cfn-check 0.3.1__py3-none-any.whl → 0.3.3__py3-none-any.whl

cfn_check/evaluation/evaluator.py

@@ -47,7 +47,7 @@ class Evaluator:
 
                 composite_keys = updated_keys
 
-        assert len(composite_keys) == len(items), f'❌ {len(items)} returned for {len(composite_keys)} keys. Are you sure you used a range ([*]) selector?'
+        assert len(composite_keys) == len(items), f'❌ {len(items)} matches returned for {len(composite_keys)} keys. Are you sure you used a range ([*]) selector?'
 
         results: list[tuple[str, Data]] = []
         for idx, item in enumerate(list(items)):

cfn_check/evaluation/parsing/token.py

@@ -146,7 +146,7 @@ class Token:
             (idx, item)
             for idx, item in enumerate(node)
             if self.selector.match(item) or (
-                isinstance(item, dict, list)
+                isinstance(item, (dict, list))
                 and any([
                     self.selector.match(val)
                     for val in item
@@ -155,8 +155,8 @@ class Token:
         ]
         
         return (
-            [str(idx) for idx in matches],
-            [item for item in matches]
+            [str(idx) for idx, _ in matches],
+            [item for _, item in matches]
         )
     
     def _match_unbound_range(
@@ -185,14 +185,29 @@ class Token:
             ) for idx, value in enumerate(node) if (
                 str(value) == self.selector
             ) or (
-                isinstance(value, dict, list)
-                and value in self.selector
+                isinstance(value, (dict, list))
+                and self.selector in value
             )
         ]
 
+        for idx, match in enumerate(matches):
+            match_idx, item = match
+
+            if isinstance(item, dict):
+                matches[idx] = (
+                    match_idx,
+                    item.get(self.selector),
+                )
+
+            elif isinstance(item, list):
+                match_idx[idx] = (
+                    match_idx,
+                    matches[match_idx],
+                )
+
         return (
-            [str(idx) for idx in matches],
-            [item for item in matches]
+            [str(idx) for idx, _ in matches],
+            [item for _, item in matches]
         )
     
     def _match_nested_range(
@@ -243,7 +258,10 @@ class Token:
             return None, None
         
         if isinstance(node, dict):
-            return ['*'], node.values()
+            return (
+                ['*' for _ in node],
+                node.values()
+            )
         
         elif isinstance(node, list):
             return (

{cfn_check-0.3.1.dist-info → cfn_check-0.3.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cfn-check
-Version: 0.3.1
+Version: 0.3.3
 Summary: Validate Cloud Formation
 Author-email: Ada Lundhe <adalundhe@lundhe.audio>
 License: MIT License
@@ -50,7 +50,7 @@ Dynamic: license-file
 
 | Package     | cfn-check                                                           |
 | ----------- | -----------                                                     |
-| Version     | 0.2.0                                                           |
+| Version     | 0.3.3                                                           |
 | Download    | https://pypi.org/project/cfn-check/                             | 
 | Source      | https://github.com/adalundhe/cfn-check                          |
 | Keywords    | cloud-formation, testing, aws, cli                              |
@@ -314,7 +314,7 @@ class ValidateSecurityGroups(Collection):
         "Resources::SecurityGroup::Properties::(SecurityGroup)",
         "It checks Security Groups are correctly definined",
     )
-    def validate_test(self, value: list[dict]):
+    def validate_security_groups(self, value: list[dict]):
       assert len(value) > 0
       
       for item in value:
@@ -352,7 +352,7 @@ To select all `Resource` objects, then further extract the `Type` field from eac
 Ranges allow you to perform sophisticated selection of objects or data within a CloudFormation document.
 
 > [!IMPORTANT]
-> Range Tokens *only* work on list items. This means that any
+> Range Tokens *only* work on arrays. This means that any
 > values or other objects/data in the selected section of the
 > CloudFormation document will be *ignored* and filtered out.
 
