cfn-check 0.3.2__py3-none-any.whl → 0.8.1__py3-none-any.whl

cfn_check/cli/config.py

@@ -0,0 +1,10 @@
+from pydantic import BaseModel, StrictStr, Field
+
+
+class Config(BaseModel):
+    attributes: dict[StrictStr, StrictStr] | None = None
+    availability_zones: list[StrictStr] | None = None
+    import_values: dict[StrictStr, StrictStr] | None = None
+    mappings: dict[StrictStr, StrictStr] | None = None
+    parameters: dict[StrictStr, StrictStr] | None = None
+    references: dict[StrictStr, StrictStr] | None = None

cfn_check/cli/render.py

@@ -0,0 +1,142 @@
+
+from async_logging import LogLevelName, Logger, LoggingConfig
+from cocoa.cli import CLI, YamlFile
+from ruamel.yaml.comments import CommentedMap
+
+from cfn_check.cli.utils.files import load_templates, write_to_file
+from cfn_check.cli.utils.stdout import write_to_stdout
+from cfn_check.rendering import Renderer
+from cfn_check.logging.models import InfoLog
+from .config import Config
+
+
+@CLI.command(
+    shortnames={
+        'availability-zones': 'z'
+    },
+    display_help_on_error=False,
+)
+async def render(
+    path: str,
+    config: YamlFile[Config] = 'config.yml',
+    output_file: str | None = None,
+    attributes: list[str] | None = None,
+    availability_zones: list[str] | None = None,
+    import_values: list[str] | None = None,
+    mappings: list[str] | None = None,
+    parameters: list[str] | None = None,
+    references: list[str] | None = None,
+    log_level: LogLevelName = 'info',
+):
+    """
+    Render a Cloud Formation template
+
+    @param attributes A list of <key>=<value> k/v strings for !GetAtt calls to use
+    @param availability-zones A list of <availability_zone> strings for !GetAZs calls to use
+    @param config A CFN-Check yaml config file
+    @param import-values A list of <filepath>=<export_value> k/v strings for !ImportValue 
+    @param mappings A list of <key>=<value> k/v string specifying which Mappings to use
+    @param output-file Path to output the rendered CloudFormation template to
+    @param parameters A list of <key>=<value> k/v string for Parameters to use
+    @param references A list of <key>=<value> k/v string for !Ref values to use
+    @param log-level The log level to use
+    """
+    
+    config_data = config.data
+    if config_data is None:
+        config_data = Config()
+    
+    logging_config = LoggingConfig()
+    logging_config.update(
+        log_level=log_level,
+        log_output='stderr',
+    )
+
+    parsed_attributes: dict[str, str] | None = None
+    if attributes:
+        parsed_attributes = dict([
+            attribute.split('=', maxsplit=1) for attribute in attributes if len(attribute.split('=', maxsplit=1)) > 0
+        ])
+
+        parsed_attributes.update(
+            config_data.attributes or {}
+        )
+
+    parsed_import_values: dict[str, tuple[str, CommentedMap]] | None = None
+    if import_values:
+        parsed_import_value_pairs = dict([
+            import_value.split('=', maxsplit=1) for import_value in import_values if len(import_value.split('=', maxsplit=1)) > 0
+        ])
+
+        parsed_import_value_pairs.update(
+            config_data.import_values or {}
+        )
+
+        parsed_import_values = {}
+        for import_file, import_key in parsed_import_value_pairs:
+            parsed_import_values[import_file] = (
+                import_key,
+                await load_templates(import_file)
+            )
+
+    parsed_mappings: dict[str, str] | None = None
+    if mappings:
+        parsed_mappings = dict([
+            mapping.split('=', maxsplit=1) for mapping in mappings if len(mapping.split('=', maxsplit=1)) > 0
+        ])
+        
+        parsed_mappings.update(
+            config_data.mappings or {}
+        )
+
+    parsed_parameters: dict[str, str] | None = None
+    if parameters:
+        parsed_parameters = dict([
+            parameter.split('=', maxsplit=1) for parameter in parameters if len(parameter.split('=', maxsplit=1)) > 0
+        ])
+
+        parsed_parameters.update(
+            config_data.parameters or {}
+        )
+
+    parsed_references: dict[str, str] | None = None
+    if references:
+        parsed_references = dict([
+            reference.split('=', maxsplit=1) for reference in references if len(reference.split('=', maxsplit=1)) > 0
+        ])
+
+        parsed_references.update(
+            config_data.references or {}
+        )
+
+    logger = Logger()
+
+    templates = await load_templates(
+        path,
+    )
+
+    assert len(templates) == 1 , '❌ Can only render one file'
+
+    _, template = templates[0]
+    renderer = Renderer()
+    rendered = renderer.render(
+        template,
+        attributes=parsed_attributes,
+        availability_zones=availability_zones,
+        mappings=parsed_mappings,
+        parameters=parsed_parameters,
+        references=parsed_references,
+    )
+
+    if output_file is False:
+        await write_to_file(output_file, rendered)
+        await logger.log(InfoLog(message=f'✅ {path} template rendered'))
+
+    else:
+        await write_to_stdout(rendered)
+
+    if config_data:
+        await write_to_file(
+            config.value,
+            config_data.model_dump(),
+        )

