cfn-model 0.1.19 → 0.1.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 92eab96d3f067bc96c5745d85df911ed45ad9e3e
-  data.tar.gz: 71ab75c2b46e1db93170f5b1144c717655d26196
+  metadata.gz: 652fe0c686fe75981f441077ed1514a520e98ec2
+  data.tar.gz: 0559f9931b7a2bea7a20ee103e555e7c941b4551
 SHA512:
-  metadata.gz: 285309a40260fb8de1d2827c216436365ab2bddc815a59897b2f7a170622c685d58315ce1b6ef2b0a38c5cf951de4ccfa5549fb2663bdba92146cf118e6cd2ab
-  data.tar.gz: cfee44802f748b9d6db24b17ba29143c7c460569dcc6504f9682e9a1d61cd297826836acf53b467cc8c4a2737258f19088ef068c509ed257656d768ae4fcdd52
+  metadata.gz: 8ce505301b69d93e0ba094f985352d7ca34315d469ef874c352280ed84f47d5902fb9b02c003aaa33cffcdaf8647b9f85e7979e27243ae8be2cd247d521ab001
+  data.tar.gz: 7f4ec766db340462ad877dbdfc210c7fae2702040d90fd163643e577062f8284919b152c1ac5b98ab2e8e4678b0fa7e126bd7b0b79cf434e9c34ea39e7c249b7

data/lib/cfn-model/model/bucket_policy.rb

@@ -1,13 +1,11 @@
 require_relative 'model_element'
 
 class AWS::S3::BucketPolicy  < ModelElement
-  # mapped from document
-  attr_accessor :bucket, :policyDocument
-
   # PolicyDocument - objectified policyDocument
   attr_accessor :policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @resource_type = 'AWS::S3::BucketPolicy'
   end
 end

data/lib/cfn-model/model/cfn_model.rb

@@ -1,7 +1,7 @@
 require_relative 'references'
 
 class CfnModel
-  attr_reader :resources
+  attr_reader :resources, :parameters
 
   ##
   # if you really want it, here it is - the raw Hash from YAML.load.  you'll have to mess with structural nits of
@@ -10,6 +10,7 @@ class CfnModel
   attr_accessor :raw_model
 
   def initialize
+    @parameters = {}
     @resources = {}
     @raw_model = nil
   end
@@ -20,6 +21,9 @@ class CfnModel
   # the Hash is a clone
   def copy
     new_cfn_model = CfnModel.new
+    @parameters.each do |k,v|
+      new_cfn_model.parameters[k] = v
+    end
     @resources.each do |k, v|
       new_cfn_model.resources[k] = v
     end

data/lib/cfn-model/model/ec2_instance.rb

@@ -1,12 +1,11 @@
 require_relative 'model_element'
 
 class AWS::EC2::Instance  < ModelElement
-  attr_accessor :securityGroupIds, :networkInterfaces
-
   # SecurityGroup objects based upon securityGroupIds
   attr_accessor :security_groups
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @securityGroupIds = []
     @networkInterfaces = []
     @security_groups = []

data/lib/cfn-model/model/ec2_network_interface.rb

@@ -1,13 +1,11 @@
 require_relative 'model_element'
 
 class AWS::EC2::NetworkInterface  < ModelElement
-  attr_accessor :groupSet, :ipv6Addresses, :privateIpAddresses, :tags
-  attr_accessor :description, :ipv6AddressCount, :privateIpAddress, :secondaryPrivateIpAddressCount, :sourceDestCheck, :subnetId
-
   # SecurityGroup objects based upon groupSet
   attr_accessor :security_groups
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @groupSet = []
     @ipv6Addresses = []
     @privateIpAddresses = []

data/lib/cfn-model/model/iam_group.rb

@@ -1,12 +1,11 @@
 require_relative 'model_element'
 
 class AWS::IAM::Group  < ModelElement
-  attr_accessor :groupName, :managedPolicyArns, :path, :policies
-
   # synthesized version of policies
   attr_accessor :policy_objects
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @managedPolicyArns = []
     @policies = []
     @policy_objects = []

data/lib/cfn-model/model/iam_managed_policy.rb

@@ -1,11 +1,10 @@
 require_relative 'model_element'
 
