cfn-model 0.4.29 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c60ef54532b89cab5abaf2c3bf9381a7e9e0529f1ee9d1a516941e4ec9e9393
-  data.tar.gz: e77b5257bf99294ddc85ec54763e475be9a5b9ad4e4895e88cb552a7ea302a99
+  metadata.gz: '0912463527f6c2239a20d71bd81ce4d7bd8915d44ffb4dd975d684bc57f36555'
+  data.tar.gz: e0943893a06458b5b49b3cc92a73c5570ebae24a1e5b5458b52e456043f401d4
 SHA512:
-  metadata.gz: 1713962ad868efd3d92c97e5eff4a9e6300113afa35cf94f7ac5cd00cc7824c98ba8a9206616cd130a0e939d00e9ec44cbb422af2a0449674712c606b17383be
-  data.tar.gz: e9ba5783d5b37bec3edf86ec7f194c6bbf60bbcb310a87d14ce6e0b03b2b135f8abd565666b8a5ca8403659ca46b17cfb154643d71910ce7e8b04be8bc510e58
+  metadata.gz: e56dff8cbc449c62012d268e470500ae4bd946cfb45b8292e86a6ff50375659f76caafe5c9043ccb3727a5d59ca51c90efb80407c3bc065aeb922ed5909b8900
+  data.tar.gz: 3547645ee5d45b27a7679c805f9f57492174245f15782a6d6abf59d7f67dec8f8ba22305ec31c3412bda6605cac728f6ea3bb75cc80affb0e52ac998acdcd259

data/lib/cfn-model/model/references.rb

@@ -9,16 +9,39 @@ require 'cfn-model/parser/parser_error'
 # references yet... in the meantime pile things up here and hope a pattern becomes
 # clear
 module References
-  def self.resolve_value(cfn_model, value)
+  def self.unsupported_passthru?(value)
+    value.has_key?('Fn::GetAtt') || value.has_key?('Fn::ImportValue') || value.has_key?('Fn::Transform') || value.has_key?('Fn::Cidr')
+  end
 
+  def self.resolve_value(cfn_model, value)
     if value.is_a? Hash
       if value.has_key?('Ref')
         resolve_reference(cfn_model, value)
       elsif value.has_key?('Fn::FindInMap')
         resolve_map(cfn_model, value)
-      else
+      elsif value.has_key?('Fn::If')
+        resolve_if(cfn_model, value)
+      elsif value.has_key?('Fn::Sub')
+        resolve_sub(cfn_model, value)
+      elsif value.has_key?('Fn::GetAZs')
+        resolve_getazs(cfn_model, value)
+      elsif value.has_key?('Fn::Split')
+        resolve_split(cfn_model, value)
+      elsif value.has_key?('Fn::Join')
+        resolve_join(cfn_model, value)
+      elsif value.has_key?('Fn::Base64')
+        resolve_base64(cfn_model, value)
+      elsif value.has_key?('Fn::Select')
+        resolve_select(cfn_model, value)
+      elsif unsupported_passthru?(value)
         value
+      else # another mapping
+        value.map do |k,v|
+          [k, resolve_value(cfn_model, v)]
+        end.to_h
       end
+    elsif value.is_a? Array
+      value.map { |item| resolve_value(cfn_model, item) }
     else
       value
     end
@@ -96,6 +119,117 @@ module References
 
