cfndsl-pipeline 0.1.2 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +11 -0
- data/.rspec +3 -0
- data/.rubocop.yml +33 -0
- data/.travis.yml +10 -0
- data/Gemfile +7 -0
- data/Guardfile +5 -0
- data/LICENCE +21 -0
- data/README.md +58 -0
- data/Rakefile +6 -0
- data/bin/cfndsl_pipeline +16 -14
- data/cfndsl-pipeline.gemspec +40 -0
- data/examples/common_definitions.yaml +63 -0
- data/examples/pipeline_multple_files.rb +42 -0
- data/examples/pipeline_single_file.rb +54 -0
- data/examples/s3bucket.rb +316 -0
- data/examples/s3bucket.yaml +241 -0
- data/examples/standard_tags.yaml +41 -0
- data/lib/cfndsl-pipeline.rb +15 -15
- data/lib/cli_options.rb +124 -0
- data/lib/exec_cfn_nag.rb +58 -0
- data/lib/{run-cfndsl.rb → exec_cfndsl.rb} +7 -5
- data/lib/exec_syntax.rb +87 -0
- data/lib/{monkey_patches.rb → monkey-patches/cfndsl_patch.rb} +40 -24
- data/lib/{stdout_capture.rb → monkey-patches/stdout_capture.rb} +0 -0
- data/lib/options.rb +10 -4
- data/lib/params.rb +6 -5
- data/lib/version.rb +2 -1
- data/spec/cfndsl/pipeline_spec.rb +11 -0
- data/spec/spec_helper.rb +15 -0
- metadata +119 -30
- data/lib/run-cfn_nag.rb +0 -38
- data/lib/run-syntax.rb +0 -89
File without changes
|
data/lib/options.rb
CHANGED
@@ -1,10 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
require 'cfn-nag/custom_rule_loader'
|
3
|
+
require 'cfn-nag/cfn_nag_config'
|
2
4
|
|
3
5
|
module CfnDslPipeline
|
6
|
+
#
|
4
7
|
class Options
|
5
|
-
attr_accessor :aws_region, :validation_bucket, :
|
6
|
-
|
7
|
-
|
8
|
+
attr_accessor :aws_region, :validation_bucket, :estimate_cost, :dump_deploy_params, :cfn_nag
|
9
|
+
attr_accessor :validate_cfn_nag, :save_audit_report, :validate_syntax, :save_syntax_report, :validate_output
|
10
|
+
attr_accessor :debug_audit, :debug_pipeline, :debug_cfndsl
|
11
|
+
def initialize
|
12
|
+
self.aws_region = ENV['AWS_REGION'] || 'ap-southeast-2'
|
8
13
|
self.validation_bucket = ''
|
9
14
|
self.validate_cfn_nag = false
|
10
15
|
self.validate_syntax = false
|
@@ -12,6 +17,8 @@ module CfnDslPipeline
|
|
12
17
|
self.save_syntax_report = false
|
13
18
|
self.dump_deploy_params = false
|
14
19
|
self.save_audit_report = false
|
20
|
+
self.debug_pipeline = false
|
21
|
+
self.debug_cfndsl = false
|
15
22
|
self.debug_audit = false
|
16
23
|
self.cfn_nag = CfnNagConfig.new(
|
17
24
|
print_suppression: false,
|
@@ -20,4 +27,3 @@ module CfnDslPipeline
|
|
20
27
|
end
|
21
28
|
end
|
22
29
|
end
|
23
|
-
|
data/lib/params.rb
CHANGED
@@ -2,14 +2,15 @@
|
|
2
2
|
require 'shellwords'
|
3
3
|
|
4
4
|
module CfnDslPipeline
|
5
|
+
#
|
5
6
|
class Pipeline
|
6
|
-
|
7
|
-
param_filename = "#{
|
7
|
+
def exec_dump_params
|
8
|
+
param_filename = "#{output_dir}/#{base_name}.params"
|
8
9
|
puts "Deploy parameters written to #{param_filename}"
|
9
10
|
param_file = File.open(File.expand_path(param_filename), 'w')
|
10
|
-
|
11
|
-
param_file.puts "#{param['parameter_key']}=#{
|
11
|
+
syntax_report['parameters'].each do |param|
|
12
|
+
param_file.puts "#{param['parameter_key']}=#{param['default_value']}"
|
12
13
|
end
|
13
14
|
end
|
14
15
|
end
|
15
|
-
end
|
16
|
+
end
|
data/lib/version.rb
CHANGED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'bundler/setup'
|
2
|
+
require 'cfndsl'
|
3
|
+
require 'cfndsl-pipeline'
|
4
|
+
|
5
|
+
RSpec.configure do |config|
|
6
|
+
# Enable flags like --only-failures and --next-failure
|
7
|
+
config.example_status_persistence_file_path = '.rspec_status'
|
8
|
+
|
9
|
+
# Disable RSpec exposing methods globally on `Module` and `main`
|
10
|
+
config.disable_monkey_patching!