 class AWS::IAM::ManagedPolicy < ModelElement
-  attr_accessor :description, :managedPolicyName, :policyDocument, :groups, :roles, :users, :path
-
   attr_accessor :policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @groups = []
     @roles = []
     @users = []

data/lib/cfn-model/model/iam_policy.rb

@@ -1,11 +1,10 @@
 require_relative 'model_element'
 
 class AWS::IAM::Policy < ModelElement
-  attr_accessor :policyName, :policyDocument, :groups, :roles, :users
-
   attr_accessor :policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @groups = []
     @roles = []
     @users = []

data/lib/cfn-model/model/iam_role.rb

@@ -1,11 +1,10 @@
 require_relative 'model_element'
 
 class AWS::IAM::Role < ModelElement
-  attr_accessor :roleName, :assumeRolePolicyDocument, :policies, :path, :managedPolicyArns
-
   attr_accessor :policy_objects, :assume_role_policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @policies = []
     @managedPolicyArns = []
     @policy_objects = []

data/lib/cfn-model/model/iam_user.rb

@@ -1,12 +1,11 @@
 require_relative 'model_element'
 
 class AWS::IAM::User  < ModelElement
-  attr_accessor :groups, :loginProfile, :path, :policies, :userName
-
   # synthesized version of policies
   attr_accessor :policy_objects, :group_names
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @groups = []
     @policies = []
     @policy_objects = []

data/lib/cfn-model/model/load_balancer.rb

@@ -1,12 +1,10 @@
 require_relative 'model_element'
 
 class AWS::ElasticLoadBalancing::LoadBalancer < ModelElement
-  attr_accessor :securityGroups, :subnets, :tags, :scheme, :loadBalancerName, :crossZone, :availabilityZones, :connectionDrainingPolicy
-  attr_accessor :connectionSettings, :accessLoggingPolicy, :instances, :appCookieStickinessPolicy, :lBCookieStickinessPolicy, :healthCheck, :policies, :listeners
-
   attr_accessor :security_groups
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @securityGroups = []
     @security_groups = []
     @subnets = []
@@ -22,11 +20,10 @@ class AWS::ElasticLoadBalancing::LoadBalancer < ModelElement
 end
 
 class AWS::ElasticLoadBalancingV2::LoadBalancer < ModelElement
-  attr_accessor :securityGroups, :loadBalancerAttributes, :subnets, :tags, :scheme, :name, :ipAddressType
-
   attr_accessor :security_groups
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @securityGroups = []
     @security_groups = []
     @loadBalancerAttributes = []

data/lib/cfn-model/model/model_element.rb

@@ -1,3 +1,4 @@
+require_relative 'references'
 
 module AWS
   module CloudFormation
@@ -45,9 +46,17 @@ module Custom
 
 end
 
+#ModelElement is a bit of a misnomer I think.... this is really a Resource, and Parameter and Resource
+#have a lot in common, but are different
 class ModelElement
   attr_accessor :logical_resource_id, :resource_type, :metadata
 
+  # the dreaded two way relationship
+  def initialize(cfn_model)
+    raise 'cfn_model must be specificed' if cfn_model.nil?
+    @cfn_model = cfn_model
+  end
+
   def to_s
     <<END
 {
@@ -59,7 +68,7 @@ END
   def ==(another_model_element)
     found_unequal_instance_var = false
     instance_variables_without_at_sign.each do |instance_variable|
-      if instance_variable != :logical_resource_id
+      if instance_variable != :logical_resource_id && instance_variable != :cfn_model
         if self.send(instance_variable) != another_model_element.send(instance_variable)
           found_unequal_instance_var = true
         end
@@ -79,7 +88,7 @@ END
     if method_name =~ /^(\w+)=$/
       instance_variable_set "@#{$1}", args[0]
     else
-      instance_variable_get "@#{method_name}"
+      References.resolve_value(@cfn_model, instance_variable_get("@#{method_name}"))
     end
   end
 

