def test_schema_plugin_name_mismatch(self): for k, v in resources.items(): for fname, f in v.filter_registry.items(): if fname in ("or", "and", "not"): continue self.assertIn(fname, f.schema["properties"]["type"]["enum"]) for aname, a in v.action_registry.items(): self.assertIn(aname, a.schema["properties"]["type"]["enum"])
def test_schema_plugin_name_mismatch(self): for k, v in resources.items(): for fname, f in v.filter_registry.items(): if fname in ('or', 'and', 'not'): continue self.assertIn(fname, f.schema['properties']['type']['enum']) for aname, a in v.action_registry.items(): self.assertIn(aname, a.schema['properties']['type']['enum'])
def test_schema_plugin_name_mismatch(self): for k, v in resources.items(): for fname, f in v.filter_registry.items(): if fname in ('or', 'and', 'not'): continue self.assertIn( fname, f.schema['properties']['type']['enum']) for aname, a in v.action_registry.items(): self.assertIn( aname, a.schema['properties']['type']['enum'])
def get_resource_class(self, resource_id): for rname, rmgr in resources.items(): if rname not in self.supported_resources: continue m = rmgr.get_model() id_prefix = getattr(m, 'id_prefix', None) if id_prefix is None: continue if resource_id.startswith(id_prefix): return rmgr raise UnknownResourceType( "resource:%s not a supported resource type" % resource_id)
def resource_vocabulary(): vocabulary = {} for type_name, resource_type in resources.items(): classes = {'actions': {}, 'filters': {}} actions = [] for action_name, cls in resource_type.action_registry.items(): actions.append(action_name) classes['actions'][action_name] = cls filters = [] for filter_name, cls in resource_type.filter_registry.items(): filters.append(filter_name) classes['filters'][filter_name] = cls vocabulary[type_name] = { 'filters': sorted(filters), 'actions': sorted(actions), 'classes': classes, } return vocabulary
def generate(resource_types=()): resource_defs = {} definitions = { 'resources': resource_defs, 'filters': { 'value': ValueFilter.schema, 'event': EventFilter.schema, 'age': AgeFilter.schema, # Shortcut form of value filter as k=v 'valuekv': { 'type': 'object', 'minProperties': 1, 'maxProperties': 1 }, }, 'policy': { 'type': 'object', 'required': ['name', 'resource'], 'additionalProperties': False, 'properties': { 'name': { 'type': 'string', 'pattern': "^[A-z][A-z0-9]*(-[A-z0-9]+)*$" }, 'region': { 'type': 'string' }, 'resource': { 'type': 'string' }, 'max-resources': { 'type': 'integer' }, 'comment': { 'type': 'string' }, 'comments': { 'type': 'string' }, 'description': { 'type': 'string' }, 'tags': { 'type': 'array', 'items': { 'type': 'string' } }, 'mode': { '$ref': '#/definitions/policy-mode' }, 'source': { 'enum': ['describe', 'config'] }, 'actions': { 'type': 'array', }, 'filters': { 'type': 'array' }, # # unclear if this should be allowed, it kills resource # cache coherency between policies, and we need to # generalize server side query mechanisms, currently # this only for ec2 instance queries. limitations # in json schema inheritance prevent us from doing this # on a type specific basis http://goo.gl/8UyRvQ 'query': { 'type': 'array', 'items': { 'type': 'object', 'minProperties': 1, 'maxProperties': 1 } } }, }, 'policy-mode': { 'type': 'object', 'required': ['type'], 'properties': { 'type': { 'enum': [ 'cloudtrail', 'ec2-instance-state', 'asg-instance-state', 'config-rule', 'periodic' ] }, 'events': { 'type': 'array', 'items': { 'oneOf': [{ 'type': 'string' }, { 'type': 'object', 'required': ['event', 'source', 'ids'], 'properties': { 'source': { 'type': 'string' }, 'ids': { 'type': 'string' }, 'event': { 'type': 'string' } } }] } } }, }, } resource_refs = [] for type_name, resource_type in resources.items(): if resource_types and type_name not in resource_types: continue resource_refs.append( process_resource(type_name, resource_type, resource_defs)) schema = { '$schema': 'http://json-schema.org/schema#', 'id': 'http://schema.cloudcustodian.io/v0/custodian.json', 'definitions': definitions, 'type': 'object', 'required': ['policies'], 'additionalProperties': False, 'properties': { 'vars': { 'type': 'object' }, 'policies': { 'type': 'array', 'additionalItems': False, 'items': { 'anyOf': resource_refs } } } } return schema
def generate(resource_types=()): resource_defs = {} definitions = { 'resources': resource_defs, 'filters': { 'value': ValueFilter.schema, 'event': EventFilter.schema, 'time': TimeFilter.schema, 'age': AgeFilter.schema, # Shortcut form of value filter as k=v 'valuekv': { 'type': 'object', 'minProperties': 1, 'maxProperties': 1}, }, 'policy': { 'type': 'object', 'required': ['name', 'resource'], 'additionalProperties': False, 'properties': { 'name': {'type': 'string'}, 'resource': {'type': 'string'}, 'comment': {'type': 'string'}, 'comments': {'type': 'string'}, 'description': {'type': 'string'}, 'mode': {'$ref': '#/definitions/policy-mode'}, 'actions': { 'type': 'array', }, 'filters': { 'type': 'array' }, # # unclear if this should be allowed, it kills resource # cache coherency between policies, and we need to # generalize server side query mechanisms, currently # this only for ec2 instance queries. limitations # in json schema inheritance prevent us from doing this # on a type specific basis http://goo.gl/8UyRvQ 'query': { 'type': 'array', 'items': { 'type': 'object', 'minProperties': 1, 'maxProperties': 1}} }, }, 'policy-mode': { 'type': 'object', 'required': ['type', 'events'], 'properties': { 'type': { 'enum': [ 'cloudtrail', 'ec2-instance-state', 'asg-instance-state', 'periodic' ]}, 'events': {'type': 'array', 'items': {'type': 'string'}}, 'sources': {'type': 'array', 'items': {'type': 'string'}}, 'ids': {'type': 'string'} }, }, } resource_refs = [] for type_name, resource_type in resources.items(): if resource_types and type_name not in resource_types: continue resource_refs.append( process_resource(type_name, resource_type, resource_defs)) schema = { '$schema': 'http://json-schema.org/schema#', 'id': 'http://schema.cloudcustodian.io/v0/custodian.json', 'definitions': definitions, 'type': 'object', 'required': ['policies'], 'additionalProperties': False, 'properties': { 'policies': { 'type': 'array', 'additionalItems': False, 'items': {'anyOf': resource_refs} } } } return schema