cfn-check 0.1.1__tar.gz

cfn_check-0.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Ada Lündhé
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cfn_check-0.1.1/PKG-INFO

@@ -0,0 +1,247 @@
+Metadata-Version: 2.4
+Name: cfn-check
+Version: 0.1.1
+Summary: Validate Cloud Formation
+Author-email: Ada Lundhe <adalundhe@lundhe.audio>
+License: MIT License
+        
+        Copyright (c) 2025 Ada Lündhé
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/adalundhe/cfn-check
+Keywords: cloud-formation,testing,aws,cli
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pydantic
+Requires-Dist: pyyaml
+Requires-Dist: hyperlight-cocoa
+Requires-Dist: async-logging
+Dynamic: license-file
+
+# <b>CFN Check</b>
+<b>A tool for checking CloudFormation</b>
+
+[![PyPI version](https://img.shields.io/pypi/v/cfn-check?color=blue)](https://pypi.org/project/cfn-check/)
+[![License](https://img.shields.io/github/license/adalundhe/cfn-check)](https://github.com/adalundhe/cfn-check/blob/main/LICENSE)
+[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](https://github.com/adalundhe/cfn-check/blob/main/CODE_OF_CONDUCT.md)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/cfn-check?color=red)](https://pypi.org/project/cfn-check/)
+
+
+| Package     | Cocoa                                                           |
+| ----------- | -----------                                                     |
+| Version     | 0.1.0                                                           |
+| Download    | https://pypi.org/project/cfn-check/                             | 
+| Source      | https://github.com/adalundhe/cfn-check                          |
+| Keywords    | cloud-formation, testing, aws, cli                              |
+
+
+CFN-Check is a small, fast, friendly tool for validating AWS CloudFormation YAML templates. It is code-driven, with 
+rules written as simple, `Rule` decorator wrapped python class methods for `Rules`-inheriting classes.
+
+<br/>
+
+# Why CFN-Check?
+
+AWS has its own tools for validating Cloud Formation - `cfn-lint` and `cfn-guard`. `cfn-check` aims to solve
+problems inherint to `cfn-lint` more than `cfn-guard`, primarily:
+
+- Confusing, unclear syntax around rules configuration
+- Inability to parse non-resource wildcards
+- Inability to validate non-resource template data
+- Inabillity to use structured models to validate input
+
+In comparison to `cfn-guard`, `cfn-check` is pure Python, thus
+avoiding YADSL (Yet Another DSL) headaches. It also proves
+significantly more configurable/modular/hackable as a result.
+
+CFN-Check uses a combination of simple depth-first-search tree
+parsing, friendly `cfn-lint` like query syntax, `Pydantic` models,
+and `pytest`-like assert-driven checks to make validating your
+Cloud Formation easy while offering both CLI and Python API interfaces.
+
+<br/>
+
+# Getting Started
+
+`cfn-check` requires:
+
+- `Python 3.12`
+- Any number of valid CloudFormation templates or a path to said templates.
+- A `.py` file containing at least one `Rules` class with at least one valid `@Rule()` decorated method
+
+To get started (we recommend using `uv`), run:
+
+```bash
+uv venv
+source .venv/bin/activate
+
+uv pip install cfn-check
+
+touch rules.py
+touch template.yaml
+```
+
+Next open the `rules.py` file and create a basic Python class
+as below.
+
+```python
