def test_get_resource_types(self):
p = StructureParser()
self.assertEqual(
p.get_resource_types({
'policies': [{
'resource': 'ec2'
}, {
'resource': 'gcp.instance'
}]
}), {'aws.ec2', 'gcp.instance'})
def validate(options):
from c7n import schema
if len(options.configs) < 1:
log.error('no config files specified')
sys.exit(1)
used_policy_names = set()
structure = StructureParser()
errors = []
for config_file in options.configs:
config_file = os.path.expanduser(config_file)
if not os.path.exists(config_file):
raise ValueError("Invalid path for config %r" % config_file)
options.dryrun = True
fmt = config_file.rsplit('.', 1)[-1]
with open(config_file) as fh:
if fmt in ('yml', 'yaml', 'json'):
data = yaml.load(fh.read(), Loader=DuplicateKeyCheckLoader)
else:
log.error("The config file must end in .json, .yml or .yaml.")
raise ValueError("The config file must end in .json, .yml or .yaml.")
try:
structure.validate(data)
except PolicyValidationError as e:
log.error("Configuration invalid: {}".format(config_file))
log.error("%s" % e)
errors.append(e)
continue
load_resources(structure.get_resource_types(data))
schm = schema.generate()
errors += schema.validate(data, schm)
conf_policy_names = {
p.get('name', 'unknown') for p in data.get('policies', ())}
dupes = conf_policy_names.intersection(used_policy_names)
if len(dupes) >= 1:
errors.append(ValueError(
"Only one policy with a given name allowed, duplicates: %s" % (
", ".join(dupes)
)
))
used_policy_names = used_policy_names.union(conf_policy_names)
if not errors:
null_config = Config.empty(dryrun=True, account_id='na', region='na')
for p in data.get('policies', ()):
try:
policy = Policy(p, null_config, Bag())
policy.validate()
except Exception as e:
msg = "Policy: %s is invalid: %s" % (
p.get('name', 'unknown'), e)
errors.append(msg)
if not errors:
log.info("Configuration valid: {}".format(config_file))
continue
log.error("Configuration invalid: {}".format(config_file))
for e in errors:
log.error("%s" % e)
if errors:
sys.exit(1)
def validate(options):
from c7n import schema
if len(options.configs) < 1:
log.error('no config files specified')
sys.exit(1)
used_policy_names = set()
structure = StructureParser()
errors = []
found_deprecations = False
footnotes = deprecated.Footnotes()
for config_file in options.configs:
config_file = os.path.expanduser(config_file)
if not os.path.exists(config_file):
raise ValueError("Invalid path for config %r" % config_file)
options.dryrun = True
fmt = config_file.rsplit('.', 1)[-1]
with open(config_file) as fh:
if fmt in ('yml', 'yaml', 'json'):
# our loader is safe loader derived.
data = yaml.load(
fh.read(),
Loader=DuplicateKeyCheckLoader) # nosec nosemgrep
else:
log.error("The config file must end in .json, .yml or .yaml.")
raise ValueError(
"The config file must end in .json, .yml or .yaml.")
try:
structure.validate(data)
except PolicyValidationError as e:
log.error("Configuration invalid: {}".format(config_file))
log.error("%s" % e)
errors.append(e)
continue
load_resources(structure.get_resource_types(data))
schm = schema.generate()
errors += schema.validate(data, schm)
conf_policy_names = {
p.get('name', 'unknown')
for p in data.get('policies', ())
}
dupes = conf_policy_names.intersection(used_policy_names)
if len(dupes) >= 1:
errors.append(
ValueError(
"Only one policy with a given name allowed, duplicates: %s"
% (", ".join(dupes))))
used_policy_names = used_policy_names.union(conf_policy_names)
source_locator = None
if fmt in ('yml', 'yaml'):
# For yaml files there is at least the expectation that the policy
# name is on a line by itself. With JSON, the file could be one big
# line. At this stage we are only attempting to find line number for
# policies in yaml files.
source_locator = SourceLocator(config_file)
if not errors:
null_config = Config.empty(dryrun=True,
account_id='na',
region='na')
for p in data.get('policies', ()):
try:
policy = Policy(p, null_config, Bag())
policy.validate()
# If the policy is invalid, there isn't much point checking
# for deprecated usage as there is no guarantee as to the
# state of the policy.
if options.check_deprecations != deprecated.SKIP:
report = deprecated.report(policy)
if report:
found_deprecations = True
log.warning(
"deprecated usage found in policy\n" +
report.format(source_locator=source_locator,
footnotes=footnotes))
except Exception as e:
msg = "Policy: %s is invalid: %s" % (p.get(
'name', 'unknown'), e)
errors.append(msg)
if not errors:
log.info("Configuration valid: {}".format(config_file))
continue
log.error("Configuration invalid: {}".format(config_file))
for e in errors:
log.error("%s" % e)
if found_deprecations:
notes = footnotes()
if notes:
log.warning("deprecation footnotes:\n" + notes)
if options.check_deprecations == deprecated.STRICT:
sys.exit(1)
if errors:
sys.exit(1)
