cfn-check 0.3.3__py3-none-any.whl → 0.5.0__py3-none-any.whl

cfn_check/rendering/utils.py

@@ -0,0 +1,13 @@
+from typing import Any
+from ruamel.yaml.comments import CommentedMap, CommentedSeq
+
+
+def assign(parent: CommentedMap | CommentedSeq | None, key_or_index: Any, value: Any):
+    if parent is None:
+        return  # root already set
+    if isinstance(parent, CommentedMap):
+        parent[key_or_index] = value
+    else:
+        # key_or_index is an int for sequences
+        # Ensure sequence large enough (iterative approach assigns in order, so append is fine)
+        parent.append(value)

cfn_check/rules/rule.py

@@ -13,13 +13,16 @@ class Rule:
         self,
         query: str,
         name: str,
+        filters: list[Callable[[JsonValue], JsonValue]] | None = None
     ):
         self.query = query
         self.name = name
+        self.filters = filters
 
     def __call__(self, func: Callable[[T], None]):
         return Validator[T](
             func,
             self.query,
             self.name,
+            filters=self.filters,
         )

cfn_check/validation/validator.py

@@ -14,10 +14,12 @@ class Validator(Generic[T]):
         func: Callable[[T], None],
         query: str,
         name: str,
+        filters: list[Callable[[Data], Data]] | None = None
     ):
         self.func = func
         self.query = query
         self.name = name
+        self.filters = filters
 
         self.model: BaseModel | None = None
 
@@ -31,8 +33,16 @@ class Validator(Generic[T]):
 
         try:
             path, item = arg
+
+            if self.filters:
+                for filter in self.filters:
+                    item = filter(item)
+                    
+                    if item is None:
+                        return
+
             if self.model and isinstance(item, dict):
-                arg = self.model(**item)
+                item = self.model(**item)
 
             return self.func(item)
         

{cfn_check-0.3.3.dist-info → cfn_check-0.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cfn-check
-Version: 0.3.3
+Version: 0.5.0
 Summary: Validate Cloud Formation
 Author-email: Ada Lundhe <adalundhe@lundhe.audio>
 License: MIT License

