def test_policy_region_expand_global(self):
original = policy.PolicyCollection.from_data(
{
"policies": [
{
"name": "foo",
"resource": "s3"
},
{
"name": "iam",
"resource": "iam-user"
},
]
},
Config.empty(regions=["us-east-1", "us-west-2"]),
)
collection = AWS().initialize_policies(original,
Config.empty(regions=["all"]))
self.assertEqual(len(collection.resource_types), 2)
s3_regions = [
p.options.region for p in collection if p.resource_type == "s3"
]
self.assertTrue("us-east-1" in s3_regions)
self.assertTrue("us-east-2" in s3_regions)
iam = [p for p in collection if p.resource_type == "iam-user"]
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, "us-east-1")
collection = AWS().initialize_policies(
original, Config.empty(regions=["eu-west-1", "eu-west-2"]))
iam = [p for p in collection if p.resource_type == "iam-user"]
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, "eu-west-1")
self.assertEqual(len(collection), 3)
def test_policy_region_expand_global(self):
original = policy.PolicyCollection.from_data(
{
'policies': [{
'name': 'foo',
'resource': 's3'
}, {
'name': 'iam',
'resource': 'iam-user'
}]
}, Config.empty(regions=['us-east-1', 'us-west-2']))
collection = AWS().initialize_policies(original,
Config.empty(regions=['all']))
self.assertEqual(len(collection.resource_types), 2)
s3_regions = [
p.options.region for p in collection if p.resource_type == 's3'
]
self.assertTrue('us-east-1' in s3_regions)
self.assertTrue('us-east-2' in s3_regions)
iam = [p for p in collection if p.resource_type == 'iam-user']
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, 'us-east-1')
collection = AWS().initialize_policies(
original, Config.empty(regions=['eu-west-1', 'eu-west-2']))
iam = [p for p in collection if p.resource_type == 'iam-user']
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, 'eu-west-1')
self.assertEqual(len(collection), 3)
def test_policy_region_expand_global(self):
factory = self.replay_flight_data('test_aws_policy_global_expand')
self.patch(aws, '_profile_session', factory())
original = self.policy_loader.load_data(
{"policies": [
{"name": "foo", "resource": "s3"},
{"name": "iam", "resource": "iam-user"}]},
'memory://',
config=Config.empty(regions=["us-east-1", "us-west-2"]),
)
collection = AWS().initialize_policies(original, Config.empty(regions=["all"]))
self.assertEqual(len(collection.resource_types), 2)
s3_regions = [p.options.region for p in collection if p.resource_type == "s3"]
self.assertTrue("us-east-1" in s3_regions)
self.assertTrue("us-east-2" in s3_regions)
iam = [p for p in collection if p.resource_type == "iam-user"]
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, "us-east-1")
collection = AWS().initialize_policies(
original, Config.empty(regions=["eu-west-1", "eu-west-2"])
)
iam = [p for p in collection if p.resource_type == "iam-user"]
self.assertEqual(len(iam), 1)
self.assertEqual(iam[0].options.region, "eu-west-1")
self.assertEqual(len(collection), 3)
def main():
parser = setup_parser()
options = parser.parse_args()
log_level = logging.INFO
if options.verbose:
log_level = logging.DEBUG
logging.basicConfig(
level=log_level,
format="%(asctime)s: %(name)s:%(levelname)s %(message)s")
logging.getLogger('botocore').setLevel(logging.ERROR)
logging.getLogger('c7n.cache').setLevel(logging.WARNING)
if not options.regions:
options.regions = [os.environ.get('AWS_DEFAULT_REGION', 'us-east-1')]
files = []
files.extend(itertools.chain(*options.config_files))
files.extend(options.configs)
options.config_files = files
if not files:
parser.print_help()
sys.exit(1)
policy_config = Config.empty(regions=options.regions,
profile=options.profile,
assume_role=options.assume_role)
# use cloud provider to initialize policies to get region expansion
policies = AWS().initialize_policies(load_policies(options, policy_config),
policy_config)
resources_gc_prefix(options, policy_config, policies)
def test_policy_account_expand(self):
original = policy.PolicyCollection.from_data(
{"policies": [{"name": "foo", "resource": "account"}]},
Config.empty(regions=["us-east-1", "us-west-2"]),
)
collection = AWS().initialize_policies(original, Config.empty(regions=["all"]))
self.assertEqual(len(collection), 1)
def test_expand_partitions(self):
cfg = Config.empty(regions=["us-gov-west-1", "cn-north-1", "us-west-2"])
original = policy.PolicyCollection.from_data(
{"policies": [{"name": "foo", "resource": "ec2"}]}, cfg
)
collection = AWS().initialize_policies(original, cfg)
self.assertEqual(
sorted([p.options.region for p in collection]),
["cn-north-1", "us-gov-west-1", "us-west-2"],
)
def test_policy_account_expand(self):
original = policy.PolicyCollection.from_data(
{'policies': [{
'name': 'foo',
'resource': 'account'
}]}, Config.empty(regions=['us-east-1', 'us-west-2']))
collection = AWS().initialize_policies(original,
Config.empty(regions=['all']))
self.assertEqual(len(collection), 1)
def test_expand_partitions(self):
cfg = Config.empty(
regions=['us-gov-west-1', 'cn-north-1', 'us-west-2'])
original = policy.PolicyCollection.from_data(
{'policies': [{
'name': 'foo',
'resource': 'ec2'
}]}, cfg)
collection = AWS().initialize_policies(original, cfg)
self.assertEqual(sorted([p.options.region for p in collection]),
['cn-north-1', 'us-gov-west-1', 'us-west-2'])
def test_policy_account_expand(self):
factory = self.replay_flight_data('test_aws_policy_region_expand')
self.patch(aws, '_profile_session', factory())
original = policy.PolicyCollection.from_data(
{"policies": [{
"name": "foo",
"resource": "account"
}]},
Config.empty(regions=["us-east-1", "us-west-2"]),
)
collection = AWS().initialize_policies(original,
Config.empty(regions=["all"]))
self.assertEqual(len(collection), 1)
def test_policy_expand_group_region(self):
cfg = Config.empty(regions=["us-east-1", "us-east-2", "us-west-2"])
original = policy.PolicyCollection.from_data(
{"policies": [
{"name": "bar", "resource": "lambda"},
{"name": "middle", "resource": "security-group"},
{"name": "foo", "resource": "ec2"}]},
cfg)
collection = AWS().initialize_policies(original, cfg)
self.assertEqual(
[(p.name, p.options.region) for p in collection],
[('bar', 'us-east-1'),
('middle', 'us-east-1'),
('foo', 'us-east-1'),
('bar', 'us-east-2'),
('middle', 'us-east-2'),
('foo', 'us-east-2'),
('bar', 'us-west-2'),
('middle', 'us-west-2'),
('foo', 'us-west-2')])
