PyPI - cfn-check - Versions diffs - 0.2.2__py3-none-any.whl → 0.3.0__py3-none-any.whl - Mend

cfn-check 0.2.2py3-none-any.whl → 0.3.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cfn-check might be problematic. Click here for more details.

Files changed (17) hide show

cfn_check/cli/validate.py +8 -10
cfn_check/evaluation/evaluator.py +85 -0
cfn_check/evaluation/parsing/__init__.py +1 -0
cfn_check/evaluation/parsing/query_parser.py +145 -0
cfn_check/evaluation/parsing/token.py +269 -0
cfn_check/evaluation/parsing/token_type.py +14 -0
cfn_check/evaluation/validate.py +56 -47
cfn_check-0.3.0.dist-info/METADATA +541 -0
{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/RECORD +14 -11
example/rules.py +65 -6
cfn_check/evaluation/check.py +0 -20
cfn_check/evaluation/search.py +0 -137
cfn_check-0.2.2.dist-info/METADATA +0 -247
{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/WHEEL +0 -0
{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/entry_points.txt +0 -0
{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/licenses/LICENSE +0 -0
{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/top_level.txt +0 -0

cfn_check-0.3.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,541 @@
+Metadata-Version: 2.4
+Name: cfn-check
+Version: 0.3.0
+Summary: Validate Cloud Formation
+Author-email: Ada Lundhe <adalundhe@lundhe.audio>
+License: MIT License
+        Copyright (c) 2025 Ada Lündhé
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+Project-URL: Homepage, https://github.com/adalundhe/cfn-check
+Keywords: cloud-formation,testing,aws,cli
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pydantic
+Requires-Dist: pyyaml
+Requires-Dist: hyperlight-cocoa
+Requires-Dist: async-logging
+Dynamic: license-file
+# <b>CFN-Check</b>
+<b>A tool for checking CloudFormation</b>
+[![PyPI version](https://img.shields.io/pypi/v/cfn-check?color=blue)](https://pypi.org/project/cfn-check/)
+[![License](https://img.shields.io/github/license/adalundhe/cfn-check)](https://github.com/adalundhe/cfn-check/blob/main/LICENSE)
+[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](https://github.com/adalundhe/cfn-check/blob/main/CODE_OF_CONDUCT.md)
+[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/cfn-check?color=red)](https://pypi.org/project/cfn-check/)
+| Package     | cfn-check                                                           |
+| ----------- | -----------                                                     |
+| Version     | 0.2.0                                                           |
+| Download    | https://pypi.org/project/cfn-check/                             |
+| Source      | https://github.com/adalundhe/cfn-check                          |
+| Keywords    | cloud-formation, testing, aws, cli                              |
+CFN-Check is a small, fast, friendly tool for validating AWS CloudFormation YAML templates. It is code-driven, with
+rules written as simple, `Rule` decorator wrapped python class methods for `Collection`-inheriting classes.
+<br/>
+# Why CFN-Check?
+AWS has its own tools for validating Cloud Formation - `cfn-lint` and `cfn-guard`. `cfn-check` aims to solve
+problems inherint to `cfn-lint` more than `cfn-guard`, primarily:
+- Confusing, unclear syntax around rules configuration
+- Inability to parse non-resource wildcards
+- Inability to validate non-resource template data
+- Inabillity to use structured models to validate input
+In comparison to `cfn-guard`, `cfn-check` is pure Python, thus
+avoiding YADSL (Yet Another DSL) headaches. It also proves
+significantly more configurable/modular/hackable as a result.
+CFN-Check uses a combination of simple depth-first-search tree
+parsing, friendly `cfn-lint` like query syntax, `Pydantic` models,
+and `pytest`-like assert-driven checks to make validating your
+Cloud Formation easy while offering both CLI and Python API interfaces.
+<br/>
+# Getting Started
+`cfn-check` requires:
+- `Python 3.12`
+- Any number of valid CloudFormation templates or a path to said templates.
+- A `.py` file containing at least one `Collection` class with at least one valid `@Rule()` decorated method
+To get started (we recommend using `uv`), run:
+```bash
+uv venv
+source .venv/bin/activate
+uv pip install cfn-check
+touch rules.py
+touch template.yaml
+```
+Next open the `rules.py` file and create a basic Python class
+as below.
+```python
+from cfn_check import Collection, Rule
+class ValidateResourceType(Collection):
+    @Rule(
+        "Resources::*::Type",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: str):
