def test_find_violations_applies_all_resources(self): rule = rule_tmpl.format( mode='blacklist', type='*', ids=['*'], locations=['eu*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))
def test_find_violations_bucket_whitelist_has_violations(self): rule = rule_tmpl.format( mode='whitelist', type='bucket', ids=['*'], locations=['us*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))
def test_find_violations_specific_id(self): rule = rule_tmpl.format( mode='blacklist', type='bucket', ids=['dne', 'p1-bucket1'], locations=['eu*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))
def test_find_violations_exact(self): rule = rule_tmpl.format( mode='blacklist', type='bucket', ids=['*'], locations=['europe-west1'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))
def test_find_violations_cluster(self): rule = rule_tmpl.format( mode='blacklist', type='kubernetes_cluster', ids=['*'], locations=['eu*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.CLUSTER)) self.assertEqual(got_violations, data.build_violations(data.CLUSTER))
def test_find_violations_dataset(self): rule = rule_tmpl.format( mode='blacklist', type='dataset', ids=['*'], locations=['eu*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.DATASET)) self.assertEqual(got_violations, data.build_violations(data.DATASET))
def test_find_violations_gce_instance(self): rule = rule_tmpl.format( mode='blacklist', type='instance', ids=['*'], locations=['eu*'], ) rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.GCE_INSTANCE)) self.assertEqual(got_violations, data.build_violations(data.GCE_INSTANCE))
def test_find_violations_project(self): rule = """ rules: - name: Location test rule mode: blacklist resource: - type: 'project' resource_ids: ['p1'] applies_to: ['bucket'] locations: ['eu*'] """ rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))
def test_find_violations_backwards_compatibility(self): rule = """ rules: - name: Location test rule mode: blacklist resource: - type: 'organization' resource_ids: ['234'] applies_to: ['bucket'] locations: ['eu*'] """ rules_engine = get_rules_engine_with_rule(rule) got_violations = list(rules_engine.find_violations(data.BUCKET)) self.assertEqual(got_violations, data.build_violations(data.BUCKET))