   private
 
+  def self.resolve_sub(cfn_model, expression)
+    if expression['Fn::Sub'].is_a? String
+      resolve_shorthand_sub(cfn_model, expression)
+    elsif expression['Fn::Sub'].is_a? Array
+      resolve_longform_sub(cfn_model, expression)
+    else
+      expression
+    end
+  end
+
+  def self.resolve_select(cfn_model, reference)
+    index = reference['Fn::Select'][0]
+    collection = References.resolve_value(cfn_model, reference['Fn::Select'][1])
+    if collection.is_a? Array
+      collection[index]
+    else
+      reference
+    end
+  end
+
+  def self.resolve_base64(cfn_model, reference)
+    References.resolve_value(cfn_model, reference['Fn::Base64'])
+  end
+
+  def self.resolve_join(cfn_model, reference)
+    delimiter = reference['Fn::Join'][0]
+    items = References.resolve_value(cfn_model, reference['Fn::Join'][1])
+    return reference unless items.is_a?(Array)
+    items.join(delimiter)
+  end
+
+  def self.resolve_split(cfn_model, reference)
+    delimiter = reference['Fn::Split'][0]
+    target_string = References.resolve_value(cfn_model, reference['Fn::Split'][1])
+    return reference unless target_string.is_a?(String)
+    target_string.split(delimiter)
+  end
+
+  def self.resolve_getazs(cfn_model, reference)
+    number_azs = References.resolve_value(cfn_model, { 'Ref' => 'AWS::NumberAZs' })
+    region = reference['Fn::GetAZs']
+    if region == '' || region == { 'Ref' => 'AWS::Region' }
+      region = References.resolve_value(cfn_model, { 'Ref' => 'AWS::Region' })
+    end
+    (('a'.ord)..('a'.ord+number_azs)).map do |az_number|
+      "#{region}#{az_number.chr}"
+    end
+  end
+
+  def self.strip_cfn_interpolation(reference)
+    reference[2..-2]
+  end
+
+  def self.references_in_sub(string_value)
+    # ignore ${!foo} as cfn interprets that as the literal ${foo}
+    references = string_value.scan /\${[^!].*?}/
+    references.map { |reference| strip_cfn_interpolation(reference) }
+  end
+
+  def self.resolvable_reference?(cfn_model, reference)
+    resolved_value = References.resolve_value(cfn_model, {'Ref'=>reference})
+    resolved_value != {'Ref'=>reference}
+  end
+
+  def self.resolve_shorthand_sub(cfn_model, expression)
+    string_value = expression['Fn::Sub']
+    subbed_string_value = string_value
+    has_unresolved_references = false
+    references_in_sub(string_value).each do |reference|
+      if resolvable_reference?(cfn_model, reference)
+        subbed_string_value = subbed_string_value.gsub(
+          "${#{reference}}",
+          References.resolve_value(cfn_model, {'Ref'=>reference})
+        )
+      end
+    end
+    subbed_string_value
+  end
+
+  def self.resolve_longform_sub(cfn_model, expression)
+    array_value = expression['Fn::Sub']
+    subbed_string_value = array_value[0]
+    substitution_mapping = array_value[1]
+    references_in_sub(subbed_string_value).each do |reference|
+      if substitution_mapping.has_key? reference
+        if References.resolve_value(cfn_model, substitution_mapping[reference]).is_a?(String)
+          subbed_string_value = subbed_string_value.gsub(
+            "${#{reference}}",
+            References.resolve_value(cfn_model, substitution_mapping[reference])
+          )
+        end
+      elsif resolvable_reference?(cfn_model, reference)
+        subbed_string_value = subbed_string_value.gsub(
+          "${#{reference}}",
+          References.resolve_value(cfn_model, {'Ref'=>reference})
+        )
+      end
+    end
+    subbed_string_value
+  end
+
+  def self.resolve_if(cfn_model, expression)
+    if_expression = expression['Fn::If']
+    condition_name = if_expression[0]
+    if cfn_model.conditions[condition_name]
+      resolve_value(cfn_model, if_expression[1])
+    else
+      resolve_value(cfn_model, if_expression[2])
+    end
+  end
+
   def self.logical_resource_id_from_get_att(attribute_spec, attr_to_retrieve=nil)
     if attribute_spec.is_a? Array
       if !attr_to_retrieve || attribute_spec[1] == attr_to_retrieve

data/lib/cfn-model/parser/cfn_parser.rb

@@ -44,6 +44,9 @@ class CfnParser
 
     apply_parameter_values(cfn_model, parameter_values_json)
 
+    # pass 2: tie together separate resources only where necessary to make life easier for rule logic
+    post_process_resource_model_elements cfn_model
+
     cfn_model
   end
 
@@ -87,8 +90,7 @@ class CfnParser
     transform_hash_into_parameters cfn_hash, cfn_model
     transform_hash_into_globals cfn_hash, cfn_model
 
-    # pass 2: tie together separate resources only where necessary to make life easier for rule logic
-    post_process_resource_model_elements cfn_model
+
 
     cfn_model
   end
@@ -279,7 +281,7 @@ class CfnParser
 
   def map_non_aws_resource_name_to_class_name(module_names)
     # this is a little hacky.  we've been ignoring Custom so more for
-    # backward compat.  for Alexa and other transformed resources just jam the whole
+    # backward compat. for Alexa and other transformed resources just jam the whole
     # thing together
     if module_names.first == 'Custom'
       first_module_index = 1
@@ -306,7 +308,8 @@ class CfnParser
     else
       custom_resource_class_name = map_non_aws_resource_name_to_class_name(module_names)
       begin
-        resource_class = Object.const_get custom_resource_class_name
+        custom_class = Object.const_get custom_resource_class_name
+        resource_class = custom_class if custom_class.is_a?(ModelElement)
       rescue NameError
         Object.const_set(custom_resource_class_name, resource_class)
       end

