Metadata-Version: 2.1
Name: pycfmodel
Version: 0.21.2
Summary: A python model for CloudFormation scripts
Home-page: https://github.com/Skyscanner/pycfmodel
Author: Skyscanner Product Security
Author-email: security@skyscanner.net
License: UNKNOWN
Platform: UNKNOWN
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: pydantic ~=1.0
Provides-Extra: dev
Requires-Dist: black >=22.1.0 ; extra == 'dev'
Requires-Dist: httpx >=0.14.2 ; extra == 'dev'
Requires-Dist: isort >=5.4.2 ; extra == 'dev'
Requires-Dist: pip-tools >=2.0.2 ; extra == 'dev'
Requires-Dist: pytest >=6.0.1 ; extra == 'dev'
Requires-Dist: pytest-cov >=2.10.1 ; extra == 'dev'
Requires-Dist: pytest-repeat ==0.9.3 ; extra == 'dev'
Requires-Dist: ruff ; extra == 'dev'
Provides-Extra: docs
Requires-Dist: AutoMacDoc ==0.3 ; extra == 'docs'
Requires-Dist: livereload ==2.6.3 ; extra == 'docs'
Requires-Dist: mkdocs-material ==4.6.3 ; extra == 'docs'
Requires-Dist: mkdocs ==1.3.0 ; extra == 'docs'
Requires-Dist: mkdocstrings ==0.10.0 ; extra == 'docs'

# pycfmodel

![Build Status](https://github.com/Skyscanner/pycfmodel/workflows/PyPI%20release/badge.svg)
[![PyPI version](https://badge.fury.io/py/pycfmodel.svg)](https://badge.fury.io/py/pycfmodel)
[![Documentation Status](https://readthedocs.org/projects/pycfmodel/badge/?version=latest)](https://pycfmodel.readthedocs.io/en/latest/?badge=latest)
![License](https://img.shields.io/github/license/skyscanner/pycfmodel)

*A python model for Cloud Formation scripts.*

**pycfmodel** makes it easier to work with CloudFormation scripts in Python by
creating a model comprised of python objects. Objects have various helper
functions which help with performing common tasks related to parsing and
inspecting CloudFormation scripts.

`pip install pycfmodel`

## Currently Supported

* AWSTemplateFormatVersion
* Conditions
* Description
* Mappings
* Metadata
* Outputs
* Parameters
* Resources:
    * Properties:
        * Policy
        * Policy Document
        * Principal
        * Security Group Egress Prop
        * Security Group Ingress Prop
        * Statement
        * Tag
    * EC2 VPC Endpoint Policy
    * Generic Resource
    * IAM Group
    * IAM Managed Policy
    * IAM Policy
    * IAM Role
    * IAM User
    * KMS Key
    * OpenSearch Service (legacy ElasticSearch resource)
        * Elasticsearch Domain
    * OpenSearch Service
        * OpenSearchService Domain
    * S3 Bucket
    * S3 Bucket Policy
    * Security Group
    * Security Group Egress
    * Security Group Ingress
    * SNS Topic Policy
    * SQS Queue Policy
* Transform

## Example

```python
from pycfmodel import parse

template = {
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {"StarParameter": {"Type": "String", "Default": "*", "Description": "Star Param"}},
    "Resources": {
        "rootRole": {
            "Type": "AWS::IAM::Role",
            "Properties": {
                "AssumeRolePolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {"AWS": {"Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root"}},
                            "Action": ["sts:AssumeRole"],
                        }
                    ],
                },
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "root",
                        "PolicyDocument": {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": {"Ref": "StarParameter"},
                                    "Resource": {"Ref": "StarParameter"},
                                }
                            ],
                        },
                    }
                ],
            },
        }
    },
}

model = parse(template).resolve(extra_params={"AWS::AccountId": "123"})
rootRole = model.Resources["rootRole"]
policy = rootRole.Properties.Policies[0]
statement = policy.PolicyDocument.Statement[0]

assert statement.Action == "*"
assert statement.Resource == "*"
assert rootRole.Properties.AssumeRolePolicyDocument.Statement[0].Principal == {"AWS": "arn:aws:iam::123:root"}
```

## Local Development Commands

```bash
make install-dev
make coverage
make test
make freeze
```

If the test `tests/test_constants.py::test_cloudformation_actions` is failing, it can be resolved by updating the known
AWS Actions:

```bash
python3 scripts/generate_cloudformation_actions_file.py
```