+from cfn_check import Rules, Rule
+
+
+class ValidateResourceType(Rules):
+
+    @Rule(
+        "Resources::*::Type",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: str): 
+        assert value is not None, '❌ Resource Type not defined'
+        assert isinstance(value, str), '❌ Resource Type not a string'
+```
+
+This provides us a basic rule set that validates that the `Type` field of our CloudFormation template(s) exists and is the correct data type.
+
+> [!NOTE]
+> Don't worry about adding an `__init__()` method to this class!
+
+Next open the `template.yaml` file and paste the following CloudFormation:
+
+```yaml
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters:
+  ExistingSecurityGroups:
+    Type: List<AWS::EC2::SecurityGroup::Id>
+  ExistingVPC:
+    Type: AWS::EC2::VPC::Id
+    Description: The VPC ID that includes the security groups in the ExistingSecurityGroups parameter.
+  InstanceType:
+    Type: String
+    Default: t2.micro
+    AllowedValues:
+      - t2.micro
+      - m1.small
+Mappings:
+  AWSInstanceType2Arch:
+    t2.micro:
+      Arch: HVM64
+    m1.small:
+      Arch: HVM64
+  AWSRegionArch2AMI:
+    us-east-1:
+      HVM64: ami-0ff8a91507f77f867
+      HVMG2: ami-0a584ac55a7631c0c
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Allow HTTP traffic to the host
+      VpcId: !Ref ExistingVPC
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+  AllSecurityGroups:
+    Type: Custom::Split
+    Properties:
+      ServiceToken: !GetAtt AppendItemToListFunction.Arn
+      List: !Ref ExistingSecurityGroups
+      AppendedItem: !Ref SecurityGroup
+  AppendItemToListFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Handler: index.handler
+      Role: !GetAtt LambdaExecutionRole.Arn
+      Code:
+        ZipFile: !Join
+          - ''
+          - - var response = require('cfn-response');
+            - exports.handler = function(event, context) {
+            - '   var responseData = {Value: event.ResourceProperties.List};'
+            - '   responseData.Value.push(event.ResourceProperties.AppendedItem);'
+            - '   response.send(event, context, response.SUCCESS, responseData);'
+            - '};'
+      Runtime: nodejs20.x
+  MyEC2Instance:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: !FindInMap
+        - AWSRegionArch2AMI
+        - !Ref AWS::Region
+        - !FindInMap
+          - AWSInstanceType2Arch
+          - !Ref InstanceType
+          - Arch
+      SecurityGroupIds: !GetAtt AllSecurityGroups.Value
+      InstanceType: !Ref InstanceType
+  LambdaExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Path: /
+      Policies:
+        - PolicyName: root
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:*
+                Resource: arn:aws:logs:*:*:*
+Outputs:
+  AllSecurityGroups:
+    Description: Security Groups that are associated with the EC2 instance
+    Value: !Join
+      - ', '
+      - !GetAtt AllSecurityGroups.Value
+```
+
+This represents a basic configuration for an AWS Lambda function.
+
+Finally, run:
+
+```bash
+cfn-lint validate -r rules.py template.yaml
+```
+
+which outputs:
+
+```
+2025-09-17T01:46:41.542078+00:00 - INFO - 19783474 - /Users/adalundhe/Documents/Duckbill/cfn-check/cfn_check/cli/validate.py:validate.80 - ✅ 1 validations met for 1 templates
+```
+
+Congrats! You've just made the cloud a bit better place!