data/lib/cfn-model/parser/iam_group_parser.rb

@@ -2,6 +2,7 @@
 
 require 'cfn-model/model/iam_role'
 require 'cfn-model/model/policy'
+require 'cfn-model/model/references'
 require_relative 'policy_document_parser'
 
 class IamGroupParser
@@ -12,8 +13,8 @@ class IamGroupParser
       next unless policy.has_key? 'PolicyName'
 
       new_policy = Policy.new
-      new_policy.policy_name = policy['PolicyName']
-      new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
+      new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
+      new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
       new_policy
     end.reject { |policy| policy.nil? }
     iam_group

data/lib/cfn-model/parser/iam_role_parser.rb

@@ -2,20 +2,21 @@
 
 require 'cfn-model/model/iam_role'
 require 'cfn-model/model/policy'
+require 'cfn-model/model/references'
 require_relative 'policy_document_parser'
 
 class IamRoleParser
   def parse(cfn_model:, resource:)
     iam_role = resource
 
-    iam_role.assume_role_policy_document = PolicyDocumentParser.new.parse(iam_role.assumeRolePolicyDocument)
+    iam_role.assume_role_policy_document = PolicyDocumentParser.new.parse(cfn_model, iam_role.assumeRolePolicyDocument)
 
     iam_role.policy_objects = iam_role.policies.map do |policy|
       next unless policy.has_key? 'PolicyName'
 
       new_policy = Policy.new
-      new_policy.policy_name = policy['PolicyName']
-      new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
+      new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
+      new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
       new_policy
     end.reject { |policy| policy.nil? }
 

data/lib/cfn-model/parser/iam_user_parser.rb

@@ -2,6 +2,7 @@
 
 require 'cfn-model/model/policy_document'
 require 'cfn-model/model/policy'
+require 'cfn-model/model/references'
 require_relative 'policy_document_parser'
 
 class IamUserParser
@@ -12,8 +13,8 @@ class IamUserParser
       next unless policy.has_key? 'PolicyName'
 
       new_policy = Policy.new
-      new_policy.policy_name = policy['PolicyName']
-      new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
+      new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
+      new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
       new_policy
     end.reject { |policy| policy.nil? }
 
@@ -22,8 +23,8 @@ class IamUserParser
     user_to_group_additions = cfn_model.resources_by_type 'AWS::IAM::UserToGroupAddition'
     user_to_group_additions.each do |user_to_group_addition|
 
-      if user_to_group_addition_has_username(user_to_group_addition.users,iam_user)
-        iam_user.group_names << user_to_group_addition.groupName
+      if user_to_group_addition_has_username(user_to_group_addition.users, iam_user)
+        iam_user.group_names << References.resolve_value(cfn_model, user_to_group_addition.groupName)
 
         # we need to figure out the story on resolving Refs i think for this to be real
       end

data/lib/cfn-model/parser/kms_key_parser.rb

@@ -9,7 +9,7 @@ class KmsKeyParser
     kms_key = resource
 
     new_policy = Policy.new
-    new_policy.policy_document = PolicyDocumentParser.new.parse(kms_key.keyPolicy)
+    new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, kms_key.keyPolicy)
     kms_key.key_policy = new_policy
 
     kms_key

data/lib/cfn-model/parser/parameter_substitution.rb

@@ -43,7 +43,8 @@ class ParameterSubstitution
       'AWS::AccountId' => '111111111111',
       'AWS::Region' => 'us-east-1',
       'AWS::StackId' => 'arn:aws:cloudformation:us-east-1:111111111111:stack/stackname/51af3dc0-da77-11e4-872e-1234567db123',
-      'AWS::StackName' => 'stackname'
+      'AWS::StackName' => 'stackname',
+      'AWS::NumberAZs' => 2
     }
     pseudo_function_defaults.each do |function_name, default_value|
       parameter = Parameter.new

data/lib/cfn-model/parser/policy_document_parser.rb

@@ -1,16 +1,18 @@
 # frozen_string_literal: true
 
 require 'cfn-model/model/iam_policy'
+require 'cfn-model/model/references'
+
 require 'cfn-model/model/policy_document'
 
 class PolicyDocumentParser
-  def parse(raw_policy_document)
+  def parse(cfn_model, raw_policy_document)
     policy_document = PolicyDocument.new
 