data/lib/cfn-model/model/parameter.rb

@@ -0,0 +1,39 @@
+#copy-paste alert with ModelElement which should instead be Resource anyway
+class Parameter
+  attr_accessor :id, :type
+
+  attr_accessor :synthesized_value
+
+  def is_no_echo?
+    !@noEcho.nil? && @noEcho.to_s.downcase == 'true'
+  end
+
+  def to_s
+    <<END
+{
+#{emit_instance_vars}
+}
+END
+  end
+
+  ##
+  # Treat any missing method as an instance variable get/set
+  #
+  # This will allow arbitrary elements in Resource/Properties definitions
+  # to map to instance variables without having to anticipate them in a schema
+  def method_missing(method_name, *args)
+    if method_name =~ /^(\w+)=$/
+      instance_variable_set "@#{$1}", args[0]
+    else
+      instance_variable_get "@#{method_name}"
+    end
+  end
+
+  def emit_instance_vars
+    instance_vars_str = ''
+    self.instance_variables.each do |instance_variable|
+      instance_vars_str += "  #{instance_variable}=#{instance_variable_get(instance_variable)}\n"
+    end
+    instance_vars_str
+  end
+end

data/lib/cfn-model/model/queue_policy.rb

@@ -1,12 +1,11 @@
 require_relative 'model_element'
 
 class AWS::SQS::QueuePolicy  < ModelElement
-  attr_accessor :queues, :policyDocument
-
   # PolicyDocument - objectified policyDocument
   attr_accessor :policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @queues = []
     @resource_type = 'AWS::SQS::QueuePolicy'
   end

data/lib/cfn-model/model/references.rb

@@ -6,6 +6,28 @@
 # references yet... in the meantime pile things up here and hope a pattern becomes
 # clear
 module References
+  def self.resolve_value(cfn_model, value)
+    if value.is_a? Hash
+      if value.has_key?('Ref')
+        ref_id = value['Ref']
+        if ref_id.is_a? String
+          if cfn_model.parameters.has_key?(ref_id)
+            return value if cfn_model.parameters[ref_id].synthesized_value.nil?
+            return cfn_model.parameters[ref_id].synthesized_value
+          else
+            return value
+          end
+        else
+          return value
+        end
+      else
+        return value
+      end
+    else
+      return value
+    end
+  end
+
   def self.is_security_group_id_external(group_id)
     resolve_security_group_id(group_id).nil?
   end

data/lib/cfn-model/model/security_group.rb

@@ -1,13 +1,10 @@
 require_relative 'model_element'
 
 class AWS::EC2::SecurityGroup < ModelElement
-  attr_accessor :groupDescription, :vpcId
-  attr_accessor :tags
-  attr_accessor :securityGroupIngress, :securityGroupEgress
-
   attr_accessor :ingresses, :egresses
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @securityGroupIngress = []
     @securityGroupEgress = []
     @ingresses = []

data/lib/cfn-model/model/security_group_egress.rb

@@ -4,26 +4,9 @@ require_relative 'model_element'
 # in latter case there would be a logical resource id
 # but i think we don't ever care?
 class AWS::EC2::SecurityGroupEgress < ModelElement
-  # You must specify a destination security group (destinationPrefixListId or destinationSecurityGroupId) or a CIDR range (CidrIp or CidrIpv6).
-  attr_accessor :cidrIp,
-                :cidrIpv6,
-                :destinationPrefixListId,
-                :destinationSecurityGroupId
 
-  # required
-  attr_accessor :groupId,
-                :fromPort,
-                :toPort,
-                :ipProtocol
-
-  def initialize
+  def initialize(cfn_model)
+    super
     @resource_type = 'AWS::EC2::SecurityGroupEgress'
   end
-
-  # def valid?
-  #   has_no_destination = @cidrIp.nil? && @cidrIpv6.nil? && @destinationPrefixListId.nil? && @destinationSecurityGroupId.nil?
-  #   if has_no_destination
-  #     raise "SG egress #{@logical_resource_id} has no destination specified"
-  #   end
-  # end
 end

