Example #1
0
def test_resources_filtered_by_type():
    generic_resource = {"Logical ID": {"Type": "Resource type", "Properties": {"foo": "bar"}}}
    user = {"User": IAMUser()}

    model = CFModel(Resources={**generic_resource, **user})
    assert model.resources_filtered_by_type(("Resource type",)) == generic_resource
    assert model.resources_filtered_by_type(("Resource type", IAMUser)) == {**generic_resource, **user}
    assert model.resources_filtered_by_type((IAMUser,)) == user
Example #2
0
 def invoke(self, cfmodel: CFModel, extras: Optional[Dict] = None) -> Result:
     result = Result()
     for logical_id, resource in cfmodel.resources_filtered_by_type(("AWS::S3::Bucket",)).items():
         if hasattr(resource, "Properties") and resource.Properties.get("AccessControl") == "PublicRead":
             self.add_failure_to_result(
                 result,
                 self.REASON.format(logical_id),
                 resource_ids={logical_id},
                 context={"config": self._config, "extras": extras, "logical_id": logical_id, "resource": resource},
             )
     return result
Example #3
0
def test_complex_metadata_schema():
    metadata = {
        "Foo": "a_string_value",
        "Bar": 1,
        "Fizz": ["a", "list"],
        "Buzz": {
            "another": "dict"
        }
    }

    model = CFModel(Metadata=metadata)
    assert model.Metadata == metadata
Example #4
0
def model():
    return CFModel(
        **{
            "AWSTemplateFormatVersion": "2012-12-12",
            "Description": "JSON string",
            "Metadata": {},
            "Parameters": {},
            "Mappings": {},
            "Conditions": {},
            "Transform": [],
            "Resources": {"Logical ID": {"Type": "Resource type", "Properties": {"foo": "bar"}}},
            "Outputs": {},
        }
    )
Example #5
0
 def invoke(self,
            cfmodel: CFModel,
            extras: Optional[Dict] = None) -> Result:
     result = Result()
     for logical_id, resource in cfmodel.resources_filtered_by_type(
         {SecurityGroupIngress}).items():
         filters_available_context = {
             "config": self._config,
             "extras": extras,
             "logical_id": logical_id,
             "resource": resource,
         }
         self.analyse_ingress(result, logical_id, resource.Properties,
                              filters_available_context)
     return result
Example #6
0
 def invoke(self,
            cfmodel: CFModel,
            extras: Optional[Dict] = None) -> Result:
     result = Result()
     for logical_id, resource in cfmodel.resources_filtered_by_type(
         {SecurityGroup}).items():
         list_security_group_ingress = resource.Properties.SecurityGroupIngress
         if not isinstance(list_security_group_ingress, list):
             list_security_group_ingress = [list_security_group_ingress]
         for ingress in list_security_group_ingress:
             filters_available_context = {
                 "config": self._config,
                 "extras": extras,
                 "logical_id": logical_id,
                 "resource": resource,
             }
             self.analyse_ingress(result, logical_id, ingress,
                                  filters_available_context)
     return result
Example #7
0
 def invoke(self,
            cfmodel: CFModel,
            extras: Optional[Dict] = None) -> Result:
     result = Result()
     for logical_id, resource in cfmodel.resources_filtered_by_type(
             "AWS::KMS::Key").items():
         if not resource.Properties.KeySpec or resource.Properties.KeySpec == "SYMMETRIC_DEFAULT":
             if not resource.Properties.EnableKeyRotation or resource.Properties.EnableKeyRotation is False:
                 self.add_failure_to_result(
                     result,
                     self.REASON.format(logical_id),
                     resource_ids={logical_id},
                     resource_types={resource.Type},
                     context={
                         "config": self._config,
                         "extras": extras,
                         "logical_id": logical_id,
                         "resource": resource,
                     },
                 )
     return result
Example #8
0
    def invoke(self,
               cfmodel: CFModel,
               extras: Optional[Dict] = None) -> Result:
        result = Result()
        for logical_id, resource in cfmodel.resources_filtered_by_type(
                "AWS::EC2::Volume").items():
            encrypted_status = getattr(resource.Properties, "Encrypted", None)

            if encrypted_status is None or encrypted_status is False:
                self.add_failure_to_result(
                    result,
                    self.REASON.format(logical_id),
                    resource_ids={logical_id},
                    resource_types={resource.Type},
                    context={
                        "config": self._config,
                        "extras": extras,
                        "logical_id": logical_id,
                        "resource": resource
                    },
                )
        return result
Example #9
0
def test_backwards_compatible_metadata():
    metadata = {"ADict": {"foo": "bar"}}

    model = CFModel(Metadata=metadata)
    assert model.Metadata == metadata
Example #10
0
def test_transform_handles_string():
    transform = "MyMacro"

    model = CFModel(Transform=transform)
    assert model.Transform == transform
Example #11
0
def parse(template):
    return CFModel(**template)