How to use the c7n.exceptions.PolicyValidationError function in c7n

To help you get started, we’ve selected a few c7n examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github cloud-custodian / cloud-custodian / tools / c7n_azure / tests_azure / test_policy_mode.py View on Github external
def test_azure_function_event_mode_incorrect_event_type(self):
        with self.sign_out_patch():
            with self.assertRaises(PolicyValidationError):
                self.load_policy({
                    'name': 'test-azure-serverless-mode',
                    'resource': 'azure.vm',
                    'mode': {
                        'type': FUNCTION_EVENT_TRIGGER_MODE,
                        'events': [
                            'CosmosDbWrite',
                        ]
                    }
                }, validate=True)
github cloud-custodian / cloud-custodian / tests / test_elb.py View on Github external
def test_filter_validation_no_blacklist(self):
        self.assertRaises(
            PolicyValidationError,
            self.load_policy,
            {
                "name": "test-ssl-ciphers",
                "resource": "elb",
                "filters": [{"type": "ssl-policy"}],
            },
            session_factory=None,
            validate=False,
        )
github cloud-custodian / cloud-custodian / tests / test_schema.py View on Github external
def test_extra_keys(self):
        p = StructureParser()
        with self.assertRaises(PolicyValidationError) as ecm:
            p.validate({'accounts': []})
        self.assertTrue(str(ecm.exception).startswith('Policy files top level keys'))
github cloud-custodian / cloud-custodian / tests / test_actions.py View on Github external
def test_error_unregistered_action_type(self):
        self.assertRaises(
            PolicyValidationError, ActionRegistry("test.actions").factory, "foo", None
        )
github cloud-custodian / cloud-custodian / c7n / resources / vpc.py View on Github external
def validate(self):
        if not any([self.data.get(k) for k in self.option_keys]):
            raise PolicyValidationError("one of %s required" % (self.option_keys,))
        return self
github cloud-custodian / cloud-custodian / tools / c7n_kube / c7n_kube / query.py View on Github external
def validate(self):
        required_keys = set(['group', 'version', 'plural'])
        if 'query' not in self.data:
            raise PolicyValidationError(
                "Custom resources require query in policy with only " +
                "group, version, and plural attributes")
        if set(list(self.data.get('query', [])[0].keys())) != required_keys:
            raise PolicyValidationError(
                "Custom resources require query in policy with only " +
                "group, version, and plural attributes")
        return self
github cloud-custodian / cloud-custodian / c7n / resources / ecr.py View on Github external
def validate(self):
        if self.data.get('state') is False and 'rules' in self.data:
            raise PolicyValidationError(
                "set-lifecycle can't use statements and state: false")
        elif self.data.get('state', True) and not self.data.get('rules'):
            raise PolicyValidationError(
                "set-lifecycle requires rules with state: true")
        for r in self.data.get('rules', []):
            lifecycle_rule_validate(self.manager.ctx.policy, r)
        return self
github cloud-custodian / cloud-custodian / c7n / actions.py View on Github external
def validate(self):
        if self.data.get('transport', {}).get('type') == 'sns' and \
                self.data.get('transport').get('attributes') and \
                'mtype' in self.data.get('transport').get('attributes').keys():
                    raise PolicyValidationError(
                        "attribute: mtype is a reserved attribute for sns transport")
        return self
github cloud-custodian / cloud-custodian / c7n / filters / core.py View on Github external
"""Specific validation for `value_regex` type

        The `value_regex` type works a little differently.  In
        particular it doesn't support OPERATORS that perform
        operations on a list of values, specifically 'intersect',
        'contains', 'difference', 'in' and 'not-in'
        """
        # Sanity check that we can compile
        try:
            pattern = re.compile(self.data['value_regex'])
            if pattern.groups != 1:
                raise PolicyValidationError(
                    "value_regex must have a single capturing group: %s" %
                    self.data)
        except re.error as e:
            raise PolicyValidationError(
                "Invalid value_regex: %s %s" % (e, self.data))
        return self
github cloud-custodian / cloud-custodian / tools / c7n_kube / c7n_kube / actions / core.py View on Github external
def validate(self):
        if not self.manager.get_model().delete:
            raise PolicyValidationError('delete attribute not defined for resource')
        return self