cfn-check 0.2.1__py3-none-any.whl → 0.3.0__py3-none-any.whl

cfn_check/cli/utils/files.py

@@ -76,7 +76,7 @@ async def load_templates(
             path,
         ]
 
-        assert await path_exists(path) is True, f'❌ Template at {path} does not exist'
+        assert await path_exists(path, loop) is True, f'❌ Template at {path} does not exist'
 
     elif file_pattern:
 

cfn_check/cli/validate.py

@@ -5,13 +5,15 @@ from cocoa.cli import CLI, ImportType
 
 from cfn_check.cli.utils.attributes import bind
 from cfn_check.cli.utils.files import load_templates
-from cfn_check.evaluation.validate import run_validations
+from cfn_check.evaluation.validate import ValidationSet
 from cfn_check.logging.models import InfoLog
 from cfn_check.collection.collection import Collection
 from cfn_check.validation.validator import Validator
 
 
-@CLI.command()
+@CLI.command(
+    display_help_on_error=False,
+)
 async def validate(
     path: str,
     file_pattern: str | None = None,
@@ -58,7 +60,7 @@ async def validate(
         file_pattern=file_pattern,
     )
 
-    validations: list[Validator] = [ 
+    validation_set = ValidationSet([ 
         bind(
             rule,
             validation,
@@ -66,16 +68,12 @@ async def validate(
         for rule in rules.data.values()
         for _, validation in inspect.getmembers(rule)
         if isinstance(validation, Validator)
-    ]
+    ])
     
-    if validation_error := run_validations(
-        templates,
-        validations,
-    ):
+    if validation_error := validation_set.validate(templates):
         raise validation_error
     
-    checks_passed = len(validations)
     templates_evaluated = len(templates)
     
-    await logger.log(InfoLog(message=f'✅ {checks_passed} validations met for {templates_evaluated} templates'))
+    await logger.log(InfoLog(message=f'✅ {validation_set.count} validations met for {templates_evaluated} templates'))
     

cfn_check/evaluation/evaluator.py

@@ -0,0 +1,85 @@
+from collections import deque
+from typing import Deque
+
+from cfn_check.shared.types import (
+    Data,
+    Items,
+    YamlObject,
+)
+
+from .parsing import QueryParser
+
+class Evaluator:
+
+    def __init__(self):
+        self._query_parser = QueryParser()
+
+    def match(
+        self,
+        resources: YamlObject,
+        path: str,
+    ):
+        items: Items = deque()
+        items.append(resources)
+
+        segments = path.split("::")[::-1]
+        # Queries can be multi-segment,
+        # so we effectively perform per-segment
+        # repeated DFS searches, returning the matches
+        # for each segment
+
+        composite_keys: list[str] = []
+
+        while len(segments):
+            query = segments.pop()
+            items, keys = self._match_with_query(items, query)
+
+            if len(composite_keys) == 0:
+                composite_keys.extend(keys)
+
+            else:
+                updated_keys: list[str] = []
+                for composite_key in composite_keys:
+                    while len(keys):
+                        key = keys.pop()
+
+                        updated_keys.append(f'{composite_key}.{key}')
+
+                composite_keys = updated_keys
+
+        assert len(composite_keys) == len(items), f'❌ {len(items)} returned for {len(composite_keys)} keys. Are you sure you used a range ([*]) selector?'
+
+        results: list[tuple[str, Data]] = []
+        for idx, item in enumerate(list(items)):
+            results.append((
+                composite_keys[idx],
+                item,
+            ))
+
+        return results
+    
+    def _match_with_query(
+        self,
+        items: Items,
+        query: str,
+    ) -> tuple[Items, Deque[str]]:
+        
+        found: Items = deque()
+        keys: Deque[str] = deque()
+
+        tokens = self._query_parser.parse(query)
+        
+        while len(items):
+            node = items.pop()
+
+            for token in tokens:
+                matched_keys, matches = token.match(node)
+
+                if matched_keys and matches:
+                    keys.extend(matched_keys)
+                    found.extend(matches)
+
+                elif matched_keys is None and matches:
+                    items.extend(matches)
+            
+        return found, keys

