def test_schema_plugin_name_mismatch(self):
for k, v in resources.items():
for fname, f in v.filter_registry.items():
if fname in ("or", "and", "not"):
continue
self.assertIn(fname, f.schema["properties"]["type"]["enum"])
for aname, a in v.action_registry.items():
self.assertIn(aname, a.schema["properties"]["type"]["enum"])
def test_schema_plugin_name_mismatch(self):
for k, v in resources.items():
for fname, f in v.filter_registry.items():
if fname in ("or", "and", "not"):
continue
self.assertIn(fname, f.schema["properties"]["type"]["enum"])
for aname, a in v.action_registry.items():
self.assertIn(aname, a.schema["properties"]["type"]["enum"])
def test_schema_plugin_name_mismatch(self):
for k, v in resources.items():
for fname, f in v.filter_registry.items():
if fname in ('or', 'and', 'not'):
continue
self.assertIn(fname, f.schema['properties']['type']['enum'])
for aname, a in v.action_registry.items():
self.assertIn(aname, a.schema['properties']['type']['enum'])
def test_schema_plugin_name_mismatch(self):
for k, v in resources.items():
for fname, f in v.filter_registry.items():
if fname in ('or', 'and', 'not'):
continue
self.assertIn(
fname, f.schema['properties']['type']['enum'])
for aname, a in v.action_registry.items():
self.assertIn(
aname, a.schema['properties']['type']['enum'])
def get_resource_class(self, resource_id):
for rname, rmgr in resources.items():
if rname not in self.supported_resources:
continue
m = rmgr.get_model()
id_prefix = getattr(m, 'id_prefix', None)
if id_prefix is None:
continue
if resource_id.startswith(id_prefix):
return rmgr
raise UnknownResourceType(
"resource:%s not a supported resource type" % resource_id)
def resource_vocabulary():
vocabulary = {}
for type_name, resource_type in resources.items():
classes = {'actions': {}, 'filters': {}}
actions = []
for action_name, cls in resource_type.action_registry.items():
actions.append(action_name)
classes['actions'][action_name] = cls
filters = []
for filter_name, cls in resource_type.filter_registry.items():
filters.append(filter_name)
classes['filters'][filter_name] = cls
vocabulary[type_name] = {
'filters': sorted(filters),
'actions': sorted(actions),
'classes': classes,
}
return vocabulary
def resource_vocabulary():
vocabulary = {}
for type_name, resource_type in resources.items():
classes = {'actions': {}, 'filters': {}}
actions = []
for action_name, cls in resource_type.action_registry.items():
actions.append(action_name)
classes['actions'][action_name] = cls
filters = []
for filter_name, cls in resource_type.filter_registry.items():
filters.append(filter_name)
classes['filters'][filter_name] = cls
vocabulary[type_name] = {
'filters': sorted(filters),
'actions': sorted(actions),
'classes': classes,
}
return vocabulary
def generate(resource_types=()):
resource_defs = {}
definitions = {
'resources': resource_defs,
'filters': {
'value': ValueFilter.schema,
'event': EventFilter.schema,
'age': AgeFilter.schema,
# Shortcut form of value filter as k=v
'valuekv': {
'type': 'object',
'minProperties': 1,
'maxProperties': 1
},
},
'policy': {
'type': 'object',
'required': ['name', 'resource'],
'additionalProperties': False,
'properties': {
'name': {
'type': 'string',
'pattern': "^[A-z][A-z0-9]*(-[A-z0-9]+)*$"
},
'region': {
'type': 'string'
},
'resource': {
'type': 'string'
},
'max-resources': {
'type': 'integer'
},
'comment': {
'type': 'string'
},
'comments': {
'type': 'string'
},
'description': {
'type': 'string'
},
'tags': {
'type': 'array',
'items': {
'type': 'string'
}
},
'mode': {
'$ref': '#/definitions/policy-mode'
},
'source': {
