All notable changes to this project will be documented in this file.
- Fixes security issue https://github.com/Skyscanner/pycfmodel/security/dependabot/13
- Update
CLOUDFORMATION_ACTIONS
. - Bumps several dependencies
- Pydantic updated to v2 including a reformat of the repository to comply with the new API.
- Drops python 3.7 support due to pydantic upgrade
- KeyPolicy made optional for KMS Key resource type.
- Add the BypassPolicyLockoutSafetyCheck and Origin fields in the KMS resource
- Update
CLOUDFORMATION_ACTIONS
.
- Documentation building.
- Update
CLOUDFORMATION_ACTIONS
. - Actions versions.
- ReadMe badges.
- Fix resolving conditions recursively #114
- Update
CLOUDFORMATION_ACTIONS
.
- Fix resolver find_in_map for maps with bool values. #112
- Update
CLOUDFORMATION_ACTIONS
.
- Fix model for IAM Role which was missing
Description
andTags
. - Fix README.md tabs on list of available models.
- Update
CLOUDFORMATION_ACTIONS
. - Updated tests accordingly for IAM Role
- Fix docs that were failing to get updated/generated
- Add tests for docs so they don't get outdated
- Update
CLOUDFORMATION_ACTIONS
.
- New
RDSDBSecurityGroup
andRDSDBSecurityGroupIngress
resources [#103]
- IAM Role is able to return its
AssumeRolePolicyDocument
as a list ofOptionallyNamedPolicyDocument
. #102
- Compatible with Python3.10 #100
- Update
CLOUDFORMATION_ACTIONS
.
Effect
onStatement
is required. #101
- Update
CLOUDFORMATION_ACTIONS
.
- Able to parse PolicyDocument that are implicit in string properties. #97
- Fix obtaining
policy_documents
for resources without properties. #98
- Update
CLOUDFORMATION_ACTIONS
.
Properties
can now be optional for Generic. See PR #96
- Update
CLOUDFORMATION_ACTIONS
.
- Removes
smart_union
flag from Generic. See PR #95
- Add
assume_role_statement_conditions
property forIAMRole
to include statements onAssumeRolePolicyDocuments
. - Update
CLOUDFORMATION_ACTIONS
.
KMSKey
to use defaultpolicy_documents
property instead of returning an empty list.
- Update
CLOUDFORMATION_ACTIONS
.
- Fix
resolve
forbool
s that can bestr
such as"true"
or"false"
or similar, by makingResolvableBool
to be resolvable toSemiStrictBool
.
- Update
CLOUDFORMATION_ACTIONS
.
resolve
was converting to string booleans, this is incompatible since 0.14.0 because bool were converted to StrictBooleans.
- Update
CLOUDFORMATION_ACTIONS
.
- AWS KMS Key policies can contain an
Id
field in aPolicyDocument
. The model forPolicyDocument
has been updated accordingly to support this.
- Update
CLOUDFORMATION_ACTIONS
.
- Added
all_statement_conditions
property toResource
. This enables a list of all IAM Conditions defined in a Resource to be captured and used.
Resource
class is able to runpolicy_documents
when it's not a mapped resource and return a valid list ofOptionallyNamedPolicyDocument
.- Update
CLOUDFORMATION_ACTIONS
.
- Added
Principal
property. - Modified
Statement
property to work withPrincipal
property - Added
Generic
property. Any property under this class will be cast to an existing model ofpycfmodel
if possible. - Modified
GenericResource
,ESDomainProperties
,OpenSearchDomainProperties
andS3BucketProperties
to work withGeneric
property - Update
CLOUDFORMATION_ACTIONS
- Added
ESDomain
resource. - Added
OpenSearchDomain
resource. - Update
CLOUDFORMATION_ACTIONS
Transform
field of a CloudFormation template can now correctly handle both string and list of strings (see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html)- Support the usage of
aws:sourceVpce
inIpAddress
conditions. When comparing conditions however,pycfmodel
will block any comparison with something that is not an IPv4 or IPv6 address.
- Update
CLOUDFORMATION_ACTIONS
.
