def _load_policies(options): validate = True if 'skip_validation' in options: validate = not options.skip_validation if not validate: log.debug('Policy validation disabled') load_resources() vars = _load_vars(options) errors = 0 all_policies = PolicyCollection.from_data({}, options) # for a default region for policy loading, we'll expand regions later. options.region = "" for fp in options.configs: try: collection = policy_load(options, fp, validate=validate, vars=vars) except IOError: log.error('policy file does not exist ({})'.format(fp)) errors += 1 continue except yaml.YAMLError as e: log.error( "yaml syntax error loading policy file ({}) error:\n {}".format( fp, e)) errors += 1 continue except ValueError as e: log.error('problem loading policy file ({}) error: {}'.format( fp, str(e))) errors += 1 continue if collection is None: log.debug('Loaded file {}. Contained no policies.'.format(fp)) else: log.debug( 'Loaded file {}. Contains {} policies'.format( fp, len(collection))) all_policies = all_policies + collection if errors > 0: log.error('Found {} errors. Exiting.'.format(errors)) sys.exit(1) # filter by name and resource type policies = all_policies.filter( getattr(options, 'policy_filter', None), getattr(options, 'resource_type', None)) # provider initialization provider_policies = {} for p in policies: provider_policies.setdefault(p.provider_name, []).append(p) policies = PolicyCollection.from_data({}, options) for provider_name in provider_policies: provider = clouds[provider_name]() p_options = provider.initialize(options) policies += provider.initialize_policies( PolicyCollection(provider_policies[provider_name], p_options), p_options) if len(policies) == 0: _print_no_policies_warning(options, all_policies) # If we filtered out all the policies we want to exit with a # non-zero status. But if the policy file is empty then continue # on to the specific command to determine the exit status. if len(all_policies) > 0: sys.exit(1) # Do not allow multiple policies in a region with the same name, # even across files policies_by_region = defaultdict(list) for p in policies: policies_by_region[p.options.region].append(p) for region in policies_by_region.keys(): counts = Counter([p.name for p in policies_by_region[region]]) for policy, count in six.iteritems(counts): if count > 1: log.error("duplicate policy name '{}'".format(policy)) sys.exit(1) # Variable expansion and non schema validation (not optional) for p in policies: p.expand_variables(p.get_variables()) p.validate() return f(options, list(policies))
def _load_policies(options): validate = True if 'skip_validation' in options: validate = not options.skip_validation if not validate: log.debug('Policy validation disabled') load_resources() vars = _load_vars(options) errors = 0 all_policies = PolicyCollection.from_data({}, options) # for a default region for policy loading, we'll expand regions later. options.region = "" for fp in options.configs: try: collection = policy_load(options, fp, validate=validate, vars=vars) except IOError: log.error('policy file does not exist ({})'.format(fp)) errors += 1 continue except ValueError as e: log.error('problem loading policy file ({})'.format(e.message)) errors += 1 continue if collection is None: log.debug('Loaded file {}. Contained no policies.'.format(fp)) else: log.debug( 'Loaded file {}. Contains {} policies'.format( fp, len(collection))) all_policies = all_policies + collection if errors > 0: log.error('Found {} errors. Exiting.'.format(errors)) sys.exit(1) # filter by name and resource type policies = all_policies.filter( getattr(options, 'policy_filter', None), getattr(options, 'resource_type', None)) # provider initialization provider_policies = {} for p in policies: provider_policies.setdefault(p.provider_name, []).append(p) policies = PolicyCollection.from_data({}, options) for provider_name in provider_policies: provider = clouds[provider_name]() p_options = provider.initialize(options) policies += provider.initialize_policies( PolicyCollection(provider_policies[provider_name], p_options), p_options) if len(policies) == 0: _print_no_policies_warning(options, all_policies) # If we filtered out all the policies we want to exit with a # non-zero status. But if the policy file is empty then continue # on to the specific command to determine the exit status. if len(all_policies) > 0: sys.exit(1) # Do not allow multiple policies in a region with the same name, # even across files policies_by_region = defaultdict(list) for p in policies: policies_by_region[p.options.region].append(p) for region in policies_by_region.keys(): counts = Counter([p.name for p in policies_by_region[region]]) for policy, count in six.iteritems(counts): if count > 1: log.error("duplicate policy name '{}'".format(policy)) sys.exit(1) # Variable expansion and non schema validation (not optional) for p in policies: p.expand_variables(p.get_variables()) p.validate() return f(options, list(policies))