def valiate_render_if(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
ec2instance_expected_attributes = {'InstanceType': 'm1.large'}
s3bucketsuspended_expected_attributes = {'VersioningConfiguration.Status': 'Suspended'}
s3bucketenabled_expected_attributes = {'VersioningConfiguration.Status': 'Enabled'}
self.compare_vertex_attributes(local_graph, ec2instance_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::Instance.EC2Instance')
self.compare_vertex_attributes(local_graph, s3bucketsuspended_expected_attributes, BlockType.RESOURCE, 'AWS::S3::Bucket.S3BucketSuspended')
self.compare_vertex_attributes(local_graph, s3bucketenabled_expected_attributes, BlockType.RESOURCE, 'AWS::S3::Bucket.S3BucketEnabled')
instancesize_breadcrumb = {'type': BlockType.PARAMETERS, 'name': 'InstanceSize', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}
ec2instance_expected_breadcrumbs = {
'InstanceType.Fn::If.2.Fn::If.1': [instancesize_breadcrumb],
'InstanceType.Fn::If.2.Fn::If': [instancesize_breadcrumb],
'InstanceType.Fn::If.2': [instancesize_breadcrumb],
'InstanceType.Fn::If': [instancesize_breadcrumb],
'InstanceType': [instancesize_breadcrumb],
}
s3bucketsuspended_expected_breadcrumbs = {}
s3bucketenabled_expected_breadcrumbs = {}
self.compare_vertex_breadcrumbs(local_graph, ec2instance_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::Instance.EC2Instance')
self.compare_vertex_breadcrumbs(local_graph, s3bucketsuspended_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::S3::Bucket.S3BucketSuspended')
self.compare_vertex_breadcrumbs(local_graph, s3bucketenabled_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::S3::Bucket.S3BucketEnabled')
def test_build_graph_from_source_directory_with_rendering(self):
root_dir = os.path.realpath(
os.path.join(TEST_DIRNAME, "./runner/resources"))
graph_manager = CloudformationGraphManager(
db_connector=NetworkxConnector())
local_graph, definitions = graph_manager.build_graph_from_source_directory(
root_dir, render_variables=True)
sqs_queue_vertex = local_graph.vertices[
local_graph.vertices_block_name_map[
BlockType.RESOURCE]["AWS::SQS::Queue.acmeCWSQueue"][0]]
expected_node = {
'Fn::Join': ['', ['acme', '-acmecws']],
'__startline__': 646,
'__endline__': 656
}
self.assertDictEqual(expected_node,
sqs_queue_vertex.config["QueueName"])
found = False
for d in definitions:
if 'resources/success.json' in d:
found = True
node = definitions[d]['Resources']['acmeCWSQueue'][
'Properties']['QueueName']
self.assertDictEqual(expected_node, node)
self.assertTrue(found,
'Did not find the wanted node, for acmeCWSQueue')
def validate_render_ref(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
db_name_default_value = "db1"
kms_master_key_id_expected_attributes = {'Default': None}
db_name_expected_attributes = {'Default': db_name_default_value}
my_source_queue_expected_attributes = {'KmsMasterKeyId.Ref': 'KmsMasterKeyId'}
my_db_expected_attributes = {'DBName': db_name_default_value}
my_db_instance_name_expected_attributes = {'Value.Ref': 'MyDB'}
self.compare_vertex_attributes(local_graph, kms_master_key_id_expected_attributes, BlockType.PARAMETERS, 'KmsMasterKeyId')
self.compare_vertex_attributes(local_graph, db_name_expected_attributes, BlockType.PARAMETERS, 'DBName')
self.compare_vertex_attributes(local_graph, my_source_queue_expected_attributes, BlockType.RESOURCE, 'AWS::SQS::Queue.MySourceQueue')
self.compare_vertex_attributes(local_graph, my_db_expected_attributes, BlockType.RESOURCE, 'AWS::RDS::DBInstance.MyDB')
self.compare_vertex_attributes(local_graph, my_db_instance_name_expected_attributes, BlockType.OUTPUTS, 'MyDBInstanceName')
kms_master_key_id_expected_breadcrumbs = {}
db_name_expected_breadcrumbs = {}
my_source_queue_expected_breadcrumbs = {}
my_db_expected_breadcrumbs = {'DBName': [{'type': BlockType.PARAMETERS, 'name': 'DBName', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}]}
