cfndsl-pipeline 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/cfndsl_pipeline +58 -23
- data/lib/options.rb +14 -9
- data/lib/run-cfn_nag.rb +6 -9
- data/lib/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1d907ccd953fe5daa401302a9381d5d1c69cf6ce06fa97700f2d64e82a0f27a
|
|
4
|
+
data.tar.gz: 4c60a9730ce086a7b277672936c2be2e39ebc88c4902ccd0b9e44d17f9106006
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: be2eec11e343985c00b8df96cae83619113d49d8d84f71fa1acc3d4f3bf1659601d546b6dfdbcd02468223eb91ac9082e87224d8fa184c0911e5f40637d447fe
|
|
7
|
+
data.tar.gz: f243d900d999c28a50943d3730eccf960279b4af636aa2802d6c8cd6722b932e7e3f34b5efb14437dd95f1c94a763732aaad47cdc1d88d908c3604dd2ef14c62
|
data/bin/cfndsl_pipeline
CHANGED
|
@@ -2,48 +2,58 @@
|
|
|
2
2
|
require 'optparse'
|
|
3
3
|
require 'cfndsl-pipeline'
|
|
4
4
|
|
|
5
|
-
USAGE = "Usage: #{File.basename(__FILE__)}
|
|
6
|
-
cli_options = {
|
|
5
|
+
USAGE = "Usage: #{File.basename(__FILE__)} input file [ -o output_dir ] [ -b bucket ] OPTIONS [ include1 include2 etc.. ]"
|
|
6
|
+
cli_options = {
|
|
7
|
+
:output => './'
|
|
8
|
+
}
|
|
7
9
|
|
|
8
10
|
pipe_options = CfnDslPipeline::Options.new
|
|
9
11
|
|
|
10
12
|
op = OptionParser.new do |opts|
|
|
11
13
|
opts.banner = USAGE
|
|
12
|
-
opts.on('-t', '--template file', 'Input file') do |v|
|
|
13
|
-
cli_options[:template] = v
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
opts.on('-o', '--output dir', 'Output directory') do |v|
|
|
17
|
-
cli_options[:output] = v
|
|
18
|
-
end
|
|
19
14
|
|
|
20
|
-
opts.on('-
|
|
21
|
-
|
|
15
|
+
opts.on('-o', '--output dir', 'Optional output directory. Default is current directory') do |dir|
|
|
16
|
+
cli_options[:output] = dir
|
|
22
17
|
end
|
|
23
18
|
|
|
24
|
-
opts.on('
|
|
25
|
-
pipe_options
|
|
19
|
+
opts.on('-b', '--bucket', 'Optional Existing S3 bucket for cost estimation and large template syntax validation') do |bucket|
|
|
20
|
+
pipe_options.validation_bucket = bucket
|
|
26
21
|
end
|
|
27
22
|
|
|
28
23
|
opts.on('-p', '--params', 'Create cloudformation deploy compatible params file') do
|
|
29
|
-
pipe_options
|
|
24
|
+
pipe_options.dump_deploy_params = true
|
|
30
25
|
end
|
|
31
26
|
|
|
32
|
-
opts.on('
|
|
33
|
-
pipe_options
|
|
27
|
+
opts.on('-s', '--syntax', 'Enable syntax check') do
|
|
28
|
+
pipe_options.validate_syntax = true
|
|
34
29
|
end
|
|
35
30
|
|
|
36
31
|
opts.on('--syntax-report', 'Save template syntax report') do
|
|
37
|
-
pipe_options
|
|
32
|
+
pipe_options.save_syntax_report = true
|
|
38
33
|
end
|
|
39
34
|
|
|
35
|
+
opts.on('-a', '--audit', 'Enable cfn_nag audit') do
|
|
36
|
+
pipe_options.validate_cfn_nag = false
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
opts.on('--audit-rule-dir', 'cfn_nag audit custom rules directory') do
|
|
40
|
+
pipe_options.cfn_nag[:rule_directory] = true
|
|
41
|
+
end
|
|
40
42
|
|
|
41
43
|
opts.on('--audit-report', 'Save cfn_nag audit report') do
|
|
42
|
-
pipe_options
|
|
44
|
+
pipe_options.save_audit_report = true
|
|
43
45
|
end
|
|
44
46
|
|
|
45
|
-
opts.on('-
|
|
46
|
-
pipe_options
|
|
47
|
+
opts.on('--audit-debug', 'Enable cfn_nag debug output') do
|
|
48
|
+
pipe_options.debug_audit = true
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
opts.on('-e', '--estimate-costs', 'Generate URL for AWS simple cost calculator') do
|
|
52
|
+
pipe_options.estimate_cost = true
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
opts.on('-r', '--aws-region', 'AWS region to use. Default: ap-southeast-2') do |region|
|
|
56
|
+
pipe_options.aws_region = region
|
|
47
57
|
end
|
|
48
58
|
|
|
49
59
|
opts.on_tail('-h', '--help', 'show this message') do
|
|
@@ -51,7 +61,7 @@ op = OptionParser.new do |opts|
|
|
|
51
61
|
exit
|
|
52
62
|
end
|
|
53
63
|
|
|
54
|
-
opts.on_tail('-v', '--version', '
|
|
64
|
+
opts.on_tail('-v', '--version', 'Show version') do
|
|
55
65
|
puts CfnDsl::Pipeline::VERSION
|
|
56
66
|
exit
|
|
57
67
|
end
|
|
@@ -59,12 +69,37 @@ end
|
|
|
59
69
|
|
|
60
70
|
op.parse!