|
11
|
+
|
12
|
+
config.expect_with :rspec do |c|
|
13
|
+
c.syntax = :expect
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfndsl-pipeline
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cam Maxwell
|
@@ -14,86 +14,156 @@ dependencies:
|
|
14
14
|
name: cfn-nag
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.4
|
19
|
+
version: '0.4'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.4
|
26
|
+
version: '0.4'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: cfndsl
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.17
|
33
|
+
version: '0.17'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.17
|
40
|
+
version: '0.17'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: aws-sdk-cloudformation
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- -
|
45
|
+
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1
|
47
|
+
version: '1'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- -
|
52
|
+
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 1
|
54
|
+
version: '1'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: aws-sdk-s3
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
|
-
- -
|
59
|
+
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 1
|
61
|
+
version: '1'
|
62
62
|
type: :runtime
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
|
-
- -
|
66
|
+
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 1
|
68
|
+
version: '1'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: uuid
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- -
|
73
|
+
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 2.3
|
75
|
+
version: '2.3'
|
76
76
|
type: :runtime
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- -
|
80
|
+
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 2.3
|
82
|
+
version: '2.3'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: colorize
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- -
|
87
|
+
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 0.8
|
89
|
+
version: '0.8'
|
90
90
|
type: :runtime
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
|
-
- -
|
94
|
+
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 0.8
|
96
|
+
version: '0.8'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: bundler
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.5'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.5'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rake
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rspec
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: cfndsl
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '0'
|
146
|
+
type: :development
|
147
|
+
prerelease: false
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - ">="
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rubocop
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: 0.49.0
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: 0.49.0
|
97
167
|
description: Integrated CfnDsl CloudFormation template generation pipeline that integrates
|
98
168
|
cfn_nag, AWS template validation, and AWS template costing (where possible), and
|
99
169
|
generated `aws cloudformation deploy` compatible parameters files
|
@@ -103,16 +173,35 @@ executables:
|
|
103
173
|
extensions: []
|
104
174
|
extra_rdoc_files: []
|
105
175
|
files:
|
176
|
+
- ".gitignore"
|
177
|
+
- ".rspec"
|
178
|
+
- ".rubocop.yml"
|
179
|
+
- ".travis.yml"
|
180
|
+
- Gemfile
|
181
|
+
- Guardfile
|
182
|
+
- LICENCE
|
183