cfn_check/evaluation/parsing/__init__.py

@@ -0,0 +1 @@
+from .query_parser import QueryParser as QueryParser

cfn_check/evaluation/parsing/query_parser.py

@@ -0,0 +1,145 @@
+import re
+import sys
+from .token import Token
+from .token_type import TokenType
+
+
+class QueryParser:
+
+    def __init__(self):
+        self.numbers_pattern = re.compile(r'\d+')
+
+    def parse(
+        self,
+        query: str,
+    ):
+        
+        tokens: list[Token] = []
+
+        if query.startswith('[') and query.endswith(']'):
+            tokens.extend(
+                self._parse_range_selector_token(query),
+            )
+
+        elif query.startswith('(') and query.endswith(')'):
+            tokens.append(
+                Token(
+                    re.compile(query),
+                    TokenType.PATTERN,
+                )
+            )
+
+        elif query == "*":
+            tokens.append(
+                Token(
+                    query,
+                    TokenType.WILDCARD,
+                )
+            )
+
+        else:
+            tokens.append(
+                Token(
+                    query,
+                    TokenType.KEY,
+                )
+            )
+
+        return tokens
+
+    def _parse_range_selector_token(
+        self,
+        query: str,
+    ):
+        segments = [
+            segment
+            for segment in query[1:-1].split(',')
+            if len(segment) > 0
+        ]
+        tokens: list[Token] = []
+
+        if len(segments) < 1:
+            tokens.append(
+                Token(
+                    None,
+                    TokenType.UNBOUND_RANGE,
+                ),
+            )
+
+        else:  
+            tokens.extend([
+                token
+                for segment in segments
+                for token in self._parse_selector_segment(segment)
+            ])
+
+        return tokens
+    
+    def _parse_selector_segment(self, segment: str):
+        
+        if segment.startswith('[') and segment.endswith(']'):
+            tokens = self._parse_range_selector_token(segment)
+
+            return [
+                Token(
+                    segment,
+                    TokenType.NESTED_RANGE,
+                    nested=tokens,
+                ),
+            ]
+        
+        elif segment.startswith('(') and segment.endswith(')'):
+            return [
+                Token(
+                    re.compile(segment),
+                    TokenType.PATTERN_RANGE,
+                )
+            ]
+        
+        elif segment == '*':
+            return [
+                Token(
+                    segment,
+                    TokenType.WILDCARD_RANGE,
+                )
+            ]
+        
+        elif '-' in segment:
+            return [
+                 self._parse_bound_range(
+                    segment.split('-', maxsplit=1)
+                )
+            ]
+        
+        elif match := self.numbers_pattern.match(segment):
+                return [
+                    Token(
+                        int(match.group(0)),
+                        TokenType.INDEX,
+                    )
+                ]
+        
+        else:
+            return [
+                Token(
+                    segment,
+                    TokenType.KEY_RANGE
+                )
+            ]
+
+    def _parse_bound_range(self, segment: tuple[str, ...]):
+   
+        start, stop = segment
+        if not self.numbers_pattern.match(start):
+            start = 0
+
+        if not self.numbers_pattern.match(stop):
+            stop = str(sys.maxsize)
+
+        return Token(
+            (
+                int(start),
+                int(stop),
+            ),
+            TokenType.BOUND_RANGE,
+        )

