cfndsl-pipeline 0.1.2 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +11 -0
- data/.rspec +3 -0
- data/.rubocop.yml +33 -0
- data/.travis.yml +10 -0
- data/Gemfile +7 -0
- data/Guardfile +5 -0
- data/LICENCE +21 -0
- data/README.md +58 -0
- data/Rakefile +6 -0
- data/bin/cfndsl_pipeline +16 -14
- data/cfndsl-pipeline.gemspec +40 -0
- data/examples/common_definitions.yaml +63 -0
- data/examples/pipeline_multple_files.rb +42 -0
- data/examples/pipeline_single_file.rb +54 -0
- data/examples/s3bucket.rb +316 -0
- data/examples/s3bucket.yaml +241 -0
- data/examples/standard_tags.yaml +41 -0
- data/lib/cfndsl-pipeline.rb +15 -15
- data/lib/cli_options.rb +124 -0
- data/lib/exec_cfn_nag.rb +58 -0
- data/lib/{run-cfndsl.rb → exec_cfndsl.rb} +7 -5
- data/lib/exec_syntax.rb +87 -0
- data/lib/{monkey_patches.rb → monkey-patches/cfndsl_patch.rb} +40 -24
- data/lib/{stdout_capture.rb → monkey-patches/stdout_capture.rb} +0 -0
- data/lib/options.rb +10 -4
- data/lib/params.rb +6 -5
- data/lib/version.rb +2 -1
- data/spec/cfndsl/pipeline_spec.rb +11 -0
- data/spec/spec_helper.rb +15 -0
- metadata +119 -30
- data/lib/run-cfn_nag.rb +0 -38
- data/lib/run-syntax.rb +0 -89
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b2916ce7032d93f6a62603e4f7e0f67d1387429245eda792ae5aaa8421736cbc
|
4
|
+
data.tar.gz: ef9800894ba6333955a3f1ab8bae3e4a2162a15c91a02049062267032a429224
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 37fad470245cc31ac95127c0af8316b0ecdb28aa54a23e67fe5e9740eabecdb34ae48a7def92277ec01f54204390490a11f1ac46e06620166dff0afffc81c528
|
7
|
+
data.tar.gz: 3a4a082fb5f433f84d0ac4605dc0ba53e0ab28645efccca3c8cd8e1a2d11b5c2bb411ca326df59066a75db974831828769a5166956e30a603b62c2f4801c67df
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rubocop.yml
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
Metrics/LineLength:
|
2
|
+
Max: 160
|
3
|
+
|
4
|
+
Metrics/CyclomaticComplexity:
|
5
|
+
Max: 10
|
6
|
+
|
7
|
+
Metrics/AbcSize:
|
8
|
+
Max: 25
|
9
|
+
|
10
|
+
Metrics/MethodLength:
|
11
|
+
Max: 25
|
12
|
+
|
13
|
+
# Due to our @Properties style instance names
|
14
|
+
Style/VariableName:
|
15
|
+
Enabled: false
|
16
|
+
|
17
|
+
# We are a DSL
|
18
|
+
Style/MethodName:
|
19
|
+
Enabled: false
|
20
|
+
|
21
|
+
# Lone String
|
22
|
+
Lint/Void:
|
23
|
+
Enabled: false
|
24
|
+
|
25
|
+
AllCops:
|
26
|
+
Exclude:
|
27
|
+
- 'tmp/**/*'
|
28
|
+
- 'examples/**/*'
|
29
|
+
- 'spec/*'
|
30
|
+
- Gemfile
|
31
|
+
- Guardfile
|
32
|
+
- Rakefile
|
33
|
+
- '*.gemspec'
|
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/Guardfile
ADDED
data/LICENCE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
# cfndsl-pipeline
|
2
|
+
|
3
|
+
This ruby gem provides an integrated CfnDsl CloudFormation template generation pipeline that integrates resaource tagging standards, cfn_nag linting, AWS template syntax validation, and AWS template costing (where possible), and generates `aws cloudformation deploy` compatible parameter files.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
This gem is published on rubygems.org:
|
7
|
+
``` gem install cfndsl-pipeline```
|
8
|
+
|
9
|
+
## Bash Usage:
|
10
|
+
```shell
|
11
|
+
$ cfndsl_pipeline
|
12
|
+
Usage: cfndsl_pipeline -t input file -o output dir [ -b bucket | -p | -c ] [include1 include2 etc]
|
13
|
+
-t, --template file Input file
|
14
|
+
-o, --output dir Output directory
|
15
|
+
-b, --bucket Existing S3 bucket for cost estimation and large template syntax validation