|
+
- README.md
|
184
|
+
- Rakefile
|
106
185
|
- bin/cfndsl_pipeline
|
186
|
+
- cfndsl-pipeline.gemspec
|
187
|
+
- examples/common_definitions.yaml
|
188
|
+
- examples/pipeline_multple_files.rb
|
189
|
+
- examples/pipeline_single_file.rb
|
190
|
+
- examples/s3bucket.rb
|
191
|
+
- examples/s3bucket.yaml
|
192
|
+
- examples/standard_tags.yaml
|
107
193
|
- lib/cfndsl-pipeline.rb
|
108
|
-
- lib/
|
194
|
+
- lib/cli_options.rb
|
195
|
+
- lib/exec_cfn_nag.rb
|
196
|
+
- lib/exec_cfndsl.rb
|
197
|
+
- lib/exec_syntax.rb
|
198
|
+
- lib/monkey-patches/cfndsl_patch.rb
|
199
|
+
- lib/monkey-patches/stdout_capture.rb
|
109
200
|
- lib/options.rb
|
110
201
|
- lib/params.rb
|
111
|
-
- lib/run-cfn_nag.rb
|
112
|
-
- lib/run-cfndsl.rb
|
113
|
-
- lib/run-syntax.rb
|
114
|
-
- lib/stdout_capture.rb
|
115
202
|
- lib/version.rb
|
203
|
+
- spec/cfndsl/pipeline_spec.rb
|
204
|
+
- spec/spec_helper.rb
|
116
205
|
homepage: https://github.com/cmaxwellau/cfndsl-pipeline.git
|
117
206
|
licenses:
|
118
207
|
- MIT
|
data/lib/run-cfn_nag.rb
DELETED
@@ -1,38 +0,0 @@
|
|
1
|
-
require 'cfn-nag'
|
2
|
-
require 'colorize'
|
3
|
-
|
4
|
-
module CfnDslPipeline
|
5
|
-
|
6
|
-
class Pipeline
|
7
|
-
def exec_cfn_nag
|
8
|
-
puts "Auditing template with cfn-nag..."
|
9
|
-
|
10
|
-
CfnNagLogging.configure_logging({:debug => self.options.debug_audit})
|
11
|
-
cfn_nag = CfnNag.new(config: self.options.cfn_nag)
|
12
|
-
result = cfn_nag.audit(cloudformation_string: self.template)
|
13
|
-
if self.options.save_audit_report
|
14
|
-
audit_report = Capture.capture do
|
15
|
-
SimpleStdoutResults.new.render([{
|
16
|
-
filename: output_filename,
|
17
|
-
file_results: result
|
18
|
-
}])
|
19
|
-
end
|
20
|
-
audit_filename = "#{self.output_dir}/#{self.base_name}.audit"
|
21
|
-
File.open(File.expand_path(audit_filename), 'w').puts audit_report['stdout']
|
22
|
-
puts "Saved audit report to #{audit_filename}"
|
23
|
-
if result[:failure_count]>0
|
24
|
-
puts "Audit failed. #{result[:failure_count]} error(s) found ( ಠ ʖ̯ ಠ) ".red
|
25
|
-
elsif result[:violations].count>0
|
26
|
-
puts "Audit passed with #{result[:warning_count]} warnings. (._.) ".yellow
|
27
|
-
else
|
28
|
-
puts "Audit passed! ヽ( ゚ヮ゚)/ ヽ(´ー`)ノ".green
|
29
|
-
end
|
30
|
-
else
|
31
|
-
ColoredStdoutResults.new.render([{
|
32
|
-
filename: "cfn-nag results:",
|
33
|
-
file_results: result
|
34
|
-
}])
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
data/lib/run-syntax.rb
DELETED
@@ -1,89 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
require 'aws-sdk-cloudformation'
|
3
|
-
require 'aws-sdk-s3'
|
4
|
-
require 'uuid'
|
5
|
-
|
6
|
-
|
7
|
-
module CfnDslPipeline
|
8
|
-
class Pipeline
|
9
|
-
attr_accessor :cfn_client, :s3_client
|
10
|
-
|
11
|
-
def initialize
|
12
|
-
self.cfn_client = Aws::CloudFormation::Client.new(region: self.aws_region)
|
13
|
-
self.s3_client = Aws::S3::Client.new(region: self.aws_region)
|
14
|
-
end
|
15
|
-
|
16
|
-
def exec_syntax_validation
|
17
|
-
print "Validating template syntax...\n"
|
18
|
-
if self.options.estimate_cost || (self.output_file.size > 51200)
|
19
|
-
puts "Filesize is greater than 51200, or cost estimation required. Validating via S3 bucket "
|
20
|
-
uuid = UUID.new
|
21
|
-
object_name = "#{uuid.generate}"
|
22
|
-
|
23
|
-
if self.options.validation_bucket
|
24
|
-
bucket_name = self.options.validation_bucket
|
25
|
-
puts "Using existing S3 bucket #{bucket_name}..."