cfn_check/cli/root.py

@@ -7,6 +7,7 @@ from cocoa.ui.components.terminal import Section, SectionConfig
 from cocoa.ui.components.header import Header, HeaderConfig
 from cocoa.ui.components.terminal import Terminal, EngineConfig
 
+from .render import render
 from .validate import validate
 
 async def create_header(
@@ -47,7 +48,8 @@ async def create_header(
 
 
 
-@CLI.root(  
+@CLI.root( 
+    render, 
     validate,
     global_styles=CLIStyle(
         header=create_header,

cfn_check/cli/utils/attributes.py

@@ -4,7 +4,7 @@ from cfn_check.validation.validator import Validator
 
 def bind(
     rule_set: Collection,
-    validation: Validator
+    validation: Validator,
 ):
     validation.func = validation.func.__get__(rule_set, rule_set.__class__)
     setattr(rule_set, validation.func.__name__, validation.func)

cfn_check/cli/utils/files.py

@@ -2,22 +2,24 @@
 import asyncio
 import os
 import pathlib
-import yaml
-from cfn_check.loader.loader import (
-    Loader,
-    create_tag,
-    find_templates,
-)
+from ruamel.yaml import YAML
 from cfn_check.shared.types import YamlObject, Data
 
-def open_template(path: str) -> YamlObject | None:
+
+def find_templates(path, file_pattern):
+    return list(pathlib.Path(path).rglob(file_pattern))
+
+def open_template(path: str) -> tuple[str, YamlObject] | None:
 
     if os.path.exists(path) is False:
         return None
 
     try:
-        with open(path, 'r') as f:
-            return yaml.load(f, Loader=Loader)
+        with open(path, 'r') as yml:
+            loader = YAML(typ='rt')
+            loader.preserve_quotes = True
+            loader.indent(mapping=2, sequence=4, offset=2)
+            return (path, loader.load(yml))
     except Exception as e:
         raise e
     
@@ -38,6 +40,16 @@ async def convert_to_cwd(loop: asyncio.AbstractEventLoop):
         os.getcwd,
     )
 
+async def convert_to_absolute(path: str, loop: asyncio.AbstractEventLoop) -> str:
+    abspath = pathlib.Path(path)
+
+    return str(
+        await loop.run_in_executor(
+            None,
+            abspath.absolute,
+        )
+    )
+
 async def localize_path(path: str, loop: asyncio.AbstractEventLoop):
     localized = path.replace('~/', '')
 
@@ -55,7 +67,6 @@ async def localize_path(path: str, loop: asyncio.AbstractEventLoop):
 
 async def load_templates(
     path: str,
-    tags: list[str],
     file_pattern: str | None = None,
 ):
 
@@ -89,17 +100,7 @@ async def load_templates(
 
     assert len(template_filepaths) > 0 , '❌ No matching files found'
     