my_db_instance_name_expected_breadcrumbs = {}
self.compare_vertex_breadcrumbs(local_graph, kms_master_key_id_expected_breadcrumbs, BlockType.PARAMETERS, 'KmsMasterKeyId')
self.compare_vertex_breadcrumbs(local_graph, db_name_expected_breadcrumbs, BlockType.PARAMETERS, 'DBName')
self.compare_vertex_breadcrumbs(local_graph, my_source_queue_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::SQS::Queue.MySourceQueue')
self.compare_vertex_breadcrumbs(local_graph, my_db_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::RDS::DBInstance.MyDB')
self.compare_vertex_breadcrumbs(local_graph, my_db_instance_name_expected_breadcrumbs, BlockType.OUTPUTS, 'MyDBInstanceName')
def get_policy_results(root_folder, policy):
check_id = policy['metadata']['id']
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(root_folder)
nx_graph = graph_manager.save_graph(local_graph)
registry = get_checks_registry()
checks_results = registry.run_checks(nx_graph, RunnerFilter(checks=[check_id]))
return create_report_from_graph_checks_results(checks_results, policy['metadata'])
def validate_render_subsequent_evals(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
cidr_block_expected_expected_value = "172.16.0.0/16"
cidr_block_expected_attributes = {'Default': cidr_block_expected_expected_value}
web_vpc_expected_attributes = {'CidrBlock': cidr_block_expected_expected_value}
my_sg_expected_attributes = {'SecurityGroupIngress.CidrIp': cidr_block_expected_expected_value}
self.compare_vertex_attributes(local_graph, cidr_block_expected_attributes, BlockType.PARAMETERS, 'CidrBlock')
self.compare_vertex_attributes(local_graph, web_vpc_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_attributes(local_graph, my_sg_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::SecurityGroup.MySG')
cidr_block_expected_breadcrumbs = {}
web_vpc_expected_breadcrumbs = {'CidrBlock': [{'type': BlockType.PARAMETERS, 'name': 'CidrBlock', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}, {'type': BlockType.RESOURCE, 'name': 'AWS::EC2::VPC.WebVPC', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'CidrBlock'}]}
my_sg_expected_breadcrumbs = {
"SecurityGroupIngress.0.CidrIp": [
{
"type": BlockType.PARAMETERS,
"name": "CidrBlock",
"path": os.path.join(test_dir, f"test.{file_ext}"),
"attribute_key": "Default",
},
{
"type": BlockType.RESOURCE,
"name": "AWS::EC2::VPC.WebVPC",
"path": os.path.join(test_dir, f"test.{file_ext}"),
"attribute_key": "CidrBlock",
},
],
"SecurityGroupIngress.0": [
{
"type": BlockType.PARAMETERS,
"name": "CidrBlock",
"path": os.path.join(test_dir, f"test.{file_ext}"),
"attribute_key": "Default",
},
{
"type": BlockType.RESOURCE,
"name": "AWS::EC2::VPC.WebVPC",
"path": os.path.join(test_dir, f"test.{file_ext}"),
"attribute_key": "CidrBlock",
},
],
}
self.compare_vertex_breadcrumbs(local_graph, cidr_block_expected_breadcrumbs, BlockType.PARAMETERS, 'CidrBlock')
self.compare_vertex_breadcrumbs(local_graph, web_vpc_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_breadcrumbs(local_graph, my_sg_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::SecurityGroup.MySG')
def test_build_graph_from_definitions(self):
relative_file_path = "./checks/resource/aws/example_APIGatewayXray/APIGatewayXray-PASSED.yaml"
definitions = {}
file = os.path.realpath(os.path.join(TEST_DIRNAME, relative_file_path))
(definitions[relative_file_path], definitions_raw) = parse(file)
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph = graph_manager.build_graph_from_definitions(definitions)
self.assertEqual(1, len(local_graph.vertices))
resource_vertex = local_graph.vertices[0]
self.assertEqual("AWS::ApiGateway::Stage.Enabled", resource_vertex.name)
self.assertEqual("AWS::ApiGateway::Stage.Enabled", resource_vertex.id)
self.assertEqual(BlockType.RESOURCE, resource_vertex.block_type)
self.assertEqual("CloudFormation", resource_vertex.source)
