def test_traverse_array(self):
result = jget.Jget(test_json).at("configuration").at("routes").get()
#expect a list lenght two.
self.assertTrue(type(result) == type([]))
self.assertTrue(len(result) == 2)
self.assertTrue('gatewayId' in result[0])
self.assertTrue('gatewayId' in result[1])
def test_flatten(self):
result = jget.Jget(test_json).at("configuration").at(
"tags").flatten().at("Criticality").get()
#expect top level json to be a dictionary
print(result)
self.assertTrue(type(result) == type(""))
self.assertTrue(result == "Investigation")
def test_get_gateways(self):
result = jget.Jget(test_json).at("configuration").at("routes").all(
"gatewayId").get()
self.assertTrue(len(result) == 2)
self.assertTrue(type(result) == type([]))
self.assertTrue('local' in result)
self.assertTrue('igw-a5f227c1' in result)
def evaluate_compliance(event, configuration_item, valid_rule_parameters):
"""Form the evaluation(s) to be return to Config Rules
a string -- either COMPLIANT, NON_COMPLIANT or NOT_APPLICABLE
Arguments
event -- the event variable given in the lambda handler
configuration_item -- the configurationItem dictionary in the invokingEvent
valid_rule_parameters -- the output of the evaluate_parameters() representing validated parameters of the Config Rule
Scenario: Subnet does not possess a route table
Return NOT_APPLICABLE
Scenario: Subnet does not have a route table containing an internet Gateway
Return NOT_APPLICABLE
Scenario: Subnet has a route table that has an internet Gateway, but subnet flows are not logged
Return NON_COMPLIANT
Scenario: Subnet has a route table that has an internet Gateway, and subnet flows are logged.
Return COMPLIANT
"""
###############################
# Add your custom logic here. #
###############################
# does route table have an assocation with this subnet?
# - no? continue
# - yes call checks
import pdb; pdb.set_trace
route_table = configration_item
gateways = jget.Jget(route_table).all("routes").all("gateway").get()
gateways = [g[:4] for g in event["routes"]["gateway"]]
if "igw-" not in in gateways return NOT_APPLICABLE
#get subnets and VPC that have an external route.
relationships = jget.Jget(route_table).all("relationships").all("resourceId").get()
# Check that a flow log exists.
for r in relationships:
if "sub-" in r :
pass
elif "vpc-" in r:
pass
return 'NOT_APPLICABLE'
def test_top_level(self):
result = jget.Jget(test_json).at("configuration").get()
#expect top level json to be a dictionary
self.assertTrue(type(result) == type({}))
self.assertTrue('routes' in result)
def test_get_at_errors(self):
result = jget.Jget(test_json).at("configuration").at("XXXroutes").all(
"gatewayId").get()
self.assertTrue(type(result) == type(None))
def test_get_array_errors(self):
#expect empty list.
result = jget.Jget(test_json).at("configuration").at("routes").all(
"XXXgatewayId").get()
self.assertTrue(type(result) == type([]))