{cfn_check-0.3.3.dist-info → cfn_check-0.5.0.dist-info}/RECORD

@@ -1,35 +1,39 @@
 cfn_check/__init__.py,sha256=ccUo2YxBmuEmak1M5o-8J0ECLXNkDDUsLJ4mkm31GvU,96
 cfn_check/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/cli/root.py,sha256=dHq9zzXyj-Wrj-fzirtFjptShzWbBGsO3n9tspm-pec,1688
-cfn_check/cli/validate.py,sha256=EY6-YgORApOxCgFAmPdwmfDg1UA80GLsRzQv44zSuY4,1954
+cfn_check/cli/render.py,sha256=7CuXd9e3JdbLxFcd0Yn7Die8XiVAyOUprgi_CFJERak,2232
+cfn_check/cli/root.py,sha256=Fi-G3nP-HQMY4iPenF2xnkQF798x5cNWDqJZs9TH66A,1727
+cfn_check/cli/validate.py,sha256=aQF-hCC7vcOpu5VNSkoM8DmrB2hZCgciQvFBHIrpnPc,2178
 cfn_check/cli/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/cli/utils/attributes.py,sha256=iIUIgl6cT5XEUOW7D54-xxmMpTis84ySQY1b9osB47E,339
-cfn_check/cli/utils/files.py,sha256=QMYYR7C7mXdDx_6jj1Ye9w7ol1twAzUEZ9hxSa-O4-k,2563
+cfn_check/cli/utils/attributes.py,sha256=hEMWJfNcTOKqWrleS8idWlZP81wAq2J06yV-JQm_WNw,340
+cfn_check/cli/utils/files.py,sha256=OVG95vfAbpfg-WdqoHT8UBGoa7KQima21KZTVp2mm6g,3378
 cfn_check/collection/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/collection/collection.py,sha256=wNxahoOqQge3C56blz5VtOq6lX5MZ9F2JjQIyZ3_SxU,27
+cfn_check/collection/collection.py,sha256=Fl5ONtvosLrksJklRoxER9j-YN5RUdPN45yS02Yw5jU,1492
 cfn_check/evaluation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/evaluation/errors.py,sha256=yPJdtRYo67le4yMC9sYqcboCnkqKsJ3KPbSPFY2-Pi8,773
-cfn_check/evaluation/evaluator.py,sha256=RomoSlgimTNTjaUE0BdSslrPvPbFj6X8ScFinatERjs,2248
+cfn_check/evaluation/evaluator.py,sha256=VtYXydZFkp66VaADB9nDmJOBlPJ6lKASSM8AP1xHBZE,2377
 cfn_check/evaluation/validate.py,sha256=yy8byYAoHxFqkS2HfewHup22B3bYtrUH2PhPuNAc--A,1547
 cfn_check/evaluation/parsing/__init__.py,sha256=s5TxU4mzsbNIpbMynbwibGR8ac0dTcf_2qUfGkAEDvQ,52
 cfn_check/evaluation/parsing/query_parser.py,sha256=4J3CJQKAyb11gugfx6OZT-mfSdNDB5Al8Jiy9DbJZMw,3459
 cfn_check/evaluation/parsing/token.py,sha256=nrg7Tca182WY0VhRqfsZ1UgpxsUX73vdLToSeK50DZE,7055
 cfn_check/evaluation/parsing/token_type.py,sha256=E5AVBerinBszMLjjc7ejwSSWEc0p0Ju_CNFhpoZi63c,325
-cfn_check/loader/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/loader/loader.py,sha256=7yiDLLW_vNp_8O47erLXjQQtAB47fU3nimb91N5N_R8,532
 cfn_check/logging/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/logging/models.py,sha256=-tBaK6p8mJ0cO8h2keEJ-VmtFX_VW4XzwAw2PtqbkF0,490
+cfn_check/rendering/__init__.py,sha256=atcbddYun4YHyY7bVGA9CgEYzzXpYzvkx9_Kg-gnD5w,42
+cfn_check/rendering/renderer.py,sha256=mPLyXyv0yUsCZnKuLZg8yDN1NQlFivX-P8_bwhQqzXI,25903
+cfn_check/rendering/utils.py,sha256=MNaKePylbJ9Bs4kjuoV0PpCmPJYttPXXvKQILemCrUI,489
 cfn_check/rules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/rules/rule.py,sha256=r6-eKCUdPaNIena2NDv3J_QlcWes1KLObI9ukRZZz1o,500
+cfn_check/rules/rule.py,sha256=_cKNQ5ciJgPj-exmtBUz31cU2lxWYxw2n2NWIlhYc3s,635
 cfn_check/shared/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cfn_check/shared/types.py,sha256=-om3DyZsjK_tJd-I8SITkoE55W0nB2WA3LOc87Cs7xI,414
 cfn_check/validation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cfn_check/validation/validator.py,sha256=FGPeb8Uc8lvX3Y5rs-fxeJKIOqzUXwXh_gCFcy6d3b0,1182
-cfn_check-0.3.3.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
-example/pydantic_rules.py,sha256=oWBBGBauSwRbrvZSYBk4ej3dsCY55zm3cHwl8vH_2lU,350
+cfn_check/validation/validator.py,sha256=Z6S6T_4yQW1IUa5Kv3ohR9U8NDrhTvBadW2FEM8TRL8,1478
+cfn_check-0.5.0.dist-info/licenses/LICENSE,sha256=EbCpGNzOkyQ53ig7J2Iwgmy4Og0dgHe8COo3WylhIKk,1069
+example/multitag.py,sha256=QQfcRERGEDgTUCGqWRqRbXHrLwSX4jEOFq8ED4NJnz8,636
+example/pydantic_rules.py,sha256=6NFtDiaqmnYWt6oZIWB7AO_v5LJoZVOGXrmEe2_J_rI,4162
+example/renderer_test.py,sha256=XG5PVTSHztYXHrBw4bpwVuuYt1JNZdtLGJ-DZ9wPjFM,741
 example/rules.py,sha256=mWHB0DK283lb0CeSHgnyO5qiVTJJpybuwWXb4Yoa3zQ,3148
-cfn_check-0.3.3.dist-info/METADATA,sha256=-ElH6YysxwAbW9jdR5tpNn-CAQa3Z8NUY7vE5GzB77g,20459
-cfn_check-0.3.3.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
-cfn_check-0.3.3.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
-cfn_check-0.3.3.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
-cfn_check-0.3.3.dist-info/RECORD,,
+cfn_check-0.5.0.dist-info/METADATA,sha256=KJXT9Yc29NfwClW04f0TcQe1gI7iu82mNV_MpLb2aRg,20459
+cfn_check-0.5.0.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
+cfn_check-0.5.0.dist-info/entry_points.txt,sha256=B4lCHoDHmwisABxKgRLShwqqFv7QwwDAFXoAChOnkwg,53
+cfn_check-0.5.0.dist-info/top_level.txt,sha256=hUn9Ya50yY1fpgWxEhG5iMgfMDDVX7qWQnM1xrgZnhM,18
+cfn_check-0.5.0.dist-info/RECORD,,