-    policy_document.version = raw_policy_document['Version']
+    policy_document.version = References.resolve_value(cfn_model, raw_policy_document['Version'])
 
     policy_document.statements = streamline_array(raw_policy_document['Statement']) do |statement|
-      parse_statement statement
+      parse_statement cfn_model, statement
     end
 
     policy_document
@@ -18,17 +20,17 @@ class PolicyDocumentParser
 
   private
 
-  def parse_statement(raw_statement)
+  def parse_statement(cfn_model, raw_statement)
     statement = Statement.new
-    statement.effect = raw_statement['Effect']
-    statement.sid = raw_statement['Sid']
-    statement.condition = raw_statement['Condition']
-    statement.actions = streamline_array(raw_statement['Action'])
-    statement.not_actions = streamline_array(raw_statement['NotAction'])
-    statement.resources = streamline_array(raw_statement['Resource'])
-    statement.not_resources = streamline_array(raw_statement['NotResource'])
-    statement.principal = raw_statement['Principal']
-    statement.not_principal = raw_statement['NotPrincipal']
+    statement.effect = References.resolve_value(cfn_model, raw_statement['Effect'])
+    statement.sid = References.resolve_value(cfn_model, raw_statement['Sid'])
+    statement.condition = References.resolve_value(cfn_model, raw_statement['Condition'])
+    statement.actions = References.resolve_value(cfn_model, streamline_array(raw_statement['Action']))
+    statement.not_actions = References.resolve_value(cfn_model, streamline_array(raw_statement['NotAction']))
+    statement.resources = References.resolve_value(cfn_model, streamline_array(raw_statement['Resource']))
+    statement.not_resources = References.resolve_value(cfn_model, streamline_array(raw_statement['NotResource']))
+    statement.principal = References.resolve_value(cfn_model, raw_statement['Principal'])
+    statement.not_principal = References.resolve_value(cfn_model, raw_statement['NotPrincipal'])
     statement
   end
 

data/lib/cfn-model/parser/security_group_parser.rb

@@ -38,7 +38,7 @@ class SecurityGroupParser
       ingress_object = AWS::EC2::SecurityGroupIngress.new cfn_model
       ingress.each do |k, v|
         silently_fail do
-          ingress_object.send("#{initialLower(k)}=", v)
+          ingress_object.send("#{initialLower(k)}=", References.resolve_value(cfn_model, v))
           mapped_at_least_one_attribute = true
         end
       end
@@ -59,7 +59,7 @@ class SecurityGroupParser
       egress.each do |k, v|
         next if k.match /::/
         silently_fail do
-          egress_object.send("#{initialLower(k)}=", v)
+          egress_object.send("#{initialLower(k)}=", References.resolve_value(cfn_model, v))
           mapped_at_least_one_attribute = true
         end
 

data/lib/cfn-model/parser/with_policy_document_parser.rb

@@ -6,7 +6,7 @@ require_relative 'policy_document_parser'
 
 class WithPolicyDocumentParser
   def parse(cfn_model:, resource:)
-    resource.policy_document = PolicyDocumentParser.new.parse(resource.policyDocument)
+    resource.policy_document = PolicyDocumentParser.new.parse(cfn_model, resource.policyDocument)
     resource
   end
 end

data/lib/cfn-model/transforms/serverless.rb

@@ -112,8 +112,14 @@ class CfnModel
                                                           resource_name,
                                                           with_line_numbers)
 
-        cfn_hash['Resources'][resource_name] = lambda_function lambda_fn_params
-
+        cfn_hash['Resources'][resource_name] = lambda_function(
+          handler: lambda_fn_params[:handler],
+          code_bucket: lambda_fn_params[:code_bucket],
+          code_key: lambda_fn_params[:code_key],
+          role: lambda_fn_params[:role],
+          runtime: lambda_fn_params[:runtime],
+          with_line_numbers: lambda_fn_params[:with_line_numbers]
+        )
         unless serverless_function['Properties']['Role']
           cfn_hash['Resources'][resource_name + 'Role'] = function_role(serverless_function,
                                                                         resource_name,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-model
 version: !ruby/object:Gem::Version
-  version: 0.4.29
+  version: 0.5.2
 platform: ruby
 authors:
 - Eric Kascic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-01 00:00:00.000000000 Z
+date: 2020-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -165,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: cfn-model