data/lib/cfn-model/model/security_group_ingress.rb

@@ -4,35 +4,8 @@ require_relative 'model_element'
 # in latter case there would be a logical resource id
 # but i think we don't ever care?
 class AWS::EC2::SecurityGroupIngress < ModelElement
-  # You must specify a source security group (SourceSecurityGroupName or SourceSecurityGroupId) or a CIDR range (CidrIp or CidrIpv6).
-  attr_accessor :cidrIp,
-                :cidrIpv6,
-                :sourceSecurityGroupName,
-                :sourceSecurityGroupId
-
-  # Required: Conditional. You must specify the GroupName property or the GroupId property.
-  # For security groups that are in a VPC, you must use the GroupId property. For example, EC2-VPC accounts must use the GroupId property.
-  # this will be nil for inline ingress rules
-  attr_accessor :groupId,
-                :groupName
-
-  # required
-  attr_accessor :fromPort,
-                :toPort,
-                :ipProtocol
-
-  # Required: Conditional. If you specify SourceSecurityGroupName and that security group is owned by a different
-  # account than the account creating the stack, you must specify the SourceSecurityGroupOwnerId; otherwise, this property is optional.
-  attr_accessor :sourceSecurityGroupOwnerId
-
-  def initialize
+  def initialize(cfn_model)
+    super
     @resource_type = 'AWS::EC2::SecurityGroupIngress'
   end
-
-  # def valid?
-  #   has_no_source = @cidrIp.nil? && @cidrIpv6.nil? && @sourceSecurityGroupName.nil? && @sourceSecurityGroupId.nil?
-  #   if has_no_source
-  #     raise "SG ingress #{@logical_resource_id} has no source specified"
-  #   end
-  # end
 end

data/lib/cfn-model/model/topic_policy.rb

@@ -1,12 +1,11 @@
 require_relative 'model_element'
 
 class AWS::SNS::TopicPolicy < ModelElement
-  attr_accessor :topics, :policyDocument
-
   # PolicyDocument - objectified policyDocument
   attr_accessor :policy_document
 
-  def initialize
+  def initialize(cfn_model)
+    super
     @topics = []
     @resource_type = 'AWS::SNS::TopicPolicy'
   end

data/lib/cfn-model/parser/cfn_parser.rb

@@ -1,4 +1,5 @@
 require 'yaml'
+require 'json'
 require 'cfn-model/validator/cloudformation_validator'
 require 'cfn-model/validator/reference_validator'
 require_relative 'parser_registry'
@@ -29,7 +30,7 @@ class CfnParser
   ##
   # Given raw json/yml CloudFormation template, returns a CfnModel object
   # or raise ParserErrors if something is amiss with the format
-  def parse(cloudformation_yml)
+  def parse(cloudformation_yml, parameter_values_json=nil)
     cfn_hash = pre_validate_model cloudformation_yml
 
     cfn_model = CfnModel.new
@@ -37,15 +38,39 @@ class CfnParser
 
     # pass 1: wire properties into ModelElement objects
     transform_hash_into_model_elements cfn_hash, cfn_model
+    transform_hash_into_parameters cfn_hash, cfn_model
 
     # pass 2: tie together separate resources only where necessary to make life easier for rule logic
     post_process_resource_model_elements cfn_model
 
+    apply_parameter_values(cfn_model, parameter_values_json)
+
     cfn_model
   end
 
   private
 
+  def apply_parameter_values(cfn_model, parameter_values_json)
+    unless parameter_values_json.nil?
+      parameter_values = JSON.load parameter_values_json
+      return unless parameter_values.has_key? 'Parameters'
+      parameter_values['Parameters'].each do |parameter_name, parameter_value|
+        if cfn_model.parameters.has_key?(parameter_name)
+          cfn_model.parameters[parameter_name].synthesized_value = parameter_value.to_s
+        end
+      end
+
+      # any leftovers get default value
+      # if external values were specified, we take that as a cue to consider defaults
+      # if no external values, we will ignore default values
+      cfn_model.parameters.each do |_, parameter|
+        if parameter.synthesized_value.nil? && !parameter.default.nil?
+          parameter.synthesized_value = parameter.default.to_s
+        end
+      end
+    end
+  end
+
   def post_process_resource_model_elements(cfn_model)
     cfn_model.resources.each do |_, resource|
       resource_parser_class = ParserRegistry.instance.registry[resource.class.to_s]
@@ -64,7 +89,7 @@ class CfnParser
     cfn_hash['Resources'].each do |resource_name, resource|
       resource_class = class_from_type_name resource['Type']
 
