cfn-model 0.4.26 → 0.4.27

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13bd6416bc4d2bfdf87ed030392912613f49c45dec0a63b66c987ef5075bab4d
-  data.tar.gz: 30c8580afa3bceefab4c692024ebd141a3ef1a557041907d24e3f5234d3ff3c8
+  metadata.gz: e5feb1962cc34b035503b0359a30d5dbbfd55d23f2c6753c8a4ede574f49d32e
+  data.tar.gz: 33e6ffd7bd6c8b543f696176b02e1443ddac8924ddaac58bd24a49bdeb8d820a
 SHA512:
-  metadata.gz: 9baec396372cfb00ec72206254575d62acf49232ee530d586b91fa1a0baa06bf6e2bb4b961307f672c5f28a28a33e208dde43925f5cc13132bff784645a9a9db
-  data.tar.gz: 3953a334432f2f18d29b93d11cae2916438e6a8dad4bd61a91dc41cb6893410cf7f42613b1af9c8bd1dc956e2a81e0d9ab2286bcadeaf2f13de448b9ccb9c967
+  metadata.gz: e411bd196fbfcb2e372c1e46bb6be0dad34c94193e2fdd182092f090f63617e8df3f4942b5b076cfb272b82fe05a6a0515b408a873119b932f925f19d34b20d4
+  data.tar.gz: 40eeee5ae68f71008117469f9aa4639b40770c997657d28a4b048377d59e926d5c3c2128e65dbf4e06f4dc39c65a18043d581273b9bad0218f1223217a70825b

data/lib/cfn-model/model/ec2_network_acl.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative 'model_element'
+
+class AWS::EC2::NetworkAcl < ModelElement
+  attr_accessor :network_acl_egress_entries
+  attr_accessor :network_acl_ingress_entries
+
+  def initialize(cfn_model)
+    super
+    @network_acl_egress_entries = []
+    @network_acl_ingress_entries = []
+    @resource_type = 'AWS::EC2::NetworkAcl'
+  end
+end

data/lib/cfn-model/parser/ec2_network_acl_parser.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require_relative 'parser_error'
+require 'cfn-model/model/ec2_network_acl'
+require 'cfn-model/model/references'
+require 'cfn-model/util/truthy'
+
+class Ec2NetworkAclParser
+  def parse(cfn_model:, resource:)
+    network_acl = resource
+
+    attach_nacl_entries_to_nacl(cfn_model: cfn_model, network_acl: network_acl)
+    network_acl
+  end
+
+  private
+
+  def egress_network_acl_entries(cfn_model)
+    network_acl_entries = cfn_model.resources_by_type 'AWS::EC2::NetworkAclEntry'
+    network_acl_entries.select(&:egress)
+  end
+
+  def ingress_network_acl_entries(cfn_model)
+    network_acl_entries = cfn_model.resources_by_type 'AWS::EC2::NetworkAclEntry'
+    network_acl_entries.select do |network_acl_entry|
+      not_truthy?(network_acl_entry.egress)
+    end
+  end
+
+  def egress_nacl_entries_for_nacl(cfn_model, logical_resource_id)
+    egress_nacl_entries = egress_network_acl_entries(cfn_model)
+    egress_nacl_entries.select do |egress_nacl_entry|
+      References.resolve_resource_id(egress_nacl_entry.networkAclId) == logical_resource_id
+    end
+  end
+
+  def ingress_nacl_entries_for_nacl(cfn_model, logical_resource_id)
+    ingress_nacl_entries = ingress_network_acl_entries(cfn_model)
+    ingress_nacl_entries.select do |ingress_nacl_entry|
+      References.resolve_resource_id(ingress_nacl_entry.networkAclId) == logical_resource_id
+    end
+  end
+
+  def attach_nacl_entries_for_nacl(cfn_model, network_acl)
+    egress_nacl_entries_for_nacl(cfn_model, network_acl.logical_resource_id).each do |egress_entry|
+      network_acl.network_acl_egress_entries << egress_entry.logical_resource_id
+    end
+    ingress_nacl_entries_for_nacl(cfn_model, network_acl.logical_resource_id).each do |ingress_entry|
+      network_acl.network_acl_ingress_entries << ingress_entry.logical_resource_id
+    end
+  end
+
+  def attach_nacl_entries_to_nacl(cfn_model:, network_acl:)
+    attach_nacl_entries_for_nacl(cfn_model, network_acl)
+  end
+end

data/lib/cfn-model/parser/parser_registry.rb

@@ -23,7 +23,8 @@ class ParserRegistry
       'AWS::SNS::TopicPolicy' => WithPolicyDocumentParser,
       'AWS::SQS::QueuePolicy' => WithPolicyDocumentParser,
       'AWS::ApiGateway::Stage' => ApiGatewayStageParser,
-      'AWS::ApiGateway::Deployment' => ApiGatewayDeploymentParser
+      'AWS::ApiGateway::Deployment' => ApiGatewayDeploymentParser,
+      'AWS::EC2::NetworkAcl' => Ec2NetworkAclParser
     }
   end
 

data/lib/cfn-model/util/truthy.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+# Checks a string for truthiness. Any cased 'true' will evaluate to a true boolean.
+# Any other string _at all_ results in false.
+def truthy?(string)
+  string.to_s.casecmp('true').zero?
+end
+
+def not_truthy?(string)
+  string.nil? || string.to_s.casecmp('false').zero?
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-model
 version: !ruby/object:Gem::Version
-  version: 0.4.26
+  version: 0.4.27
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-26 00:00:00.000000000 Z
+date: 2020-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -66,6 +66,7 @@ files:
 - lib/cfn-model/model/bucket_policy.rb
 - lib/cfn-model/model/cfn_model.rb
 - lib/cfn-model/model/ec2_instance.rb
+- lib/cfn-model/model/ec2_network_acl.rb
 - lib/cfn-model/model/ec2_network_interface.rb
 - lib/cfn-model/model/iam_group.rb
 - lib/cfn-model/model/iam_managed_policy.rb
@@ -93,6 +94,7 @@ files:
 - lib/cfn-model/parser/api_gateway_stage_parser.rb
 - lib/cfn-model/parser/cfn_parser.rb
 - lib/cfn-model/parser/ec2_instance_parser.rb
+- lib/cfn-model/parser/ec2_network_acl_parser.rb
 - lib/cfn-model/parser/ec2_network_interface_parser.rb
 - lib/cfn-model/parser/expression_evaluator.rb
 - lib/cfn-model/parser/iam_group_parser.rb
@@ -134,6 +136,7 @@ files:
 - lib/cfn-model/schema/AWS_SQS_QueuePolicy.yml
 - lib/cfn-model/schema/schema.yml.erb
 - lib/cfn-model/transforms/serverless.rb
+- lib/cfn-model/util/truthy.rb
 - lib/cfn-model/util/wildcard_patterns.rb
 - lib/cfn-model/validator/cloudformation_validator.rb
 - lib/cfn-model/validator/reference_validator.rb