def test_config_for_region(self):
original = {
'foo': 'bar%%AWS_REGION%%baz',
'bar': [
'baz',
'AWS_REGION',
'%%AWS_REGION%%',
'xx%%AWS_REGION%%xx',
'blam',
'xx%%POLICYGEN_ENV_foo%%xx'
],
'baz': {
'blam': {
'blarg%%AWS_REGION%%xx': 'xxx%%AWS_REGION%%xxx'
}
},
'regions': ['us-east-1', 'us-east-2'],
'account_id': '012345',
'config_path': '/tmp/baz.yml'
}
expected = {
'foo': 'barus-east-2baz',
'bar': [
'baz',
'AWS_REGION',
'us-east-2',
'xxus-east-2xx',
'blam',
'xxbarVARxx'
],
'baz': {
'blam': {
'blargus-east-2xx': 'xxxus-east-2xxx'
}
},
'account_id': '012345',
'regions': ['us-east-1', 'us-east-2'],
'cleanup_notify': [],
'function_prefix': 'custodian-'
}
with patch('%s.jsonschema.validate' % pbm, autospec=True):
with patch.dict(
'os.environ',
{'foo': 'bar', 'POLICYGEN_ENV_foo': 'barVAR'},
clear=True
):
conf = ManheimConfig(**original)
result = conf.config_for_region('us-east-2')
assert result._config == expected
assert result.config_path == '/tmp/baz.yml'
def main():
# setup logging for direct command-line use
global logger
FORMAT = "[%(asctime)s %(levelname)s] %(message)s"
logging.basicConfig(level=logging.INFO, format=FORMAT)
logger = logging.getLogger()
# suppress boto3 internal logging below WARNING level
boto3_log = logging.getLogger("boto3")
boto3_log.setLevel(logging.WARNING)
boto3_log.propagate = True
# suppress botocore internal logging below WARNING level
botocore_log = logging.getLogger("botocore")
botocore_log.setLevel(logging.WARNING)
botocore_log.propagate = True
p = argparse.ArgumentParser(
description='Tool to generate custodian config files '
'from a c7n configuration directory/repo.',
epilog='This tool is part of manheim_c7n_tools v%s.\n'
'For documentation, see: %s' % (VERSION, PROJECT_URL),
formatter_class=argparse.RawDescriptionHelpFormatter
)
p.add_argument('-V', '--version', action='version', version=VERSION)
p.add_argument('-c', '--config', dest='config', action='store',
default='manheim-c7n-tools.yml',
help='Config file path (default: ./manheim-c7n-tools.yml)')
p.add_argument('ACCT_NAME', action='store', type=str,
help='account_name value from config file, for '
'current account')
args = p.parse_args(sys.argv[1:])
conf = ManheimConfig.from_file(args.config, args.ACCT_NAME)
PolicyGen(conf).run()
def main():
"""main command-line entrypoint; calls parse_args, sets up logging, and
either lists steps or instantiates a CustodianRunner and calls run()."""
