attr_accessor :policy_objects, :group_names
|
|
8
|
+
|
|
6
9
|
def initialize
|
|
7
10
|
@groups = []
|
|
8
11
|
@policies = []
|
|
12
|
+
@policy_objects = []
|
|
13
|
+
@group_names = []
|
|
9
14
|
@resource_type = 'AWS::IAM::User'
|
|
10
15
|
end
|
|
11
16
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require_relative 'model_element'
|
|
2
|
+
|
|
3
|
+
class AWS::ElasticLoadBalancing::LoadBalancer < ModelElement
|
|
4
|
+
attr_accessor :securityGroups, :subnets, :tags, :scheme, :loadBalancerName, :crossZone, :availabilityZones, :connectionDrainingPolicy
|
|
5
|
+
attr_accessor :connectionSettings, :accessLoggingPolicy, :instances, :appCookieStickinessPolicy, :lBCookieStickinessPolicy, :healthCheck, :policies, :listeners
|
|
6
|
+
|
|
7
|
+
attr_accessor :security_groups
|
|
8
|
+
|
|
9
|
+
def initialize
|
|
10
|
+
@securityGroups = []
|
|
11
|
+
@security_groups = []
|
|
12
|
+
@subnets = []
|
|
13
|
+
@tags = []
|
|
14
|
+
@availabilityZones = []
|
|
15
|
+
@instances = []
|
|
16
|
+
@appCookieStickinessPolicy = []
|
|
17
|
+
@lBCookieStickinessPolicy = []
|
|
18
|
+
@policies = []
|
|
19
|
+
@listeners = []
|
|
20
|
+
@resource_type = 'AWS::ElasticLoadBalancing::LoadBalancer'
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
class AWS::ElasticLoadBalancingV2::LoadBalancer < ModelElement
|
|
25
|
+
attr_accessor :securityGroups, :loadBalancerAttributes, :subnets, :tags, :scheme, :name, :ipAddressType
|
|
26
|
+
|
|
27
|
+
attr_accessor :security_groups
|
|
28
|
+
|
|
29
|
+
def initialize
|
|
30
|
+
@securityGroups = []
|
|
31
|
+
@security_groups = []
|
|
32
|
+
@loadBalancerAttributes = []
|
|
33
|
+
@subnets = []
|
|
34
|
+
@tags = []
|
|
35
|
+
@resource_type = 'AWS::ElasticLoadBalancingV2::LoadBalancer'
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -3,6 +3,9 @@ require_relative 'model_element'
|
|
|
3
3
|
class AWS::SQS::QueuePolicy < ModelElement
|
|
4
4
|
attr_accessor :queues, :policyDocument
|
|
5
5
|
|
|
6
|
+
# PolicyDocument - objectified policyDocument
|
|
7
|
+
attr_accessor :policy_document
|
|
8
|
+
|
|
6
9
|
def initialize
|
|
7
10
|
@queues = []
|
|
8
11
|
@resource_type = 'AWS::SQS::QueuePolicy'
|
|
@@ -5,9 +5,13 @@ class AWS::EC2::SecurityGroup < ModelElement
|
|
|
5
5
|
attr_accessor :tags
|
|
6
6
|
attr_accessor :securityGroupIngress, :securityGroupEgress
|
|
7
7
|
|
|
8
|
+
attr_accessor :ingresses, :egresses
|
|
9
|
+
|
|
8
10
|
def initialize
|
|
9
11
|
@securityGroupIngress = []
|
|
10
12
|
@securityGroupEgress = []
|
|
13
|
+
@ingresses = []
|
|
14
|
+
@egresses = []
|
|
11
15
|
@tags = []
|
|
12
16
|
@resource_type = 'AWS::EC2::SecurityGroup'
|
|
13
17
|
end
|
|
@@ -3,6 +3,9 @@ require_relative 'model_element'
|
|
|
3
3
|
class AWS::SNS::TopicPolicy < ModelElement
|
|
4
4
|
attr_accessor :topics, :policyDocument
|
|
5
5
|
|
|
6
|
+
# PolicyDocument - objectified policyDocument
|
|
7
|
+
attr_accessor :policy_document
|
|
8
|
+
|
|
6
9
|
def initialize
|
|
7
10
|
@topics = []
|
|
8
11
|
@resource_type = 'AWS::SNS::TopicPolicy'
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
class Ec2InstanceParser
|
|
2
|
+
def parse(cfn_model:, resource:)
|
|
3
|
+
ec2_instance = resource
|
|
4
|
+
|
|
5
|
+
