def test_get_resource_types(self): p = StructureParser() self.assertEqual( p.get_resource_types({ 'policies': [{ 'resource': 'ec2' }, { 'resource': 'gcp.instance' }] }), {'aws.ec2', 'gcp.instance'})
def validate(options): from c7n import schema if len(options.configs) < 1: log.error('no config files specified') sys.exit(1) used_policy_names = set() structure = StructureParser() errors = [] for config_file in options.configs: config_file = os.path.expanduser(config_file) if not os.path.exists(config_file): raise ValueError("Invalid path for config %r" % config_file) options.dryrun = True fmt = config_file.rsplit('.', 1)[-1] with open(config_file) as fh: if fmt in ('yml', 'yaml', 'json'): data = yaml.load(fh.read(), Loader=DuplicateKeyCheckLoader) else: log.error("The config file must end in .json, .yml or .yaml.") raise ValueError("The config file must end in .json, .yml or .yaml.") try: structure.validate(data) except PolicyValidationError as e: log.error("Configuration invalid: {}".format(config_file)) log.error("%s" % e) errors.append(e) continue load_resources(structure.get_resource_types(data)) schm = schema.generate() errors += schema.validate(data, schm) conf_policy_names = { p.get('name', 'unknown') for p in data.get('policies', ())} dupes = conf_policy_names.intersection(used_policy_names) if len(dupes) >= 1: errors.append(ValueError( "Only one policy with a given name allowed, duplicates: %s" % ( ", ".join(dupes) ) )) used_policy_names = used_policy_names.union(conf_policy_names) if not errors: null_config = Config.empty(dryrun=True, account_id='na', region='na') for p in data.get('policies', ()): try: policy = Policy(p, null_config, Bag()) policy.validate() except Exception as e: msg = "Policy: %s is invalid: %s" % ( p.get('name', 'unknown'), e) errors.append(msg) if not errors: log.info("Configuration valid: {}".format(config_file)) continue log.error("Configuration invalid: {}".format(config_file)) for e in errors: log.error("%s" % e) if errors: sys.exit(1)
def validate(options): from c7n import schema if len(options.configs) < 1: log.error('no config files specified') sys.exit(1) used_policy_names = set() structure = StructureParser() errors = [] found_deprecations = False footnotes = deprecated.Footnotes() for config_file in options.configs: config_file = os.path.expanduser(config_file) if not os.path.exists(config_file): raise ValueError("Invalid path for config %r" % config_file) options.dryrun = True fmt = config_file.rsplit('.', 1)[-1] with open(config_file) as fh: if fmt in ('yml', 'yaml', 'json'): # our loader is safe loader derived. data = yaml.load( fh.read(), Loader=DuplicateKeyCheckLoader) # nosec nosemgrep else: log.error("The config file must end in .json, .yml or .yaml.") raise ValueError( "The config file must end in .json, .yml or .yaml.") try: structure.validate(data) except PolicyValidationError as e: log.error("Configuration invalid: {}".format(config_file)) log.error("%s" % e) errors.append(e) continue load_resources(structure.get_resource_types(data)) schm = schema.generate() errors += schema.validate(data, schm) conf_policy_names = { p.get('name', 'unknown') for p in data.get('policies', ()) } dupes = conf_policy_names.intersection(used_policy_names) if len(dupes) >= 1: errors.append( ValueError( "Only one policy with a given name allowed, duplicates: %s" % (", ".join(dupes)))) used_policy_names = used_policy_names.union(conf_policy_names) source_locator = None if fmt in ('yml', 'yaml'): # For yaml files there is at least the expectation that the policy # name is on a line by itself. With JSON, the file could be one big # line. At this stage we are only attempting to find line number for # policies in yaml files. source_locator = SourceLocator(config_file) if not errors: null_config = Config.empty(dryrun=True, account_id='na', region='na') for p in data.get('policies', ()): try: policy = Policy(p, null_config, Bag()) policy.validate() # If the policy is invalid, there isn't much point checking # for deprecated usage as there is no guarantee as to the # state of the policy. if options.check_deprecations != deprecated.SKIP: report = deprecated.report(policy) if report: found_deprecations = True log.warning( "deprecated usage found in policy\n" + report.format(source_locator=source_locator, footnotes=footnotes)) except Exception as e: msg = "Policy: %s is invalid: %s" % (p.get( 'name', 'unknown'), e) errors.append(msg) if not errors: log.info("Configuration valid: {}".format(config_file)) continue log.error("Configuration invalid: {}".format(config_file)) for e in errors: log.error("%s" % e) if found_deprecations: notes = footnotes() if notes: log.warning("deprecation footnotes:\n" + notes) if options.check_deprecations == deprecated.STRICT: sys.exit(1) if errors: sys.exit(1)