example/multitag.py

@@ -0,0 +1,21 @@
+import ruamel.yaml
+import sys
+
+class MultiTaggedObject:
+    def __init__(self, value, tags):
+        self.value = value
+        self.tags = tags
+
+def represent_multi_tagged_object(dumper, data):
+    return dumper.represent_mapping('!MultiTagged', {'value': data.value, 'tags': data.tags})
+
+def construct_multi_tagged_object(constructor, node):
+    mapping = constructor.construct_mapping(node)
+    return MultiTaggedObject(mapping['value'], mapping['tags'])
+
+yaml = ruamel.yaml.YAML()
+yaml.register_class(MultiTaggedObject)
+
+# Example usage:
+data = MultiTaggedObject("some_value", ["tag1", "tag2"])
+yaml.dump({'item': data}, sys.stdout)

example/pydantic_rules.py

@@ -1,10 +1,59 @@
 from cfn_check import Collection, Rule
-from pydantic import BaseModel, StrictStr
+from pydantic import BaseModel, StrictStr, StrictInt, Field
+from typing import Literal
+
+class RDSDBProperties(BaseModel):
+    AvailabilityZone: StrictStr
+    BackupRetentionPeriod: StrictInt
+    DBInstanceClass: StrictStr = Field(pattern=r'^((db)\.(c6g|c6gd|c6gn|c6i|c6id|c7g|g5g|im4gn|is4gen|m6g|m6gd|r6g|r6gd|t4g|x2gd)\.(10xlarge|112xlarge|12xlarge|16xlarge|18xlarge|24xlarge|2xlarge|32xlarge|3xlarge|48xlarge|4xlarge|56xlarge|6xlarge|8xlarge|9xlarge|large|medium|metal|micro|nano|small|xlarge))')
+    StorageType: Literal['sc1', 'st1', 'gp3']
+
+class RDSDBInstance(BaseModel):
+    Type: Literal["AWS::RDS::DBInstance"]
+
+class EC2EbsDevice(BaseModel):
+    VolumeType: StrictStr
+    DeleteOnTermination: Literal[True]
+
+class EC2BlockDeviceMappings(BaseModel):
+    Ebs: EC2EbsDevice
+
+class EC2VolumeProperties(BaseModel):
+    VolumeType: Literal["sc1", "st1", "gp3"]
+    BlockDeviceMappings: EC2BlockDeviceMappings
+
+class EC2Volume(BaseModel):
+    Type: Literal["AWS::EC2::Volume"]
+    Properties: EC2VolumeProperties
+
+class EC2InstanceProperties(BaseModel):
+    InstanceType: StrictStr = Field(pattern=r'^((c6g|c6gd|c6gn|c6i|c6id|c7g|g5g|im4gn|is4gen|m6g|m6gd|r6g|r6gd|t4g|x2gd)\.(10xlarge|112xlarge|12xlarge|16xlarge|18xlarge|24xlarge|2xlarge|32xlarge|3xlarge|48xlarge|4xlarge|56xlarge|6xlarge|8xlarge|9xlarge|large|medium|metal|micro|nano|small|xlarge))')
+
+class EC2Instance(BaseModel):
+    Type: Literal["AWS::EC2::Instance"]
+    Properties: EC2InstanceProperties
+
+class LoggingGroupProperties(BaseModel):
+    LogGroupClass: Literal["Infrequent Access"]
+    RetentionInDays: StrictInt
+
+class LoggingGroup(BaseModel):
+    Type: Literal["AWS::Logs::LogGroup"]
+    Properties: LoggingGroupProperties
+
+class LambdaLoggingConfig(BaseModel):
+    LogGroup: StrictStr
+
+class LambdaProperties(BaseModel):
+    LoggingConfig: LambdaLoggingConfig
+
+class Lambda(BaseModel):
+    Type: Literal["AWS::Serverless::Function", "AWS::Lambda::Function"]
+    Properties: LambdaProperties
 
 class Resource(BaseModel):
     Type: StrictStr
 
-
 class ValidateResourceType(Collection):
 