+        assert value is not None, '❌ Resource Type not defined'
+        assert isinstance(value, str), '❌ Resource Type not a string'
+```
+This provides us a basic rule set that validates that the `Type` field of our CloudFormation template(s) exists and is the correct data type.
+> [!NOTE]
+> Don't worry about adding an `__init__()` method to this class!
+Next open the `template.yaml` file and paste the following CloudFormation:
+```yaml
+AWSTemplateFormatVersion: '2010-09-09'
+Parameters:
+  ExistingSecurityGroups:
+    Type: List<AWS::EC2::SecurityGroup::Id>
+  ExistingVPC:
+    Type: AWS::EC2::VPC::Id
+    Description: The VPC ID that includes the security groups in the ExistingSecurityGroups parameter.
+  InstanceType:
+    Type: String
+    Default: t2.micro
+    AllowedValues:
+      - t2.micro
+      - m1.small
+Mappings:
+  AWSInstanceType2Arch:
+    t2.micro:
+      Arch: HVM64
+    m1.small:
+      Arch: HVM64
+  AWSRegionArch2AMI:
+    us-east-1:
+      HVM64: ami-0ff8a91507f77f867
+      HVMG2: ami-0a584ac55a7631c0c
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Allow HTTP traffic to the host
+      VpcId: !Ref ExistingVPC
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+  AllSecurityGroups:
+    Type: Custom::Split
+    Properties:
+      ServiceToken: !GetAtt AppendItemToListFunction.Arn
+      List: !Ref ExistingSecurityGroups
+      AppendedItem: !Ref SecurityGroup
+  AppendItemToListFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Handler: index.handler
+      Role: !GetAtt LambdaExecutionRole.Arn
+      Code:
+        ZipFile: !Join
+          - ''
+          - - var response = require('cfn-response');
+            - exports.handler = function(event, context) {
+            - '   var responseData = {Value: event.ResourceProperties.List};'
+            - '   responseData.Value.push(event.ResourceProperties.AppendedItem);'
+            - '   response.send(event, context, response.SUCCESS, responseData);'
+            - '};'
+      Runtime: nodejs20.x
+  MyEC2Instance:
+    Type: AWS::EC2::Instance
+    Properties:
+      ImageId: !FindInMap
+        - AWSRegionArch2AMI
+        - !Ref AWS::Region
+        - !FindInMap
+          - AWSInstanceType2Arch
+          - !Ref InstanceType
+          - Arch
+      SecurityGroupIds: !GetAtt AllSecurityGroups.Value
+      InstanceType: !Ref InstanceType
+  LambdaExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Path: /
+      Policies:
+        - PolicyName: root
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:*
+                Resource: arn:aws:logs:*:*:*
+Outputs:
+  AllSecurityGroups:
+    Description: Security Groups that are associated with the EC2 instance
+    Value: !Join
+      - ', '
+      - !GetAtt AllSecurityGroups.Value
+```
+This represents a basic configuration for an AWS Lambda function.
+Finally, run:
+```bash
+cfn-check validate -r rules.py template.yaml
+```
+which outputs:
+```
+2025-09-17T01:46:41.542078+00:00 - INFO - 19783474 - /Users/adalundhe/Documents/adalundhe/cfn-check/cfn_check/cli/validate.py:validate.80 - ✅ 1 validations met for 1 templates
+```
+Congrats! You've just made the cloud a bit better place!
+<br/>
+# Queries, Tokens, and Syntax
+A `cfn-check` Query is a string made up of double-colon (`::`) delimited "Tokens" centered around three primary types:
+- <b>`Keys`</b>  - `<KEY>`: String name key Tokens that perform exact matching on keys of key/value pairs in a CloudFormation document.
+- <b>`Patterns`</b>  - `(\d+)`: Paren-enclosed regex pattern Tokens that perform pattern-based matching on keys of key/value pairs in a CloudFormation document.
+- <b>`Ranges`</b> - `[]`: Brackets enclosed Tokens that perform array selection and filtering in a CloudFormation document.
+In addition to `Key`, `Pattern`, and `Range` selection, you can also incorporate:
+- <b>`Bounded Ranges`</b> - `[<A>-<B>]`: Exact matches from the starting position (if specified) to the end position (if specified) of an array
+- <b>`Indicies`</b> - `[<A>]`: Exact matches the specified indicies of an array
+- <b>`Key Ranges`</b> - `[<KEY>]`: Exact matches keys of objects within an array
+- <b>`Pattern Ranges`</b> (`[(\d+)]`): Matches they keys of objects within an array based on the specified pattern
+- <b>`Wildcards`</b> (`*`): Selects all values for a given object or array or returns the non-object/array value at the specified path
+- <b>`Wildcard Ranges`</b> (`[*]`): Selects all values for a given array and ensures that *only* the values of a valid array type are returned (any other type will be treated as a mismatch).
