cfn-model 0.4.30 → 0.4.31
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cfn-model/parser/cfn_parser.rb +4 -2
- data/lib/cfn-model/parser/iam_group_parser.rb +3 -2
- data/lib/cfn-model/parser/iam_role_parser.rb +4 -3
- data/lib/cfn-model/parser/iam_user_parser.rb +5 -4
- data/lib/cfn-model/parser/kms_key_parser.rb +1 -1
- data/lib/cfn-model/parser/policy_document_parser.rb +15 -13
- data/lib/cfn-model/parser/security_group_parser.rb +2 -2
- data/lib/cfn-model/parser/with_policy_document_parser.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1af7ad2e0d6f1ccc44f948bbeed9ecac11264ce1aff4bf9ef824461810cbf65e
|
4
|
+
data.tar.gz: 7d62f46f1cefd0f5f6347e5bfa25e10767250f81679eab502200262c82a6d8ef
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d714c8be48de3d60fa59a55948b407a8bed0875e7b8dc75bf872905caa38408858b8ebd51d57f603e90cc9b85148844e66cba7e44febb6118ff0a43370c2c4ff
|
7
|
+
data.tar.gz: d32238875efa9fb50d60f0d64ffce415117fb749145e80fcfa43dd11cf7eca2a4462a5fb82b1aea6527c14587baf58029e159e33d19a1b51aeb6bd202861ecbc
|
@@ -44,6 +44,9 @@ class CfnParser
|
|
44
44
|
|
45
45
|
apply_parameter_values(cfn_model, parameter_values_json)
|
46
46
|
|
47
|
+
# pass 2: tie together separate resources only where necessary to make life easier for rule logic
|
48
|
+
post_process_resource_model_elements cfn_model
|
49
|
+
|
47
50
|
cfn_model
|
48
51
|
end
|
49
52
|
|
@@ -87,8 +90,7 @@ class CfnParser
|
|
87
90
|
transform_hash_into_parameters cfn_hash, cfn_model
|
88
91
|
transform_hash_into_globals cfn_hash, cfn_model
|
89
92
|
|
90
|
-
|
91
|
-
post_process_resource_model_elements cfn_model
|
93
|
+
|
92
94
|
|
93
95
|
cfn_model
|
94
96
|
end
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'cfn-model/model/iam_role'
|
4
4
|
require 'cfn-model/model/policy'
|
5
|
+
require 'cfn-model/model/references'
|
5
6
|
require_relative 'policy_document_parser'
|
6
7
|
|
7
8
|
class IamGroupParser
|
@@ -12,8 +13,8 @@ class IamGroupParser
|
|
12
13
|
next unless policy.has_key? 'PolicyName'
|
13
14
|
|
14
15
|
new_policy = Policy.new
|
15
|
-
new_policy.policy_name = policy['PolicyName']
|
16
|
-
new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
16
|
+
new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
|
17
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
|
17
18
|
new_policy
|
18
19
|
end.reject { |policy| policy.nil? }
|
19
20
|
iam_group
|
@@ -2,20 +2,21 @@
|
|
2
2
|
|
3
3
|
require 'cfn-model/model/iam_role'
|
4
4
|
require 'cfn-model/model/policy'
|
5
|
+
require 'cfn-model/model/references'
|
5
6
|
require_relative 'policy_document_parser'
|
6
7
|
|
7
8
|
class IamRoleParser
|
8
9
|
def parse(cfn_model:, resource:)
|
9
10
|
iam_role = resource
|
10
11
|
|
11
|
-
iam_role.assume_role_policy_document = PolicyDocumentParser.new.parse(iam_role.assumeRolePolicyDocument)
|
12
|
+
iam_role.assume_role_policy_document = PolicyDocumentParser.new.parse(cfn_model, iam_role.assumeRolePolicyDocument)
|
12
13
|
|
13
14
|
iam_role.policy_objects = iam_role.policies.map do |policy|
|
14
15
|
next unless policy.has_key? 'PolicyName'
|
15
16
|
|
16
17
|
new_policy = Policy.new
|
17
|
-
new_policy.policy_name = policy['PolicyName']
|
18
|
-
new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
18
|
+
new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
|
19
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
|
19
20
|
new_policy
|
20
21
|
end.reject { |policy| policy.nil? }
|
21
22
|
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require 'cfn-model/model/policy_document'
|
4
4
|
require 'cfn-model/model/policy'
|
5
|
+
require 'cfn-model/model/references'
|
5
6
|
require_relative 'policy_document_parser'
|
6
7
|
|
7
8
|
class IamUserParser
|
@@ -12,8 +13,8 @@ class IamUserParser
|
|
12
13
|
next unless policy.has_key? 'PolicyName'
|
13
14
|
|
14
15
|
new_policy = Policy.new
|
15
|
-
new_policy.policy_name = policy['PolicyName']
|
16
|
-
new_policy.policy_document = PolicyDocumentParser.new.parse(policy['PolicyDocument'])
|
16
|
+
new_policy.policy_name = References.resolve_value(cfn_model, policy['PolicyName'])
|
17
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, policy['PolicyDocument'])
|
17
18
|
new_policy
|
18
19
|
end.reject { |policy| policy.nil? }
|
19
20
|
|
@@ -22,8 +23,8 @@ class IamUserParser
|
|
22
23
|
user_to_group_additions = cfn_model.resources_by_type 'AWS::IAM::UserToGroupAddition'
|
23
24
|
user_to_group_additions.each do |user_to_group_addition|
|
24
25
|
|
25
|
-