|
|
61
71
|
|
|
62
|
-
|
|
63
|
-
|
|
72
|
+
# first non-dash parameter is the mandatory input file
|
|
73
|
+
cli_options[:template] = ARGV.pop
|
|
74
|
+
|
|
75
|
+
# Exit on invalid option combinations
|
|
76
|
+
unless cli_options[:template] && File.file?(cli_options[:template])
|
|
77
|
+
puts "Error: Input template file does not exist."
|
|
64
78
|
puts op
|
|
65
79
|
exit 1
|
|
66
80
|
end
|
|
67
81
|
|
|
82
|
+
if pipe_options.save_syntax_report
|
|
83
|
+
unless pipe_options.validate_syntax
|
|
84
|
+
puts "Error: save syntax report is set, but syntax validation was not enabled."
|
|
85
|
+
puts op
|
|
86
|
+
exit 1
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
if pipe_options.cfn_nag.rule_directory || pipe_options.cfn_nag.debug_audit || pipe_options.cfn_nag.save_audit_report
|
|
91
|
+
unless pipe_options.validate_cfn_nag
|
|
92
|
+
puts "Error: Audit options set, but audit was not enabled"
|
|
93
|
+
puts op
|
|
94
|
+
exit 1
|
|
95
|
+
end
|
|
96
|
+
unless File.directory?(pipe_options.cfn_nag.rule_directory)
|
|
97
|
+
puts "Error: cfn_nag rule directory does not exist"
|
|
98
|
+
puts op
|
|
99
|
+
exit 1
|
|
100
|
+
end
|
|
101
|
+
end
|
|
102
|
+
|
|
68
103
|
cfndsl_extras = []
|
|
69
104
|
ARGV.each do |arg|
|
|
70
105
|
cfndsl_extras << [:yaml, arg]
|
data/lib/options.rb
CHANGED
|
@@ -2,16 +2,21 @@
|
|
|
2
2
|
|
|
3
3
|
module CfnDslPipeline
|
|
4
4
|
class Options
|
|
5
|
-
attr_accessor :aws_region, :validation_bucket, :save_audit_report, :validate_syntax, :save_syntax_report, :validate_cfn_nag, :validate_output, :estimate_cost, :dump_deploy_params
|
|
5
|
+
attr_accessor :aws_region, :validation_bucket, :save_audit_report, :validate_syntax, :save_syntax_report, :validate_cfn_nag, :validate_output, :estimate_cost, :dump_deploy_params, :cfn_nag, :debug_audit
|
|
6
6
|
def initialize()
|
|
7
|
-
self.aws_region='ap-southeast-2'
|
|
8
|
-
self.validation_bucket=''
|
|
9
|
-
self.validate_cfn_nag=
|
|
10
|
-
self.validate_syntax=
|
|
11
|
-
self.estimate_cost=false
|
|
12
|
-
self.save_syntax_report=false
|
|
13
|
-
self.dump_deploy_params=
|
|
14
|
-
self.save_audit_report=false
|
|
7
|
+
self.aws_region = 'ap-southeast-2'
|
|
8
|
+
self.validation_bucket = ''
|
|
9
|
+
self.validate_cfn_nag = false
|
|
10
|
+
self.validate_syntax = false
|
|
11
|
+
self.estimate_cost = false
|
|
12
|
+
self.save_syntax_report = false
|
|
13
|
+
self.dump_deploy_params = false
|
|
14
|
+
self.save_audit_report = false
|
|
15
|
+
self.debug_audit = false
|
|
16
|
+
self.cfn_nag = CfnNagConfig.new(
|
|
17
|
+
print_suppression: false,
|
|
18
|
+
fail_on_warnings: true
|
|
19
|
+
)
|
|
15
20
|
end
|
|
16
21
|
end
|
|
17
22
|
end
|
data/lib/run-cfn_nag.rb
CHANGED
|
@@ -2,14 +2,13 @@ require 'cfn-nag'
|
|
|
2
2
|
require 'colorize'
|
|
3
3
|
|
|
4
4
|
module CfnDslPipeline
|
|
5
|
+
|
|
5
6
|
class Pipeline
|
|
6
7
|
def exec_cfn_nag
|
|
7
8
|
puts "Auditing template with cfn-nag..."
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
)
|
|
12
|
-
cfn_nag = CfnNag.new(config: cfn_nag_config)
|
|
9
|
+
|
|
10
|
+
CfnNagLogging.configure_logging({:debug => self.options.debug_audit})
|
|
11
|
+
cfn_nag = CfnNag.new(config: self.options.cfn_nag)
|
|
13
12
|
result = cfn_nag.audit(cloudformation_string: self.template)
|
|
14
13
|
if self.options.save_audit_report
|
|
15
14
|
audit_report = Capture.capture do
|
|
@@ -26,16 +25,14 @@ module CfnDslPipeline
|
|
|
26
25
|
elsif result[:violations].count>0
|
|
27
26
|
puts "Audit passed with #{result[:warning_count]} warnings. (._.) ".yellow
|
|
28
27
|
else
|
|
29
|
-
puts "Audit passed!
|
|
28
|
+
puts "Audit passed! ヽ( ゚ヮ゚)/ ヽ(´ー`)ノ".green
|
|
30
29
|
end
|
|
31
30
|
else
|
|
32
31
|
ColoredStdoutResults.new.render([{
|
|
33
32
|
filename: "cfn-nag results:",
|
|
34
33
|
file_results: result
|
|
35
34
|
}])
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
|
|
35
|
+
end
|
|
39
36
|
end
|
|
40
37
|
end
|
|
41
38
|
end
|
data/lib/version.rb
CHANGED