self.assertDictEqual(definitions[relative_file_path]["Resources"]["Enabled"]["Properties"], resource_vertex.attributes)
def test_build_graph_from_source_directory_no_rendering(self):
root_dir = os.path.realpath(os.path.join(TEST_DIRNAME, "./runner/resources"))
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, definitions = graph_manager.build_graph_from_source_directory(root_dir, render_variables=False)
expected_resources_by_file = {
os.path.join(root_dir, "tags.yaml"): [
"AWS::S3::Bucket.DataBucket",
"AWS::S3::Bucket.NoTags",
"AWS::EKS::Nodegroup.EKSClusterNodegroup",
"AWS::AutoScaling::AutoScalingGroup.TerraformServerAutoScalingGroup",
],
os.path.join(root_dir, "cfn_newline_at_end.yaml"): [
"AWS::RDS::DBInstance.MyDB",
"AWS::S3::Bucket.MyBucket",
],
os.path.join(root_dir, "success.json"): [
"AWS::S3::Bucket.acmeCWSBucket",
"AWS::S3::Bucket.acmeCWSBucket2",
"AWS::S3::BucketPolicy.acmeCWSBucketPolicy",
"AWS::SNS::Topic.acmeCWSTopic",
"AWS::SNS::TopicPolicy.acmeCWSTopicPolicy",
"AWS::CloudTrail::Trail.acmeCWSTrail",
"AWS::KMS::Key.CloudtrailKMSKey",
"AWS::KMS::Alias.CloudtrailKMSKeyAlias",
"AWS::SQS::Queue.acmeCWSQueue",
"AWS::SQS::QueuePolicy.acmeCWSQueuePolicy",
"AWS::SNS::Subscription.acmeCWSSubscription",
"AWS::IAM::Role.acmeCWSSACrossAccountAccessRole",
"AWS::EKS::Cluster.eksCluster",
"Custom::acmeSnsCustomResource.acmeSnsCustomResource",
],
os.path.join(root_dir, "fail.yaml"): [
"AWS::SQS::Queue.UnencryptedQueue",
]
}
self.assertEqual(41, len(local_graph.vertices))
self.assertEqual(21, len(local_graph.vertices_by_block_type[BlockType.RESOURCE]))
self.assertEqual(9, len(local_graph.vertices_by_block_type[BlockType.PARAMETERS]))
self.assertEqual(6, len(local_graph.vertices_by_block_type[BlockType.OUTPUTS]))
self.assertEqual(4, len(local_graph.vertices_by_block_type[BlockType.CONDITIONS]))
self.assertEqual(1, len(local_graph.vertices_by_block_type[BlockType.MAPPINGS]))
for v in local_graph.vertices:
if v.block_type == BlockType.RESOURCE:
self.assertIn(v.name, expected_resources_by_file[v.path])
sqs_queue_vertex = local_graph.vertices[local_graph.vertices_block_name_map[BlockType.RESOURCE]["AWS::SQS::Queue.acmeCWSQueue"][0]]
self.assertDictEqual({'Fn::Join': ['', [{'Ref': 'ResourceNamePrefix', '__startline__': 650, '__endline__': 652}, '-acmecws']], '__startline__': 646, '__endline__': 656}, sqs_queue_vertex.attributes["QueueName"])
def validate_render_join(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
s3bucket1_expected_attributes = {'BucketName': 'a:b:c'}
s3bucket2_expected_attributes = {'BucketName': 'my_bucket_name_test'}
self.compare_vertex_attributes(local_graph, s3bucket1_expected_attributes, BlockType.RESOURCE, 'AWS::S3::Bucket.S3Bucket1')
self.compare_vertex_attributes(local_graph, s3bucket2_expected_attributes, BlockType.RESOURCE, 'AWS::S3::Bucket.S3Bucket2')
s3bucket1_expected_breadcrumbs = {}
s3bucket2_expected_breadcrumbs = {'BucketName.Fn::Join.1.0': [{'type': BlockType.PARAMETERS, 'name': 'BucketName', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}], 'BucketName.Fn::Join.1': [{'type': BlockType.PARAMETERS, 'name': 'BucketName', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}], 'BucketName.Fn::Join': [{'type': BlockType.PARAMETERS, 'name': 'BucketName', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}]}
self.compare_vertex_breadcrumbs(local_graph, s3bucket1_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::S3::Bucket.S3Bucket1')
self.compare_vertex_breadcrumbs(local_graph, s3bucket2_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::S3::Bucket.S3Bucket2')
def __init__(self, args):
graph_manager = CloudformationGraphManager(
db_connector=NetworkxConnector())
super().__init__(graph_manager,
"checkov/cloudformation/checks/graph_checks",
os.path.dirname(__file__) + "/test_checks",
"cloudformation", __file__, args)
def validate_render_findinmap(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
region_map_expected_ami_value = "ami-0ff8a91507f77f867"