+### Working with Keys
+Keys likely the most commos Token type you'll use in your queries. In fact, if you ran the example above, you already have! For example, with:
+```
+Resources
+```
+as your query, you'll select all items within the CloudFormation document under the `Resources` key.
+### Working with Patterns
+If an object within a CloudFormation document contains multiple similar keys you want to select, `Pattern` Tokens are your go-to solution. Consider this segment of CloudFormation:
+```yaml
+Resources:
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Allow HTTP traffic to the host
+      VpcId: !Ref ExistingVPC
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+      SecurityGroupEgress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+```
+We want to select <i>both</i> `SecurityGroupIngress` and `SecurityGroupEgress` to perform the same rule evaluations. Since the keys for both blocks start with `SecurityGroup`, we could write a Query using a Pattern Token like:
+```
+Resources::SecurityGroup::Properties::(SecurityGroup)
+```
+which would allow us to use a single rule to evaluate both:
+```python
+class ValidateSecurityGroups(Collection):
+    @Rule(
+        "Resources::SecurityGroup::Properties::(SecurityGroup)",
+        "It checks Security Groups are correctly definined",
+    )
+    def validate_test(self, value: list[dict]):
+      assert len(value) > 0
+      for item in value:
+        protocol = item.get("IpProtocol")
+        assert isinstance(protocol, str)
+        assert protocol == "tcp"
+        from_port = item.get("FromPort")
+        assert isinstance(from_port, int)
+        assert from_port == 80
+        to_port = item.get('ToPort')
+        assert isinstance(to_port, int)
+        assert to_port == 80
+        cidr_ip = item.get('CidrIp')
+        assert isinstance(cidr_ip, str)
+        assert cidr_ip == '0.0.0.0/0'
+```
+### Working with Wildcards
+Wildcard Tokens allow you to select all matching objects, array entries, or values (given preceding tokens) within a CloudFormation document. Wildcard Tokens are powerful, allowing you to effectively destructure objects into their respective keys and values or arrays into their entries for easier filtering and checking.
+In fact, you've already used one! In the first example, we use a Wildcard Token in the below query:
+```
+Resources::*::Type
+```
+To select all `Resource` objects, then further extract the `Type` field from each object. This helps us avoid copy-paste rules at the potential cost of deferring more work to individual `Rule` methods if we aren't careful and select too much!
+### Working with Ranges
+Ranges allow you to perform sophisticated selection of objects or data within a CloudFormation document.
+> [!IMPORTANT]
+> Range Tokens *only* work on list items. This means that any
+> values or other objects/data in the selected section of the
+> CloudFormation document will be *ignored* and filtered out.
+#### Unbounded Ranges
+Unbounded ranges allow you to select and return an array in its entirety. For example:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[]
+```
+Would return all SecurityGroupIngress objects in the CloudFormation document as a list, allowing you to check that the array of ingresses has been both defined *and* populated.
+#### Indexes
+Indexes allow you to select specific positions within an array. For example:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[0]
+```
+Would return the first SecurityGroupIngress objects in the document.
+#### Bounded Ranges
+Bounded Ranges allow you to select subsets of indicies within an array (much like Python slicing). Unlike Python slicing, Bounded Ranges do *not* allow you to select a "step", however like Python slicing, starting positions are inclusive and end positions are exclusive (i.e. `0-10` will select from indexes `0` to `9`)
+As an example:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[1-3]
+```
+Would select the second and third SecurityGroupIngress objects in the document.
+Start or end positions are optional for Bounded Ranges. If a starting position is not defined, `cfn-check` will default to `0`. Likewise, if an end position is not defined, `cfn-check` will default to the end of given list. For example:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[-3]
+```
+selects the first through third SecurityGroupIngress objects in the document while:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[3-]