|
16
|
+
--disable-syntax Enable syntax check
|
17
|
+
-p, --params Create cloudformation deploy compatible params file
|
18
|
+
--disable-nag Enable cfn_nag
|
19
|
+
--syntax-report Save template syntax report
|
20
|
+
--audit-report Save cfn_nag audit report
|
21
|
+
-c, --estimate Generate URL for AWS simple cost calculator
|
22
|
+
-h, --help show this message
|
23
|
+
-v, --version show the version
|
24
|
+
```
|
25
|
+
|
26
|
+
## Ruby Usage
|
27
|
+
```ruby
|
28
|
+
require 'cfndsl-pipeline'
|
29
|
+
|
30
|
+
opts = CfnDslPipeline::Options.new
|
31
|
+
opts.validation_bucket= 'my-s3-bucket'
|
32
|
+
opts.validate_cfn_nag= true
|
33
|
+
opts.validate_syntax= true
|
34
|
+
opts.dump_deploy_params= false
|
35
|
+
opts.estimate_cost= false
|
36
|
+
opts.save_syntax_report= false
|
37
|
+
opts.save_audit_report= false
|
38
|
+
|
39
|
+
output_dir='cloudformation'
|
40
|
+
input_file='my-cfndsl-template.rb'
|
41
|
+
cfndsl_extras = [[:yaml, 'standard_tags.yaml']]
|
42
|
+
|
43
|
+
pipeline=CfnDslPipeline::Pipeline.new(output_dir, opts)
|
44
|
+
pipeline.build(input_file, cfndsl_extras)
|
45
|
+
```
|
46
|
+
|
47
|
+
|
48
|
+
## Tag standards
|
49
|
+
These are implemented as a simple YAML file. CFNDSL has been extended to generate the appropriate template inputs for each tag key for you, as well as automatically tagging each and every resource that supports tags. All DSL properties of the parameters are supported, in addition to a logical name to use for the parameter key.
|
50
|
+
|
51
|
+
```yaml
|
52
|
+
---
|
53
|
+
TagStandard:
|
54
|
+
MyCostCode:
|
55
|
+
Default: 'MC68EC020'
|
56
|
+
Type: String
|
57
|
+
AllowedPattern: 'MC[0-9]{2}[A-Z]{2}[0-9]{3}'
|
58
|
+
LogicalName: CostCentre
|
data/Rakefile
ADDED
data/bin/cfndsl_pipeline
CHANGED
@@ -4,7 +4,7 @@ require 'cfndsl-pipeline'
|
|
4
4
|
|
5
5
|
USAGE = "Usage: #{File.basename(__FILE__)} input file [ -o output_dir ] [ -b bucket ] OPTIONS [ include1 include2 etc.. ]"
|
6
6
|
cli_options = {
|
7
|
-
|
7
|
+
'output' => './'
|
8
8
|
}
|
9
9
|
|
10
10
|
pipe_options = CfnDslPipeline::Options.new
|
@@ -33,16 +33,16 @@ op = OptionParser.new do |opts|
|
|
33
33
|
end
|
34
34
|
|
35
35
|
opts.on('-a', '--audit', 'Enable cfn_nag audit') do
|
36
|
-
pipe_options.validate_cfn_nag =
|
36
|
+
pipe_options.validate_cfn_nag = true
|
37
37
|
end
|
38
38
|
|
39
39
|
opts.on('--audit-rule-dir', 'cfn_nag audit custom rules directory') do
|
40
40
|
pipe_options.cfn_nag[:rule_directory] = true
|
41
|
-
end
|
41
|
+
end
|
42
42
|
|
43
43
|
opts.on('--audit-report', 'Save cfn_nag audit report') do
|
44
44
|
pipe_options.save_audit_report = true
|
45
|
-
end
|
45
|
+
end
|
46
46
|
|
47
47
|
opts.on('--audit-debug', 'Enable cfn_nag debug output') do
|
48
48
|
pipe_options.debug_audit = true
|
@@ -72,32 +72,35 @@ op.parse!
|
|
72
72
|
# first non-dash parameter is the mandatory input file
|
73
73
|
cli_options[:template] = ARGV.pop
|
74
74
|
|
75
|
-
# Exit on invalid option combinations
|
75
|
+
# Exit on invalid option combinations
|
76
76
|
unless cli_options[:template] && File.file?(cli_options[:template])
|
77
|
-
puts
|
77
|
+
puts 'Error: Input template file does not exist.'
|
78
78
|
puts op
|
79
79
|
exit 1
|
80
80
|
end
|
81
81
|
|
82
82
|
if pipe_options.save_syntax_report
|
83
83
|
unless pipe_options.validate_syntax
|
84
|
-
puts
|
84
|
+
puts 'Error: save syntax report is set, but syntax validation was not enabled.'