args = parse_args(sys.argv[1:])
# set logging level
if args.verbose > 1:
set_log_debug(logger)
elif args.verbose == 1:
set_log_info(logger)
if args.ACTION == 'list':
for x in CustodianRunner.ordered_step_classes:
print(x.name)
raise SystemExit(0)
if args.ACTION == 'accounts':
accts = ManheimConfig.list_accounts(args.config)
for acctname in sorted(accts.keys()):
print("%s (%s)" % (acctname, accts[acctname]))
raise SystemExit(0)
cr = CustodianRunner(args.ACCT_NAME, args.config)
if args.assume_role:
assume_role(cr.config)
cr.run(
args.ACTION, args.regions, step_names=args.steps, skip_steps=args.skip
)
def test_list_accounts(self):
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch('%s.open' % pbm,
mock_open(read_data='foo'),
create=True) as m_open:
with patch('%s.yaml.load' % pbm, autospec=True) as mock_load:
with patch('%s.ManheimConfig' % pbm,
autospec=True) as mock_conf:
mock_load.return_value = [{
'account_name': 'a1',
'account_id': 1111,
'foo': 'bar',
'baz': 2,
'regions': ['us-east-1']
}, {
'account_name': 'a2',
'account_id': 2222,
'foo': 'bar1',
'baz': 4,
'regions': ['us-east-2']
}]
res = ManheimConfig.list_accounts('/tmp/conf.yml')
assert res == {'a1': 1111, 'a2': 2222}
assert mock_logger.mock_calls == [
call.info('Loading config from: %s', '/tmp/conf.yml')
]
assert m_open.mock_calls == [
call('/tmp/conf.yml', 'r'),
call().__enter__(),
call().read(),
call().__exit__(None, None, None)
]
assert mock_load.mock_calls == [call('foo', Loader=yaml.SafeLoader)]
assert mock_conf.mock_calls == []
def main():
global logger
# setup logging for direct command-line use
FORMAT = "[%(asctime)s %(levelname)s] %(message)s"
logging.basicConfig(level=logging.WARNING, format=FORMAT)
logger = logging.getLogger()
# suppress boto3 internal logging below WARNING level
boto3_log = logging.getLogger("boto3")
boto3_log.setLevel(logging.WARNING)
boto3_log.propagate = True
# suppress botocore internal logging below WARNING level
botocore_log = logging.getLogger("botocore")
botocore_log.setLevel(logging.WARNING)
botocore_log.propagate = True
# end setup logging
args = parse_args(sys.argv[1:])
# set logging level
if args.verbose > 1:
set_log_debug(logger)
elif args.verbose == 1:
set_log_info(logger)
conf = ManheimConfig.from_file(args.config, args.ACCOUNT_NAME)
DryRunDiffer(conf).run(git_dir=args.git_dir,
diff_against=args.diff_against)
def test_init_not_us_east_1(self):
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch('%s.jsonschema.validate' % pbm,
autospec=True) as mock_validate:
cls = ManheimConfig(foo='bar',
baz=2,
regions=['us-east-2'],
config_path='manheim-c7n-tools.yml',
account_id='1234',
cleanup_notify=['*****@*****.**'])
assert cls._config == {
'foo': 'bar',
'baz': 2,
'regions': ['us-east-2'],
'account_id': '1234',
'cleanup_notify': ['*****@*****.**']
}
assert cls.config_path == 'manheim-c7n-tools.yml'
assert mock_logger.mock_calls == [
call.debug('Validating configuration...')
]
assert mock_validate.mock_calls == [
call(
{
'foo': 'bar',
'baz': 2,
'regions': ['us-east-2'],
'account_id': '1234',
'cleanup_notify': ['*****@*****.**']
}, MANHEIM_CONFIG_SCHEMA)
]
def test_from_file_name_missing(self):
m_conf = Mock()
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch(
'%s.open' % pbm, mock_open(read_data='foo'), create=True
) as m_open:
with patch('%s.yaml.load' % pbm, autospec=True) as mock_load:
with patch(
'%s.ManheimConfig' % pbm, autospec=True
) as mock_conf:
mock_conf.return_value = m_conf
mock_load.return_value = [
{
'account_name': 'a1',
'foo': 'bar',
'baz': 2,
'regions': ['us-east-1']
},
{
'account_name': 'a2',
'foo': 'bar1',
'baz': 4,
'regions': ['us-east-2']
}
]
with pytest.raises(RuntimeError) as exc:
ManheimConfig.from_file('/tmp/conf.yml', 'BAD')
assert str(exc.value) == 'ERROR: No account with name "BAD"' \
' in /tmp/conf.yml'
assert mock_logger.mock_calls == [
call.info('Loading config from: %s', '/tmp/conf.yml')
]
assert m_open.mock_calls == [
call('/tmp/conf.yml', 'r'),
call().__enter__(),
call().read(),
call().__exit__(None, None, None)
]
assert mock_load.mock_calls == [
call('foo', Loader=yaml.SafeLoader)
]
assert mock_conf.mock_calls == []
def __init__(self, account_name, config_path='manheim-c7n-tools.yml'):
"""
Initialize the Runner.