ec2_instance.security_groups = ec2_instance.securityGroupIds.map do |security_group_reference|
|
|
6
|
+
cfn_model.find_security_group_by_group_id(security_group_reference)
|
|
7
|
+
end
|
|
8
|
+
ec2_instance
|
|
9
|
+
end
|
|
10
|
+
end
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
class Ec2NetworkInterfaceParser
|
|
2
|
+
def parse(cfn_model:, resource:)
|
|
3
|
+
network_interface = resource
|
|
4
|
+
|
|
5
|
+
network_interface.security_groups = network_interface.groupSet.map do |security_group_reference|
|
|
6
|
+
cfn_model.find_security_group_by_group_id(security_group_reference)
|
|
7
|
+
end
|
|
8
|
+
network_interface
|
|
9
|
+
end
|
|
10
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require 'cfn-model/model/iam_role'
|
|
2
|
+
require 'cfn-model/model/policy'
|
|
3
|
+
require_relative 'policy_document_parser'
|
|
4
|
+
|
|
5
|
+
class IamGroupParser
|
|
6
|
+
def parse(cfn_model:, resource:)
|
|
7
|
+
iam_group = resource
|
|
8
|
+
|
|
9
|
+
iam_group.policy_objects = iam_group.policies.map do |policy|
|
|
10
|
+
new_policy = Policy.new
|
|
11
|
+
new_policy.policyName = policy['PolicyName']
|
|
12
|
+
new_policy.policyDocument = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
|
13
|
+
new_policy
|
|
14
|
+
end
|
|
15
|
+
iam_group
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,20 +1,20 @@
|
|
|
1
1
|
require 'cfn-model/model/iam_role'
|
|
2
|
-
require 'cfn-model/model/
|
|
2
|
+
require 'cfn-model/model/policy'
|
|
3
3
|
require_relative 'policy_document_parser'
|
|
4
4
|
|
|
5
5
|
class IamRoleParser
|
|
6
6
|
def parse(cfn_model:, resource:)
|
|
7
7
|
iam_role = resource
|
|
8
8
|
|
|
9
|
-
iam_role.
|
|
10
|
-
|
|
11
|
-
iam_role.policies = iam_role.policies.map do |policy|
|
|
9
|
+
iam_role.assume_role_policy_document = PolicyDocumentParser.new.parse(iam_role.assumeRolePolicyDocument)
|
|
12
10
|
|
|
11
|
+
iam_role.policy_objects = iam_role.policies.map do |policy|
|
|
13
12
|
new_policy = Policy.new
|
|
14
|
-
new_policy.
|
|
15
|
-
new_policy.
|
|
13
|
+
new_policy.policy_name = policy['PolicyName']
|
|
14
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
|
16
15
|
new_policy
|
|
17
16
|
end
|
|
17
|
+
|
|
18
18
|
iam_role
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -1,13 +1,25 @@
|
|
|
1
|
+
require 'cfn-model/model/policy_document'
|
|
2
|
+
require 'cfn-model/model/policy'
|
|
3
|
+
require_relative 'policy_document_parser'
|
|
1
4
|
|
|
2
5
|
class IamUserParser
|
|
3
6
|
def parse(cfn_model:, resource:)
|
|
4
7
|
iam_user = resource
|
|
5
8
|
|
|
9
|
+
iam_user.policy_objects = iam_user.policies.map do |policy|
|
|
10
|
+
new_policy = Policy.new
|
|
11
|
+
new_policy.policy_name = policy['PolicyName']
|
|
12
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
|
13
|
+
new_policy
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
iam_user.groups.each { |group_name| iam_user.group_names << group_name }
|
|
17
|
+
|
|
6
18
|
user_to_group_additions = cfn_model.resources_by_type 'AWS::IAM::UserToGroupAddition'
|
|
7
19
|
user_to_group_additions.each do |user_to_group_addition|
|
|
8
20
|
|
|
9
21
|
if user_to_group_addition_has_username(user_to_group_addition.users,iam_user)
|
|
10
|
-
iam_user.