- Update
CLOUDFORMATION_ACTIONS
. - Add documentation regarding missing IAM actions.
- Add
S3Bucket
resource. - Add
Tags
property for any usage of resource tagging.
- Update
CLOUDFORMATION_ACTIONS
- Add
MultiRegion
andKeySpec
properties inKMSKeyProperties
- Update condition handling for
IpAddress
to handleIPv*Network
comparison withsubnet_of
method.
- Update evaluators on Conditions when
arg_b
is of type List, to match AWS sema\ntics. - Update
IPv4Network
andIPv6Network
to not be strict when parsing strings.
Before:After:A ValueError is raised if address does not represent a valid IPv4 or IPv6 address, or if the network has host bits set.
A ValueError is raised if address does not represent a valid IPv4 or IPv6 address.
- Fix bug when calling
resolve
onCFModel
with default (empty dict)Conditions
- Resolver able to handle AWS SSM values in templates.
- Update
CLOUDFORMATION_ACTIONS
- Update
CLOUDFORMATION_ACTIONS
StatementCondition
only builds evaluator ifeval
is called.
- Add
StatementCondition
class, with a function resolver as a replacement forConditionDict
.
- Removes constants
CONDITION_MODIFIERS
andCONDITION_FUNCTIONS
frompycfmodel/constants.py
- Removes
is_conditional_dict
frompycfmodel/utils.py
- Update
CLOUDFORMATION_ACTIONS
- Change Metadata dict values to accept any type.
- Fix to ensure all
Statement.Effect
fields are always capitalized - Update
CLOUDFORMATION_ACTIONS
- Fix to
policy_documents
method onEC2 VPC Endpoint
resource type for when no policy document is added to the resource.
- Add
EC2 VPC Endpoint Policy
resource.
- Update list of all CloudFormation actions.
- New property
policy_documents
to Resources - New
model.utils
module - New helper dataclass:
model.utils.OptionallyNamedPolicyDocument
- Added basic tests for the resources that didn't have
_build_regex
moved toutils
and renamed toregex_from_cf_string
- Fixed IAMGroup model
- New function
pycfmodel.model.resources.properties.policy_document.PolicyDocument.get_allowed_actions
- Improve action expansion to support
NotAction
- Improve Cloudformation action file generator
- Update Cloudformation actions to latest
- Improved tests
- New optional parameters added to
pycfmodel.model.resources.properties.statement.Statement.get_action_list
- New optional parameters added to
pycfmodel.action_expander._expand_action
- New optional parameters added to
pycfmodel.action_expander._expand_actions
- Fix isort testing issue
- Added all cloudformation actions file (script to generate them and test to check for new actions)
- Added
expand_actions
, it will return a new model expanding stars to get all implied actions - Added
get_expanded_action_list
to Statement to get all implied actions
- Refactor
SecurityGroupIngress
,SecurityGroupEgress
,SecurityGroupIngressProp
andSecurityGroupEgressProp
. SecurityGroupEgress
also supportsipv4_slash_zero
andipv6_slash_zero
.
CidrIp
andCidrIpv6
properties of Security Group ingress and egress now use typeIPv4Network
andIPv6Network
respectively.- This has led to modified
ipv4_slash_zero
andipv6_slash_zero
functions.
- Allow multiple operands in
or
andand
functions.
- Added support for
Rules
section in template - Added tests for
allowed_principals_with
andnon_whitelisted_allowed_principals
- Fix types in
allowed_principals_with
,non_whitelisted_allowed_principals
andPSEUDO_PARAMETERS
.
- Added the
resources_filtered_by_type
function inCFModel
class
- Fix CloudFormation conditions which were logically boolean to now successfully be evaluated as boolean.
- Improve equal function
- Resolver now returns strings for most primitives
- Add
NO_ECHO_WITH_VALUE
param value
- Implements pydantic for all classes.
- Change the template parser, now it uses pydantic.
- Adds a resolve method to process cloudformation intrinsic functions.
- Adds lots of tests
- API has been rewritten from scratch.