|
85
85
|
puts op
|
86
86
|
exit 1
|
87
|
-
end
|
87
|
+
end
|
88
88
|
end
|
89
89
|
|
90
|
-
if pipe_options.cfn_nag.rule_directory ||
|
90
|
+
if pipe_options.cfn_nag.rule_directory || pipe_options.debug_audit || pipe_options.save_audit_report
|
91
91
|
unless pipe_options.validate_cfn_nag
|
92
|
-
puts
|
92
|
+
puts 'Error: Audit options set, but audit was not enabled'
|
93
93
|
puts op
|
94
94
|
exit 1
|
95
|
-
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
if pipe_options.cfn_nag.rule_directory
|
96
99
|
unless File.directory?(pipe_options.cfn_nag.rule_directory)
|
97
|
-
puts
|
100
|
+
puts 'Error: cfn_nag rule directory does not exist'
|
98
101
|
puts op
|
99
102
|
exit 1
|
100
|
-
end
|
103
|
+
end
|
101
104
|
end
|
102
105
|
|
103
106
|
cfndsl_extras = []
|
@@ -107,4 +110,3 @@ end if ARGV.length > 0
|
|
107
110
|
|
108
111
|
pipeline = CfnDslPipeline::Pipeline.new(cli_options[:output], pipe_options)
|
109
112
|
pipeline.build(cli_options[:template], cfndsl_extras)
|
110
|
-
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true.
|
2
|
+
|
3
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__) + "/lib")
|
4
|
+
require "version"
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q(cfndsl-pipeline)
|
8
|
+
s.authors = [
|
9
|
+
"Cam Maxwell"
|
10
|
+
]
|
11
|
+
s.homepage = 'https://github.com/cmaxwellau/cfndsl-pipeline.git'
|
12
|
+
s.author = 'Cam Maxwell'
|
13
|
+
s.email = 'cameron.maxwell@gmail.com'
|
14
|
+
s.version = CfnDslPipeline::VERSION
|
15
|
+
s.date = %q(2019-08-19)
|
16
|
+
s.summary = %q(Integrated build pipeline for building CloudFormation with CfnDsl)
|
17
|
+
s.description = %q(Integrated CfnDsl CloudFormation template generation pipeline that integrates cfn_nag, AWS template validation, and AWS template costing (where possible), and generated `aws cloudformation deploy` compatible parameters files)
|
18
|
+
s.license = 'MIT'
|
19
|
+
s.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
20
|
+
s.require_paths = ["lib"]
|
21
|
+
s.required_ruby_version = '>= 2.4.1'
|
22
|
+
s.bindir = 'bin'
|
23
|
+
|
24
|
+
s.add_dependency('cfn-nag', '~> 0.4')
|
25
|
+
s.add_dependency('cfndsl', '~> 0.17')
|
26
|
+
s.add_dependency('aws-sdk-cloudformation', '~> 1')
|
27
|
+
s.add_dependency('aws-sdk-s3', '~> 1')
|
28
|
+
s.add_dependency('uuid', '~> 2.3')
|
29
|
+
s.add_dependency('colorize', '~> 0.8')
|
30
|
+
|
31
|
+
s.executables << 'cfndsl_pipeline'
|
32
|
+
|
33
|
+
s.add_development_dependency "bundler", "~> 1.5"
|
34
|
+
s.add_development_dependency "rake"
|
35
|
+
s.add_development_dependency "rspec"
|
36
|
+
s.add_development_dependency "cfndsl"
|
37
|
+
s.add_development_dependency "rubocop", ">= 0.49.0"
|
38
|
+
|
39
|
+
end
|
40
|
+
|
@@ -0,0 +1,63 @@
|
|
1
|
+
---
|
2
|
+
aws_regions:
|
3
|
+
eu-west-1: 3
|
4
|
+
eu-central-1: 2
|
5
|
+
ap-southeast-1: 2
|
6
|
+
ap-southeast-2: 3
|
7
|
+
ap-northeast-2: 2
|
8
|
+
ap-northeast-1: 3
|
9
|
+
us-east-1: 5
|
10
|
+
sa-east-1: 3
|
11
|
+
us-west-1: 3
|
12
|
+
us-west-2: 3
|
13
|
+
|
14
|
+
aws_elb_principals:
|
15
|
+
us-east-1: '127311923021'
|
16
|
+
us-west-2: '797873946194'
|
17
|
+
us-west-1: '027434742980'
|
18
|
+
eu-west-1: '156460612806'
|
19
|
+
eu-central-1: '054676820928'
|
20
|
+
ap-southeast-1: '114774131450'
|
21
|
+
ap-northeast-1: '582318560864'
|
22
|
+
ap-southeast-2: '783225319266'
|
23
|
+
ap-northeast-2: '600734575887'
|
24
|
+
sa-east-1: '507241528517'