-    for tag in tags:
-        new_tag = await loop.run_in_executor(
-            None,
-            create_tag,
-            tag,
-        )
-
-        Loader.add_constructor(f'!{tag}', new_tag)
-
-    
-    templates: list[Data]  = await asyncio.gather(*[
+    templates: list[tuple[str, Data]]  = await asyncio.gather(*[
         loop.run_in_executor(
             None,
             open_template,
@@ -114,3 +115,27 @@ async def load_templates(
     assert len(found_templates) > 0, "❌ Could not open any templates"
 
     return templates
+
+
+async def write_to_file(path: str, data: YamlObject):
+    loop = asyncio.get_event_loop()
+
+    if path.startswith('~/'):
+        path = await localize_path(path, loop)
+
+    output_path = await convert_to_absolute(path, loop)
+
+    await loop.run_in_executor(
+        None,
+        _write_to_file,
+        output_path,
+        data,
+    )
+
+def _write_to_file(path: str, data: YamlObject):
+    dumper = YAML(typ='rt')
+    dumper.preserve_quotes = True
+    dumper.width = 4096
+    dumper.indent(mapping=2, sequence=4, offset=2)
+    with open(path, 'w') as yml:
+        dumper.dump(data, yml)

cfn_check/cli/utils/stdout.py

@@ -0,0 +1,18 @@
+import asyncio
+import sys
+from ruamel.yaml import YAML
+from ruamel.yaml.comments import CommentedBase
+
+async def write_to_stdout(data: CommentedBase):
+    loop = asyncio.get_event_loop()
+
+    yaml = YAML(typ=['rt'])
+    yaml.preserve_quotes = True
+    yaml.width = 4096
+    yaml.indent(mapping=2, sequence=4, offset=2)
+    await loop.run_in_executor(
+        None,
+        yaml.dump,
+        data,
+        sys.stdout,
+    )

cfn_check/cli/validate.py

@@ -1,49 +1,44 @@
 import inspect
 
 from async_logging import LogLevelName, Logger, LoggingConfig
-from cocoa.cli import CLI, ImportType
+from cocoa.cli import CLI, ImportType, YamlFile
 
 from cfn_check.cli.utils.attributes import bind
-from cfn_check.cli.utils.files import load_templates
+from cfn_check.cli.utils.files import load_templates, write_to_file
 from cfn_check.evaluation.validate import ValidationSet
 from cfn_check.logging.models import InfoLog
 from cfn_check.collection.collection import Collection
 from cfn_check.validation.validator import Validator
+from .config import Config
 
 
-@CLI.command()
+@CLI.command(
+    shortnames={
+        'flags': 'F'
+    }
+)
 async def validate(
     path: str,
+    config: YamlFile[Config] = 'config.yml',
     file_pattern: str | None = None,
     rules: ImportType[Collection] = None,
-    tags: list[str] = [
-        'Ref',
-        'Sub',
-        'Join',
-        'Select',
-        'Split',
-        'GetAtt',
-        'GetAZs',
-        'ImportValue',
-        'Equals',
-        'If',
-        'Not',
-        'And',
-        'Or',
-        'Condition',
-        'FindInMap',
-    ],
+    flags: list[str] | None = None,
     log_level: LogLevelName = 'info',
 ):
     '''
     Validate Cloud Foundation
     
-    @param rules Path to a file containing Collections
+    @param config A CFN-Check yaml config file
+    @param disabled A list of string features to disable during checks
     @param file_pattern A string pattern used to find template files
-    @param tags List of CloudFormation intrinsic function tags
+    @param rules Path to a file containing Collections
     @param log_level The log level to use
     '''
 
+    config_data = config.data
+    if config_data is None:
+        config_data = Config()
+
     logging_config = LoggingConfig()
     logging_config.update(
         log_level=log_level,
@@ -52,12 +47,19 @@ async def validate(
 
     logger = Logger()
 
+    if flags is None:
+        flags = []
+
     templates = await load_templates(
         path,
-        tags,
         file_pattern=file_pattern,
     )
 