|
|
22
|
+
iam_user.group_names << user_to_group_addition.groupName
|
|
11
23
|
|
|
12
24
|
# we need to figure out the story on resolving Refs i think for this to be real
|
|
13
25
|
end
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
class LoadBalancerParser
|
|
2
|
+
def parse(cfn_model:, resource:)
|
|
3
|
+
load_balancer = resource
|
|
4
|
+
|
|
5
|
+
load_balancer.security_groups = load_balancer.securityGroups.map do |security_group_reference|
|
|
6
|
+
cfn_model.find_security_group_by_group_id(security_group_reference)
|
|
7
|
+
end
|
|
8
|
+
load_balancer
|
|
9
|
+
end
|
|
10
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
class LoadBalancerV2Parser
|
|
2
|
+
def parse(cfn_model:, resource:)
|
|
3
|
+
load_balancer = resource
|
|
4
|
+
|
|
5
|
+
#could be a List<Subnet::Id>
|
|
6
|
+
# if load_balancer.subnets.size < 2
|
|
7
|
+
# raise ParserError.new("Load Balancer must have at least two subnets: #{load_balancer.logical_resource_id}")
|
|
8
|
+
# end
|
|
9
|
+
|
|
10
|
+
load_balancer.security_groups = load_balancer.securityGroups.map do |security_group_reference|
|
|
11
|
+
cfn_model.find_security_group_by_group_id(security_group_reference)
|
|
12
|
+
end
|
|
13
|
+
load_balancer
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -6,12 +6,17 @@ class ParserRegistry
|
|
|
6
6
|
def initialize
|
|
7
7
|
@registry = {
|
|
8
8
|
'AWS::EC2::SecurityGroup' => SecurityGroupParser,
|
|
9
|
+
'AWS::EC2::NetworkInterface' => Ec2NetworkInterfaceParser,
|
|
10
|
+
'AWS::EC2::Instance' => Ec2InstanceParser,
|
|
11
|
+
'AWS::ElasticLoadBalancing::LoadBalancer' => LoadBalancerParser,
|
|
12
|
+
'AWS::ElasticLoadBalancingV2::LoadBalancer' => LoadBalancerV2Parser,
|
|
13
|
+
'AWS::IAM::Group' => IamGroupParser,
|
|
9
14
|
'AWS::IAM::User' => IamUserParser,
|
|
10
15
|
'AWS::IAM::Role' => IamRoleParser,
|
|
11
16
|
'AWS::IAM::Policy' => WithPolicyDocumentParser,
|
|
12
17
|
'AWS::IAM::ManagedPolicy' => WithPolicyDocumentParser,
|
|
13
|
-
'AWS::SNS::TopicPolicy' => WithPolicyDocumentParser,
|
|
14
18
|
'AWS::S3::BucketPolicy' => WithPolicyDocumentParser,
|
|
19
|
+
'AWS::SNS::TopicPolicy' => WithPolicyDocumentParser,
|
|
15
20
|
'AWS::SQS::QueuePolicy' => WithPolicyDocumentParser
|
|
16
21
|
}
|
|
17
22
|
end
|
|
@@ -24,7 +24,7 @@ class SecurityGroupParser
|
|
|
24
24
|
security_group.securityGroupIngress = [security_group.securityGroupIngress]
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
security_group.
|
|
27
|
+
security_group.ingresses = security_group.securityGroupIngress.map do |ingress|
|
|
28
28
|
ingress_object = AWS::EC2::SecurityGroupIngress.new
|
|
29
29
|
ingress.each do |k,v|
|
|
30
30
|
ingress_object.send("#{initialLower(k)}=", v)
|
|
@@ -39,7 +39,7 @@ class SecurityGroupParser
|
|
|
39
39
|
security_group.securityGroupEgress = [security_group.securityGroupEgress]
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
-
security_group.
|
|
42
|
+
security_group.egresses = security_group.securityGroupEgress.map do |egress|
|
|
43
43
|
egress_object = AWS::EC2::SecurityGroupEgress.new
|
|
44
44
|
egress.each do |k,v|
|
|
45
45
|
egress_object.send("#{initialLower(k)}=", v)
|
|
@@ -62,7 +62,7 @@ class SecurityGroupParser
|
|
|
62
62
|
next if group_id.nil?
|
|
63
63
|
|
|
64
64
|
if security_group.logical_resource_id == group_id
|
|
65
|
-
security_group.
|
|
65
|
+
security_group.ingresses << security_group_ingress
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -76,7 +76,7 @@ class SecurityGroupParser
|
|
|
76
76
|
next if group_id.nil?
|
|
77
77
|
|
|
78
78
|
if security_group.logical_resource_id == group_id
|
|
79
|
-
security_group.
|
|
79
|
+
security_group.egresses << security_group_egress
|
|
80
80
|
end
|
|
81
81
|
end
|
|
82
82
|
end
|
|
@@ -4,7 +4,7 @@ require_relative 'policy_document_parser'
|
|
|
4
4
|
|
|
5
5
|
class WithPolicyDocumentParser
|
|
6
6
|
def parse(cfn_model:, resource:)
|
|
7
|
-
resource.