     @Rule(
@@ -12,4 +61,54 @@ class ValidateResourceType(Collection):
         "It checks Resource::Type is correctly definined",
     )
     def validate_test(self, value: Resource):
-        assert value is not None
+        assert isinstance(value, Resource), "Not a valid CloudFormation Resource"
+
+    @Rule(
+        "Resources::*",
+        "It validates a lambda is configured correctly",
+        filters=[
+            lambda data: data if data.get("Type") in ["AWS::Serverless::Function", "AWS::Lambda::Function"] else None,
+        ]
+    )
+    def validate_lambda(self, lambda_resource: Lambda):
+        assert isinstance(lambda_resource, Lambda), "Not a valid Lambda"
+        
+        resources = self.query("Resources")
+        document = {}
+
+        for resource in resources:
+            document.update(resource)
+
+        lambda_logging_group = document.get(lambda_resource.Properties.LoggingConfig.LogGroup)
+        assert lambda_logging_group is not None, "No matching logging group found in Resources for Lambda"
+        LoggingGroup(**lambda_logging_group)
+        
+    @Rule(
+        "Resources::*",
+        "It validates a logging group is configured correctly",
+        filters=[
+            lambda data: data if data.get("Type") == 'AWS::Logs::LogGroup' else None,
+        ]
+    )
+    def validate_logging_group(self, logging_group: LoggingGroup):
+        assert isinstance(logging_group, LoggingGroup), "Not a valid logging group"
+
+    @Rule(
+        "Resources::*",
+        "It validates an EC2 instance is configured correctly",
+        filters=[
+            lambda data: data if data.get("Type") == 'AWS::EC2::Instance' else None,
+        ]
+    )
+    def validate_ec2_instances(self, ec2_instance: EC2Instance):
+        assert isinstance(ec2_instance, EC2Instance)
+
+    @Rule(
+        "Resources::*",
+        "It validates an EC2 Volume is configured correctly",
+        filters=[
+            lambda data: data if data.get("Type") == 'AWS::EC2::Volume' else None,
+        ]
+    )
+    def validate_ec2_volumes(self, ec2_volume: EC2Volume):
+        assert isinstance(ec2_volume, EC2Volume), "Not a valid EC2 Volume"

example/renderer_test.py

@@ -0,0 +1,42 @@
+import yaml
+from cfn_check.rendering import Renderer
+from cfn_check.cli.utils.files import open_template, Loader, create_tag
+def test():
+
+    renderer = Renderer()
+    data = {}
+
+    tags = [
+        'Ref',
+        'Sub',
+        'Join',
+        'Select',
+        'Split',
+        'GetAtt',
+        'GetAZs',
+        'ImportValue',
+        'Equals',
+        'If',
+        'Not',
+        'And',
+        'Or',
+        'Condition',
+        'FindInMap',
+    ]
+
+    for tag in tags:
+        new_tag = create_tag(tag)
+        Loader.add_constructor(f'!{tag}', new_tag)
+
+    _, template = open_template('template.yaml')
+
+    data = renderer.render(template)
+
+
+    with open('rendered.yaml', 'w') as yml:
+        yaml.safe_dump(data, yml)
+
+
+
+
+test()

cfn_check/loader/loader.py

@@ -1,21 +0,0 @@
-import yaml
-import pathlib
-
-
-class Loader(yaml.SafeLoader):
-    pass
-
-def create_tag(tag):
-    def constructor(loader: Loader, node):
-        if isinstance(node, yaml.ScalarNode):
-            return node.value
-        elif isinstance(node, yaml.SequenceNode):
-            return loader.construct_sequence(node)
-        elif isinstance(node, yaml.MappingNode):
-            return loader.construct_mapping(node)
-    return constructor
-
-
-def find_templates(path, file_pattern):
-    return list(pathlib.Path(path).rglob(file_pattern))
-