'enum': ['describe', 'config']
},
'actions': {
'type': 'array',
},
'filters': {
'type': 'array'
},
#
# unclear if this should be allowed, it kills resource
# cache coherency between policies, and we need to
# generalize server side query mechanisms, currently
# this only for ec2 instance queries. limitations
# in json schema inheritance prevent us from doing this
# on a type specific basis http://goo.gl/8UyRvQ
'query': {
'type': 'array',
'items': {
'type': 'object',
'minProperties': 1,
'maxProperties': 1
}
}
},
},
'policy-mode': {
'type': 'object',
'required': ['type'],
'properties': {
'type': {
'enum': [
'cloudtrail', 'ec2-instance-state',
'asg-instance-state', 'config-rule', 'periodic'
]
},
'events': {
'type': 'array',
'items': {
'oneOf': [{
'type': 'string'
}, {
'type': 'object',
'required': ['event', 'source', 'ids'],
'properties': {
'source': {
'type': 'string'
},
'ids': {
'type': 'string'
},
'event': {
'type': 'string'
}
}
}]
}
}
},
},
}
resource_refs = []
for type_name, resource_type in resources.items():
if resource_types and type_name not in resource_types:
continue
resource_refs.append(
process_resource(type_name, resource_type, resource_defs))
schema = {
'$schema': 'http://json-schema.org/schema#',
'id': 'http://schema.cloudcustodian.io/v0/custodian.json',
'definitions': definitions,
'type': 'object',
'required': ['policies'],
'additionalProperties': False,
'properties': {
'vars': {
'type': 'object'
},
'policies': {
'type': 'array',
'additionalItems': False,
'items': {
'anyOf': resource_refs
}
}
}
}
return schema
def generate(resource_types=()):
resource_defs = {}
definitions = {
'resources': resource_defs,
'filters': {
'value': ValueFilter.schema,
'event': EventFilter.schema,
'time': TimeFilter.schema,
'age': AgeFilter.schema,
# Shortcut form of value filter as k=v
'valuekv': {
'type': 'object',
'minProperties': 1,
'maxProperties': 1},
},
'policy': {
'type': 'object',
'required': ['name', 'resource'],
'additionalProperties': False,
'properties': {
'name': {'type': 'string'},
'resource': {'type': 'string'},
'comment': {'type': 'string'},
'comments': {'type': 'string'},
'description': {'type': 'string'},
'mode': {'$ref': '#/definitions/policy-mode'},
'actions': {
'type': 'array',
},
'filters': {
'type': 'array'
},
#
# unclear if this should be allowed, it kills resource
# cache coherency between policies, and we need to
# generalize server side query mechanisms, currently
# this only for ec2 instance queries. limitations
# in json schema inheritance prevent us from doing this
# on a type specific basis http://goo.gl/8UyRvQ
'query': {
'type': 'array', 'items': {
'type': 'object',
'minProperties': 1,
'maxProperties': 1}}
},
},
'policy-mode': {
'type': 'object',
'required': ['type', 'events'],
'properties': {
'type': {
'enum': [
'cloudtrail',
'ec2-instance-state',
'asg-instance-state',
'periodic'
]},
'events': {'type': 'array', 'items': {'type': 'string'}},
'sources': {'type': 'array', 'items': {'type': 'string'}},
'ids': {'type': 'string'}
},
},
}
resource_refs = []
for type_name, resource_type in resources.items():
if resource_types and type_name not in resource_types:
continue
resource_refs.append(
process_resource(type_name, resource_type, resource_defs))
schema = {
'$schema': 'http://json-schema.org/schema#',
'id': 'http://schema.cloudcustodian.io/v0/custodian.json',
'definitions': definitions,
'type': 'object',
'required': ['policies'],
'additionalProperties': False,
'properties': {
'policies': {
'type': 'array',
'additionalItems': False,
'items': {'anyOf': resource_refs}
}
}
}
return schema