cfn_check-0.1.1/README.md

@@ -0,0 +1,206 @@
+# <b>CFN Check</b>
+<b>A tool for checking CloudFormation</b>
+
+[![PyPI version](https://img.shields.io/pypi/v/cfn-check?color=blue)](https://pypi.org/project/cfn-check/)
+[![License](https://img.shields.io/github/license/adalundhe/cfn-check)](https://github.com/adalundhe/cfn-check/blob/main/LICENSE)
+[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](https://github.com/adalundhe/cfn-check/blob/main/CODE_OF_CONDUCT.md)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/cfn-check?color=red)](https://pypi.org/project/cfn-check/)
+
+
+| Package     | Cocoa                                                           |
+| ----------- | -----------                                                     |
+| Version     | 0.1.0                                                           |
+| Download    | https://pypi.org/project/cfn-check/                             | 
+| Source      | https://github.com/adalundhe/cfn-check                          |
+| Keywords    | cloud-formation, testing, aws, cli                              |
+
+
+CFN-Check is a small, fast, friendly tool for validating AWS CloudFormation YAML templates. It is code-driven, with 
+rules written as simple, `Rule` decorator wrapped python class methods for `Rules`-inheriting classes.
+
+<br/>
+
+# Why CFN-Check?
+
+AWS has its own tools for validating Cloud Formation - `cfn-lint` and `cfn-guard`. `cfn-check` aims to solve
+problems inherint to `cfn-lint` more than `cfn-guard`, primarily:
+
+- Confusing, unclear syntax around rules configuration
+- Inability to parse non-resource wildcards
+- Inability to validate non-resource template data
+- Inabillity to use structured models to validate input
+
+In comparison to `cfn-guard`, `cfn-check` is pure Python, thus
+avoiding YADSL (Yet Another DSL) headaches. It also proves
+significantly more configurable/modular/hackable as a result.
+
+CFN-Check uses a combination of simple depth-first-search tree
+parsing, friendly `cfn-lint` like query syntax, `Pydantic` models,
+and `pytest`-like assert-driven checks to make validating your
+Cloud Formation easy while offering both CLI and Python API interfaces.
+
+<br/>
+
+# Getting Started
+
+`cfn-check` requires:
+
+- `Python 3.12`
+- Any number of valid CloudFormation templates or a path to said templates.
+- A `.py` file containing at least one `Rules` class with at least one valid `@Rule()` decorated method
+
+To get started (we recommend using `uv`), run:
+
+```bash
+uv venv
+source .venv/bin/activate
+
+uv pip install cfn-check
+
+touch rules.py
+touch template.yaml
+```
+
+Next open the `rules.py` file and create a basic Python class
+as below.
+
+```python
+from cfn_check import Rules, Rule
+
+
+class ValidateResourceType(Rules):
+
+    @Rule(
+        "Resources::*::Type",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: str): 
+        assert value is not None, '❌ Resource Type not defined'
+        assert isinstance(value, str), '❌ Resource Type not a string'
+```
+
+This provides us a basic rule set that validates that the `Type` field of our CloudFormation template(s) exists and is the correct data type.
+
+> [!NOTE]
+> Don't worry about adding an `__init__()` method to this class!
+
+Next open the `template.yaml` file and paste the following CloudFormation:
+
+```yaml
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters:
+  ExistingSecurityGroups:
+    Type: List<AWS::EC2::SecurityGroup::Id>
+  ExistingVPC:
+    Type: AWS::EC2::VPC::Id
+    Description: The VPC ID that includes the security groups in the ExistingSecurityGroups parameter.
+  InstanceType:
+    Type: String
+    Default: t2.micro
+    AllowedValues:
+      - t2.micro
+      - m1.small
+Mappings:
+  AWSInstanceType2Arch:
+    t2.micro:
+      Arch: HVM64
+    m1.small:
+      Arch: HVM64
+  AWSRegionArch2AMI:
+    us-east-1:
+      HVM64: ami-0ff8a91507f77f867
+      HVMG2: ami-0a584ac55a7631c0c
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Allow HTTP traffic to the host
+      VpcId: !Ref ExistingVPC
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+  AllSecurityGroups:
+    Type: Custom::Split
+    Properties:
+      ServiceToken: !GetAtt AppendItemToListFunction.Arn
+      List: !Ref ExistingSecurityGroups
+      AppendedItem: !Ref SecurityGroup
+  AppendItemToListFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Handler: index.handler
+      Role: !GetAtt LambdaExecutionRole.Arn
+      Code:
+        ZipFile: !Join
+          - ''
+          - - var response = require('cfn-response');
+            - exports.handler = function(event, context) {
+            - '   var responseData = {Value: event.ResourceProperties.List};'
+            - '   responseData.Value.push(event.ResourceProperties.AppendedItem);'
+            - '   response.send(event, context, response.SUCCESS, responseData);'
+            - '};'
+      Runtime: nodejs20.x
+  MyEC2Instance:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: !FindInMap
+        - AWSRegionArch2AMI
+        - !Ref AWS::Region
+        - !FindInMap
+          - AWSInstanceType2Arch
+          - !Ref InstanceType
+          - Arch
+      SecurityGroupIds: !GetAtt AllSecurityGroups.Value
+      InstanceType: !Ref InstanceType
+  LambdaExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Path: /
+      Policies:
+        - PolicyName: root
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:*
+                Resource: arn:aws:logs:*:*:*
+Outputs:
+  AllSecurityGroups:
+    Description: Security Groups that are associated with the EC2 instance
+    Value: !Join
+      - ', '
+      - !GetAtt AllSecurityGroups.Value
+```
+
+This represents a basic configuration for an AWS Lambda function.
+
+Finally, run:
+
+```bash
+cfn-lint validate -r rules.py template.yaml
+```
+
+which outputs:
+
+```
+2025-09-17T01:46:41.542078+00:00 - INFO - 19783474 - /Users/adalundhe/Documents/Duckbill/cfn-check/cfn_check/cli/validate.py:validate.80 - ✅ 1 validations met for 1 templates
+```
+
+Congrats! You've just made the cloud a bit better place!

