def run(event, context):
# policies file should always be valid in functions so do loading naively
with open(context['config_file']) as f:
policy_config = json.load(f)
if not policy_config or not policy_config.get('policies'):
log.error('Invalid policy config')
return False
options_overrides = \
policy_config['policies'][0].get('mode', {}).get('execution-options', {})
# setup our auth file location on disk
options_overrides['authorization_file'] = context['auth_file']
# if output_dir specified use that, otherwise make a temp directory
if 'output_dir' not in options_overrides:
options_overrides['output_dir'] = get_tmp_output_dir()
# merge all our options in
options = Config.empty(**options_overrides)
load_resources()
options = Azure().initialize(options)
policies = PolicyCollection.from_data(policy_config, options)
if policies:
for p in policies:
try:
p.push(event, context)
except (CloudError, AzureHttpError) as error:
log.error("Unable to process policy: %s :: %s" % (p.name, error))
return True
def test_initialize_default_account_id(self, get_subscription_id_mock):
options = Config.empty()
azure = Azure()
azure.initialize(options)
self.assertEqual(options['account_id'], DEFAULT_SUBSCRIPTION_ID)
session = azure.get_session_factory(options)()
session._initialize_session()
self.assertEqual(session.subscription_id, DEFAULT_SUBSCRIPTION_ID)
def test_initialize_custom_account_id(self):
sample_account_id = "00000000-5106-4743-99b0-c129bfa71a47"
options = Config.empty()
options['account_id'] = sample_account_id
azure = Azure()
azure.initialize(options)
self.assertEqual(options['account_id'], sample_account_id)
session = azure.get_session_factory(options)()
self.assertEqual(sample_account_id, session.get_subscription_id())
def test_exit_on_nonexistent_azure_cloud(self):
with patch('c7n_azure.session.Session.get_subscription_id'):
with pytest.raises(SystemExit) as exit:
options = Config.empty(regions=['InvalidCloudName'])
azure = Azure()
azure.initialize(options)
azure.get_session_factory(options)()
self.assertEqual(SystemExit, exit.type)
self.assertEqual(1, exit.value.code)
def test_initialize_default_account_id(self):
# Patch get_subscription_id during provider initialization
with patch('c7n_azure.session.Session.get_subscription_id',
return_value=DEFAULT_SUBSCRIPTION_ID):
options = Config.empty()
azure = Azure()
azure.initialize(options)
self.assertEqual(options['account_id'], DEFAULT_SUBSCRIPTION_ID)
session = azure.get_session_factory(options)()
self.assertEqual(DEFAULT_SUBSCRIPTION_ID, session.get_subscription_id())
def test_initialize_default_azure_cloud(self):
with patch('c7n_azure.session.Session.get_subscription_id'):
options = Config.empty()
azure = Azure()
azure.initialize(options)
self.assertEqual(AZURE_PUBLIC_CLOUD, azure.cloud_endpoints)
self.assertEqual(AZURE_PUBLIC_CLOUD.name, options['region'])
session = azure.get_session_factory(options)()
self.assertEqual(
AZURE_PUBLIC_CLOUD.endpoints.active_directory_resource_id,
session.resource_endpoint)
def build_options(output_dir=None, log_group=None, metrics=None):
"""
Initialize the Azure provider to apply global config across all policy executions.
"""
if not output_dir:
output_dir = tempfile.mkdtemp()
log.warning('Output directory not specified. Using directory: %s' % output_dir)
config = Config.empty(
**{
'log_group': log_group,
'metrics': metrics,
'output_dir': output_dir
}
)
return Azure().initialize(config)
def test_initialize_azure_cloud(self):
clouds = [
AZURE_PUBLIC_CLOUD, AZURE_CHINA_CLOUD, AZURE_GERMAN_CLOUD,
AZURE_US_GOV_CLOUD
]
with patch('c7n_azure.session.Session.get_subscription_id'):
for cloud_endpoints in clouds:
options = Config.empty(regions=[cloud_endpoints.name])
azure = Azure()
azure.initialize(options)
self.assertEqual(cloud_endpoints, azure.cloud_endpoints)
self.assertEqual(cloud_endpoints.name, options['region'])
session = azure.get_session_factory(options)()
self.assertEqual(
cloud_endpoints.endpoints.active_directory_resource_id,
session.resource_endpoint)