region_map_expected_attributes = {'us-east-1.AMI': region_map_expected_ami_value}
ec2instance_expected_attributes = {'ImageId': region_map_expected_ami_value}
self.compare_vertex_attributes(local_graph, region_map_expected_attributes, BlockType.MAPPINGS, 'RegionMap')
self.compare_vertex_attributes(local_graph, ec2instance_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::Instance.EC2Instance')
region_map_expected_breadcrumbs = {}
ec2instance_expected_breadcrumbs = {'ImageId': [{'type': BlockType.MAPPINGS, 'name': 'RegionMap', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'us-east-1.AMI'}]}
self.compare_vertex_breadcrumbs(local_graph, region_map_expected_breadcrumbs, BlockType.MAPPINGS, 'RegionMap')
self.compare_vertex_breadcrumbs(local_graph, ec2instance_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::Instance.EC2Instance')
def validate_render_sub(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
company_name_expected_value = "acme"
web_vpc_expected_cidr_block = "172.16.0.0/16"
# Parameters
company_name_expected_attributes = {'Default': company_name_expected_value}
environment_expected_attributes = {'Default': None}
# Resources
web_vpc_expected_attributes = {'CidrBlock': web_vpc_expected_cidr_block}
default_db_expected_attributes = {'DBName': {'Fn::Sub': 'rds-${AWS::AccountId}-${CompanyName}-${Environment}'}}
# Outputs
db_endpoint_sg_expected_attributes = {'Value.Fn::Sub': "${DefaultDB.Endpoint.Address}:${DefaultDB.Endpoint.Port}"}
web_vpc_cidr_block_expected_attributes = {'Value': web_vpc_expected_cidr_block}
cidr_block_associations_expected_attributes = {'Value.Fn::Sub': "${WebVPC.CidrBlockAssociations}"}
default_db_name_expected_attributes = {'Value': {'Fn::Sub': 'rds-${AWS::AccountId}-${CompanyName}-${Environment}'}}
self.compare_vertex_attributes(local_graph, company_name_expected_attributes, BlockType.PARAMETERS, 'CompanyName')
self.compare_vertex_attributes(local_graph, environment_expected_attributes, BlockType.PARAMETERS, 'Environment')
self.compare_vertex_attributes(local_graph, web_vpc_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_attributes(local_graph, default_db_expected_attributes, BlockType.RESOURCE, 'AWS::RDS::DBInstance.DefaultDB')
self.compare_vertex_attributes(local_graph, db_endpoint_sg_expected_attributes, BlockType.OUTPUTS, 'DBEndpoint')
self.compare_vertex_attributes(local_graph, web_vpc_cidr_block_expected_attributes, BlockType.OUTPUTS, 'WebVPCCidrBlock')
self.compare_vertex_attributes(local_graph, cidr_block_associations_expected_attributes, BlockType.OUTPUTS, 'CidrBlockAssociations')
self.compare_vertex_attributes(local_graph, default_db_name_expected_attributes, BlockType.OUTPUTS, 'DefaultDBName')
company_name_expected_breadcrumbs = {}
environment_expected_breadcrumbs = {}
web_vpc_expected_breadcrumbs = {}
default_db_expected_breadcrumbs = {}
db_endpoint_sg_expected_breadcrumbs = {}
web_vpc_cidr_block_expected_breadcrumbs = {'Value': [{'type': BlockType.RESOURCE, 'name': 'AWS::EC2::VPC.WebVPC', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'CidrBlock'}]}
cidr_block_associations_expected_breadcrumbs = {}
default_db_name_expected_breadcrumbs = {}
self.compare_vertex_breadcrumbs(local_graph, company_name_expected_breadcrumbs, BlockType.PARAMETERS, 'CompanyName')
self.compare_vertex_breadcrumbs(local_graph, environment_expected_breadcrumbs, BlockType.PARAMETERS, 'Environment')
self.compare_vertex_breadcrumbs(local_graph, web_vpc_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_breadcrumbs(local_graph, default_db_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::RDS::DBInstance.DefaultDB')
self.compare_vertex_breadcrumbs(local_graph, db_endpoint_sg_expected_breadcrumbs, BlockType.OUTPUTS, 'DBEndpoint')
self.compare_vertex_breadcrumbs(local_graph, web_vpc_cidr_block_expected_breadcrumbs, BlockType.OUTPUTS, 'WebVPCCidrBlock')
