def validate(self): if self.manager.action_registry.get('tag') is None: raise FilterValidationError("Resource does not support tagging") if self.data.get('days') is not None and (self.data.get('days') < 1 or self.data.get('days') > 90): raise FilterValidationError("Days must be between 1 and 90") return self
def validate(self): if self.get_tz(self.default_tz) is None: raise FilterValidationError( "Invalid timezone specified %s" % self.default_tz) hour = self.data.get("%shour" % self.time_type, self.DEFAULT_HR) if hour not in self.parser.VALID_HOURS: raise FilterValidationError("Invalid hour specified %s" % hour) return self
def validate(self): if 'modifyable' not in self.manager.data.get('filters', ()): raise FilterValidationError( "modify action requires modifyable filter in policy") if self.data.get('size-percent') < 100 and not self.data.get('shrink', False): raise FilterValidationError(( "shrinking volumes requires os/fs support " "or data-loss may ensue, use `shrink: true` to override")) return self
def validate(self): if self.factory is None: raise FilterValidationError( "The related resource is not a custodian supported azure resource" ) if (self.data['relatedResource'] == 'azure.roleassignment' or self.data['relatedResource'] == 'azure.roledefinition'): raise FilterValidationError( "The related resource can not be role assignments or role definitions" )
def validate(self): if not self.data.get('tags') and not (self.data.get('tag') and self.data.get('value')): raise FilterValidationError( "Must specify either tags or a tag and value") if self.data.get('tags') and self.data.get('tag'): raise FilterValidationError( "Can't specify both tags and tag, choose one") return self
def validate(self): op = self.data.get('op') if self.manager and op not in self.manager.action_registry.keys(): raise FilterValidationError("Invalid marked-for-op op:%s" % op) tz = zoneinfo.gettz(Time.TZ_ALIASES.get(self.data.get('tz', 'utc'))) if not tz: raise FilterValidationError("Invalid timezone specified '%s'" % self.data.get('tz')) return self
def validate(self): if self.get_tz(self.default_tz) is None: raise FilterValidationError("Invalid timezone specified %s" % self.default_tz) hour = self.data.get("%shour" % self.time_type, self.DEFAULT_HR) if hour not in self.parser.VALID_HOURS: raise FilterValidationError("Invalid hour specified %s" % hour) if 'skip-days' in self.data and 'skip-days-from' in self.data: raise FilterValidationError( "Cannot specify two sets of skip days %s" % self.data) return self
def validate(self): op = self.data.get('op') if self.manager and op not in self.manager.action_registry.keys(): raise FilterValidationError( "mark-for-op specifies invalid op:%s in %s" % (op, self.manager.data)) self.tz = tzutil.gettz(Time.TZ_ALIASES.get(self.data.get('tz', 'utc'))) if not self.tz: raise FilterValidationError("Invalid timezone specified %s in %s" % (self.tz, self.manager.data))
def validate(self): # Check that variable values are valid if PORTS in self.data: if not PortsRangeHelper.validate_ports_string(self.data[PORTS]): raise FilterValidationError("ports string has wrong format.") if EXCEPT_PORTS in self.data: if not PortsRangeHelper.validate_ports_string(self.data[EXCEPT_PORTS]): raise FilterValidationError("exceptPorts string has wrong format.") return True
def validate(self): op = self.data.get('op') if self.manager and op not in self.manager.action_registry.keys(): raise FilterValidationError("Invalid marked-for-op op:%s in %s" % (op, self.manager.data)) tz = Time.get_tz(self.data.get('tz', 'utc')) if not tz: raise FilterValidationError( "Invalid timezone specified '%s' in %s" % (self.data.get('tz'), self.manager.data)) return self
def validate(self): if 'whitelist' in self.data and 'blacklist' in self.data: raise FilterValidationError( "cannot specify whitelist and black list") if 'whitelist' not in self.data and 'blacklist' not in self.data: raise FilterValidationError( "must specify either policy blacklist or whitelist") if ('blacklist' in self.data and not isinstance(self.data['blacklist'], list)): raise FilterValidationError("blacklist must be a list") return self
def validate(self): self.policy_include = IpRangeHelper.parse_ip_ranges(self.data, 'include') self.policy_equal = IpRangeHelper.parse_ip_ranges(self.data, 'equal') has_include = self.policy_include is not None has_equal = self.policy_equal is not None if has_include and has_equal: raise FilterValidationError('Cannot have both include and equal.') if not has_include and not has_equal: raise FilterValidationError('Must have either include or equal.') return True
def validate(self): if self.manager.action_registry.get('tag') is None: raise FilterValidationError("Resource does not support tagging") if self.manager.data.get('mode', {}).get('type') == 'azure-event-grid' \ and self.data.get('days') is not None: raise PolicyValidationError( "Auto tag user in event mode does not use days.") if (self.data.get('days') is not None and (self.data.get('days') < 1 or self.data.get('days') > 90)): raise FilterValidationError("Days must be between 1 and 90") return self
def _check_rules(self, resource_rules): if self.policy_equal is not None: return self.policy_equal == resource_rules elif self.policy_include is not None: return self.policy_include.issubset(resource_rules) else: # validated earlier, can never happen raise FilterValidationError("Internal error.")
