def test_semantic_error_policy_scope(self): data = { 'policies': [{ 'actions': [{ 'key': 'AES3000', 'type': 'encryption', 'value': 'This resource should have AES3000 encryption' }], 'description': 'Identify resources which lack our outrageous cipher', 'name': 'bogus-policy', 'resource': 'aws.waf' }] } load_resources(('aws.waf', )) validator = self.policy_loader.validator.gen_schema(('aws.waf', )) errors = list(validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = policy_error_scope(specific_error(errors[0]), data) self.assertTrue("policy:bogus-policy" in error.message)
def test_semantic_error_policy_scope(self): data = { 'policies': [ {'actions': [{'key': 'TagPolicyCompliance', 'type': 'tag', 'value': 'This resource should have tags following policy'}], 'description': 'Identify resources which lack our accounting tags', 'filters': [{'tag:Environment': 'absent'}, {'tag:Service': 'absent'}, {'or': [{'tag:Owner': 'absent'}, {'tag:ResponsibleParty': 'absent'}, {'tag:Contact': 'absent'}, {'tag:Creator': 'absent'}]}], 'name': 'tagging-compliance-waf', 'resource': 'aws.waf'}]} errors = list(self.validator.iter_errors(data)) self.assertEqual(len(errors), 1) error = policy_error_scope(specific_error(errors[0]), data) self.assertTrue("policy:tagging-compliance-waf" in error.message)
def _validate(self, policy_data): errors = list(self.validator.iter_errors(policy_data)) if not errors: return schema.check_unique(policy_data) or [] try: resp = schema.policy_error_scope(schema.specific_error(errors[0]), policy_data) name = isinstance(errors[0].instance, dict) and errors[0].instance.get( 'name', 'unknown') or 'unknown' return [resp, name] except Exception: logging.exception( "schema-validator: specific_error failed, traceback, followed by fallback" ) return list( filter(None, [ errors[0], schema.best_match(self.validator.iter_errors(policy_data)), ]))