self.compare_vertex_breadcrumbs(local_graph, cidr_block_associations_expected_breadcrumbs, BlockType.OUTPUTS, 'CidrBlockAssociations')
self.compare_vertex_breadcrumbs(local_graph, default_db_name_expected_breadcrumbs, BlockType.OUTPUTS, 'DefaultDBName')
def validate_render_select(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
subnet0_expected_attributes = {'CidrBlock': '10.0.48.0/24'}
grapes_select_expected_attributes = {'Value': 'grapes'}
out_of_bound_select_expected_attributes = {'Value.Fn::Select': ['7', ['apples', 'grapes', 'oranges', 'mangoes']]}
self.compare_vertex_attributes(local_graph, subnet0_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::Subnet.Subnet0')
self.compare_vertex_attributes(local_graph, grapes_select_expected_attributes, BlockType.OUTPUTS, 'GrapesSelect')
self.compare_vertex_attributes(local_graph, out_of_bound_select_expected_attributes, BlockType.OUTPUTS, 'OutOfBoundSelect')
subnet0_expected_breadcrumbs = {'CidrBlock.Fn::Select.1': [{'type': BlockType.PARAMETERS, 'name': 'DbSubnetIpBlocks', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}], 'CidrBlock.Fn::Select': [{'type': BlockType.PARAMETERS, 'name': 'DbSubnetIpBlocks', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'Default'}]}
grapes_select_expected_breadcrumbs = {}
out_of_bound_select_expected_breadcrumbs = {}
self.compare_vertex_breadcrumbs(local_graph, subnet0_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::Subnet.Subnet0')
self.compare_vertex_breadcrumbs(local_graph, grapes_select_expected_breadcrumbs, BlockType.OUTPUTS, 'GrapesSelect')
self.compare_vertex_breadcrumbs(local_graph, out_of_bound_select_expected_breadcrumbs, BlockType.OUTPUTS, 'OutOfBoundSelect')
def validate_render_getatt(self, test_dir: str, file_ext: str):
graph_manager = CloudformationGraphManager(db_connector=NetworkxConnector())
local_graph, _ = graph_manager.build_graph_from_source_directory(test_dir, render_variables=True)
web_vpc_expected_cidr_block = "172.16.0.0/16"
web_vpc_expected_attributes = {'CidrBlock': web_vpc_expected_cidr_block}
my_sg_expected_attributes = {'SecurityGroupIngress.CidrIp': web_vpc_expected_cidr_block}
web_vpc_default_sg_expected_attributes = {'Value.Fn::GetAtt': ['WebVPC', 'DefaultSecurityGroup']}
self.compare_vertex_attributes(local_graph, web_vpc_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_attributes(local_graph, my_sg_expected_attributes, BlockType.RESOURCE, 'AWS::EC2::SecurityGroup.MySG')
self.compare_vertex_attributes(local_graph, web_vpc_default_sg_expected_attributes, BlockType.OUTPUTS, 'WebVPCDefaultSg')
web_vpc_expected_breadcrumbs = {}
my_sg_expected_breadcrumbs = {'SecurityGroupIngress.CidrIp': [{'type': BlockType.RESOURCE, 'name': 'AWS::EC2::VPC.WebVPC', 'path': os.path.join(test_dir, f'test.{file_ext}'), 'attribute_key': 'CidrBlock'}]}
web_vpc_default_sg_expected_breadcrumbs = {}
self.compare_vertex_breadcrumbs(local_graph, web_vpc_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::VPC.WebVPC')
self.compare_vertex_breadcrumbs(local_graph, my_sg_expected_breadcrumbs, BlockType.RESOURCE, 'AWS::EC2::SecurityGroup.MySG')
self.compare_vertex_breadcrumbs(local_graph, web_vpc_default_sg_expected_breadcrumbs, BlockType.OUTPUTS, 'WebVPCDefaultSg')
def __init__(
self,
db_connector=NetworkxConnector(),
source="CloudFormation",
graph_class=CloudformationLocalGraph,
graph_manager=None,
external_registries=None,
):
self.external_registries = [] if external_registries is None else external_registries
self.graph_class = graph_class
self.graph_manager = (graph_manager if graph_manager is not None else
CloudformationGraphManager(
source=source, db_connector=db_connector))
self.definitions_raw = {}
self.graph_registry = get_graph_checks_registry(self.check_type)
def __init__(self, args):
graph_manager = CloudformationGraphManager(
db_connector=NetworkxConnector())
super().__init__(graph_manager, checks, "cloudformation", __file__,
args)