[](https://github.com/netascode/iac-validate/actions/workflows/test.yml)
# iac-validate
A CLI tool to perform syntactic and semantic validation of YAML files.
```
$ iac-validate -h
Usage: iac-validate [OPTIONS] [PATHS]...
A CLI tool to perform syntactic and semantic validation of YAML files.
Options:
--version Show the version and exit.
-v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG
-s, --schema FILE Path to schema file. (optional, default:
'.schema.yaml', env: IAC_VALIDATE_SCHEMA)
-r, --rules DIRECTORY Path to semantic rules. (optional, default:
'.rules/', env: IAC_VALIDATE_RULES)
-o, --output FILE Write merged content from YAML files to a new YAML
file. (optional, env: IAC_VALIDATE_OUTPUT)
--non-strict Accept unexpected elements in YAML files.
-h, --help Show this message and exit.
```
Syntactic validation is done by basic YAML syntax validation (e.g., indentation) and by providing a [Yamale](https://github.com/23andMe/Yamale) schema and validating all YAML files against that schema. Semantic validation is done by providing a set of rules (implemented in Python) which are then validated against the YAML data. Every rule is implemented as a Python class and should be placed in a `.py` file located in the `--rules` path.
Each `.py` file must have a single class named `Rule`. This class must have the following attributes: `id`, `description` and `severity`. It must implement a `classmethod()` named `match` that has a single function argument `data` which is the data read from all YAML files. It should return a list of strings, one for each rule violation with a descriptive message. A sample rule can be found below.
```python
class Rule:
id = "101"
description = "Verify child naming restrictions"
severity = "HIGH"
@classmethod
def match(cls, data):
results = []
try:
for child in data["root"]["children"]:
if child["name"] == "FORBIDDEN":
results.append("root.children.name" + " - " + str(child["name"]))
except KeyError:
pass
return results
```
## Installation
Python 3.7+ is required to install `iac-validate`. Don't have Python 3.7 or later? See [Python 3 Installation & Setup Guide](https://realpython.com/installing-python/).
`iac-validate` can be installed in a virtual environment using `pip`:
```
pip install iac-validate
```
## Pre-Commit Hook
The tool can be integrated via a [pre-commit](https://pre-commit.com/) hook with the following config (`.pre-commit-config.yaml`), assuming the default values (`.schema.yaml`, `.rules/`) are appropriate:
```
repos:
- repo: https://github.com/netascode/iac-validate
rev: v0.1.6
hooks:
- id: iac-validate
```
In case the schema or validation rules are located somewhere else the required CLI arguments can be added like this:
```
repos:
- repo: https://github.com/netascode/iac-validate
rev: v0.1.6
hooks:
- id: iac-validate
args:
- '-s'
- 'my_schema.yaml'
- '-r'
- 'rules/'
```
## Ansible Vault Support
Values can be encrypted using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html). This requires Ansible (`ansible-vault` command) to be installed and the following two environment variables to be defined:
```
export ANSIBLE_VAULT_ID=dev
export ANSIBLE_VAULT_PASSWORD=Password123
```
`ANSIBLE_VAULT_ID` is optional, and if not defined will be omitted.
## Additional Tags
### Reading Environment Variables
The `!env` YAML tag can be used to read values from environment variables.
```yaml
root:
name: !env VAR_NAME
```
Raw data
{
"_id": null,
"home_page": "https://github.com/netascode/iac-validate",
"name": "iac-validate",
"maintainer": "Daniel Schmidt",
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": "danischm@cisco.com",
"keywords": null,
"author": "Daniel Schmidt",
"author_email": "danischm@cisco.com",
"download_url": "https://files.pythonhosted.org/packages/28/7b/84fa7c06ef7ea607a9eb3ed6d1e9d02c0f7f9d1ace33110f10e533d277b7/iac_validate-0.2.7.tar.gz",
"platform": null,
"description": "[](https://github.com/netascode/iac-validate/actions/workflows/test.yml)\n![Python Support](https://img.shields.io/badge/python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-informational \"Python Support: 3.10, 3.11, 3.12, 3.13\")\n\n# iac-validate\n\nA CLI tool to perform syntactic and semantic validation of YAML files.\n\n```\n$ iac-validate -h\nUsage: iac-validate [OPTIONS] [PATHS]...\n\n A CLI tool to perform syntactic and semantic validation of YAML files.\n\nOptions:\n --version Show the version and exit.\n -v, --verbosity LVL Either CRITICAL, ERROR, WARNING, INFO or DEBUG\n -s, --schema FILE Path to schema file. (optional, default:\n '.schema.yaml', env: IAC_VALIDATE_SCHEMA)\n -r, --rules DIRECTORY Path to semantic rules. (optional, default:\n '.rules/', env: IAC_VALIDATE_RULES)\n -o, --output FILE Write merged content from YAML files to a new YAML\n file. (optional, env: IAC_VALIDATE_OUTPUT)\n --non-strict Accept unexpected elements in YAML files.