@@ -456,7 +456,7 @@ The Rule will fail as below:
 error: ❌ No results matching results for query Resources::[*]::Type
 ```
 
-As we're selecting objects, not an array! A valid use would be in validating the deeply nested zipfile code of a Lambda's `AppendItemToListFunction`:
+as we're selecting objects, not an array! A valid use would be in validating the deeply nested zipfile code of a Lambda's `AppendItemToListFunction`:
 
 ```yaml
   AppendItemToListFunction:
@@ -514,7 +514,7 @@ will select any EC2 ImageIds that start with either `AWSRegion` or `Custom`.
 
 ### Nested Ranges
 
-CloudFormation often involes nested arrays, and navigates these can make for long and difficult-to-read Queries. To help reduce Query length, `cfn-check` supports nesting Range Tokens. For example, when evaluating:
+CloudFormation often involes nested arrays, and navigating these can make for long and difficult-to-read Queries. To help reduce Query length, `cfn-check` supports nesting Range Tokens. For example, when evaluating:
 
 ```yaml
 ZipFile: !Join
@@ -537,5 +537,51 @@ With Nested Ranges, this can be shortened to:
 
 ```
 Resources::AppendItemToListFunction::Properties::Code::ZipFile::[[]]
+```
 
 Which is both more concise *and* more representitave of our intention to select only the array.
+
+<br/>
+
+# Using Pydantic Models
+
+In addition to traditional `pytest`-like assert statements, `cfn-lint` can validate results returned by queries via `Pydantic` models.
+
+For example, consider again the initial example where we validate the `Type` field of `Resource` objects.
+
+```python
+from cfn_check import Collection, Rule
+
+
+class ValidateResourceType(Collection):
+
+    @Rule(
+        "Resources::*::Type",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: str): 
+        assert value is not None, '❌ Resource Type not defined'
+        assert isinstance(value, str), '❌ Resource Type not a string'
+```
+
+Rather than explicitly querying for the type field and writing assertions, we can instead define a `Pydantic` schema, then pass all `Resource` objects to that schema by specifying it as a Python type hint in our `Rule` method's signature.
+
+```python
+from cfn_check import Collection, Rule
+from pydantic import BaseModel, StrictStr
+
+class Resource(BaseModel):
+    Type: StrictStr
+
+
+class ValidateResourceType(Collection):
+
+    @Rule(
+        "Resources::*",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: Resource):
+        assert value is not None
+```
+
+By deferring type and existence assertions to `Pydantic` models, you can focus your actual assertion logic on business/security policy checks.