|
|
7
|
+
resource.policy_document = PolicyDocumentParser.new.parse(resource.policyDocument)
|
|
8
8
|
resource
|
|
9
9
|
end
|
|
10
10
|
end
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
---
|
|
2
|
+
type: map
|
|
3
|
+
mapping:
|
|
4
|
+
Type:
|
|
5
|
+
type: str
|
|
6
|
+
required: yes
|
|
7
|
+
pattern: /AWS::EC2::Instance/
|
|
8
|
+
Properties:
|
|
9
|
+
type: map
|
|
10
|
+
required: yes
|
|
11
|
+
mapping:
|
|
12
|
+
BlockDeviceMappings:
|
|
13
|
+
type: seq
|
|
14
|
+
required: no
|
|
15
|
+
sequence:
|
|
16
|
+
- type: map
|
|
17
|
+
mapping:
|
|
18
|
+
DeviceName:
|
|
19
|
+
type: any
|
|
20
|
+
required: yes
|
|
21
|
+
=:
|
|
22
|
+
type: any
|
|
23
|
+
ImageId:
|
|
24
|
+
type: any
|
|
25
|
+
required: yes
|
|
26
|
+
Ipv6Addresses:
|
|
27
|
+
type: seq
|
|
28
|
+
required: no
|
|
29
|
+
sequence:
|
|
30
|
+
- type: map
|
|
31
|
+
mapping:
|
|
32
|
+
Ipv6Address:
|
|
33
|
+
type: any
|
|
34
|
+
required: yes
|
|
35
|
+
=:
|
|
36
|
+
type: any
|
|
37
|
+
NetworkInterfaces:
|
|
38
|
+
type: seq
|
|
39
|
+
required: no
|
|
40
|
+
sequence:
|
|
41
|
+
- type: map
|
|
42
|
+
mapping:
|
|
43
|
+
DeviceIndex:
|
|
44
|
+
type: any
|
|
45
|
+
required: yes
|
|
46
|
+
GroupSet:
|
|
47
|
+
type: seq
|
|
48
|
+
required: no
|
|
49
|
+
sequence:
|
|
50
|
+
- type: any
|
|
51
|
+
Ipv6Addresses:
|
|
52
|
+
type: seq
|
|
53
|
+
required: no
|
|
54
|
+
sequence:
|
|
55
|
+
- type: map
|
|
56
|
+
mapping:
|
|
57
|
+
Ipv6Address:
|
|
58
|
+
type: any
|
|
59
|
+
required: yes
|
|
60
|
+
=:
|
|
61
|
+
type: any
|
|
62
|
+
PrivateIpAddresses:
|
|
63
|
+
type: seq
|
|
64
|
+
required: no
|
|
65
|
+
sequence:
|
|
66
|
+
- type: map
|
|
67
|
+
mapping:
|
|
68
|
+
PrivateIpAddress:
|
|
69
|
+
type: any
|
|
70
|
+
required: yes
|
|
71
|
+
Primary:
|
|
72
|
+
type: any
|
|
73
|
+
required: yes
|
|
74
|
+
=:
|
|
75
|
+
type: any
|
|
76
|
+
=:
|
|
77
|
+
type: any
|
|
78
|
+
|
|
79
|
+
# sigh this could be List<AWS::EC2::SecurityGroup::Id> so can't enfore seq
|
|
80
|
+
SecurityGroupIds:
|
|
81
|
+
type: any
|
|
82
|
+
required: no
|
|
83
|
+
|
|
84
|
+
# sigh this could be List<AWS::EC2::SecurityGroup::GroupName> so can't enfore seq
|
|
85
|
+
SecurityGroups:
|
|
86
|
+
type: any
|
|
87
|
+
required: no
|
|
88
|
+
|
|
89
|
+
SsmAssociations:
|
|
90
|
+
type: seq
|
|
91
|
+
required: no
|
|
92
|
+
sequence:
|
|
93
|
+
- type: map
|
|
94
|
+
mapping:
|
|
95
|
+
AssociationParameters:
|
|
96
|
+
type: seq
|
|
97
|
+
required: no
|
|
98
|
+
sequence:
|
|
99
|
+
- type: map
|
|
100
|
+
mapping:
|
|
101
|
+
Key:
|
|
102
|
+
type: any
|
|
103
|
+
required: yes
|
|
104
|
+
Value:
|
|
105
|
+
type: seq
|
|
106
|
+
required: yes
|
|
107
|
+
sequence:
|
|
108
|
+
- type: any
|
|
109
|
+
=:
|
|
110
|
+
type: any
|
|
111
|
+
DocumentName:
|
|
112
|
+
required: yes
|
|
113
|
+
type: any
|
|
114
|
+
|
|
115
|
+