+```
+selects the remaining SecurityGroupIngress objects starting from the third.
+#### Key Ranges
+Often times it's easier to match based upon an array's contents than by exact index. Key Ranges allow you to do this by matching the contents of each item in an array by:
+- Exact match value comparison if the array value is not an object or array
+- Single exact match value comparison if the array value is an array (i.e. there is at least one value exactly matching the Token in the array)
+- Single exact match key comparison if the array value is an object
+For example:
+```
+Resources::MyEC2Instance::Properties::ImageId::[AWSRegionArch2AMI]
+```
+returns only the EC2 ImageIds where the ImageId exactly matches `AWSRegionArch2AMI`.
+#### Pattern Ranges
+Pattern Ranges function much like Key Ranges, but utilize regex-based pattern matching for comparison. Adapting the above example:
+```
+Resources::MyEC2Instance::Properties::ImageId::[(^AWSRegion)]
+```
+returns only the EC2 ImageIds where the ImageId begins with `AWSRegion`. This can be helpful in checking for and enforcing naming standards, etc.
+#### Wildcard Ranges
+Wildcard Ranges extend the powerful functionality of Wildcard Tokens with the added safety of ensuring *only* arrays selected for further filtering or checks.
+For example we know:
+```
+Resources::*::Type
+```
+Selects all `Resource` objects. If we convert the Wildcard Token in the query to a Wildcard Range Token:
+```
+Resources::*::Type
+```
+The Rule will fail as below:
+```
+error: ❌ No results matching results for query Resources::[*]::Type
+```
+As we're selecting objects, not an array! A valid use would be in validating the deeply nested zipfile code of a Lambda's `AppendItemToListFunction`:
+```yaml
+  AppendItemToListFunction:
+    Type: AWS::Lambda::Function
+    Properties:
+      Handler: index.handler
+      Role: !GetAtt LambdaExecutionRole.Arn
+      Code:
+        ZipFile: !Join
+          - ''
+          - - var response = require('cfn-response');
+            - exports.handler = function(event, context) {
+            - '   var responseData = {Value: event.ResourceProperties.List};'
+            - '   responseData.Value.push(event.ResourceProperties.AppendedItem);'
+            - '   response.send(event, context, response.SUCCESS, responseData);'
+            - '};'
+      Runtime: nodejs20.x
+```
+Note that the array we want is nested within another array, and we need to make sure we don't select the empty string that is the first element of the outer array!
+We can accomplish this by using a Wildcard Range Token in our Query as below:
+```
+Resources::AppendItemToListFunction::Properties::Code::ZipFile::[*]::[]
+```
+Which allows us to then evaluate the Unbounded Range token against each array item, returning only the array we want.
+### Using Multiple Tokens in Ranges
+You can use multiple Tokens within a Range Token by seperating each token with a comma.
+> [!NOTE]
+> While YAML does allow commas in keys, CloudFormation does not.
+> As such, the case where a Pattern or Pattern Range might
+> contain a comma is non-existent.
+For example:
+```
+Resources::SecurityGroup::Properties::SecurityGroupIngress::[0, -2]
+```
+Would select all except the last element of an array.
+This also applies to Bounded Ranges, Key Ranges, Pattern Ranges, and Wildcard Ranges! For example:
+```
+Resources::MyEC2Instance::Properties::ImageId::[(^AWSRegion),(^),(^Custom)]
+```
+will select any EC2 ImageIds that start with either `AWSRegion` or `Custom`.
+### Nested Ranges
+CloudFormation often involes nested arrays, and navigates these can make for long and difficult-to-read Queries. To help reduce Query length, `cfn-check` supports nesting Range Tokens. For example, when evaluating:
+```yaml
+ZipFile: !Join
+  - ''
+  - - var response = require('cfn-response');
+    - exports.handler = function(event, context) {
+    - '   var responseData = {Value: event.ResourceProperties.List};'
+    - '   responseData.Value.push(event.ResourceProperties.AppendedItem);'
+    - '   response.send(event, context, response.SUCCESS, responseData);'
+    - '};'
+```
+from our previous examples, we used the below query to select the nested array:
+```
+Resources::AppendItemToListFunction::Properties::Code::ZipFile::[*]::[]
+```
+With Nested Ranges, this can be shortened to:
+```
+Resources::AppendItemToListFunction::Properties::Code::ZipFile::[[]]
+Which is both more concise *and* more representitave of our intention to select only the array.

