cfndsl-pipeline 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f001f1bc6ba3694429cd2e221331d45a6b013c6a49f7260a672b67de7c246558
-  data.tar.gz: 06a059c9b463b55a7b732a0b7f32d2bbba14abe1c6d44e48062a9225e4cc128c
+  metadata.gz: a1d907ccd953fe5daa401302a9381d5d1c69cf6ce06fa97700f2d64e82a0f27a
+  data.tar.gz: 4c60a9730ce086a7b277672936c2be2e39ebc88c4902ccd0b9e44d17f9106006
 SHA512:
-  metadata.gz: 57d07fb86fc4d6f98cc8cf53ff0abdf80a2b30e3e7f2f72bfc29e985d95c84c43f51dfc076f816f23c90be7ae41d0583655e50de8c110dd7cc78fec3f3c13762
-  data.tar.gz: dc9d3a0fb2699ed97af75f03a695b6c029428b018e788c633373c8832cec1924dc3796d52870d8005852478eff35a24bb29b7e51af46f53b6cc7990ec5654787
+  metadata.gz: be2eec11e343985c00b8df96cae83619113d49d8d84f71fa1acc3d4f3bf1659601d546b6dfdbcd02468223eb91ac9082e87224d8fa184c0911e5f40637d447fe
+  data.tar.gz: f243d900d999c28a50943d3730eccf960279b4af636aa2802d6c8cd6722b932e7e3f34b5efb14437dd95f1c94a763732aaad47cdc1d88d908c3604dd2ef14c62

data/bin/cfndsl_pipeline

@@ -2,48 +2,58 @@
 require 'optparse'
 require 'cfndsl-pipeline'
 
-USAGE = "Usage: #{File.basename(__FILE__)} -t input file -o output dir [ -b bucket | -p | -c ] [include1 include2 etc]"
-cli_options = {}
+USAGE = "Usage: #{File.basename(__FILE__)} input file [ -o output_dir ] [ -b bucket ] OPTIONS [ include1 include2 etc.. ]"
+cli_options = {
+  :output => './'
+}
 
 pipe_options = CfnDslPipeline::Options.new
 
 op = OptionParser.new do |opts|
   opts.banner = USAGE
-  opts.on('-t', '--template file', 'Input file') do |v|
-    cli_options[:template] = v
-  end
-
-  opts.on('-o', '--output dir', 'Output directory') do |v|
-    cli_options[:output] = v
-  end
 
-  opts.on('-b', '--bucket', 'Existing S3 bucket for cost estimation and large template syntax validation') do |v|
-    pipe_options[:validation_bucket] = v
+  opts.on('-o', '--output dir', 'Optional output directory. Default is current directory') do |dir|
+    cli_options[:output] = dir
   end
 
-  opts.on('--disable-syntax', 'Enable syntax check') do
-    pipe_options[:validate_syntax] = false
+  opts.on('-b', '--bucket', 'Optional Existing S3 bucket for cost estimation and large template syntax validation') do |bucket|
+    pipe_options.validation_bucket = bucket
   end
 
   opts.on('-p', '--params', 'Create cloudformation deploy compatible params file') do
-    pipe_options[:dump_deploy_params] = true
+    pipe_options.dump_deploy_params = true
   end
 
-  opts.on('--disable-nag', 'Enable cfn_nag ') do
-    pipe_options[:validate_cfn_nag] = false
+  opts.on('-s', '--syntax', 'Enable syntax check') do
+    pipe_options.validate_syntax = true
   end
 
   opts.on('--syntax-report', 'Save template syntax report') do
-    pipe_options[:save_syntax_report] = true
+    pipe_options.save_syntax_report = true
   end
 
+  opts.on('-a', '--audit', 'Enable cfn_nag audit') do
+    pipe_options.validate_cfn_nag = false
+  end
+
+  opts.on('--audit-rule-dir', 'cfn_nag audit custom rules directory') do
+    pipe_options.cfn_nag[:rule_directory] = true
+  end  
 
   opts.on('--audit-report', 'Save cfn_nag audit report') do
-    pipe_options[:save_audit_report] = true
+    pipe_options.save_audit_report = true
   end  
 
-  opts.on('-c', '--estimate', 'Generate URL for AWS simple cost calculator') do
-    pipe_options[:validate_cfn_nag] = true
+  opts.on('--audit-debug', 'Enable cfn_nag debug output') do
+    pipe_options.debug_audit = true
+  end
+
+  opts.on('-e', '--estimate-costs', 'Generate URL for AWS simple cost calculator') do
+    pipe_options.estimate_cost = true
+  end
+
+  opts.on('-r', '--aws-region', 'AWS region to use. Default: ap-southeast-2') do |region|
+    pipe_options.aws_region = region
   end
 
   opts.on_tail('-h', '--help', 'show this message') do
@@ -51,7 +61,7 @@ op = OptionParser.new do |opts|
     exit
   end
 
-  opts.on_tail('-v', '--version', 'show the version') do
+  opts.on_tail('-v', '--version', 'Show version') do
     puts CfnDsl::Pipeline::VERSION
     exit
   end
@@ -59,12 +69,37 @@ end
 
 op.parse!
 
