cfndsl-pipeline 0.1.2 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1d907ccd953fe5daa401302a9381d5d1c69cf6ce06fa97700f2d64e82a0f27a
-  data.tar.gz: 4c60a9730ce086a7b277672936c2be2e39ebc88c4902ccd0b9e44d17f9106006
+  metadata.gz: b2916ce7032d93f6a62603e4f7e0f67d1387429245eda792ae5aaa8421736cbc
+  data.tar.gz: ef9800894ba6333955a3f1ab8bae3e4a2162a15c91a02049062267032a429224
 SHA512:
-  metadata.gz: be2eec11e343985c00b8df96cae83619113d49d8d84f71fa1acc3d4f3bf1659601d546b6dfdbcd02468223eb91ac9082e87224d8fa184c0911e5f40637d447fe
-  data.tar.gz: f243d900d999c28a50943d3730eccf960279b4af636aa2802d6c8cd6722b932e7e3f34b5efb14437dd95f1c94a763732aaad47cdc1d88d908c3604dd2ef14c62
+  metadata.gz: 37fad470245cc31ac95127c0af8316b0ecdb28aa54a23e67fe5e9740eabecdb34ae48a7def92277ec01f54204390490a11f1ac46e06620166dff0afffc81c528
+  data.tar.gz: 3a4a082fb5f433f84d0ac4605dc0ba53e0ab28645efccca3c8cd8e1a2d11b5c2bb411ca326df59066a75db974831828769a5166956e30a603b62c2f4801c67df

data/.gitignore

@@ -0,0 +1,11 @@
+.ruby-gemset
+*.gem
+*~
+Gemfile.lock
+tmp/
+coverage/
+*.swp
+*.swo
+vendor
+.rspec_status
+

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,33 @@
+Metrics/LineLength:
+  Max: 160
+
+Metrics/CyclomaticComplexity:
+  Max: 10
+
+Metrics/AbcSize:
+  Max: 25
+
+Metrics/MethodLength:
+  Max: 25
+
+# Due to our @Properties style instance names
+Style/VariableName:
+  Enabled: false
+
+# We are a DSL
+Style/MethodName:
+  Enabled: false
+
+# Lone String
+Lint/Void:
+  Enabled: false
+
+AllCops:
+  Exclude:
+    - 'tmp/**/*'
+    - 'examples/**/*'
+    - 'spec/*'
+    - Gemfile
+    - Guardfile
+    - Rakefile
+    - '*.gemspec'

data/.travis.yml

@@ -0,0 +1,10 @@
+language: ruby
+sudo: false
+cache: bundler
+before_install: gem install bundler -v 1.16.6
+rvm:
+  - 2.4.4
+  - ruby-head
+matrix:
+  allow_failures:
+    - rvm: ruby-head

data/Gemfile

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+repo_name = "cmaxwellau/cfndsl-pipeline"
+gem "rubocop", ">= 0.49.0"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+gemspec

data/Guardfile

@@ -0,0 +1,5 @@
+guard :rspec, cmd: 'rspec --color --format documentation' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end

data/LICENCE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,58 @@
+# cfndsl-pipeline
+
+This ruby gem provides an integrated CfnDsl CloudFormation template generation pipeline that integrates resaource tagging standards, cfn_nag linting, AWS template syntax validation, and AWS template costing (where possible), and generates `aws cloudformation deploy` compatible parameter files.
+
+## Installation
+This gem is published on rubygems.org:
+``` gem install cfndsl-pipeline```
+
+## Bash Usage:
+```shell
+$ cfndsl_pipeline
+Usage: cfndsl_pipeline -t input file -o output dir [ -b bucket | -p | -c ] [include1 include2 etc]
+    -t, --template file              Input file
+    -o, --output dir                 Output directory
+    -b, --bucket                     Existing S3 bucket for cost estimation and large template syntax validation
+        --disable-syntax             Enable syntax check
+    -p, --params                     Create cloudformation deploy compatible params file
+        --disable-nag                Enable cfn_nag 
+        --syntax-report              Save template syntax report
+        --audit-report               Save cfn_nag audit report
+    -c, --estimate                   Generate URL for AWS simple cost calculator
+    -h, --help                       show this message
+    -v, --version                    show the version
+```
+
+## Ruby Usage
+```ruby
+require 'cfndsl-pipeline'
+
+opts = CfnDslPipeline::Options.new
+opts.validation_bucket=   'my-s3-bucket'
+opts.validate_cfn_nag=    true
+opts.validate_syntax=     true
+opts.dump_deploy_params=  false
+opts.estimate_cost=       false
+opts.save_syntax_report=  false
+opts.save_audit_report=   false
+
+output_dir='cloudformation'
+input_file='my-cfndsl-template.rb'
+cfndsl_extras = [[:yaml, 'standard_tags.yaml']]
+
+pipeline=CfnDslPipeline::Pipeline.new(output_dir, opts)
+pipeline.build(input_file, cfndsl_extras)
+```
+
+
+## Tag standards
+These are implemented as a simple YAML file. CFNDSL has been extended to generate the appropriate template inputs for each tag key for you, as well as automatically tagging each and every resource that supports tags. All DSL properties of the parameters are supported, in addition to a logical name to use for the parameter key.
+
+```yaml
+---
+TagStandard:
+  MyCostCode:
+    Default: 'MC68EC020'
+    Type: String
+    AllowedPattern: 'MC[0-9]{2}[A-Z]{2}[0-9]{3}'
+    LogicalName: CostCentre