\n -h, --help Show this message and exit.\n```\n\nSyntactic validation is done by basic YAML syntax validation (e.g., indentation) and by providing a [Yamale](https://github.com/23andMe/Yamale) schema and validating all YAML files against that schema. Semantic validation is done by providing a set of rules (implemented in Python) which are then validated against the YAML data. Every rule is implemented as a Python class and should be placed in a `.py` file located in the `--rules` path.\n\nEach `.py` file must have a single class named `Rule`. This class must have the following attributes: `id`, `description` and `severity`. It must implement a `classmethod()` named `match` that has a single function argument `data` which is the data read from all YAML files. It should return a list of strings, one for each rule violation with a descriptive message. A sample rule can be found below.\n\n```python\nclass Rule:\n id = \"101\"\n description = \"Verify child naming restrictions\"\n severity = \"HIGH\"\n\n @classmethod\n def match(cls, data):\n results = []\n try:\n for child in data[\"root\"][\"children\"]:\n if child[\"name\"] == \"FORBIDDEN\":\n results.append(\"root.children.name\" + \" - \" + str(child[\"name\"]))\n except KeyError:\n pass\n return results\n```\n\n## Installation\n\nPython 3.7+ is required to install `iac-validate`. Don't have Python 3.7 or later? See [Python 3 Installation & Setup Guide](https://realpython.com/installing-python/).\n\n`iac-validate` can be installed in a virtual environment using `pip`:\n\n```\npip install iac-validate\n```\n\n## Pre-Commit Hook\n\nThe tool can be integrated via a [pre-commit](https://pre-commit.com/) hook with the following config (`.pre-commit-config.yaml`), assuming the default values (`.schema.yaml`, `.rules/`) are appropriate:\n\n```\nrepos:\n - repo: https://github.com/netascode/iac-validate\n rev: v0.1.6\n hooks:\n - id: iac-validate\n```\n\nIn case the schema or validation rules are located somewhere else the required CLI arguments can be added like this:\n\n```\nrepos:\n - repo: https://github.com/netascode/iac-validate\n rev: v0.1.6\n hooks:\n - id: iac-validate\n args:\n - '-s'\n - 'my_schema.yaml'\n - '-r'\n - 'rules/'\n```\n\n## Ansible Vault Support\n\nValues can be encrypted using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html). This requires Ansible (`ansible-vault` command) to be installed and the following two environment variables to be defined:\n\n```\nexport ANSIBLE_VAULT_ID=dev\nexport ANSIBLE_VAULT_PASSWORD=Password123\n```\n\n`ANSIBLE_VAULT_ID` is optional, and if not defined will be omitted.\n\n## Additional Tags\n\n### Reading Environment Variables\n\nThe `!env` YAML tag can be used to read values from environment variables.\n\n```yaml\nroot:\n name: !env VAR_NAME\n```\n",
"bugtrack_url": null,
"license": "LICENSE",
"summary": "A CLI tool to perform syntactic and semantic validation of YAML files.",
"version": "0.2.7",
"project_urls": {
"Documentation": "https://github.com/netascode/iac-validate",
"Homepage": "https://github.com/netascode/iac-validate",
"Repository": "https://github.com/netascode/iac-validate"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "15a3b4dbe327583ad1039bde997f3bec8eed7c894082605b23bace839dd3e7b1",
"md5": "8b5f9a30aa2be7558d136e48df630da3",
"sha256": "7c2fd00b487d2cae3fce065aa9b51d308b0899342fffe2b92b71ebf402d8b924"
},
"downloads": -1,
"filename": "iac_validate-0.2.7-py3-none-any.whl",
"has_sig": false,
"md5_digest": "8b5f9a30aa2be7558d136e48df630da3",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 14705,
"upload_time": "2025-01-10T17:20:37",
"upload_time_iso_8601": "2025-01-10T17:20:37.249017Z",
"url": "https://files.pythonhosted.org/packages/15/a3/b4dbe327583ad1039bde997f3bec8eed7c894082605b23bace839dd3e7b1/iac_validate-0.2.7-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "287b84fa7c06ef7ea607a9eb3ed6d1e9d02c0f7f9d1ace33110f10e533d277b7",
"md5": "18384867c65201ddab2a98795daada7f",
"sha256": "8172a4a633b2b65631a1e42aa354e31b8af1796ae479177d96925f2ff020eb50"
},
"downloads": -1,
"filename": "iac_validate-0.2.7.tar.gz",
"has_sig": false,
"md5_digest": "18384867c65201ddab2a98795daada7f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 11660,
"upload_time": "2025-01-10T17:20:39",
"upload_time_iso_8601": "2025-01-10T17:20:39.583399Z",
"url": "https://files.pythonhosted.org/packages/28/7b/84fa7c06ef7ea607a9eb3ed6d1e9d02c0f7f9d1ace33110f10e533d277b7/iac_validate-0.2.7.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-10 17:20:39",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "netascode",
"github_project": "iac-validate",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "iac-validate"
}
JSON
