def test_must_not_contain_validator_with_bad_config_returns_expected_violations(
):
rule = ['TestTag']
lookup_key = 'tags'
config = {
'address': 'test_address',
'values': {
'tags': {
'AnotherTag': 'Boop',
'TestTag': 'Boop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_not_contain(rule, resource, lookup_key)
assert ('test_address.must_not_contain') in resource.violations
assert (len(
resource.violations['test_address.must_not_contain']) == len(rule))
for violation, expected_violation in zip(
resource.violations['test_address.must_not_contain'], rule):
assert (
violation ==
'Found tags [{expected_violation}] defined in testresource'.format(
expected_violation=expected_violation))
def test_validation_at_resource_level():
"""Testing validation at a resource level, e.g. not under attributes key."""
ruleset = {'aws_subnet': {'must_contain': 'tags'}}
config = {'address': 'aws_subnet', 'values': {}}
resource = AWSResource('aws_subnet', config)
resource.validate(ruleset)
print(resource.violations)
def test_must_equal_validator_resource_level():
rule = {'TestValue': 'Bleep'}
config = {'address': 'test_address', 'values': {'TestValue': 'Bloop'}}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource)
assert (resource.violations == {
'test_address.must_equal':
["[TestValue] must equal 'Bleep' but found 'Bloop'"]
})
def test_must_not_contain_validator_for_string_in_stringcorrectly_adds_violations(
):
rule = 'foo'
config = {'address': 'test_address', 'values': {'description': 'foo bar'}}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_not_contain(rule, resource, 'description')
assert (len(resource.violations) == 1)
assert (resource.violations == {
'test_address.must_not_contain':
['[description] contains foo in defined in testresource']
})
def test_must_equal_validator_with_str():
rule = 'testvalue'
lookup_key = 'test'
config = {'address': 'test_address', 'values': {'test': 'foo'}}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {
'test_address.must_equal':
["Incorrect value [test] must equal 'testvalue' but found 'foo'"]
})
def test_must_not_contain_validator_resource_level_does_nothing():
rule = 'TestTag'
config = {
'address': 'test_address',
'values': {
'tags': {
'AnotherTag': 'Boop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_not_contain(rule, resource)
assert (resource.violations == {})
def test_must_equal_validator_with_correct_config_returns_empty_violations():
rule = {'TestTag': 'Bloop'}
lookup_key = 'tags'
config = {
'address': 'test_address',
'values': {
'tags': {
'TestTag': 'Bloop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {})
def test_must_not_contain_validator_for_string_in_list_correctly_adds_violations(
):
rule = '0.0.0.0/0'
config = {
'address': 'test_address',
'values': {
'cidr_blocks': ['10.0.0.0/8', '0.0.0.0/0']
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_not_contain(rule, resource, 'cidr_blocks')
assert (len(resource.violations) == 1)
assert (resource.violations == {
'test_address.must_not_contain':
['Found cidr_blocks [0.0.0.0/0] defined in testresource']
})
def test_must_contain_validator_null_value():
rule = 'tags'
config = {'address': 'aws_s3_bucket', 'values': {'tags': None}}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource)
assert (resource.violations == {
'aws_s3_bucket.must_contain':
['Missing required [tags] attribute from aws_s3_bucket']
})
def test_must_equal_validator_with_dict():
rule = {'TestTag': 'Bleep'}
lookup_key = 'tags'
config = {
'address': 'test_address',
'values': {
'tags': {
'TestTag': 'Bloop'
}
}
}
resource = AWSResource('TestTag', config)
resource.resource_type = 'testresource'
must_equal(rule, resource, lookup_key)
assert (resource.violations == {
'test_address.must_equal':
["Tags [TestTag] must equal 'Bleep' but found 'Bloop'"]
})
def test_must_contain_validator_with_attribute_rule_as_null_adds_correct_violation(
):
rule = ['tags']
attribute_name = 'tags'
config = {'address': 'aws_s3_bucket', 'values': {'tags': None}}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource, attribute_name)
assert (resource.violations == {
'aws_s3_bucket.must_contain':
['Null Tags block and [tags] required defined in aws_s3_bucket']
})
config = {'address': 'aws_s3_bucket', 'values': {}}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource, attribute_name)
assert (resource.violations == {
'aws_s3_bucket.must_contain':
['Missing Tags block and [tags] required defined in aws_s3_bucket']
})
def test_must_contain_validator_with_missing_attributes_rule_adds_correct_violation(
):
rule = 'tags'
attribute_name = 'tags'
config = {'address': 'aws_s3_bucket', 'values': {}}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource, attribute_name)
assert (resource.violations == {
'aws_s3_bucket.must_contain':
['Missing required [tags] attribute from aws_s3_bucket']
})
def test_must_contain_validator_with_correct_config_returns_empty_violations():
rule = {'tags': {'TestTag': 'NA'}}
attribute_name = 'tags'
config = {
'address': 'aws_s3_bucket',
'values': {
'tags': {
'TestTag': 'NA'
}
}
}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource, attribute_name)
assert (resource.violations == {})
def test_must_contain_validator_with_list_of_rules_adds_all_expected_violations(
):
rule = ['foo', 'bar', 'foobar']
attribute_name = 'tags'
# Test against a dictionary of values.
config = {'address': 'aws_s3_bucket', 'values': {'tags': {'foobar': 3}}}
resource = AWSResource('aws_s3_bucket', config)
must_contain(rule, resource, attribute_name)
expected_violations = [
'Missing Tags [foo] defined in aws_s3_bucket',
'Missing Tags [bar] defined in aws_s3_bucket'
]
key = 'aws_s3_bucket.must_contain'
assert key in resource.violations
for violation in expected_violations:
assert (violation in resource.violations[key])