Tags:
|
|
116
|
+
type: seq
|
|
117
|
+
required: no
|
|
118
|
+
sequence:
|
|
119
|
+
- type: map
|
|
120
|
+
mapping:
|
|
121
|
+
Key:
|
|
122
|
+
type: any
|
|
123
|
+
required: yes
|
|
124
|
+
Value:
|
|
125
|
+
type: any
|
|
126
|
+
required: yes
|
|
127
|
+
=:
|
|
128
|
+
type: any
|
|
129
|
+
Volumes:
|
|
130
|
+
type: seq
|
|
131
|
+
required: no
|
|
132
|
+
sequence:
|
|
133
|
+
- type: map
|
|
134
|
+
mapping:
|
|
135
|
+
Device:
|
|
136
|
+
type: any
|
|
137
|
+
required: yes
|
|
138
|
+
VolumeId:
|
|
139
|
+
type: any
|
|
140
|
+
required: yes
|
|
141
|
+
=:
|
|
142
|
+
type: any
|
|
143
|
+
=:
|
|
144
|
+
type: any
|
|
145
|
+
=:
|
|
146
|
+
type: any
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
---
|
|
2
|
+
type: map
|
|
3
|
+
mapping:
|
|
4
|
+
Type:
|
|
5
|
+
type: str
|
|
6
|
+
required: yes
|
|
7
|
+
pattern: /AWS::EC2::NetworkInterface/
|
|
8
|
+
Properties:
|
|
9
|
+
type: map
|
|
10
|
+
required: yes
|
|
11
|
+
mapping:
|
|
12
|
+
# sigh this could be List<AWS::EC2::SecurityGroup::Id> so can't enfore seq
|
|
13
|
+
GroupSet:
|
|
14
|
+
type: any
|
|
15
|
+
required: no
|
|
16
|
+
|
|
17
|
+
Ipv6Addresses:
|
|
18
|
+
type: seq
|
|
19
|
+
required: no
|
|
20
|
+
sequence:
|
|
21
|
+
- type: map
|
|
22
|
+
mapping:
|
|
23
|
+
Ipv6Address:
|
|
24
|
+
type: any
|
|
25
|
+
required: yes
|
|
26
|
+
=:
|
|
27
|
+
type: any
|
|
28
|
+
PrivateIpAddresses:
|
|
29
|
+
type: seq
|
|
30
|
+
required: no
|
|
31
|
+
sequence:
|
|
32
|
+
- type: map
|
|
33
|
+
mapping:
|
|
34
|
+
PrivateIpAddress:
|
|
35
|
+
type: any
|
|
36
|
+
required: yes
|
|
37
|
+
Primary:
|
|
38
|
+
type: any
|
|
39
|
+
required: yes
|
|
40
|
+
=:
|
|
41
|
+
type: any
|
|
42
|
+
SubnetId:
|
|
43
|
+
type: any
|
|
44
|
+
required: yes
|
|
45
|
+
Tags:
|
|
46
|
+
type: seq
|
|
47
|
+
required: no
|
|
48
|
+
sequence:
|
|
49
|
+
- type: map
|
|
50
|
+
mapping:
|
|
51
|
+
Key:
|
|
52
|
+
type: any
|
|
53
|
+
required: yes
|
|
54
|
+
Value:
|
|
55
|
+
type: any
|
|
56
|
+
required: yes
|
|
57
|
+
=:
|
|
58
|
+
type: any
|
|
59
|
+
=:
|
|
60
|
+
type: any
|
|
61
|
+
=:
|
|
62
|
+
type: any
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
type: map
|
|
3
|
+
mapping:
|
|
4
|
+
Type:
|
|
5
|
+
type: str
|
|
6
|
+
required: yes
|
|
7
|
+
pattern: /AWS::EC2::NetworkInterfaceAttachment/
|
|
8
|
+
Properties:
|
|
9
|
+
type: map
|
|
10
|
+
required: yes
|
|
11
|
+
mapping:
|
|
12
|
+
DeviceIndex:
|
|
13
|
+
type: any
|
|
14
|
+
required: yes
|
|
15
|
+
InstanceId:
|
|
16
|
+
type: any
|
|
17
|
+
required: yes
|
|
18
|
+
NetworkInterfaceId:
|
|
19
|
+
type: any
|
|
20
|
+
required: yes
|
|
21
|
+
=:
|
|
22
|
+
type: any
|
|
23
|
+
=:
|
|
24
|
+
type: any
|
|
@@ -15,6 +15,20 @@ mapping:
|
|
|
15
15
|
VpcId:
|
|
16
16
|
type: any
|
|
17
17
|
required: yes
|
|
18
|
+
Tags:
|
|
19
|
+
type: seq
|
|
20
|
+
required: no