+    for file, data in templates:
+        for name, rule in rules.data.items():
+            rules.data[name] = rule()
+            rules.data[name].documents[file] = data
+
     validation_set = ValidationSet([ 
         bind(
             rule,
@@ -66,12 +68,19 @@ async def validate(
         for rule in rules.data.values()
         for _, validation in inspect.getmembers(rule)
         if isinstance(validation, Validator)
-    ])
+    ], flags=flags)
     
-    if validation_error := validation_set.validate(templates):
+    if validation_error := validation_set.validate([
+        template_data for _, template_data in templates
+    ]):
         raise validation_error
     
     templates_evaluated = len(templates)
     
     await logger.log(InfoLog(message=f'✅ {validation_set.count} validations met for {templates_evaluated} templates'))
-    
+    
+    if config_data:
+        await write_to_file(
+            config.value,
+            config_data.model_dump(),
+        )

cfn_check/collection/collection.py

@@ -1,2 +1,59 @@
+from typing import Callable
+from pydantic import ValidationError
+
+from cfn_check.shared.types import Data
+from cfn_check.evaluation.evaluator import Evaluator
+
 class Collection:
-    pass
+    
+    def __init__(self):
+        self.documents: dict[str, Data] = {}
+        self._evaluator = Evaluator()
+
+    def query(
+        self,
+        query: str,
+        document: str | None = None,
+        filters: list[Callable[[Data], Data]] | None = None
+    ) -> list[Data] | None:
+
+        if document and (
+            document_data := self.documents.get(document)
+        ):
+            return self._evaluator.match(
+                document_data,
+                query,
+            )
+        
+        results: list[tuple[str, Data]] = []
+
+        for document_data in self.documents.values():
+            result = self._evaluator.match(
+                document_data,
+                query,
+            )
+
+            results.extend(result)
+        
+        filtered: list[Data] = []
+        if filters:
+            try:
+                for _, found in results:
+                    for filter in filters:
+                        found = filter(found)
+
+                        if found is None:
+                            return
+                        
+                    if found:
+                        filtered.append(found)
+            
+                return filtered
+
+            except ValidationError:
+                pass
+
+        return [
+            found for _, found in results
+        ]
+

cfn_check/evaluation/evaluator.py

@@ -1,5 +1,6 @@
 from collections import deque
-from typing import Deque
+from typing import Deque, Any
+from ruamel.yaml.comments import CommentedMap
 
 from cfn_check.shared.types import (
     Data,
@@ -7,19 +8,46 @@ from cfn_check.shared.types import (
     YamlObject,
 )
 
+from cfn_check.rendering import Renderer
 from .parsing import QueryParser
 
 class Evaluator:
 
-    def __init__(self):
+    def __init__(
+        self,
+        flags: list[str] | None = None
+    ):
+        if flags is None:
+            flags = []
+
+        self.flags = flags
         self._query_parser = QueryParser()
+        self._renderer = Renderer()
 
     def match(
         self,
         resources: YamlObject,
         path: str,
+        attributes: dict[str, Any] | None = None,
+        availability_zones: list[str] | None = None,
+        import_values: dict[str, tuple[str, CommentedMap]] | None = None,
+        mappings: dict[str, str] | None = None,
+        parameters: dict[str, Any] | None = None,
+        references: dict[str, str] | None = None,
     ):
         items: Items = deque()
+        
+        if 'no-render' not in self.flags:
+            resources = self._renderer.render(
+                resources,
+                attributes=attributes,
+                availability_zones=availability_zones,
+                import_values=import_values,
+                mappings=mappings,
+                parameters=parameters,
+                references=references,
+            )
+
         items.append(resources)
 
         segments = path.split("::")[::-1]
@@ -47,7 +75,7 @@ class Evaluator:
 
                 composite_keys = updated_keys
 
-        assert len(composite_keys) == len(items), f'❌ {len(items)} returned for {len(composite_keys)} keys. Are you sure you used a range ([*]) selector?'
+        assert len(composite_keys) == len(items), f'❌ {len(items)} matches returned for {len(composite_keys)} keys. Are you sure you used a range ([*]) selector?'
 
