def test_policy_region_expand_global(self): original = policy.PolicyCollection.from_data( { "policies": [ { "name": "foo", "resource": "s3" }, { "name": "iam", "resource": "iam-user" }, ] }, Config.empty(regions=["us-east-1", "us-west-2"]), ) collection = AWS().initialize_policies(original, Config.empty(regions=["all"])) self.assertEqual(len(collection.resource_types), 2) s3_regions = [ p.options.region for p in collection if p.resource_type == "s3" ] self.assertTrue("us-east-1" in s3_regions) self.assertTrue("us-east-2" in s3_regions) iam = [p for p in collection if p.resource_type == "iam-user"] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, "us-east-1") collection = AWS().initialize_policies( original, Config.empty(regions=["eu-west-1", "eu-west-2"])) iam = [p for p in collection if p.resource_type == "iam-user"] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, "eu-west-1") self.assertEqual(len(collection), 3)
def test_policy_region_expand_global(self): original = policy.PolicyCollection.from_data( { 'policies': [{ 'name': 'foo', 'resource': 's3' }, { 'name': 'iam', 'resource': 'iam-user' }] }, Config.empty(regions=['us-east-1', 'us-west-2'])) collection = AWS().initialize_policies(original, Config.empty(regions=['all'])) self.assertEqual(len(collection.resource_types), 2) s3_regions = [ p.options.region for p in collection if p.resource_type == 's3' ] self.assertTrue('us-east-1' in s3_regions) self.assertTrue('us-east-2' in s3_regions) iam = [p for p in collection if p.resource_type == 'iam-user'] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, 'us-east-1') collection = AWS().initialize_policies( original, Config.empty(regions=['eu-west-1', 'eu-west-2'])) iam = [p for p in collection if p.resource_type == 'iam-user'] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, 'eu-west-1') self.assertEqual(len(collection), 3)
def test_policy_region_expand_global(self): factory = self.replay_flight_data('test_aws_policy_global_expand') self.patch(aws, '_profile_session', factory()) original = self.policy_loader.load_data( {"policies": [ {"name": "foo", "resource": "s3"}, {"name": "iam", "resource": "iam-user"}]}, 'memory://', config=Config.empty(regions=["us-east-1", "us-west-2"]), ) collection = AWS().initialize_policies(original, Config.empty(regions=["all"])) self.assertEqual(len(collection.resource_types), 2) s3_regions = [p.options.region for p in collection if p.resource_type == "s3"] self.assertTrue("us-east-1" in s3_regions) self.assertTrue("us-east-2" in s3_regions) iam = [p for p in collection if p.resource_type == "iam-user"] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, "us-east-1") collection = AWS().initialize_policies( original, Config.empty(regions=["eu-west-1", "eu-west-2"]) ) iam = [p for p in collection if p.resource_type == "iam-user"] self.assertEqual(len(iam), 1) self.assertEqual(iam[0].options.region, "eu-west-1") self.assertEqual(len(collection), 3)
def main(): parser = setup_parser() options = parser.parse_args() log_level = logging.INFO if options.verbose: log_level = logging.DEBUG logging.basicConfig( level=log_level, format="%(asctime)s: %(name)s:%(levelname)s %(message)s") logging.getLogger('botocore').setLevel(logging.ERROR) logging.getLogger('c7n.cache').setLevel(logging.WARNING) if not options.regions: options.regions = [os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')] files = [] files.extend(itertools.chain(*options.config_files)) files.extend(options.configs) options.config_files = files if not files: parser.print_help() sys.exit(1) policy_config = Config.empty(regions=options.regions, profile=options.profile, assume_role=options.assume_role) # use cloud provider to initialize policies to get region expansion policies = AWS().initialize_policies(load_policies(options, policy_config), policy_config) resources_gc_prefix(options, policy_config, policies)
def test_policy_account_expand(self): original = policy.PolicyCollection.from_data( {"policies": [{"name": "foo", "resource": "account"}]}, Config.empty(regions=["us-east-1", "us-west-2"]), ) collection = AWS().initialize_policies(original, Config.empty(regions=["all"])) self.assertEqual(len(collection), 1)
def test_expand_partitions(self): cfg = Config.empty(regions=["us-gov-west-1", "cn-north-1", "us-west-2"]) original = policy.PolicyCollection.from_data( {"policies": [{"name": "foo", "resource": "ec2"}]}, cfg ) collection = AWS().initialize_policies(original, cfg) self.assertEqual( sorted([p.options.region for p in collection]), ["cn-north-1", "us-gov-west-1", "us-west-2"], )
def test_policy_account_expand(self): original = policy.PolicyCollection.from_data( {'policies': [{ 'name': 'foo', 'resource': 'account' }]}, Config.empty(regions=['us-east-1', 'us-west-2'])) collection = AWS().initialize_policies(original, Config.empty(regions=['all'])) self.assertEqual(len(collection), 1)
def test_expand_partitions(self): cfg = Config.empty( regions=['us-gov-west-1', 'cn-north-1', 'us-west-2']) original = policy.PolicyCollection.from_data( {'policies': [{ 'name': 'foo', 'resource': 'ec2' }]}, cfg) collection = AWS().initialize_policies(original, cfg) self.assertEqual(sorted([p.options.region for p in collection]), ['cn-north-1', 'us-gov-west-1', 'us-west-2'])
def test_policy_account_expand(self): factory = self.replay_flight_data('test_aws_policy_region_expand') self.patch(aws, '_profile_session', factory()) original = policy.PolicyCollection.from_data( {"policies": [{ "name": "foo", "resource": "account" }]}, Config.empty(regions=["us-east-1", "us-west-2"]), ) collection = AWS().initialize_policies(original, Config.empty(regions=["all"])) self.assertEqual(len(collection), 1)
def test_policy_expand_group_region(self): cfg = Config.empty(regions=["us-east-1", "us-east-2", "us-west-2"]) original = policy.PolicyCollection.from_data( {"policies": [ {"name": "bar", "resource": "lambda"}, {"name": "middle", "resource": "security-group"}, {"name": "foo", "resource": "ec2"}]}, cfg) collection = AWS().initialize_policies(original, cfg) self.assertEqual( [(p.name, p.options.region) for p in collection], [('bar', 'us-east-1'), ('middle', 'us-east-1'), ('foo', 'us-east-1'), ('bar', 'us-east-2'), ('middle', 'us-east-2'), ('foo', 'us-east-2'), ('bar', 'us-west-2'), ('middle', 'us-west-2'), ('foo', 'us-west-2')])