def test_semantic_mode_error(self):
data = {
'policies': [{
'name': 'test',
'resource': 'ec2',
'mode': {
'type': 'periodic',
'scheduled': 'oops'}}]}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(error.absolute_schema_path)
)
self.assertTrue("'scheduled' was unexpected" in str(error))
self.assertTrue(len(str(error)) < 2000)
def test_semantic_error_on_value_derived(self):
data = {
"policies": [
{
"name": "test",
"resource": "ec2",
"filters": [{"type": "ebs", "skipped_devices": []}],
}
]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(error.absolute_schema_path)
)
self.assertTrue("Additional properties are not allowed " in error.message)
self.assertTrue("'skipped_devices' was unexpected" in error.message)
def test_semantic_error_on_value_derived(self):
data = {
"policies": [
{
"name": "test",
"resource": "ec2",
"filters": [{"type": "ebs", "skipped_devices": []}],
}
]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(error.absolute_schema_path)
)
self.assertTrue("Additional properties are not allowed " in error.message)
self.assertTrue("'skipped_devices' was unexpected" in error.message)
def test_semantic_mode_error(self):
data = {
'policies': [{
'name': 'test',
'resource': 'ec2',
'mode': {
'type': 'periodic',
'scheduled': 'oops'
}
}]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertTrue("'scheduled' was unexpected" in str(error))
self.assertTrue(len(str(error)) < 2000)
def test_semantic_error(self):
data = {
'policies': [
{'name': 'test',
'resource': 'ec2',
'filters': {
'type': 'ebs',
'skipped_devices': []}
}]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertEqual(
error.message,
"{'skipped_devices': [], 'type': 'ebs'} is not of type 'array'")
def test_semantic_error(self):
data = {
'policies': [{
'name': 'test',
'resource': 'ec2',
'filters': {
'type': 'ebs',
'skipped_devices': []
}
}]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertTrue("'skipped_devices': []" in error.message)
self.assertTrue("'type': 'ebs'" in error.message)
def test_semantic_error_on_value_derived(self):
data = {
'policies': [
{'name': 'test',
'resource': 'ec2',
'filters': [
{'type': 'ebs',
'skipped_devices': []}
]}
]}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertEqual(
error.message,
("Additional properties are not allowed "
"('skipped_devices' was unexpected)"))
def test_semantic_error_on_value_derived(self):
data = {
'policies': [{
'name': 'test',
'resource': 'ec2',
'filters': [{
'type': 'ebs',
'skipped_devices': []
}]
}]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertEqual(error.message,
("Additional properties are not allowed "
"('skipped_devices' was unexpected)"))
def test_semantic_error(self):
data = {
"policies": [
{
"name": "test",
"resource": "ec2",
"filters": {"type": "ebs", "skipped_devices": []},
}
]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(error.absolute_schema_path)
)
self.assertTrue("'skipped_devices': []" in error.message)
self.assertTrue(
"u'type': u'ebs'" in error.message or "'type': 'ebs'" in error.message
)
def test_semantic_error_policy_scope(self):
data = {
'policies': [
{'actions': [{'key': 'TagPolicyCompliance',
'type': 'tag',
'value': 'This resource should have tags following policy'}],
'description': 'Identify resources which lack our accounting tags',
'filters': [{'tag:Environment': 'absent'},
{'tag:Service': 'absent'},
{'or': [{'tag:Owner': 'absent'},
{'tag:ResponsibleParty': 'absent'},
{'tag:Contact': 'absent'},
{'tag:Creator': 'absent'}]}],
'name': 'tagging-compliance-waf',
'resource': 'aws.waf'}]}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = policy_error_scope(specific_error(errors[0]), data)
self.assertTrue("policy:tagging-compliance-waf" in error.message)
def test_semantic_error_common_filter_provider_prefixed(self):
data = {
'policies': [{
'name': 'test',
'resource': 's3',
'filters': [{
'type': 'metrics',
'name': 'BucketSizeBytes',