{cfn_check-0.3.1.dist-info → cfn_check-0.3.3.dist-info}/RECORD

@@ -9,11 +9,11 @@ cfn_check/collection/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hS
 cfn_check/collection/collection.py,sha256=wNxahoOqQge3C56blz5VtOq6lX5MZ9F2JjQIyZ3_SxU,27
 cfn_check/evaluation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/evaluation/errors.py,sha256=yPJdtRYo67le4yMC9sYqcboCnkqKsJ3KPbSPFY2-Pi8,773
-cfn_check/evaluation/evaluator.py,sha256=weFBAYKVc9TjTB2zNMIVX77Bi9kIaWp2KRJa1ISSLNs,2240
+cfn_check/evaluation/evaluator.py,sha256=RomoSlgimTNTjaUE0BdSslrPvPbFj6X8ScFinatERjs,2248
 cfn_check/evaluation/validate.py,sha256=yy8byYAoHxFqkS2HfewHup22B3bYtrUH2PhPuNAc--A,1547
 cfn_check/evaluation/parsing/__init__.py,sha256=s5TxU4mzsbNIpbMynbwibGR8ac0dTcf_2qUfGkAEDvQ,52
 cfn_check/evaluation/parsing/query_parser.py,sha256=4J3CJQKAyb11gugfx6OZT-mfSdNDB5Al8Jiy9DbJZMw,3459
-cfn_check/evaluation/parsing/token.py,sha256=Z-KRbQdMmbJTTLqobpzCG-fH5_VzDJIG2mnChhCwub8,6561
+cfn_check/evaluation/parsing/token.py,sha256=nrg7Tca182WY0VhRqfsZ1UgpxsUX73vdLToSeK50DZE,7055
 cfn_check/evaluation/parsing/token_type.py,sha256=E5AVBerinBszMLjjc7ejwSSWEc0p0Ju_CNFhpoZi63c,325
 cfn_check/loader/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/loader/loader.py,sha256=7yiDLLW_vNp_8O47erLXjQQtAB47fU3nimb91N5N_R8,532
@@ -25,10 +25,11 @@ cfn_check/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,
 cfn_check/shared/types.py,sha256=-om3DyZsjK_tJd-I8SITkoE55W0nB2WA3LOc87Cs7xI,414
 cfn_check/validation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/validation/validator.py,sha256=FGPeb8Uc8lvX3Y5rs-fxeJKIOqzUXwXh_gCFcy6d3b0,1182
-cfn_check-0.3.1.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
-example/rules.py,sha256=-xr-X0tnkV-ill2VRfJKMjctRXeuE-ehTpJ3LKt8dio,2809
-cfn_check-0.3.1.dist-info/METADATA,sha256=GEq5W-bVyzD0gVulqugwSnoDFl1wWjDL3sIPoef-HQ0,19039
-cfn_check-0.3.1.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
-cfn_check-0.3.1.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
-cfn_check-0.3.1.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
-cfn_check-0.3.1.dist-info/RECORD,,
+cfn_check-0.3.3.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
+example/pydantic_rules.py,sha256=oWBBGBauSwRbrvZSYBk4ej3dsCY55zm3cHwl8vH_2lU,350
+example/rules.py,sha256=mWHB0DK283lb0CeSHgnyO5qiVTJJpybuwWXb4Yoa3zQ,3148
+cfn_check-0.3.3.dist-info/METADATA,sha256=-ElH6YysxwAbW9jdR5tpNn-CAQa3Z8NUY7vE5GzB77g,20459
+cfn_check-0.3.3.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
+cfn_check-0.3.3.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
+cfn_check-0.3.3.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
+cfn_check-0.3.3.dist-info/RECORD,,

example/pydantic_rules.py

@@ -0,0 +1,15 @@
+from cfn_check import Collection, Rule
+from pydantic import BaseModel, StrictStr
+
+class Resource(BaseModel):
+    Type: StrictStr
+
+
+class ValidateResourceType(Collection):
+
+    @Rule(
+        "Resources::*",
+        "It checks Resource::Type is correctly definined",
+    )
+    def validate_test(self, value: Resource):
+        assert value is not None

example/rules.py

@@ -41,7 +41,7 @@ class ResourcesChecks(Collection):
         "Resources::SecurityGroup::Properties::(SecurityGroup)::[]",
         "It checks Security Groups are correctly definined",
     )
-    def validate_test(self, value: list[dict]):
+    def validate_security_groups(self, value: list[dict]):
       assert len(value) > 0
       
       for item in value:
@@ -68,4 +68,13 @@ class ResourcesChecks(Collection):
     def validate_lambda_code_zipfile(self, value: list[str]):
         assert value is not None, '❌ Lambda zipfile code is not defined'
         assert isinstance(value, list), '❌ Lambda execution zipfile code not a list'
-        assert len(value) > 0,'❌ Lambda execution zipfile code empty'
+        assert len(value) > 0,'❌ Lambda execution zipfile code empty'
+
+    @Rule(
+        "Resources::SecurityGroup::Properties::(SecurityGroup)::[IpProtocol]",
+        "It checks Security Groups IpProtocols are tcp",
+    )
+    def validate_ip_protocols(self, ip_protocol: str):
+        assert ip_protocol is not None
+        assert isinstance(ip_protocol, str)
+        assert ip_protocol == "tcp"