if user_to_group_addition_has_username(user_to_group_addition.users,iam_user)
|
26
|
-
iam_user.group_names << user_to_group_addition.groupName
|
26
|
+
if user_to_group_addition_has_username(user_to_group_addition.users, iam_user)
|
27
|
+
iam_user.group_names << References.resolve_value(cfn_model, user_to_group_addition.groupName)
|
27
28
|
|
28
29
|
# we need to figure out the story on resolving Refs i think for this to be real
|
29
30
|
end
|
@@ -9,7 +9,7 @@ class KmsKeyParser
|
|
9
9
|
kms_key = resource
|
10
10
|
|
11
11
|
new_policy = Policy.new
|
12
|
-
new_policy.policy_document = PolicyDocumentParser.new.parse(kms_key.keyPolicy)
|
12
|
+
new_policy.policy_document = PolicyDocumentParser.new.parse(cfn_model, kms_key.keyPolicy)
|
13
13
|
kms_key.key_policy = new_policy
|
14
14
|
|
15
15
|
kms_key
|
@@ -1,16 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'cfn-model/model/iam_policy'
|
4
|
+
require 'cfn-model/model/references'
|
5
|
+
|
4
6
|
require 'cfn-model/model/policy_document'
|
5
7
|
|
6
8
|
class PolicyDocumentParser
|
7
|
-
def parse(raw_policy_document)
|
9
|
+
def parse(cfn_model, raw_policy_document)
|
8
10
|
policy_document = PolicyDocument.new
|
9
11
|
|
10
|
-
policy_document.version = raw_policy_document['Version']
|
12
|
+
policy_document.version = References.resolve_value(cfn_model, raw_policy_document['Version'])
|
11
13
|
|
12
14
|
policy_document.statements = streamline_array(raw_policy_document['Statement']) do |statement|
|
13
|
-
parse_statement statement
|
15
|
+
parse_statement cfn_model, statement
|
14
16
|
end
|
15
17
|
|
16
18
|
policy_document
|
@@ -18,17 +20,17 @@ class PolicyDocumentParser
|
|
18
20
|
|
19
21
|
private
|
20
22
|
|
21
|
-
def parse_statement(raw_statement)
|
23
|
+
def parse_statement(cfn_model, raw_statement)
|
22
24
|
statement = Statement.new
|
23
|
-
statement.effect = raw_statement['Effect']
|
24
|
-
statement.sid = raw_statement['Sid']
|
25
|
-
statement.condition = raw_statement['Condition']
|
26
|
-
statement.actions = streamline_array(raw_statement['Action'])
|
27
|
-
statement.not_actions = streamline_array(raw_statement['NotAction'])
|
28
|
-
statement.resources = streamline_array(raw_statement['Resource'])
|
29
|
-
statement.not_resources = streamline_array(raw_statement['NotResource'])
|
30
|
-
statement.principal = raw_statement['Principal']
|
31
|
-
statement.not_principal = raw_statement['NotPrincipal']
|
25
|
+
statement.effect = References.resolve_value(cfn_model, raw_statement['Effect'])
|
26
|
+
statement.sid = References.resolve_value(cfn_model, raw_statement['Sid'])
|
27
|
+
statement.condition = References.resolve_value(cfn_model, raw_statement['Condition'])
|
28
|
+
statement.actions = References.resolve_value(cfn_model, streamline_array(raw_statement['Action']))
|
29
|
+
statement.not_actions = References.resolve_value(cfn_model, streamline_array(raw_statement['NotAction']))
|
30
|
+
statement.resources = References.resolve_value(cfn_model, streamline_array(raw_statement['Resource']))
|
31
|
+
statement.not_resources = References.resolve_value(cfn_model, streamline_array(raw_statement['NotResource']))
|
32
|
+
statement.principal = References.resolve_value(cfn_model, raw_statement['Principal'])
|
33
|
+
statement.not_principal = References.resolve_value(cfn_model, raw_statement['NotPrincipal'])
|
32
34
|
statement
|
33
35
|
end
|
34
36
|
|
@@ -38,7 +38,7 @@ class SecurityGroupParser
|
|
38
38
|
ingress_object = AWS::EC2::SecurityGroupIngress.new cfn_model
|
39
39
|
ingress.each do |k, v|
|
40
40
|
silently_fail do
|
41
|
-
ingress_object.send("#{initialLower(k)}=", v)
|
41
|
+
ingress_object.send("#{initialLower(k)}=", References.resolve_value(cfn_model, v))
|
42
42
|
mapped_at_least_one_attribute = true
|
43
43
|
end
|
44
44
|
end
|
@@ -59,7 +59,7 @@ class SecurityGroupParser
|
|
59
59
|
egress.each do |k, v|
|
60
60
|
next if k.match /::/
|
61
61
|
silently_fail do
|
62
|
-
egress_object.send("#{initialLower(k)}=", v)
|
62
|
+
egress_object.send("#{initialLower(k)}=", References.resolve_value(cfn_model, v))
|
63
63
|
mapped_at_least_one_attribute = true
|
64
64
|
end
|
65
65
|
|
@@ -6,7 +6,7 @@ require_relative 'policy_document_parser'
|
|
6
6
|
|
7
7
|
class WithPolicyDocumentParser
|
8
8
|
def parse(cfn_model:, resource:)
|
9
|
-
resource.policy_document = PolicyDocumentParser.new.parse(resource.policyDocument)
|
9
|
+
resource.policy_document = PolicyDocumentParser.new.parse(cfn_model, resource.policyDocument)
|
10
10
|
resource
|
11
11
|
end
|
12
12
|
end
|