|
26
|
-
bucket = self.s3_client.bucket(self.options.validation_bucket)
|
27
|
-
else
|
28
|
-
bucket_name = "arch-code-#{uuid.generate}"
|
29
|
-
puts "Creating temporary S3 bucket #{bucket_name}..."
|
30
|
-
bucket = self.s3_client.bucket(bucket_name)
|
31
|
-
bucket.create
|
32
|
-
end
|
33
|
-
upload_template(bucket, object_name)
|
34
|
-
|
35
|
-
self.syntax_report = s3_validate_syntax(bucket, object_name)
|
36
|
-
|
37
|
-
if self.options.estimate_cost
|
38
|
-
estimate_cost(bucket_name, object_name)
|
39
|
-
end
|
40
|
-
|
41
|
-
if !self.options.validation_bucket
|
42
|
-
puts "Deleting temporary S3 bucket..."
|
43
|
-
bucket.delete!
|
44
|
-
end
|
45
|
-
|
46
|
-
else
|
47
|
-
self.syntax_report = local_validate_syntax
|
48
|
-
end
|
49
|
-
|
50
|
-
save_syntax_report if self.options.save_syntax_report
|
51
|
-
|
52
|
-
end
|
53
|
-
|
54
|
-
private
|
55
|
-
def save_syntax_report
|
56
|
-
report_filename = "#{self.output_dir}/#{self.base_name}.report"
|
57
|
-
puts "Syntax validation report written to #{report_filename}"
|
58
|
-
File.open(File.expand_path(report_filename), 'w').puts self.syntax_report.to_hash.to_yaml
|
59
|
-
end
|
60
|
-
|
61
|
-
def upload_template(bucket, object_name)
|
62
|
-
puts "Uploading template to temporary S3 bucket..."
|
63
|
-
object = bucket.object(object_name)
|
64
|
-
object.upload_file(self.output_file)
|
65
|
-
puts " https://s3.amazonaws.com/#{bucket_name}/#{object_name}"
|
66
|
-
end
|
67
|
-
|
68
|
-
def estimate_cost(bucket, object_name)
|
69
|
-
puts "Estimate cost of template..."
|
70
|
-
client = Aws::CloudFormation::Client.new(region: self.options.aws_region)
|
71
|
-
costing = client.estimate_template_cost(template_url: "https://#{bucket.url}/#{object_name}")
|
72
|
-
puts "Cost Calculator URL is: #{costing.url}"
|
73
|
-
end
|
74
|
-
|
75
|
-
def s3_validate_syntax(bucket, object_name)
|
76
|
-
if self.options.validate_syntax
|
77
|
-
puts "Validating template syntax in S3 Bucket..."
|
78
|
-
client = Aws::CloudFormation::Client.new(region: self.options.aws_region)
|
79
|
-
client.validate_template(template_url: "https://s3.amazonaws.com/#{bucket.url}/#{object_name}")
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
def local_validate_syntax
|
84
|
-
puts "Validating template syntax locally..."
|
85
|
-
client = Aws::CloudFormation::Client.new(region: self.options.aws_region)
|
86
|
-
client.validate_template(template_body: self.template)
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|