'dimensions': [{
'StorageType': 'StandardStorage'}],
'days': 7,
'value': 100,
'op': 'gte'}]}]}
# load s3 resource
validator = self.get_validator(data)
errors = list(validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertIn(
"[{'StorageType': 'StandardStorage'}] is not of type 'object'",
str(error))
def test_semantic_error_policy_scope(self):
data = {
'policies': [
{'actions': [{'key': 'TagPolicyCompliance',
'type': 'tag',
'value': 'This resource should have tags following policy'}],
'description': 'Identify resources which lack our accounting tags',
'filters': [{'tag:Environment': 'absent'},
{'tag:Service': 'absent'},
{'or': [{'tag:Owner': 'absent'},
{'tag:ResponsibleParty': 'absent'},
{'tag:Contact': 'absent'},
{'tag:Creator': 'absent'}]}],
'name': 'tagging-compliance-waf',
'resource': 'aws.waf'}]}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = policy_error_scope(specific_error(errors[0]), data)
self.assertTrue("policy:tagging-compliance-waf" in error.message)
def test_semantic_error_with_nested_resource_key(self):
data = {
'policies': [{
'name':
'team-tag-ebs-snapshot-audit',
'resource':
'ebs-snapshot',
'actions': [{
'type': 'copy-related-tag',
'resource': 'ebs',
'skip_missing': True,
'key': 'VolumeId',
'tags': 'Team'
}]
}]
}
validator = self.get_validator(data)
errors = list(validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue('Team' in error.message)
def _validate(self, policy_data):
errors = list(self.validator.iter_errors(policy_data))
if not errors:
return schema.check_unique(policy_data) or []
try:
resp = schema.policy_error_scope(schema.specific_error(errors[0]),
policy_data)
name = isinstance(errors[0].instance,
dict) and errors[0].instance.get(
'name', 'unknown') or 'unknown'
return [resp, name]
except Exception:
logging.exception(
"schema-validator: specific_error failed, traceback, followed by fallback"
)
return list(
filter(None, [
errors[0],
schema.best_match(self.validator.iter_errors(policy_data)),
]))
def test_semantic_error(self):
data = {
"policies": [
{
"name": "test",
"resource": "ec2",
"filters": {"type": "ebs", "skipped_devices": []},
}
]
}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(error.absolute_schema_path)
)
self.assertTrue("'skipped_devices': []" in error.message)
self.assertTrue(
"u'type': u'ebs'" in error.message or "'type': 'ebs'" in error.message
)
def test_semantic_error_common_filter_provider_prefixed(self):
data = {
'policies': [{
'name': 'test',
'resource': 's3',
'filters': [{
'type': 'metrics',
'name': 'BucketSizeBytes',
'dimensions': [{
'StorageType': 'StandardStorage'}],
'days': 7,
'value': 100,
'op': 'gte'}]}]}
errors = list(self.validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
# the repr unicode situation on py2.7 makes this harder to do
# an exact match
if sys.version_info.major == 2:
return self.assertIn('StorageType', str(error))
self.assertIn(
"[{'StorageType': 'StandardStorage'}] is not of type 'object'",
str(error))
def test_semantic_error(self):
data = {
"policies": [{
"name": "test",
"resource": "ec2",
"filters": {
"type": "ebs",
"skipped_devices": []
},
}]
}
load_resources(('aws.ec2', ))
validator = self.policy_loader.validator.gen_schema(('aws.ec2', ))
# probably should just ditch this test
errors = list(validator.iter_errors(data))
self.assertEqual(len(errors), 1)
error = specific_error(errors[0])
self.assertTrue(
len(errors[0].absolute_schema_path) < len(
error.absolute_schema_path))
self.assertTrue("'skipped_devices': []" in error.message)
self.assertTrue("u'type': u'ebs'" in error.message
or "'type': 'ebs'" in error.message)
def findError(self, data, validator):
e = best_match(validator.iter_errors(data))
ex = specific_error(list(validator.iter_errors(data))[0])
return e, ex
def findError(self, data, validator):
e = best_match(validator.iter_errors(data))
ex = specific_error(list(validator.iter_errors(data))[0])
return e, ex