def validate(self): diff_filters = [n for n in self.manager.filters if isinstance( n, SecurityGroupDiffFilter)] if not len(diff_filters): raise FilterValidationError( "resource patching requires diff filter") return self
def validate(self): super(AutoTagDate, self).validate() try: datetime.datetime.now().strftime(self.format) except Exception: raise FilterValidationError( "'%s' string has invalid datetime format." % self.format)
def validate(self): if self.data.get('state') == 'enabled': if 'bucket' not in self.data or 'prefix' not in self.data: raise FilterValidationError( ("alb logging enablement requires `bucket` " "and `prefix` specification")) return self
def process(self, resources): self.tz = zoneinfo.gettz( Time.TZ_ALIASES.get(self.data.get('tz', 'utc'))) if not self.tz: raise FilterValidationError("Invalid timezone specified %s" % self.tz) self.id_key = self.manager.get_model().id # Move this to policy? / no resources bypasses actions? if not len(resources): return msg_tmpl = self.data.get('msg', self.default_template) op = self.data.get('op', 'stop') tag = self.data.get('tag', DEFAULT_TAG) days = self.data.get('days', 0) hours = self.data.get('hours', 0) action_date = self.generate_timestamp(days, hours) msg = msg_tmpl.format(op=op, action_date=action_date) self.log.info("Tagging %d resources for %s on %s" % (len(resources), op, action_date)) tags = [{'Key': tag, 'Value': msg}] batch_size = self.data.get('batch_size', self.batch_size) _common_tag_processer(self.executor_factory, batch_size, self.concurrency, self.process_resource_set, self.id_key, resources, tags, self.log)
def validate(self): if self.data.get('encrypted', True): key = self.data.get('target_key') if not key: raise FilterValidationError( "Encrypted snapshot copy requires kms key") return self
def validate(self): region = self.manager.data.get('region', '') if len(self.global_services.intersection(self.data.get('services', []))): if region != 'us-east-1': raise FilterValidationError( "Global services: %s must be targeted in us-east-1 on the policy" % ', '.join(self.global_services)) return self
def validate(self): found = False for f in self.manager.filters: if isinstance(f, LatestSnapshot): found = True if not found: # do we really need this... raise FilterValidationError( "must filter by latest to use restore action") return self
def validate(self): found = False for f in self.manager.filters: if isinstance(f, WafEnabled): found = True break if not found: # try to ensure idempotent usage raise FilterValidationError( "set-waf should be used in conjunction with waf-enabled filter") return self
def validate(self): if 'whitelist' in self.data and 'blacklist' in self.data: raise FilterValidationError( "cannot specify whitelist and black list") if 'whitelist' not in self.data and 'blacklist' not in self.data: raise FilterValidationError( "must specify either policy blacklist or whitelist") if ('blacklist' in self.data and not isinstance(self.data['blacklist'], list)): raise FilterValidationError("blacklist must be a list") if 'matching' in self.data: # Sanity check that we can compile try: re.compile(self.data['matching']) except re.error as e: raise FilterValidationError("Invalid regex: %s %s" % (e, self.data)) return self
def validate(self): if 'selector' in self.data and self.data['selector'] == 'date': if 'selector_value' not in self.data: raise FilterValidationError( "Date version selector requires specification of date") try: parse_date(self.data['selector_value']) except ValueError: raise FilterValidationError("Invalid date for selector_value") elif 'selector' in self.data and self.data['selector'] == 'locked': idx = self.manager.data['filters'].index(self.data) found = False for n in self.manager.data['filters'][:idx]: if isinstance(n, dict) and n.get('type', '') == 'locked': found = True if isinstance(n, six.string_types) and n == 'locked': found = True if not found: raise FilterValidationError( "locked selector needs previous use of is-locked filter") return self
def validate(self): if not self.data.get('matched'): return listeners = [f for f in self.manager.filters if isinstance(f, self.__class__)] found = False for f in listeners[:listeners.index(self)]: if not f.data.get('matched', False): found = True break if not found: raise FilterValidationError( "matched listener filter, requires preceding listener filter") return self
def _check_bypass(self, bypass_set): if self.mode == 'equal': return self.list == bypass_set elif self.mode == 'include': return self.list.issubset(bypass_set) elif self.mode == 'any': return not self.list.isdisjoint(bypass_set) elif self.mode == 'only': return bypass_set.issubset(self.list) else: # validated earlier, can never happen raise FilterValidationError("Internal error.")
def validate(self): op = self.data.get('op') if self.manager and op not in self.manager.action_registry.keys(): raise FilterValidationError( "mark-for-op specifies invalid op:%s" % op) return self
def validate(self): if self.manager.data.get('mode'): raise FilterValidationError( "invalid-config makes too many queries to be run in lambda") return self
def validate(self): if not self.data.get('labels') and not self.data.get('remove'): raise FilterValidationError("Must specify one of labels or remove")
def validate(self): if self.data.get('space') < 0 or self.data.get('space') > 15: raise FilterValidationError("Space must be between 0 and 15") return self