:param account_name: name of the account to run against
:type account_name: str
:param config_path: path to ``manheim-c7n-tools.yml`` config file
:type config_path: str
"""
self._config_path = config_path
self.config = ManheimConfig.from_file(config_path, account_name)
def test_getattr(self):
with patch('%s.logger' % pbm, autospec=True):
with patch('%s.jsonschema.validate' % pbm, autospec=True):
cls = ManheimConfig(foo='bar',
baz=2,
regions=['us-east-1'],
config_path='foo')
assert cls.foo == 'bar'
assert cls.baz == 2
assert cls.config_path == 'foo'
with pytest.raises(AttributeError):
cls.missingAttr
def main():
args = parse_args(sys.argv[1:])
# set logging level
if args.verbose > 1:
set_log_debug(logger)
elif args.verbose == 1:
set_log_info(logger)
conf = ManheimConfig.from_file(args.config, args.ACCOUNT_NAME)
if args.assume_role:
assume_role(conf)
CustodianErrorReporter(conf, args.REGION_NAME).run()
def test_from_file(self):
m_conf = Mock()
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch(
'%s.open' % pbm, mock_open(read_data='foo'), create=True
) as m_open:
with patch('%s.yaml.load' % pbm, autospec=True) as mock_load:
with patch(
'%s.ManheimConfig' % pbm, autospec=True
) as mock_conf:
mock_conf.return_value = m_conf
mock_load.return_value = [
{
'account_name': 'a1',
'foo': 'bar',
'baz': 2,
'regions': ['us-east-1']
},
{
'account_name': 'a2',
'foo': 'bar1',
'baz': 4,
'regions': ['us-east-2']
}
]
res = ManheimConfig.from_file('/tmp/conf.yml', 'a2')
assert res == m_conf
assert mock_logger.mock_calls == [
call.info('Loading config from: %s', '/tmp/conf.yml')
]
assert m_open.mock_calls == [
call('/tmp/conf.yml', 'r'),
call().__enter__(),
call().read(),
call().__exit__(None, None, None)
]
assert mock_load.mock_calls == [
call('foo', Loader=yaml.SafeLoader)
]
assert mock_conf.mock_calls == [
call(
account_name='a2', foo='bar1', baz=4, regions=['us-east-2'],
config_path='/tmp/conf.yml'
)
]
def test_init_not_us_east_1(self):
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch('%s.jsonschema.validate' % pbm,
autospec=True) as mock_validate:
with pytest.raises(RuntimeError) as exc:
ManheimConfig(foo='bar',
baz=2,
regions=['us-east-2'],
config_path='manheim-c7n-tools.yml')
assert str(exc.value) == 'ERROR: the first configured region must be ' \
'us-east-1'
assert mock_logger.mock_calls == [
call.debug('Validating configuration...')
]
assert mock_validate.mock_calls == [
call({
'foo': 'bar',
'baz': 2,
'regions': ['us-east-2']
}, MANHEIM_CONFIG_SCHEMA)
]
def test_init(self):
with patch('%s.logger' % pbm, autospec=True) as mock_logger:
with patch('%s.jsonschema.validate' % pbm,
autospec=True) as mock_validate:
cls = ManheimConfig(foo='bar',
baz=2,
regions=['us-east-1'],
config_path='manheim-c7n-tools.yml')
assert cls._config == {
'foo': 'bar',
'baz': 2,
'regions': ['us-east-1']
}
assert cls.config_path == 'manheim-c7n-tools.yml'
assert mock_logger.mock_calls == [
call.debug('Validating configuration...')
]
assert mock_validate.mock_calls == [
call({
'foo': 'bar',
'baz': 2,
'regions': ['us-east-1']
}, MANHEIM_CONFIG_SCHEMA)
]