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => [:spec, :build, :install]

data/bin/cfndsl_pipeline

@@ -4,7 +4,7 @@ require 'cfndsl-pipeline'
 
 USAGE = "Usage: #{File.basename(__FILE__)} input file [ -o output_dir ] [ -b bucket ] OPTIONS [ include1 include2 etc.. ]"
 cli_options = {
-  :output => './'
+  'output' => './'
 }
 
 pipe_options = CfnDslPipeline::Options.new
@@ -33,16 +33,16 @@ op = OptionParser.new do |opts|
   end
 
   opts.on('-a', '--audit', 'Enable cfn_nag audit') do
-    pipe_options.validate_cfn_nag = false
+    pipe_options.validate_cfn_nag = true
   end
 
   opts.on('--audit-rule-dir', 'cfn_nag audit custom rules directory') do
     pipe_options.cfn_nag[:rule_directory] = true
-  end  
+  end
 
   opts.on('--audit-report', 'Save cfn_nag audit report') do
     pipe_options.save_audit_report = true
-  end  
+  end
 
   opts.on('--audit-debug', 'Enable cfn_nag debug output') do
     pipe_options.debug_audit = true
@@ -72,32 +72,35 @@ op.parse!
 # first non-dash parameter is the mandatory input file
 cli_options[:template] = ARGV.pop
 
-# Exit on invalid option combinations 
+# Exit on invalid option combinations
 unless cli_options[:template] && File.file?(cli_options[:template])
-  puts "Error: Input template file does not exist."
+  puts 'Error: Input template file does not exist.'
   puts op
   exit 1
 end
 
 if pipe_options.save_syntax_report
   unless pipe_options.validate_syntax
-    puts "Error: save syntax report is set, but syntax validation was not enabled."
+    puts 'Error: save syntax report is set, but syntax validation was not enabled.'
     puts op
     exit 1
-  end  
+  end
 end
 
-if pipe_options.cfn_nag.rule_directory ||  pipe_options.cfn_nag.debug_audit || pipe_options.cfn_nag.save_audit_report
+if pipe_options.cfn_nag.rule_directory || pipe_options.debug_audit || pipe_options.save_audit_report
   unless pipe_options.validate_cfn_nag
-    puts "Error: Audit options set, but audit was not enabled"
+    puts 'Error: Audit options set, but audit was not enabled'
     puts op
     exit 1
-  end  
+  end
+end
+
+if pipe_options.cfn_nag.rule_directory
   unless File.directory?(pipe_options.cfn_nag.rule_directory)
-    puts "Error: cfn_nag rule directory does not exist"
+    puts 'Error: cfn_nag rule directory does not exist'
     puts op
     exit 1
-  end  
+  end
 end
 
 cfndsl_extras = []
@@ -107,4 +110,3 @@ end if ARGV.length > 0
 
 pipeline = CfnDslPipeline::Pipeline.new(cli_options[:output], pipe_options)
 pipeline.build(cli_options[:template], cfndsl_extras)
-

data/cfndsl-pipeline.gemspec

@@ -0,0 +1,40 @@
+# frozen_string_literal: true.
+
+$LOAD_PATH.unshift(File.dirname(__FILE__) + "/lib")
+require "version" 
+
+Gem::Specification.new do |s|
+  s.name = %q(cfndsl-pipeline)
+  s.authors = [
+  	"Cam Maxwell"
+  ]
+  s.homepage              = 'https://github.com/cmaxwellau/cfndsl-pipeline.git'
+  s.author                = 'Cam Maxwell'
+  s.email                 = 'cameron.maxwell@gmail.com'
+  s.version               = CfnDslPipeline::VERSION
+  s.date                  = %q(2019-08-19)
+  s.summary               = %q(Integrated build pipeline for building CloudFormation with CfnDsl)
+  s.description           = %q(Integrated CfnDsl CloudFormation template generation pipeline that integrates cfn_nag, AWS template validation, and AWS template costing (where possible), and generated `aws cloudformation deploy` compatible parameters files)
+  s.license               = 'MIT'
+  s.files                 = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
+  s.require_paths         = ["lib"]
+  s.required_ruby_version = '>= 2.4.1'
+  s.bindir                = 'bin'
+
+  s.add_dependency('cfn-nag', '~> 0.4')
+  s.add_dependency('cfndsl', '~> 0.17')
+  s.add_dependency('aws-sdk-cloudformation', '~> 1')
+  s.add_dependency('aws-sdk-s3', '~> 1')
+  s.add_dependency('uuid', '~> 2.3')
+  s.add_dependency('colorize', '~> 0.8')
+
+  s.executables << 'cfndsl_pipeline'
+
+  s.add_development_dependency "bundler", "~> 1.5"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "cfndsl"
+  s.add_development_dependency "rubocop", ">= 0.49.0"
+
+end
+