cfn_check/evaluation/parsing/token.py

@@ -0,0 +1,269 @@
+from __future__ import annotations
+import re
+import sys
+from collections import deque
+from typing import Deque
+from cfn_check.shared.types import Data, Items
+from .token_type import TokenType
+
+
+class Token:
+
+    def __init__(
+        self,
+        selector: tuple[int, int] | int | re.Pattern | str,
+        selector_type: TokenType,
+        nested: list[Token] | None = None
+    ):
+        self.selector = selector
+        self.selector_type = selector_type
+        self._nested = nested
+
+    def match(
+        self,
+        node: Data,
+    ):
+        if isinstance(node, dict) and self.selector_type not in [
+            TokenType.WILDCARD,
+        ]:
+            return None, list(node.items())
+
+        elif isinstance(node, list) and self.selector_type not in [
+            TokenType.BOUND_RANGE,
+            TokenType.INDEX,
+            TokenType.PATTERN_RANGE,
+            TokenType.UNBOUND_RANGE,
+            TokenType.KEY_RANGE,
+            TokenType.WILDCARD,
+            TokenType.WILDCARD_RANGE,
+            TokenType.NESTED_RANGE,
+        ]:
+            return None, node
+
+        match self.selector_type:
+
+            case TokenType.BOUND_RANGE:
+                return self._match_bound_range(node)
+
+            case TokenType.INDEX:
+                return self._match_index(node)
+
+            case TokenType.KEY:
+                return self._match_key(node)
+            
+            case TokenType.KEY_RANGE:
+                return self._match_key_range(node)
+            
+            case TokenType.NESTED_RANGE:
+                return self._match_nested_range(node)
+        
+            case TokenType.PATTERN:
+                return self._match_pattern(node)
+
+            case TokenType.PATTERN_RANGE:
+                return self._match_pattern_range(node)
+
+            case TokenType.UNBOUND_RANGE:
+                return self._match_unbound_range(node)
+
+            case TokenType.WILDCARD:
+                return self._match_wildcard(node)
+            
+            case TokenType.WILDCARD_RANGE:
+                return self._match_wildcard_range(node)
+
+            case _:
+                return None, None
+
+    def _match_bound_range(
+        self,
+        node: Data,
+    ):
+        if not isinstance(node, list) or not isinstance(self.selector, tuple):
+            return None, None
+        
+        start, stop = self.selector
+
+        if stop == sys.maxsize:
+            stop = len(node)
+
+        return [f'{start}-{stop}'], [node[start:stop]]
+    
+    def _match_index(
+        self,
+        node: Data,
+    ):
+        if (
+            isinstance(node, list)
+        ) and (
+            isinstance(self.selector, int)
+        ) and self.selector < len(node):
+            return [str(self.selector)], [node[self.selector]]
+        
+        return None, None
+    
+    def _match_key(
+        self,
+        node: Data,
+    ):
+        
+        if not isinstance(node, tuple) or len(node) < 2:
+            return None, None
+
+        key, value = node
+
+        if key == self.selector:
+            return [key], [value]
+        
+        return None, None
+    
+    def _match_pattern(
+        self,
+        node: Data,
+    ):
+        
+        if not isinstance(node, tuple) or len(node) < 2:
+            return None, None
+        
+        elif not isinstance(self.selector, re.Pattern):
+            return None, None
+        
+        key, value = node
+
+        if self.selector.match(key):
+            return [key], [value]
+        
+        return None, None
+    
+    def _match_pattern_range(
+        self,
+        node: Data,
+    ):
+        if not isinstance(node, list) or not isinstance(self.selector, re.Pattern):
+            return None, None
+        
+        matches = [
+            (idx, item)
+            for idx, item in enumerate(node)
+            if self.selector.match(item) or (
+                isinstance(item, dict, list)
+                and any([
+                    self.selector.match(val)
+                    for val in item
+                ])
+            )
+        ]
+        
+        return (
+            [str(idx) for idx in matches],
+            [item for item in matches]
+        )
+    
+    def _match_unbound_range(
+        self,
+        node: Data,
+    ):
+        if not isinstance(node, list):
+            return None, None
+
+        return (
+            ['[]'],
+            [node],
+        )
+    
+    def _match_key_range(
+        self,
+        node: Data,
+    ):
+        if not isinstance(node, list):
+            return None, None
+        
+        matches = [
+            (
+                str(idx),
+                value
+            ) for idx, value in enumerate(node) if (
+                str(value) == self.selector
+            ) or (
+                isinstance(value, dict, list)
+                and value in self.selector
+            )
+        ]
+
+        return (
+            [str(idx) for idx in matches],
+            [item for item in matches]
+        )
+    
+    def _match_nested_range(
+        self,
+        node: Data
+    ):
+        if not isinstance(node, list):
+            return None, None
+        
+        keys: list[str] = []
+        found: list[Data] = []
+
+        for item in node:
+            if isinstance(item, list):
+                nested_keys, nested_found = self._match_nested(item)
+                keys.extend([
+                    f'[[{key}]]'
+                    for key in nested_keys
+                ])
+                found.extend(nested_found)
+
+        return (
+            keys,
+            found,
+        )
+    
+    def _match_nested(
+        self,
+        node: Data,
+    ): 
+        found: Items = deque()
+        keys: Deque[str] = deque()
+
+        for token in self._nested:
+            matched_keys, matches = token.match(node)
+
+            if matched_keys and matches:
+                keys.extend(matched_keys)
+                found.extend(matches)
+
+        return keys, found
+    
+    def _match_wildcard(
+        self,
+        node: Data
+    ):
+        if not self.selector == '*':
+            return None, None
+        
+        if isinstance(node, dict):
+            return ['*'], node.values()
+        
+        elif isinstance(node, list):
+            return (
+                ['*' for _ in node],
+                node,
+            )
+        
+        return ['*'], [node]
+    
+    def _match_wildcard_range(
+        self,
+        node: Data
+    ):
+        if not self.selector == '*' or not (
+            isinstance(node, list)
+        ):
+            return None, None
+        
+        return (
+            ['[*]' for _ in node],
+            node,
+        )
+        