|
|
21
|
+
sequence:
|
|
22
|
+
- type: map
|
|
23
|
+
mapping:
|
|
24
|
+
Key:
|
|
25
|
+
type: any
|
|
26
|
+
required: yes
|
|
27
|
+
Value:
|
|
28
|
+
type: any
|
|
29
|
+
required: yes
|
|
30
|
+
=:
|
|
31
|
+
type: any
|
|
18
32
|
# this can be a Hash or an Array... kwalify doesn't seem to have a union concept so defer any such
|
|
19
33
|
# validation into the parser object
|
|
20
34
|
# SecurityGroupIngress:
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
---
|
|
2
|
+
type: map
|
|
3
|
+
mapping:
|
|
4
|
+
Type:
|
|
5
|
+
type: str
|
|
6
|
+
required: yes
|
|
7
|
+
pattern: /AWS::ElasticLoadBalancingV2::LoadBalancer/
|
|
8
|
+
Properties:
|
|
9
|
+
type: map
|
|
10
|
+
required: yes
|
|
11
|
+
mapping:
|
|
12
|
+
LoadBalancerAttributes:
|
|
13
|
+
type: seq
|
|
14
|
+
required: no
|
|
15
|
+
sequence:
|
|
16
|
+
- type: map
|
|
17
|
+
mapping:
|
|
18
|
+
Key:
|
|
19
|
+
type: any
|
|
20
|
+
required: yes
|
|
21
|
+
Value:
|
|
22
|
+
type: any
|
|
23
|
+
required: yes
|
|
24
|
+
=:
|
|
25
|
+
type: any
|
|
26
|
+
|
|
27
|
+
# sigh this could be List<AWS::EC2::SecurityGroup::Id> so can't enfore seq
|
|
28
|
+
SecurityGroups:
|
|
29
|
+
type: any
|
|
30
|
+
required: no
|
|
31
|
+
|
|
32
|
+
# sigh this could be List<AWS::EC2::Subnet::Id> so can't enfore seq
|
|
33
|
+
Subnets:
|
|
34
|
+
type: any
|
|
35
|
+
required: yes
|
|
36
|
+
|
|
37
|
+
Tags:
|
|
38
|
+
type: seq
|
|
39
|
+
required: no
|
|
40
|
+
sequence:
|
|
41
|
+
- type: map
|
|
42
|
+
mapping:
|
|
43
|
+
Key:
|
|
44
|
+
type: any
|
|
45
|
+
required: yes
|
|
46
|
+
Value:
|
|
47
|
+
type: any
|
|
48
|
+
required: yes
|
|
49
|
+
=:
|
|
50
|
+
type: any
|
|
51
|
+
=:
|
|
52
|
+
type: any
|
|
53
|
+
=:
|
|
54
|
+
type: any
|
|
55
|
+
|
|
56
|
+
|
|
@@ -21,11 +21,167 @@ mapping:
|
|
|
21
21
|
required: yes
|
|
22
22
|
=:
|
|
23
23
|
type: any
|
|
24
|
+
AppCookieStickinessPolicy:
|
|
25
|
+
type: seq
|
|
26
|
+
required: no
|
|
27
|
+
sequence:
|
|
28
|
+
- type: map
|
|
29
|
+
mapping:
|
|
30
|
+
CookieName:
|
|
31
|
+
type: any
|
|
32
|
+
required: yes
|
|
33
|
+
PolicyName:
|
|
34
|
+
type: any
|
|
35
|
+
required: yes
|
|
36
|
+
=:
|
|
37
|
+
type: any
|
|
38
|
+
|
|
39
|
+
# sigh this could be List<AWS::EC2::AvailabilityZone::Name> so can't enfore seq
|
|
40
|
+
AvailabilityZones:
|
|
41
|
+
type: any
|
|
42
|
+
required: no
|
|
43
|
+
|
|
44
|
+
ConnectionDrainingPolicy:
|
|
45
|
+
type: map
|
|
46
|
+
required: no
|
|
47
|
+
mapping:
|
|
48
|
+
Enabled:
|
|
49
|
+
type: any
|
|
50
|
+
required: yes
|
|
51
|
+
Timeout:
|
|
52
|
+
type: any
|
|
53
|
+
required: no
|
|
54
|
+
=:
|
|
55
|
+
type: any
|
|
56
|
+
ConnectionSettings:
|
|
57
|
+
type: map
|
|
58
|
+
required: no
|
|
59
|
+
mapping:
|
|
60
|
+
IdleTimeout:
|
|
61
|
+
type: any
|
|
62
|
+
required: yes
|
|
63
|
+
=:
|
|
64
|
+
type: any
|
|
65
|
+
