a =`@sdZddlZddlZddlmZmZddlmZeZ e ej e e e dddZeee d d d Zeee d d dZee ee dddZee e dddZeee dddZdS)z Validator module N)ListDict)parser)config_file_pathallowlist_file_pathreturnc Cst|}t|}t|}d}d}|D]\}}zD|dtjkrHt||dts|dtjkrHt||d|dtrH|dtjkr|dtjkr|d} ||d|d|d} ||d|d} n(|d} ||d|d} ||d} || krWq*| }tt | | i| sxd}t dt t | | in0t ||g|sxd}t dt ||gWq*tyt d |dYdStyt d YdS0q*|S) z The function expects the path to a configuration file in yaml and the path to a allowlist file It returns True if the configuration is in the allowlist It return False if the configuration is not in the allowlist TNrrFz!Dictionary %s is not in allowlistz%s is not in allowlistzKey %s not in allowlistz Invalid file)rZ yaml_to_dictnested_dict_iterZOPTION_SETTINGS isinstancelistSERVICESZSYSVINITdict_is_alloweddictloggerinfostris_in_allowlistcopyKeyError IndexErrorerror) rr config_dictallowlist_dictconfig_iteratorallowedZ name_of_last_checked_object_name key_stackvalueZtop_level_object_nameZchecked_config_dictZchecked_allowlist_dictrz/Users/fuellbie/tools/aws-elastic-beanstalk-deployment-workflow/ebextensions-validator/ebextensions_validator/validator.pyvalidatesZ          r )rallowlist_dict_listrcCs8td|D]$}tdt|t||rdSqdS)zE checks if config_dict is allowed as defined ind allowlist_dict_list zCheck dictionary allowlistingzAllowlist_dict: %sTF)rdebugrdict_matches_allowlist_dict)rr!rrrrrWs   r)rrrcCs8t|}d}|D] \}}t||g|sd}q|S)z7 Check if config_dict matches the allowlist dictionary TF)rr rr)rrrrrrrrrr#as   r#) config_pathrrc Cst|}tdt||D]r\}}||g}tdt|d}t||D]2\}}t|||sRtdt|t|d}qqR|rdSqdS)z2 Check if the config_path is present in allowlist zconfiglist: %sz Allowlist: %sTz%s does not match %sF)rr rr"rrzipmatch) r$rZallowlist_iteratorrrZallowlist_pathrZ config_itemZallowlist_itemrrrrks   r)r$rcCsjt|trt|}t|tr$t|}t|trHt|trHt||duS|dtjkr|dtjkrt|trt|trt ||S|dtj kr|dtj tj tj fvrt|trt|trt ||S|dtj kr|dtjkrt|trt|trt|d|duS|dtjkrb|dtjkrbt|trF|g}t|trX|g}t ||S||kS)z> compare item from config_dict with regex from allowlist_dict Nrr  )r boolrrer&rZUSERSZGROUPSr compare_listsr ZFILESZSOURCESZCOMMANDSZCOMMANDjoinZCONTAINER_COMMANDS)regexitemr$rrrr&~sV              r&) regex_list item_listrcCs6|D],}d}|D]}t||rd}q|sdSqdS)zN if each item matches at least one regex, then return True, else return False FT)r*r&)r/r0r.Zmatchedr-rrrr+s r+)__doc__loggingr*typingrrr getLoggerrsetLevelDEBUGrr)r rr#rr&r+rrrrs  E  2