-      resource_object = resource_class.new
+      resource_object = resource_class.new(cfn_model)
       resource_object.logical_resource_id = resource_name
       resource_object.resource_type = resource['Type']
       resource_object.metadata = resource['Metadata']
@@ -76,6 +101,24 @@ class CfnParser
     cfn_model
   end
 
+  def transform_hash_into_parameters(cfn_hash, cfn_model)
+    return cfn_model unless cfn_hash.has_key?('Parameters')
+
+    cfn_hash['Parameters'].each do |parameter_name, parameter_hash|
+      parameter = Parameter.new
+      parameter.id = parameter_name
+      parameter.type = parameter_hash['Type']
+
+      parameter_hash.each do |property_name, property_value|
+        next if %w(Type).include? property_name
+        parameter.send("#{map_property_name_to_attribute(property_name)}=", property_value)
+      end
+
+      cfn_model.parameters[parameter_name] = parameter
+    end
+    cfn_model
+  end
+
   def pre_validate_model(cloudformation_yml)
     errors = CloudFormationValidator.new.validate cloudformation_yml
     if !errors.nil? && !errors.empty?

data/lib/cfn-model/parser/security_group_parser.rb

@@ -8,9 +8,9 @@ class SecurityGroupParser
   def parse(cfn_model:, resource:)
      security_group = resource
 
-     objectify_egress security_group
+     objectify_egress cfn_model, security_group
 
-     objectify_ingress security_group
+     objectify_ingress cfn_model, security_group
 
      wire_ingress_rules_to_security_group(cfn_model: cfn_model, security_group: security_group)
      wire_egress_rules_to_security_group(cfn_model: cfn_model, security_group: security_group)
@@ -26,14 +26,14 @@ class SecurityGroupParser
     end
   end
 
-  def objectify_ingress(security_group)
+  def objectify_ingress(cfn_model, security_group)
     if security_group.securityGroupIngress.is_a? Hash
       security_group.securityGroupIngress = [security_group.securityGroupIngress]
     end
 
     security_group.ingresses = security_group.securityGroupIngress.map do |ingress|
       mapped_at_least_one_attribute = false
-      ingress_object = AWS::EC2::SecurityGroupIngress.new
+      ingress_object = AWS::EC2::SecurityGroupIngress.new cfn_model
       ingress.each do |k,v|
         silently_fail do
           ingress_object.send("#{initialLower(k)}=", v)
@@ -45,7 +45,7 @@ class SecurityGroupParser
     end.reject { |ingress| ingress.nil? }
   end
 
-  def objectify_egress(security_group)
+  def objectify_egress(cfn_model, security_group)
     if security_group.securityGroupEgress.is_a? Hash
       security_group.securityGroupEgress = [security_group.securityGroupEgress]
     end
@@ -53,7 +53,7 @@ class SecurityGroupParser
     security_group.egresses = security_group.securityGroupEgress.map do |egress|
       mapped_at_least_one_attribute = false
 
-      egress_object = AWS::EC2::SecurityGroupEgress.new
+      egress_object = AWS::EC2::SecurityGroupEgress.new cfn_model
       egress.each do |k,v|
         next if k.match /::/
         silently_fail do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-model
 version: !ruby/object:Gem::Version
-  version: 0.1.19
+  version: 0.1.20
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-14 00:00:00.000000000 Z
+date: 2018-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: kwalify
@@ -42,10 +42,10 @@ files:
 - lib/cfn-model/model/iam_policy.rb
 - lib/cfn-model/model/iam_role.rb
 - lib/cfn-model/model/iam_user.rb
-- lib/cfn-model/model/iam_user_to_group_addition.rb
 - lib/cfn-model/model/lambda_principal.rb
 - lib/cfn-model/model/load_balancer.rb
 - lib/cfn-model/model/model_element.rb
+- lib/cfn-model/model/parameter.rb
 - lib/cfn-model/model/policy.rb
 - lib/cfn-model/model/policy_document.rb
 - lib/cfn-model/model/principal.rb

data/lib/cfn-model/model/iam_user_to_group_addition.rb

@@ -1,10 +0,0 @@
-require_relative 'model_element'
-
-class AWS::IAM::UserToGroupAddition  < ModelElement
-  attr_accessor :groupName, :users
-
-  def initialize
-    @users = []
-    @resource_type = 'AWS::IAM::UserToGroupAddition'
-  end
-end