{cfn_check-0.2.2.dist-info → cfn_check-0.3.0.dist-info}/RECORD RENAMED Viewed

@@ -1,17 +1,20 @@
 cfn_check/__init__.py,sha256=ccUo2YxBmuEmak1M5o-8J0ECLXNkDDUsLJ4mkm31GvU,96
 cfn_check/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/cli/root.py,sha256=dHq9zzXyj-Wrj-fzirtFjptShzWbBGsO3n9tspm-pec,1688
-cfn_check/cli/validate.py,sha256=e20Hyfs3GJSrBbMRPt8dy3L0yjVnYo36ol_zOVhZco8,2013
+cfn_check/cli/validate.py,sha256=k1M16v0ruKjlNdcBOOAEd1r8hnaKgZ3yQA0Pf6bU7dQ,1988
 cfn_check/cli/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/cli/utils/attributes.py,sha256=iIUIgl6cT5XEUOW7D54-xxmMpTis84ySQY1b9osB47E,339
 cfn_check/cli/utils/files.py,sha256=QMYYR7C7mXdDx_6jj1Ye9w7ol1twAzUEZ9hxSa-O4-k,2563
 cfn_check/collection/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/collection/collection.py,sha256=wNxahoOqQge3C56blz5VtOq6lX5MZ9F2JjQIyZ3_SxU,27
 cfn_check/evaluation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/evaluation/check.py,sha256=5GgoZY0YfyOeOP92VJVH4Y3AYB7jUGjxwsr0qsbVGeo,414
 cfn_check/evaluation/errors.py,sha256=yPJdtRYo67le4yMC9sYqcboCnkqKsJ3KPbSPFY2-Pi8,773
-cfn_check/evaluation/search.py,sha256=WCi4mvvrRQyI3k05ohsFiIM8lKe5K6f3y-YsItu7rK0,2959
-cfn_check/evaluation/validate.py,sha256=sLqtwVqdybCoE9zXfg_u6To22yJSvczxXAu1EKnTNs4,1187
+cfn_check/evaluation/evaluator.py,sha256=weFBAYKVc9TjTB2zNMIVX77Bi9kIaWp2KRJa1ISSLNs,2240
+cfn_check/evaluation/validate.py,sha256=yy8byYAoHxFqkS2HfewHup22B3bYtrUH2PhPuNAc--A,1547
+cfn_check/evaluation/parsing/__init__.py,sha256=s5TxU4mzsbNIpbMynbwibGR8ac0dTcf_2qUfGkAEDvQ,52
+cfn_check/evaluation/parsing/query_parser.py,sha256=4J3CJQKAyb11gugfx6OZT-mfSdNDB5Al8Jiy9DbJZMw,3459
+cfn_check/evaluation/parsing/token.py,sha256=Z-KRbQdMmbJTTLqobpzCG-fH5_VzDJIG2mnChhCwub8,6561
+cfn_check/evaluation/parsing/token_type.py,sha256=E5AVBerinBszMLjjc7ejwSSWEc0p0Ju_CNFhpoZi63c,325
 cfn_check/loader/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/loader/loader.py,sha256=7yiDLLW_vNp_8O47erLXjQQtAB47fU3nimb91N5N_R8,532
 cfn_check/logging/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -22,10 +25,10 @@ cfn_check/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,
 cfn_check/shared/types.py,sha256=-om3DyZsjK_tJd-I8SITkoE55W0nB2WA3LOc87Cs7xI,414
 cfn_check/validation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/validation/validator.py,sha256=FGPeb8Uc8lvX3Y5rs-fxeJKIOqzUXwXh_gCFcy6d3b0,1182
-cfn_check-0.2.2.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
-example/rules.py,sha256=XVsOkY5gxEier6oVyMVwuJ3ftwbv987udEkg2qZe_Zs,369
-cfn_check-0.2.2.dist-info/METADATA,sha256=ed2EjVEAiPHoas5_4KKQjrX7Mx0Pe4sSQPI7fM99qeo,8473
-cfn_check-0.2.2.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
-cfn_check-0.2.2.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
-cfn_check-0.2.2.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
-cfn_check-0.2.2.dist-info/RECORD,,
+cfn_check-0.3.0.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
+example/rules.py,sha256=-xr-X0tnkV-ill2VRfJKMjctRXeuE-ehTpJ3LKt8dio,2809
+cfn_check-0.3.0.dist-info/METADATA,sha256=FVHGn3NkGb6lhLQJ5QjF7K_KDqWz70o9-9WzNiQ8fI0,19039
+cfn_check-0.3.0.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
+cfn_check-0.3.0.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
+cfn_check-0.3.0.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
+cfn_check-0.3.0.dist-info/RECORD,,