HealthCheck:
|
|
66
|
+
type: map
|
|
67
|
+
required: no
|
|
68
|
+
mapping:
|
|
69
|
+
HealthyThreshold:
|
|
70
|
+
type: any
|
|
71
|
+
required: yes
|
|
72
|
+
Interval:
|
|
73
|
+
type: any
|
|
74
|
+
required: yes
|
|
75
|
+
Target:
|
|
76
|
+
type: any
|
|
77
|
+
required: yes
|
|
78
|
+
Timeout:
|
|
79
|
+
type: any
|
|
80
|
+
required: yes
|
|
81
|
+
UnhealthyThreshold:
|
|
82
|
+
type: any
|
|
83
|
+
required: yes
|
|
84
|
+
=:
|
|
85
|
+
type: any
|
|
86
|
+
|
|
87
|
+
# sigh this could be List<AWS::EC2::Instance::Id> so can't enfore seq
|
|
88
|
+
Instances:
|
|
89
|
+
type: any
|
|
90
|
+
required: no
|
|
91
|
+
|
|
92
|
+
LBCookieStickinessPolicy:
|
|
93
|
+
type: map
|
|
94
|
+
required: no
|
|
95
|
+
mapping:
|
|
96
|
+
CookieExpirationPeriod:
|
|
97
|
+
type: any
|
|
98
|
+
required: no
|
|
99
|
+
PolicyName:
|
|
100
|
+
type: any
|
|
101
|
+
required: yes
|
|
102
|
+
=:
|
|
103
|
+
type: any
|
|
24
104
|
Listeners:
|
|
25
105
|
type: seq
|
|
26
106
|
required: yes
|
|
27
107
|
sequence:
|
|
28
|
-
- type:
|
|
108
|
+
- type: map
|
|
109
|
+
mapping:
|
|
110
|
+
InstancePort:
|
|
111
|
+
type: any
|
|
112
|
+
required: yes
|
|
113
|
+
LoadBalancerPort:
|
|
114
|
+
type: any
|
|
115
|
+
required: yes
|
|
116
|
+
PolicyNames:
|
|
117
|
+
type: seq
|
|
118
|
+
required: no
|
|
119
|
+
sequence:
|
|
120
|
+
- type: any
|
|
121
|
+
=:
|
|
122
|
+
type: any
|
|
123
|
+
Policies:
|
|
124
|
+
type: seq
|
|
125
|
+
required: no
|
|
126
|
+
sequence:
|
|
127
|
+
- type: map
|
|
128
|
+
mapping:
|
|
129
|
+
Attributes:
|
|
130
|
+
type: seq
|
|
131
|
+
required: yes
|
|
132
|
+
sequence:
|
|
133
|
+
- type: map
|
|
134
|
+
required: yes
|
|
135
|
+
mapping:
|
|
136
|
+
Name:
|
|
137
|
+
type: any
|
|
138
|
+
required: yes
|
|
139
|
+
Value:
|
|
140
|
+
type: any
|
|
141
|
+
required: yes
|
|
142
|
+
=:
|
|
143
|
+
type: any
|
|
144
|
+
InstancePorts:
|
|
145
|
+
type: seq
|
|
146
|
+
required: no
|
|
147
|
+
sequence:
|
|
148
|
+
- type: any
|
|
149
|
+
LoadBalancerPorts:
|
|
150
|
+
type: seq
|
|
151
|
+
required: no
|
|
152
|
+
sequence:
|
|
153
|
+
- type: any
|
|
154
|
+
PolicyName:
|
|
155
|
+
type: any
|
|
156
|
+
required: yes
|
|
157
|
+
PolicyType:
|
|
158
|
+
type: any
|
|
159
|
+
required: yes
|
|
160
|
+
|
|
161
|
+
# sigh this could be List<AWS::EC2::SecurityGroup::Id> so can't enfore seq
|
|
162
|
+
SecurityGroups:
|
|
163
|
+
type: any
|
|
164
|
+
required: no
|
|
165
|
+
|
|
166
|
+
# sigh this could be List<AWS::EC2::Subnet::Id> so can't enfore seq
|
|
167
|
+
Subnets:
|
|
168
|
+
type: any
|
|
169
|
+
required: no
|
|
170
|
+
|
|
171
|
+
Tags:
|
|
172
|
+
type: seq
|
|
173
|
+
required: no
|
|
174
|
+
sequence:
|
|
175
|
+
- type: map
|
|
176
|
+
mapping:
|
|
177
|
+
Key:
|
|
178
|
+
type: any
|
|
179
|
+
required: yes
|
|
180
|
+
Value:
|
|
181
|
+
type: any
|
|
182
|