cfn_check/evaluation/parsing/token_type.py

@@ -0,0 +1,14 @@
+from enum import Enum
+
+
+class TokenType(Enum):
+    BOUND_RANGE = "BOUND_RANGE"
+    INDEX = "INDEX"
+    KEY = "KEY"
+    KEY_RANGE = "KEY_RANGE"
+    NESTED_RANGE = "NESTED"
+    PATTERN = "GLOB"
+    PATTERN_RANGE = "GLOB_RANGE"
+    UNBOUND_RANGE = "UNBOUND_RANGE"
+    WILDCARD = "WILDCARD"
+    WILDCARD_RANGE = "WILDCARD_RANGE"

cfn_check/evaluation/validate.py

@@ -1,51 +1,60 @@
 from pydantic import ValidationError
 
 from cfn_check.validation.validator import Validator
-from .check import check
 from .errors import assemble_validation_error
-from .search import search
-
-def run_validations(
-    templates: list[str],
-    validators: list[Validator],
-):
-    errors: list[Exception | ValidationError] = []
-
-    for template in templates:
-        for validator in validators:
-            if errs := run_validation(
-                validator,
-                template,
-            ):
-                errors.extend([
-                    (
-                        validator,
-                        err
-                    ) for err in errs
-                ])
-
-    if validation_error := assemble_validation_error(errors):
-        return validation_error 
-
-
-def run_validation(
-    validator: Validator,
-    template: str,
-):
-    found = search(template, validator.query)
-
-    assert len(found) > 0, "❌ No results matching rule"
-
-    errors: list[Exception | ValidationError] = []
-
-
-    for matched in found:
-        if err := check(
-            matched,
-            validator,
-        ):
-            errors.append(err)
-
-    if len(errors) > 0:
-        return errors
-    
+from .evaluator import Evaluator
+
+class ValidationSet:
+
+    def __init__(
+        self,
+        validators: list[Validator],
+    ):
+        self._evaluator = Evaluator()
+        self._validators = validators
+
+    @property
+    def count(self):
+        return len(self._validators)
+
+    def validate(
+        self,
+        templates: list[str],
+    ):
+        errors: list[Exception | ValidationError] = []
+
+        for template in templates:
+            for validator in self._validators:
+                if errs := self._match_validator(
+                    validator,
+                    template,
+                ):
+                    errors.extend([
+                        (
+                            validator,
+                            err
+                        ) for err in errs
+                    ])
+
+        if validation_error := assemble_validation_error(errors):
+            return validation_error 
+
+    def _match_validator(
+        self,
+        validator: Validator,
+        template: str,
+    ):
+        found = self._evaluator.match(template, validator.query)
+
+        assert len(found) > 0, f"❌ No results matching results for query {validator.query}"
+
+        errors: list[Exception | ValidationError] = []
+
+
+        for matched in found:
+            if err := validator(matched):
+                errors.append(err)
+
+        if len(errors) > 0:
+            return errors
+