data/examples/common_definitions.yaml

@@ -0,0 +1,63 @@
+---
+aws_regions:
+  eu-west-1: 3
+  eu-central-1: 2
+  ap-southeast-1: 2
+  ap-southeast-2: 3
+  ap-northeast-2: 2
+  ap-northeast-1: 3
+  us-east-1: 5
+  sa-east-1: 3
+  us-west-1: 3
+  us-west-2: 3
+
+aws_elb_principals:
+  us-east-1: '127311923021'
+  us-west-2: '797873946194'
+  us-west-1: '027434742980'
+  eu-west-1: '156460612806'
+  eu-central-1: '054676820928'
+  ap-southeast-1: '114774131450'
+  ap-northeast-1: '582318560864'
+  ap-southeast-2: '783225319266'
+  ap-northeast-2: '600734575887'
+  sa-east-1: '507241528517'
+
+defaults:
+  instance_profile_policy:
+  - Action:
+    - ec2:Describe*
+    Effect: Allow
+    Resource: "*"
+  - Effect: Allow
+    Action:
+    - cloudwatch:PutMetricData
+    Resource: "*"
+  - Effect: Allow
+    Action:
+    - logs:CreateLogGroup
+    - logs:CreateLogStream
+    - logs:DescribeLogGroups
+    - logs:DescribeLogStreams
+    - logs:PutLogEvents
+    Resource: "*"
+  allowed_instances:
+  - m4.large
+  
+protocols:
+  ssh:
+  - 22/tcp
+  oracledb:
+  - 1521/tcp
+  mssql:
+  - 1433/tcp
+  nfs:
+  - 111/tcp
+  - 2049/tcp
+  - 32768/tcp
+  - 44182/tcp
+  - 54508/tcp
+  - 111/udp
+  - 2049/udp
+  - 32768/udp
+  - 32770-32800/udp

data/examples/pipeline_multple_files.rb

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+#
+# 
+# The MIT License
+#
+# Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+# 
+
+
+require 'cfndsl-pipeline'
+
+options = CfnDslPipeline::Options.new
+options.validation_bucket= 'my_cloudformation_bucket'
+
+includes =[
+  [:yaml,'includes/common_definitions.yaml'],
+  [:yaml,'includes/standard_tags.yaml']
+]
+
+['file1', 'file2'].each do |file|
+  cfndsl_extras = Marshal.load(Marshal.dump(includes)) << [:yaml, "#{file}.tags.yaml"]
+  pipeline=CfnDslPipeline::Pipeline.new('output_dir', options)
+  pipeline.build(file, cfndsl_extras)
+end

data/examples/pipeline_single_file.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+#
+# 
+# The MIT License
+#
+# Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+# 
+
+
+
+require 'cfndsl-pipeline'
+
+opts = CfnDslPipeline::Options.new
+# opts.validation_bucket		= 'cdsapipipeline-codebuildartifactsbucket-1iajuto6hoxe4'
+opts.validate_cfn_nag		= true
+opts.validate_syntax		= false
+opts.dump_deploy_params		= false
+opts.estimate_cost			= false
+opts.save_syntax_report		= false
+opts.save_audit_report		= false
+opts.debug_audit			= false
+
+opts.cfn_nag = CfnNagConfig.new(
+	print_suppression: true, # Emit information when rules are supressed
+	allow_suppression: true, # Allow inline metadata to supress rules on a per-resource basis
+	fail_on_warnings: false, # This is up to you
+	blacklist_definition: IO.read('./cfn_nag_rules/rule_suppression.yaml'),
+	rule_directory: './cfn_nag_rules'
+)
+
+output_dir='cfn'
+
+cfndsl_extras = [[:yaml, "standard_tags.yaml"]]
+pipeline=CfnDslPipeline::Pipeline.new(output_dir, opts)
+
+pipeline.build("s3bucket.rb", cfndsl_extras)