def validate(self, rulesets):
rulesets_to_apply = ['global'] if 'global' in rulesets else []
if self.resource_type in rulesets:
rulesets_to_apply.append(self.resource_type)
for resource in rulesets_to_apply:
ruleset = rulesets[resource]
for key in ruleset:
if key == 'must_contain':
must_contain(ruleset['must_contain'], self)
if key == 'must_not_contain':
must_not_contain(ruleset['must_not_contain'], self)
if key == 'must_equal':
must_equal(ruleset['must_equal'], self)
if key == 'attributes':
for attribute_key in ruleset['attributes']:
if attribute_key == 'tags' and not self.taggable:
continue
else:
for rule in ruleset['attributes'][attribute_key]:
rule_definition = ruleset['attributes'][attribute_key][rule]
if rule == 'must_contain':
must_contain(rule_definition, self, attribute_key)
elif rule == 'must_not_contain':
must_not_contain(rule_definition, self, attribute_key)
elif rule == 'must_equal':
must_equal(rule_definition, self, attribute_key)
def test_must_equal_validator_resource_level():
rule = {'TestValue': 'Bleep'}
config = {'address': 'test_address', 'values': {'TestValue': 'Bloop'}}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource)
assert (resource.violations == {
'test_address.must_equal':
["[TestValue] must equal 'Bleep' but found 'Bloop'"]
})
def test_must_equal_validator_with_str():
rule = 'testvalue'
lookup_key = 'test'
config = {'address': 'test_address', 'values': {'test': 'foo'}}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {
'test_address.must_equal':
["Incorrect value [test] must equal 'testvalue' but found 'foo'"]
})
def test_must_equal_validator_with_correct_config_returns_empty_violations():
rule = {'TestTag': 'Bloop'}
lookup_key = 'tags'
config = {
'address': 'test_address',
'values': {
'tags': {
'TestTag': 'Bloop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {})
def test_must_equal_validator_with_dict():
rule = {'TestTag': 'Bleep'}
lookup_key = 'tags'
config = {
'address': 'test_address',
'values': {
'tags': {
'TestTag': 'Bloop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {
'test_address.must_equal':
["Tags [TestTag] must equal 'Bleep' but found 'Bloop'"]
})