def test_must_not_contain_validator_with_bad_config_returns_expected_violations( ): rule = ['TestTag'] lookup_key = 'tags' config = { 'address': 'test_address', 'values': { 'tags': { 'AnotherTag': 'Boop', 'TestTag': 'Boop' } } } resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_not_contain(rule, resource, lookup_key) assert ('test_address.must_not_contain') in resource.violations assert (len( resource.violations['test_address.must_not_contain']) == len(rule)) for violation, expected_violation in zip( resource.violations['test_address.must_not_contain'], rule): assert ( violation == 'Found tags [{expected_violation}] defined in testresource'.format( expected_violation=expected_violation))
def test_validation_at_resource_level(): """Testing validation at a resource level, e.g. not under attributes key.""" ruleset = {'aws_subnet': {'must_contain': 'tags'}} config = {'address': 'aws_subnet', 'values': {}} resource = AWSResource('aws_subnet', config) resource.validate(ruleset) print(resource.violations)
def test_must_equal_validator_resource_level(): rule = {'TestValue': 'Bleep'} config = {'address': 'test_address', 'values': {'TestValue': 'Bloop'}} resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_equal(rule, resource) assert (resource.violations == { 'test_address.must_equal': ["[TestValue] must equal 'Bleep' but found 'Bloop'"] })
def test_must_not_contain_validator_for_string_in_stringcorrectly_adds_violations( ): rule = 'foo' config = {'address': 'test_address', 'values': {'description': 'foo bar'}} resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_not_contain(rule, resource, 'description') assert (len(resource.violations) == 1) assert (resource.violations == { 'test_address.must_not_contain': ['[description] contains foo in defined in testresource'] })
def test_must_equal_validator_with_str(): rule = 'testvalue' lookup_key = 'test' config = {'address': 'test_address', 'values': {'test': 'foo'}} resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_equal(rule, resource, lookup_key) assert (resource.violations == { 'test_address.must_equal': ["Incorrect value [test] must equal 'testvalue' but found 'foo'"] })
def test_must_not_contain_validator_resource_level_does_nothing(): rule = 'TestTag' config = { 'address': 'test_address', 'values': { 'tags': { 'AnotherTag': 'Boop' } } } resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_not_contain(rule, resource) assert (resource.violations == {})
def test_must_equal_validator_with_correct_config_returns_empty_violations(): rule = {'TestTag': 'Bloop'} lookup_key = 'tags' config = { 'address': 'test_address', 'values': { 'tags': { 'TestTag': 'Bloop' } } } resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_equal(rule, resource, lookup_key) assert (resource.violations == {})
def test_must_not_contain_validator_for_string_in_list_correctly_adds_violations( ): rule = '0.0.0.0/0' config = { 'address': 'test_address', 'values': { 'cidr_blocks': ['10.0.0.0/8', '0.0.0.0/0'] } } resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_not_contain(rule, resource, 'cidr_blocks') assert (len(resource.violations) == 1) assert (resource.violations == { 'test_address.must_not_contain': ['Found cidr_blocks [0.0.0.0/0] defined in testresource'] })
def test_must_contain_validator_null_value(): rule = 'tags' config = {'address': 'aws_s3_bucket', 'values': {'tags': None}} resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource) assert (resource.violations == { 'aws_s3_bucket.must_contain': ['Missing required [tags] attribute from aws_s3_bucket'] })
def test_must_equal_validator_with_dict(): rule = {'TestTag': 'Bleep'} lookup_key = 'tags' config = { 'address': 'test_address', 'values': { 'tags': { 'TestTag': 'Bloop' } } } resource = AWSResource('TestTag', config) resource.resource_type = 'testresource' must_equal(rule, resource, lookup_key) assert (resource.violations == { 'test_address.must_equal': ["Tags [TestTag] must equal 'Bleep' but found 'Bloop'"] })
def test_must_contain_validator_with_attribute_rule_as_null_adds_correct_violation( ): rule = ['tags'] attribute_name = 'tags' config = {'address': 'aws_s3_bucket', 'values': {'tags': None}} resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource, attribute_name) assert (resource.violations == { 'aws_s3_bucket.must_contain': ['Null Tags block and [tags] required defined in aws_s3_bucket'] }) config = {'address': 'aws_s3_bucket', 'values': {}} resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource, attribute_name) assert (resource.violations == { 'aws_s3_bucket.must_contain': ['Missing Tags block and [tags] required defined in aws_s3_bucket'] })
def test_must_contain_validator_with_missing_attributes_rule_adds_correct_violation( ): rule = 'tags' attribute_name = 'tags' config = {'address': 'aws_s3_bucket', 'values': {}} resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource, attribute_name) assert (resource.violations == { 'aws_s3_bucket.must_contain': ['Missing required [tags] attribute from aws_s3_bucket'] })
def test_must_contain_validator_with_correct_config_returns_empty_violations(): rule = {'tags': {'TestTag': 'NA'}} attribute_name = 'tags' config = { 'address': 'aws_s3_bucket', 'values': { 'tags': { 'TestTag': 'NA' } } } resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource, attribute_name) assert (resource.violations == {})
def test_must_contain_validator_with_list_of_rules_adds_all_expected_violations( ): rule = ['foo', 'bar', 'foobar'] attribute_name = 'tags' # Test against a dictionary of values. config = {'address': 'aws_s3_bucket', 'values': {'tags': {'foobar': 3}}} resource = AWSResource('aws_s3_bucket', config) must_contain(rule, resource, attribute_name) expected_violations = [ 'Missing Tags [foo] defined in aws_s3_bucket', 'Missing Tags [bar] defined in aws_s3_bucket' ] key = 'aws_s3_bucket.must_contain' assert key in resource.violations for violation in expected_violations: assert (violation in resource.violations[key])