         results: list[tuple[str, Data]] = []
         for idx, item in enumerate(list(items)):

cfn_check/evaluation/parsing/token.py

@@ -258,7 +258,10 @@ class Token:
             return None, None
         
         if isinstance(node, dict):
-            return ['*'], node.values()
+            return (
+                ['*' for _ in node],
+                node.values()
+            )
         
         elif isinstance(node, list):
             return (

cfn_check/evaluation/validate.py

@@ -1,6 +1,13 @@
+from typing import Any
+
 from pydantic import ValidationError
+from ruamel.yaml.comments import TaggedScalar, CommentedMap, CommentedSeq
 
 from cfn_check.validation.validator import Validator
+from cfn_check.shared.types import (
+    YamlObject,
+)
+
 from .errors import assemble_validation_error
 from .evaluator import Evaluator
 
@@ -9,10 +16,31 @@ class ValidationSet:
     def __init__(
         self,
         validators: list[Validator],
+        flags: list[str] | None = None,
+        attributes: dict[str, Any] | None = None,
+        availability_zones: list[str] | None = None,
+        import_values: dict[str, tuple[str, CommentedMap]] | None = None,
+        mappings: dict[str, str] | None = None,
+        parameters: dict[str, Any] | None = None,
+        references: dict[str, str] | None = None,
     ):
-        self._evaluator = Evaluator()
+        
+        if flags is None:
+            flags = []
+
+        self._evaluator = Evaluator(flags=flags)
         self._validators = validators
 
+        self._attributes: dict[str, str] | None = attributes
+        self._availability_zones: list[str] | None = availability_zones
+        self._mappings: dict[str, str] | None = mappings
+        self._import_values: dict[
+            str,
+            CommentedMap | CommentedSeq | TaggedScalar | YamlObject,
+        ] | None = import_values
+        self._parameters: dict[str, str] | None = parameters
+        self._references: dict[str, str] | None = references
+
     @property
     def count(self):
         return len(self._validators)
@@ -44,7 +72,10 @@ class ValidationSet:
         validator: Validator,
         template: str,
     ):
-        found = self._evaluator.match(template, validator.query)
+        found = self._evaluator.match(
+            template, 
+            validator.query,
+        )
 
         assert len(found) > 0, f"❌ No results matching results for query {validator.query}"
 

cfn_check/rendering/__init__.py

@@ -0,0 +1 @@
+from .renderer import Renderer as Renderer

cfn_check/rendering/cidr_solver.py

@@ -0,0 +1,66 @@
+class IPv4CIDRSolver:
+
+    def __init__(
+        self,
+        host: str,
+        desired: int,
+        bits: int,
+    ):
+        self.host = host
+        self.subnets_desired = desired
+        self.subnet_bits = bits
+
+        host_ip, mask = self.host.split('/', maxsplit=1)
+
+        self.host_ip = host_ip
+        self._host_mask_string = f'/{mask}'
+        self.host_mask = int(mask)
+
+        self.subnet_mask = 32 - bits
+
+        self._host_octets = [
+            int(octet) for octet in self.host.strip(self._host_mask_string).split('.')
+        ]
+    
+    def provision_subnets(self):
+        subnet_requested_ips = 2**self.subnet_bits
+        host_available_ips = 2**(32 - self.host_mask)
+
+        total_ips_requested = subnet_requested_ips * self.subnets_desired
+        if host_available_ips < total_ips_requested:
+            return []
+
+        return [
+            self._provision_subnet(
+                subnet_requested_ips,
+                idx
+            ) for idx in range(self.subnets_desired)
+        ]
+
+    
+    def _provision_subnet(
+        self,
+        requested_ips: int,
+        idx: int,
+    ):
+        increment = requested_ips
+        octet_idx = -1
+        if requested_ips > 255:
+            increment /= 256
+            octet_idx -= 1
+
+        increment *= idx
+
+        subnet = list(self._host_octets)
+
+        subnet[octet_idx] += increment
+
+        subnet_base_ip = '.'.join([
+            str(octet) for octet in subnet
+        ])
+
+        return f'{subnet_base_ip}/{self.subnet_mask}'
+
+
+
+