Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_azure_function_event_mode_incorrect_event_type(self):
with self.sign_out_patch():
with self.assertRaises(PolicyValidationError):
self.load_policy({
'name': 'test-azure-serverless-mode',
'resource': 'azure.vm',
'mode': {
'type': FUNCTION_EVENT_TRIGGER_MODE,
'events': [
'CosmosDbWrite',
]
}
}, validate=True)
def test_filter_validation_no_blacklist(self):
self.assertRaises(
PolicyValidationError,
self.load_policy,
{
"name": "test-ssl-ciphers",
"resource": "elb",
"filters": [{"type": "ssl-policy"}],
},
session_factory=None,
validate=False,
)
def test_extra_keys(self):
p = StructureParser()
with self.assertRaises(PolicyValidationError) as ecm:
p.validate({'accounts': []})
self.assertTrue(str(ecm.exception).startswith('Policy files top level keys'))
def test_error_unregistered_action_type(self):
self.assertRaises(
PolicyValidationError, ActionRegistry("test.actions").factory, "foo", None
)
def validate(self):
if not any([self.data.get(k) for k in self.option_keys]):
raise PolicyValidationError("one of %s required" % (self.option_keys,))
return self
def validate(self):
required_keys = set(['group', 'version', 'plural'])
if 'query' not in self.data:
raise PolicyValidationError(
"Custom resources require query in policy with only " +
"group, version, and plural attributes")
if set(list(self.data.get('query', [])[0].keys())) != required_keys:
raise PolicyValidationError(
"Custom resources require query in policy with only " +
"group, version, and plural attributes")
return self
def validate(self):
if self.data.get('state') is False and 'rules' in self.data:
raise PolicyValidationError(
"set-lifecycle can't use statements and state: false")
elif self.data.get('state', True) and not self.data.get('rules'):
raise PolicyValidationError(
"set-lifecycle requires rules with state: true")
for r in self.data.get('rules', []):
lifecycle_rule_validate(self.manager.ctx.policy, r)
return self
def validate(self):
if self.data.get('transport', {}).get('type') == 'sns' and \
self.data.get('transport').get('attributes') and \
'mtype' in self.data.get('transport').get('attributes').keys():
raise PolicyValidationError(
"attribute: mtype is a reserved attribute for sns transport")
return self
"""Specific validation for `value_regex` type
The `value_regex` type works a little differently. In
particular it doesn't support OPERATORS that perform
operations on a list of values, specifically 'intersect',
'contains', 'difference', 'in' and 'not-in'
"""
# Sanity check that we can compile
try:
pattern = re.compile(self.data['value_regex'])
if pattern.groups != 1:
raise PolicyValidationError(
"value_regex must have a single capturing group: %s" %
self.data)
except re.error as e:
raise PolicyValidationError(
"Invalid value_regex: %s %s" % (e, self.data))
return self
def validate(self):
if not self.manager.get_model().delete:
raise PolicyValidationError('delete attribute not defined for resource')
return self