example/rules.py CHANGED Viewed

@@ -1,12 +1,71 @@
 from cfn_check import Collection, Rule
-class ValidateResourceTypes(Collection):
+class ResourcesChecks(Collection):
+    @Rule("Resources", "Resources is not empty")
+    def validate_resources(self, value: dict):
+        assert value is not None
+        assert isinstance(value, dict)
-    @Rule(
-        "Resources::*::Type",
-        "It checks Resource::Type is correctly definined",
-    )
-    def validate_test(self, value: str):
+    @Rule("Resources::*::Type", "Resources::*::Type is correctly definined")
+    def validate_resource_type(self, value: str):
         assert value is not None, '❌ Resource Type not defined'
         assert isinstance(value, str), '❌ Resource Type not a string'
+    @Rule(
+        "Resources::LambdaExecutionRole::Properties::Policies::[]",
+        "Lambad Execution Role Policies are defined",
+    )
+    def validate_lambda_execution_role_policies(self, value: list[dict]):
+        assert isinstance(value, list), '❌ Lambda execution roles is not a list'
+        assert len(value) > 0, '❌ No policies specified'
+    @Rule(
+        "Resources::LambdaExecutionRole::Properties::Policies::[*]::(Policy*)",
+        "Lambad Execution Role Policies are defined",
+    )
+    def validate_lambda_execution_role_policy_defined(self, value: str):
+        assert value is not None, '❌ Lambda execution role policy not defined'
+    @Rule(
+        "Resources::AppendItemToListFunction::Properties::Code::ZipFile::[*]::[]",
+        "Lambda List Function ZipFile Code is defined",
+    )
+    def validate_lambda_code_zipfile_is_defined(self, value: list[str]):
+        assert value is not None, '❌ Lambda zipfile code is not defined'
+        assert isinstance(value, list), '❌ Lambda execution zipfile code not a list'
+        assert len(value) > 0,'❌ Lambda execution zipfile code empty'
+    @Rule(
+        "Resources::SecurityGroup::Properties::(SecurityGroup)::[]",
+        "It checks Security Groups are correctly definined",
+    )
+    def validate_test(self, value: list[dict]):
+      assert len(value) > 0
+      for item in value:
+        protocol = item.get("IpProtocol")
+        assert isinstance(protocol, str)
+        assert protocol == "tcp"
+        from_port = item.get("FromPort")
+        assert isinstance(from_port, int)
+        assert from_port == 80
+        to_port = item.get('ToPort')
+        assert isinstance(to_port, int)
+        assert to_port == 80
+        cidr_ip = item.get('CidrIp')
+        assert isinstance(cidr_ip, str)
+        assert cidr_ip == '0.0.0.0/0'
+    @Rule(
+        "Resources::AppendItemToListFunction::Properties::Code::ZipFile::[[]]",
+        "Lambda List Function ZipFile Code is defined",
+    )
+    def validate_lambda_code_zipfile(self, value: list[str]):
+        assert value is not None, '❌ Lambda zipfile code is not defined'
+        assert isinstance(value, list), '❌ Lambda execution zipfile code not a list'
+        assert len(value) > 0,'❌ Lambda execution zipfile code empty'

cfn_check/evaluation/check.py DELETED Viewed

@@ -1,20 +0,0 @@
-from typing import TypeVar
-from pydantic import ValidationError
-from cfn_check.validation.validator import Validator
-from cfn_check.shared.types import (
-    YamlList,
-    YamlObject,
-    YamlValueBase,
-)
-T = TypeVar("T")
-def check(
-    matched: YamlList | YamlObject | YamlValueBase,
-    assertion: Validator[T],
-) ->  Exception | ValidationError | None:
-    if err := assertion(matched):
-        return err

cfn-check 0.2.2__py3-none-any.whl → 0.3.0__py3-none-any.whl

Potentially problematic release.

cfn-check 0.2.2py3-none-any.whl → 0.3.0py3-none-any.whl