Пример #1
0
 def test_semantic_error_policy_scope(self):
     data = {
         'policies': [{
             'actions': [{
                 'key':
                 'AES3000',
                 'type':
                 'encryption',
                 'value':
                 'This resource should have AES3000 encryption'
             }],
             'description':
             'Identify resources which lack our outrageous cipher',
             'name':
             'bogus-policy',
             'resource':
             'aws.waf'
         }]
     }
     load_resources(('aws.waf', ))
     validator = self.policy_loader.validator.gen_schema(('aws.waf', ))
     errors = list(validator.iter_errors(data))
     self.assertEqual(len(errors), 1)
     error = policy_error_scope(specific_error(errors[0]), data)
     self.assertTrue("policy:bogus-policy" in error.message)
Пример #2
0
    def test_semantic_error_policy_scope(self):

        data = {
            'policies': [
                {'actions': [{'key': 'TagPolicyCompliance',
                              'type': 'tag',
                              'value': 'This resource should have tags following policy'}],
                 'description': 'Identify resources which lack our accounting tags',
                 'filters': [{'tag:Environment': 'absent'},
                             {'tag:Service': 'absent'},
                             {'or': [{'tag:Owner': 'absent'},
                                     {'tag:ResponsibleParty': 'absent'},
                                     {'tag:Contact': 'absent'},
                                     {'tag:Creator': 'absent'}]}],
                 'name': 'tagging-compliance-waf',
                 'resource': 'aws.waf'}]}

        errors = list(self.validator.iter_errors(data))
        self.assertEqual(len(errors), 1)
        error = policy_error_scope(specific_error(errors[0]), data)
        self.assertTrue("policy:tagging-compliance-waf" in error.message)
Пример #3
0
    def _validate(self, policy_data):
        errors = list(self.validator.iter_errors(policy_data))
        if not errors:
            return schema.check_unique(policy_data) or []
        try:
            resp = schema.policy_error_scope(schema.specific_error(errors[0]),
                                             policy_data)
            name = isinstance(errors[0].instance,
                              dict) and errors[0].instance.get(
                                  'name', 'unknown') or 'unknown'
            return [resp, name]
        except Exception:
            logging.exception(
                "schema-validator: specific_error failed, traceback, followed by fallback"
            )

        return list(
            filter(None, [
                errors[0],
                schema.best_match(self.validator.iter_errors(policy_data)),
            ]))
Пример #4
0
    def test_semantic_error_policy_scope(self):

        data = {
            'policies': [
                {'actions': [{'key': 'TagPolicyCompliance',
                              'type': 'tag',
                              'value': 'This resource should have tags following policy'}],
                 'description': 'Identify resources which lack our accounting tags',
                 'filters': [{'tag:Environment': 'absent'},
                             {'tag:Service': 'absent'},
                             {'or': [{'tag:Owner': 'absent'},
                                     {'tag:ResponsibleParty': 'absent'},
                                     {'tag:Contact': 'absent'},
                                     {'tag:Creator': 'absent'}]}],
                 'name': 'tagging-compliance-waf',
                 'resource': 'aws.waf'}]}

        errors = list(self.validator.iter_errors(data))
        self.assertEqual(len(errors), 1)
        error = policy_error_scope(specific_error(errors[0]), data)
        self.assertTrue("policy:tagging-compliance-waf" in error.message)