def test_semantic_mode_error(self): data = { 'policies': [{ 'name': 'test', 'resource': 'ec2', 'mode': { 'type': 'periodic', 'scheduled': 'oops'}}]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len(error.absolute_schema_path) ) self.assertTrue("'scheduled' was unexpected" in str(error)) self.assertTrue(len(str(error)) < 2000)
def test_semantic_error_on_value_derived(self): data = { "policies": [ { "name": "test", "resource": "ec2", "filters": [{"type": "ebs", "skipped_devices": []}], } ] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len(error.absolute_schema_path) ) self.assertTrue("Additional properties are not allowed " in error.message) self.assertTrue("'skipped_devices' was unexpected" in error.message)
def test_semantic_error_on_value_derived(self): data = { "policies": [ { "name": "test", "resource": "ec2", "filters": [{"type": "ebs", "skipped_devices": []}], } ] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len(error.absolute_schema_path) ) self.assertTrue("Additional properties are not allowed " in error.message) self.assertTrue("'skipped_devices' was unexpected" in error.message)
def test_semantic_mode_error(self): data = { 'policies': [{ 'name': 'test', 'resource': 'ec2', 'mode': { 'type': 'periodic', 'scheduled': 'oops' } }] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertTrue("'scheduled' was unexpected" in str(error)) self.assertTrue(len(str(error)) < 2000)
def test_semantic_error(self): data = { 'policies': [ {'name': 'test', 'resource': 'ec2', 'filters': { 'type': 'ebs', 'skipped_devices': []} }] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertEqual( error.message, "{'skipped_devices': [], 'type': 'ebs'} is not of type 'array'")
def test_semantic_error(self): data = { 'policies': [{ 'name': 'test', 'resource': 'ec2', 'filters': { 'type': 'ebs', 'skipped_devices': [] } }] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertTrue("'skipped_devices': []" in error.message) self.assertTrue("'type': 'ebs'" in error.message)
def test_semantic_error_on_value_derived(self): data = { 'policies': [ {'name': 'test', 'resource': 'ec2', 'filters': [ {'type': 'ebs', 'skipped_devices': []} ]} ]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertEqual( error.message, ("Additional properties are not allowed " "('skipped_devices' was unexpected)"))
def test_semantic_error_on_value_derived(self): data = { 'policies': [{ 'name': 'test', 'resource': 'ec2', 'filters': [{ 'type': 'ebs', 'skipped_devices': [] }] }] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertEqual(error.message, ("Additional properties are not allowed " "('skipped_devices' was unexpected)"))
def test_semantic_error(self): data = { "policies": [ { "name": "test", "resource": "ec2", "filters": {"type": "ebs", "skipped_devices": []}, } ] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len(error.absolute_schema_path) ) self.assertTrue("'skipped_devices': []" in error.message) self.assertTrue( "u'type': u'ebs'" in error.message or "'type': 'ebs'" in error.message )
def test_semantic_error_policy_scope(self): data = { 'policies': [ {'actions': [{'key': 'TagPolicyCompliance', 'type': 'tag', 'value': 'This resource should have tags following policy'}], 'description': 'Identify resources which lack our accounting tags', 'filters': [{'tag:Environment': 'absent'}, {'tag:Service': 'absent'}, {'or': [{'tag:Owner': 'absent'}, {'tag:ResponsibleParty': 'absent'}, {'tag:Contact': 'absent'}, {'tag:Creator': 'absent'}]}], 'name': 'tagging-compliance-waf', 'resource': 'aws.waf'}]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = policy_error_scope(specific_error(errors[0]), data) self.assertTrue("policy:tagging-compliance-waf" in error.message)