|
25
|
+
|
26
|
+
defaults:
|
27
|
+
instance_profile_policy:
|
28
|
+
- Action:
|
29
|
+
- ec2:Describe*
|
30
|
+
Effect: Allow
|
31
|
+
Resource: "*"
|
32
|
+
- Effect: Allow
|
33
|
+
Action:
|
34
|
+
- cloudwatch:PutMetricData
|
35
|
+
Resource: "*"
|
36
|
+
- Effect: Allow
|
37
|
+
Action:
|
38
|
+
- logs:CreateLogGroup
|
39
|
+
- logs:CreateLogStream
|
40
|
+
- logs:DescribeLogGroups
|
41
|
+
- logs:DescribeLogStreams
|
42
|
+
- logs:PutLogEvents
|
43
|
+
Resource: "*"
|
44
|
+
allowed_instances:
|
45
|
+
- m4.large
|
46
|
+
|
47
|
+
protocols:
|
48
|
+
ssh:
|
49
|
+
- 22/tcp
|
50
|
+
oracledb:
|
51
|
+
- 1521/tcp
|
52
|
+
mssql:
|
53
|
+
- 1433/tcp
|
54
|
+
nfs:
|
55
|
+
- 111/tcp
|
56
|
+
- 2049/tcp
|
57
|
+
- 32768/tcp
|
58
|
+
- 44182/tcp
|
59
|
+
- 54508/tcp
|
60
|
+
- 111/udp
|
61
|
+
- 2049/udp
|
62
|
+
- 32768/udp
|
63
|
+
- 32770-32800/udp
|
@@ -0,0 +1,42 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
#
|
4
|
+
# The MIT License
|
5
|
+
#
|
6
|
+
# Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
|
7
|
+
#
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files (the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions:
|
14
|
+
#
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
#
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#
|
26
|
+
|
27
|
+
|
28
|
+
require 'cfndsl-pipeline'
|
29
|
+
|
30
|
+
options = CfnDslPipeline::Options.new
|
31
|
+
options.validation_bucket= 'my_cloudformation_bucket'
|
32
|
+
|
33
|
+
includes =[
|
34
|
+
[:yaml,'includes/common_definitions.yaml'],
|
35
|
+
[:yaml,'includes/standard_tags.yaml']
|
36
|
+
]
|
37
|
+
|
38
|
+
['file1', 'file2'].each do |file|
|
39
|
+
cfndsl_extras = Marshal.load(Marshal.dump(includes)) << [:yaml, "#{file}.tags.yaml"]
|
40
|
+
pipeline=CfnDslPipeline::Pipeline.new('output_dir', options)
|
41
|
+
pipeline.build(file, cfndsl_extras)
|
42
|
+
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
#
|
4
|
+
# The MIT License
|
5
|
+
#
|
6
|
+
# Copyright (c) 2019 Cam Maxwell (cameron.maxwell@gmail.com)
|
7
|
+
#
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files (the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions:
|
14
|
+
#
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
#
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#
|
26
|
+
|
27
|
+
|
28
|
+
|
29
|
+
require 'cfndsl-pipeline'
|
30
|
+
|
31
|
+
opts = CfnDslPipeline::Options.new
|
32
|
+
# opts.validation_bucket = 'cdsapipipeline-codebuildartifactsbucket-1iajuto6hoxe4'
|
33
|
+
opts.validate_cfn_nag = true
|
34
|
+
opts.validate_syntax = false
|
35
|
+
opts.dump_deploy_params = false
|
36
|
+
opts.estimate_cost = false
|
37
|
+
opts.save_syntax_report = false
|
38
|
+
opts.save_audit_report = false
|
39
|
+
opts.debug_audit = false
|
40
|
+
|
41
|
+
opts.cfn_nag = CfnNagConfig.new(
|
42
|
+
print_suppression: true, # Emit information when rules are supressed
|
43
|
+
allow_suppression: true, # Allow inline metadata to supress rules on a per-resource basis
|
44
|
+
fail_on_warnings: false, # This is up to you
|
45
|
+
blacklist_definition: IO.read('./cfn_nag_rules/rule_suppression.yaml'),
|
46
|
+
rule_directory: './cfn_nag_rules'
|
47
|
+
)
|
48
|
+
|
49
|
+
output_dir='cfn'
|
50
|
+
|
51
|
+
cfndsl_extras = [[:yaml, "standard_tags.yaml"]]
|
52
|
+
pipeline=CfnDslPipeline::Pipeline.new(output_dir, opts)
|
53
|
+
|
54
|
+
pipeline.build("s3bucket.rb", cfndsl_extras)
|