A CLI tool to perform syntactic and semantic validation of YAML files.
Project description
iac-validate
A CLI tool to perform syntactic and semantic validation of YAML files.
$ iac-validate -h
Usage: iac-validate [OPTIONS] PATH
A CLI tool to perform syntactic and semantic validation of YAML files.
Options:
--version Show the version and exit.
-v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG
-s, --schema FILE Path to schema file.
-r, --rules DIRECTORY Path to semantic rules.
-h, --help Show this message and exit.
Syntactic validation is done by providing a Yamale schema and validating all YAML files against that schema. Semantic validation is done by providing a set of rules (implemented in Python) which are then validated against the YAML data. Every rule is implemented as a Python class and should be placed in a .py
file located in the --rules
path.
Each .py
file must have a single class named Rule
. This class must have the following attributes: id
, description
and severity
. It must implement a classmethod()
named match
that has a single function argument data
which is the data read from all YAML files. It should return a list of strings, one for each rule violation with a descriptive message. A sample rule can be found below.
class Rule:
id = "101"
description = "Verify child naming restrictions"
severity = "HIGH"
@classmethod
def match(cls, data):
results = []
try:
for child in data["root"]["children"]:
if child["name"] == "FORBIDDEN":
results.append("root.children.name" + " - " + str(child["name"]))
except KeyError:
pass
return results
Installation
Python 3.7+ is required to install iac-validate
. Don't have Python 3.7 or later? See Python 3 Installation & Setup Guide.
iac-validate
can be installed in a virtual environment using pip
:
pip install iac-validate
Pre-Commit Hook
The tool can be intregated via a pre-commit hook with the following config (.pre-commit-config.yaml
):
repos:
- repo: https://github.com/netascode/iac-validate
rev: v0.1.5
hooks:
- id: iac-validate
args:
- '-s'
- 'my_schema.yaml'
- '-r'
- 'rules/'
- 'data.yaml'
Ansible Vault Support
Values can be encrypted using Ansible Vault. This requires Ansible (ansible-vault
command) to be installed and the following two environment variables to be defined:
export ANSIBLE_VAULT_ID=dev
export ANSIBLE_VAULT_PASSWORD=Password123
ANSIBLE_VAULT_ID
is optional, and if not defined will be omitted.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for iac_validate-0.1.5-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3464211707c5ee93a7a667ec1301f32e16a35677f94762d166e52afdbe28690b |
|
MD5 | 96fced8db08f8f6f7b43d32a3e461dd5 |
|
BLAKE2b-256 | b7ee4f709089a52c1d46eb0855b3947f133094c98dc69f5be7d59212057f445b |