def test_semantic_error_common_filter_provider_prefixed(self): data = { 'policies': [{ 'name': 'test', 'resource': 's3', 'filters': [{ 'type': 'metrics', 'name': 'BucketSizeBytes', 'dimensions': [{ 'StorageType': 'StandardStorage'}], 'days': 7, 'value': 100, 'op': 'gte'}]}]} # load s3 resource validator = self.get_validator(data) errors = list(validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertIn( "[{'StorageType': 'StandardStorage'}] is not of type 'object'", str(error))
def test_semantic_error_policy_scope(self): data = { 'policies': [ {'actions': [{'key': 'TagPolicyCompliance', 'type': 'tag', 'value': 'This resource should have tags following policy'}], 'description': 'Identify resources which lack our accounting tags', 'filters': [{'tag:Environment': 'absent'}, {'tag:Service': 'absent'}, {'or': [{'tag:Owner': 'absent'}, {'tag:ResponsibleParty': 'absent'}, {'tag:Contact': 'absent'}, {'tag:Creator': 'absent'}]}], 'name': 'tagging-compliance-waf', 'resource': 'aws.waf'}]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = policy_error_scope(specific_error(errors[0]), data) self.assertTrue("policy:tagging-compliance-waf" in error.message)
def test_semantic_error_with_nested_resource_key(self): data = { 'policies': [{ 'name': 'team-tag-ebs-snapshot-audit', 'resource': 'ebs-snapshot', 'actions': [{ 'type': 'copy-related-tag', 'resource': 'ebs', 'skip_missing': True, 'key': 'VolumeId', 'tags': 'Team' }] }] } validator = self.get_validator(data) errors = list(validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue('Team' in error.message)
def _validate(self, policy_data): errors = list(self.validator.iter_errors(policy_data)) if not errors: return schema.check_unique(policy_data) or [] try: resp = schema.policy_error_scope(schema.specific_error(errors[0]), policy_data) name = isinstance(errors[0].instance, dict) and errors[0].instance.get( 'name', 'unknown') or 'unknown' return [resp, name] except Exception: logging.exception( "schema-validator: specific_error failed, traceback, followed by fallback" ) return list( filter(None, [ errors[0], schema.best_match(self.validator.iter_errors(policy_data)), ]))
def test_semantic_error(self): data = { "policies": [ { "name": "test", "resource": "ec2", "filters": {"type": "ebs", "skipped_devices": []}, } ] } errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len(error.absolute_schema_path) ) self.assertTrue("'skipped_devices': []" in error.message) self.assertTrue( "u'type': u'ebs'" in error.message or "'type': 'ebs'" in error.message )
def test_semantic_error_common_filter_provider_prefixed(self): data = { 'policies': [{ 'name': 'test', 'resource': 's3', 'filters': [{ 'type': 'metrics', 'name': 'BucketSizeBytes', 'dimensions': [{ 'StorageType': 'StandardStorage'}], 'days': 7, 'value': 100, 'op': 'gte'}]}]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) # the repr unicode situation on py2.7 makes this harder to do # an exact match if sys.version_info.major == 2: return self.assertIn('StorageType', str(error)) self.assertIn( "[{'StorageType': 'StandardStorage'}] is not of type 'object'", str(error))
def test_semantic_error(self): data = { "policies": [{ "name": "test", "resource": "ec2", "filters": { "type": "ebs", "skipped_devices": [] }, }] } load_resources(('aws.ec2', )) validator = self.policy_loader.validator.gen_schema(('aws.ec2', )) # probably should just ditch this test errors = list(validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = specific_error(errors[0]) self.assertTrue( len(errors[0].absolute_schema_path) < len( error.absolute_schema_path)) self.assertTrue("'skipped_devices': []" in error.message) self.assertTrue("u'type': u'ebs'" in error.message or "'type': 'ebs'" in error.message)
def findError(self, data, validator): e = best_match(validator.iter_errors(data)) ex = specific_error(list(validator.iter_errors(data))[0]) return e, ex
def findError(self, data, validator): e = best_match(validator.iter_errors(data)) ex = specific_error(list(validator.iter_errors(data))[0]) return e, ex