+
required: yes
|
|
183
|
+
=:
|
|
184
|
+
type: any
|
|
29
185
|
=:
|
|
30
186
|
type: any
|
|
31
187
|
=:
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-model
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Kascic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-07-
|
|
11
|
+
date: 2017-07-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: kwalify
|
|
@@ -35,12 +35,17 @@ files:
|
|
|
35
35
|
- lib/cfn-model.rb
|
|
36
36
|
- lib/cfn-model/model/bucket_policy.rb
|
|
37
37
|
- lib/cfn-model/model/cfn_model.rb
|
|
38
|
+
- lib/cfn-model/model/ec2_instance.rb
|
|
39
|
+
- lib/cfn-model/model/ec2_network_interface.rb
|
|
38
40
|
- lib/cfn-model/model/iam_group.rb
|
|
39
41
|
- lib/cfn-model/model/iam_managed_policy.rb
|
|
40
42
|
- lib/cfn-model/model/iam_policy.rb
|
|
41
43
|
- lib/cfn-model/model/iam_role.rb
|
|
42
44
|
- lib/cfn-model/model/iam_user.rb
|
|
45
|
+
- lib/cfn-model/model/iam_user_to_group_addition.rb
|
|
46
|
+
- lib/cfn-model/model/load_balancer.rb
|
|
43
47
|
- lib/cfn-model/model/model_element.rb
|
|
48
|
+
- lib/cfn-model/model/policy.rb
|
|
44
49
|
- lib/cfn-model/model/policy_document.rb
|
|
45
50
|
- lib/cfn-model/model/principal.rb
|
|
46
51
|
- lib/cfn-model/model/queue_policy.rb
|
|
@@ -51,17 +56,26 @@ files:
|
|
|
51
56
|
- lib/cfn-model/model/statement.rb
|
|
52
57
|
- lib/cfn-model/model/topic_policy.rb
|
|
53
58
|
- lib/cfn-model/parser/cfn_parser.rb
|
|
59
|
+
- lib/cfn-model/parser/ec2_instance_parser.rb
|
|
60
|
+
- lib/cfn-model/parser/ec2_network_interface_parser.rb
|
|
61
|
+
- lib/cfn-model/parser/iam_group_parser.rb
|
|
54
62
|
- lib/cfn-model/parser/iam_role_parser.rb
|
|
55
63
|
- lib/cfn-model/parser/iam_user_parser.rb
|
|
64
|
+
- lib/cfn-model/parser/load_balancer_parser.rb
|
|
65
|
+
- lib/cfn-model/parser/load_balancer_v2_parser.rb
|
|
56
66
|
- lib/cfn-model/parser/parser_error.rb
|
|
57
67
|
- lib/cfn-model/parser/parser_registry.rb
|
|
58
68
|
- lib/cfn-model/parser/policy_document_parser.rb
|
|
59
69
|
- lib/cfn-model/parser/security_group_parser.rb
|
|
60
70
|
- lib/cfn-model/parser/with_policy_document_parser.rb
|
|
61
71
|
- lib/cfn-model/schema/AWS_CloudFront_Distribution.yml
|
|
72
|
+
- lib/cfn-model/schema/AWS_EC2_Instance.yml
|
|
73
|
+
- lib/cfn-model/schema/AWS_EC2_NetworkInterface.yml
|
|
74
|
+
- lib/cfn-model/schema/AWS_EC2_NetworkInterfaceAttachment.yml
|
|
62
75
|
- lib/cfn-model/schema/AWS_EC2_SecurityGroup.yml
|
|
63
76
|
- lib/cfn-model/schema/AWS_EC2_SecurityGroupEgress.yml
|
|
64
77
|
- lib/cfn-model/schema/AWS_EC2_SecurityGroupIngress.yml
|
|
78
|
+
- lib/cfn-model/schema/AWS_ElasticLoadBalancingV2_LoadBalancer.yml
|
|
65
79
|
- lib/cfn-model/schema/AWS_ElasticLoadBalancing_LoadBalancer.yml
|
|
66
80
|
- lib/cfn-model/schema/AWS_IAM_Group.yml
|
|
67
81
|
- lib/cfn-model/schema/AWS_IAM_ManagedPolicy.yml
|