- 
-unless cli_options[:template] && cli_options[:output]
+# first non-dash parameter is the mandatory input file
+cli_options[:template] = ARGV.pop
+
+# Exit on invalid option combinations 
+unless cli_options[:template] && File.file?(cli_options[:template])
+  puts "Error: Input template file does not exist."
   puts op
   exit 1
 end
 
+if pipe_options.save_syntax_report
+  unless pipe_options.validate_syntax
+    puts "Error: save syntax report is set, but syntax validation was not enabled."
+    puts op
+    exit 1
+  end  
+end
+
+if pipe_options.cfn_nag.rule_directory ||  pipe_options.cfn_nag.debug_audit || pipe_options.cfn_nag.save_audit_report
+  unless pipe_options.validate_cfn_nag
+    puts "Error: Audit options set, but audit was not enabled"
+    puts op
+    exit 1
+  end  
+  unless File.directory?(pipe_options.cfn_nag.rule_directory)
+    puts "Error: cfn_nag rule directory does not exist"
+    puts op
+    exit 1
+  end  
+end
+
 cfndsl_extras = []
 ARGV.each do |arg|
   cfndsl_extras << [:yaml, arg]

data/lib/options.rb

@@ -2,16 +2,21 @@
 
 module CfnDslPipeline
   class Options
-    attr_accessor :aws_region, :validation_bucket, :save_audit_report, :validate_syntax, :save_syntax_report, :validate_cfn_nag, :validate_output, :estimate_cost, :dump_deploy_params
+    attr_accessor :aws_region, :validation_bucket, :save_audit_report, :validate_syntax, :save_syntax_report, :validate_cfn_nag, :validate_output, :estimate_cost, :dump_deploy_params, :cfn_nag, :debug_audit
     def initialize()
-      self.aws_region='ap-southeast-2'
-      self.validation_bucket=''
-      self.validate_cfn_nag=true
-      self.validate_syntax=true
-      self.estimate_cost=false
-      self.save_syntax_report=false
-      self.dump_deploy_params=true
-      self.save_audit_report=false
+      self.aws_region         = 'ap-southeast-2'
+      self.validation_bucket  = ''
+      self.validate_cfn_nag   = false
+      self.validate_syntax    = false
+      self.estimate_cost      = false
+      self.save_syntax_report = false
+      self.dump_deploy_params = false
+      self.save_audit_report  = false
+      self.debug_audit        = false
+      self.cfn_nag = CfnNagConfig.new(
+        print_suppression: false,
+        fail_on_warnings: true
+      )
     end
   end
 end

data/lib/run-cfn_nag.rb

@@ -2,14 +2,13 @@ require 'cfn-nag'
 require 'colorize'
 
 module CfnDslPipeline
+
   class Pipeline
     def exec_cfn_nag
       puts "Auditing template with cfn-nag..."
-      cfn_nag_config = CfnNagConfig.new(
-        print_suppression: false,
-        fail_on_warnings: true
-      )
-      cfn_nag = CfnNag.new(config: cfn_nag_config)
+      
+      CfnNagLogging.configure_logging({:debug => self.options.debug_audit})
+      cfn_nag = CfnNag.new(config: self.options.cfn_nag)
       result = cfn_nag.audit(cloudformation_string: self.template)
       if self.options.save_audit_report
         audit_report = Capture.capture do
@@ -26,16 +25,14 @@ module CfnDslPipeline
         elsif result[:violations].count>0
           puts "Audit passed with #{result[:warning_count]} warnings.     (._.)  ".yellow
         else
-          puts "Audit passed!        \( ﾟヮﾟ)/      ヽ(´ー｀)ノ".green
+          puts "Audit passed!        ヽ( ﾟヮﾟ)/      ヽ(´ー｀)ノ".green
         end        
       else
         ColoredStdoutResults.new.render([{
           filename: "cfn-nag results:",
           file_results: result
         }]) 
-      end       
-
-
+      end
     end
   end
 end

data/lib/version.rb

@@ -1,3 +1,3 @@
 module CfnDslPipeline
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfndsl-pipeline
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Cam Maxwell