def test_resource_id_meta(self):
missing = []
for name, resource in resources.items():
if not getattr(resource.resource_type, 'id', None):
missing.append(name)
if missing:
raise KeyError(
"Following resources are missing id metadata %s" % " ".join(missing))
def test_check_permissions(self):
load_resources(('gcp.*', ))
missing = []
invalid = []
iam_path = os.path.join(os.path.dirname(__file__), 'data',
'iam-permissions.json')
with open(iam_path) as fh:
valid_perms = set(json.load(fh).get('permissions'))
cfg = Config.empty()
for k, v in resources.items():
policy = Bag({
'name': 'permcheck',
'resource': 'gcp.%s' % k,
'provider_name': 'gcp'
})
ctx = self.get_context(config=cfg, policy=policy)
mgr = v(ctx, policy)
perms = mgr.get_permissions()
if not perms:
missing.append(k)
for p in perms:
if p not in valid_perms:
invalid.append((k, p))
for n, a in list(v.action_registry.items()):
if n in ALLOWED_NOPERM:
continue
policy['actions'] = [n]
perms = a({}, mgr).get_permissions()
if not perms:
missing.append('%s.actions.%s' % (k, n))
for p in perms:
if p not in valid_perms:
invalid.append(('%s.actions.%s' % (k, n), p))
for n, f in list(v.filter_registry.items()):
if n in ALLOWED_NOPERM:
continue
policy['filters'] = [n]
perms = f({}, mgr).get_permissions()
if not perms:
missing.append('%s.filters.%s' % (k, n))
for p in perms:
if p not in valid_perms:
invalid.append(('%s.filters.%s' % (k, n), p))
if missing:
self.fail('missing permissions %d on \n\t%s' %
(len(missing), '\n\t'.join(sorted(missing))))
if invalid:
self.fail('invalid permissions %d on \n\t%s' %
(len(invalid), '\n\t'.join(map(str, sorted(invalid)))))