cfn_check-0.1.1/cfn_check/__init__.py

@@ -0,0 +1,2 @@
+from .rules.rules import Rules as Rules
+from .rules.rule import Rule as Rule

cfn_check-0.1.1/cfn_check/cli/root.py

@@ -0,0 +1,72 @@
+import asyncio
+import sys
+
+from cocoa.cli import CLI, CLIStyle
+from cocoa.ui.config.mode import TerminalMode
+from cocoa.ui.components.terminal import Section, SectionConfig
+from cocoa.ui.components.header import Header, HeaderConfig
+from cocoa.ui.components.terminal import Terminal, EngineConfig
+
+from .validate import validate
+
+async def create_header(
+    terminal_mode: TerminalMode = "full", 
+):
+    
+    cfn_check_terminal_mode = "extended"
+    if terminal_mode == "ci":
+        cfn_check_terminal_mode = "compatability"
+
+    header = Section(
+        SectionConfig(height="xx-small", width="large"),
+        components=[
+            Header(
+                "header",
+                HeaderConfig(
+                    header_text="cfn-check",
+                    color="indian_red_3",
+                    attributes=["bold"],
+                    terminal_mode=cfn_check_terminal_mode,
+                    font='cyberpunk'
+                ),
+            ),
+        ],
+    )
+
+    terminal = Terminal(
+        [
+            header,
+        ],
+        config=EngineConfig(
+            max_height=40,
+            max_width=120
+        )
+    )
+
+    return await terminal.render_once()
+
+
+
+@CLI.root(  
+    validate,
+    global_styles=CLIStyle(
+        header=create_header,
+        flag_description_color="white",
+        error_color="indian_red_3",
+        error_attributes=["italic"],
+        flag_color="indian_red_3",
+        text_color="slate_blue_2",
+        subcommand_color="slate_blue_2",
+        indentation=5,
+        terminal_mode="extended",
+    ),
+)
+async def cfn_check():
+    '''
+    Check and test CloudFormation
+    '''
+
+
+
+def run():
+    asyncio.run(CLI.run(sys.argv[1:]))

cfn_check-0.1.1/cfn_check/cli/utils/attributes.py

@@ -0,0 +1,12 @@
+from cfn_check.rules.rules import Rules
+from cfn_check.validation.validator import Validator
+
+
+def bind(
+    rule_set: Rules,
+    validation: Validator
+):
+    validation.func = validation.func.__get__(rule_set, rule_set.__class__)
+    setattr(rule_set, validation.func.__name__, validation.func)
+
+    return validation

cfn_check-0.1.1/cfn_check/cli/utils/files.py

@@ -0,0 +1,68 @@
+
+import asyncio
+import os
+import yaml
+from cfn_check.loader.loader import (
+    Loader,
+    create_tag,
+    find_templates,
+)
+from cfn_check.shared.types import YamlObject, Data
+
+def open_template(path: str) -> YamlObject | Exception:
+    try:
+        with open(path, 'r') as f:
+            return yaml.load(f, Loader=Loader)
+    except (Exception, ) as e:
+        raise e
+    
+def is_file(path: str) -> bool:
+    return os.path.isdir(path) is False
+
+
+async def load_templates(
+    path: str,
+    tags: list[str],
+    file_pattern: str | None = None,
+):
+    loop = asyncio.get_event_loop()
+
+    if await loop.run_in_executor(
+        None,
+        is_file,
+        path,
+    ) or file_pattern is None:
+        template_filepaths = [
+            path,
+        ]
+
+    elif file_pattern:
+
+        template_filepaths = await loop.run_in_executor(
+            None,
+            find_templates,
+            path,
+            file_pattern,
+        )
+
+    assert len(template_filepaths) > 0 , '❌ No matching files found'
+    
+    for tag in tags:
+        new_tag = await loop.run_in_executor(
+            None,
+            create_tag,
+            tag,
+        )
+
+        Loader.add_constructor(f'!{tag}', new_tag)
+
+    
+    templates: list[Data]  = await asyncio.gather(*[
+        loop.run_in_executor(
+            None,
+            open_template,
+            template_path,
+        ) for template_path in template_filepaths
+    ])
+
+    return templates