Created
October 29, 2019 12:33
-
-
Save kapilt/0fe1116df1cec10921d23559de5cae7d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # pip install c7n | |
| # pip install fastjsonschema | |
| import time | |
| import yaml | |
| from c7n.resources import load_resources | |
| from c7n.schema import specific_error, generate | |
| import fastjsonschema | |
| from jsonschema import Draft7Validator as Validator | |
| policy_data = """ | |
| policies: | |
| - name: team-tag-ebs-snapshot-audit | |
| resource: ebs-snapshot | |
| description: | | |
| Cloud Custodian EBS Snapshot Team Tag Audit | |
| comments: | | |
| Copy EBS volume tag with key "Team" to EBS snapshots | |
| filters: | |
| - or: | |
| - "tag:Team": empty | |
| - "tag:Team": absent | |
| actions: | |
| - type: copy-related-tag | |
| resource: ebs | |
| skip_missing: True | |
| key: VolumeId | |
| tags: 'Team' | |
| """ | |
| def error_demo(): | |
| load_resources() | |
| t = time.time() | |
| schema = generate() | |
| validator = fastjsonschema.compile(schema) | |
| print("Generated/Loaded Schema {:0.2f}s".format(time.time()-t)) | |
| data = yaml.safe_load(policy_data) | |
| print("FastJsonSchema") | |
| t = time.time() | |
| try: | |
| validator(data) | |
| except Exception as e: | |
| print("Validated in time:{:0.2f}s".format(time.time()-t)) | |
| print("Default Error") | |
| print(e) | |
| validator = Validator(schema) | |
| print() | |
| print("JsonSchema") | |
| t = time.time() | |
| errors = list(validator.iter_errors(data)) | |
| print("Validated in time:{:0.2f}s".format(time.time()-t)) | |
| print("Default Error") | |
| for e in errors: | |
| print(e) | |
| print() | |
| print("Semantic Error") | |
| print(specific_error(errors[0])) | |
| if __name__ == '__main__': | |
| error_demo() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Generated/Loaded Schema 1.20s | |
| FastJsonSchema | |
| Validated in time:0.00s | |
| Default Error | |
| data.policies[0] must be valid by one of anyOf definition | |
| JsonSchema | |
| Validated in time:0.47s | |
| Default Error | |
| {'name': 'team-tag-ebs-snapshot-audit', 'resource': 'ebs-snapshot', 'description': 'Cloud Custodian EBS Snapshot Team Tag Audit\n', 'comments': 'Copy EBS volume tag with key "Team" to EBS snapshots\n', 'filters': [{'or': [{'tag:Team': 'empty'}, {'tag:Team': 'absent'}]}], 'actions': [{'type': 'copy-related-tag', 'resource': 'ebs', 'skip_missing': True, 'key': 'VolumeId', 'tags': 'Team'}]} is not valid under any of the given schemas | |
| Failed validating 'anyOf' in schema['properties']['policies']['items']: | |
| {'anyOf': [{'$ref': '#/definitions/resources/aws.iam-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iam-role/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iam-user/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iam-policy/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iam-profile/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iam-certificate/policy'}, | |
| {'$ref': '#/definitions/resources/aws.account/policy'}, | |
| {'$ref': '#/definitions/resources/aws.acm-certificate/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ami/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rest-account/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rest-api/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rest-stage/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rest-resource/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rest-vpclink/policy'}, | |
| {'$ref': '#/definitions/resources/aws.shield-protection/policy'}, | |
| {'$ref': '#/definitions/resources/aws.shield-attack/policy'}, | |
| {'$ref': '#/definitions/resources/aws.app-elb/policy'}, | |
| {'$ref': '#/definitions/resources/aws.app-elb-target-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ec2/policy'}, | |
| {'$ref': '#/definitions/resources/aws.launch-template-version/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ec2-reserved/policy'}, | |
| {'$ref': '#/definitions/resources/aws.asg/policy'}, | |
| {'$ref': '#/definitions/resources/aws.launch-config/policy'}, | |
| {'$ref': '#/definitions/resources/aws.lambda/policy'}, | |
| {'$ref': '#/definitions/resources/aws.lambda-layer/policy'}, | |
| {'$ref': '#/definitions/resources/aws.backup-plan/policy'}, | |
| {'$ref': '#/definitions/resources/aws.batch-compute/policy'}, | |
| {'$ref': '#/definitions/resources/aws.batch-definition/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cfn/policy'}, | |
| {'$ref': '#/definitions/resources/aws.distribution/policy'}, | |
| {'$ref': '#/definitions/resources/aws.streaming-distribution/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cloudsearch/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cloudtrail/policy'}, | |
| {'$ref': '#/definitions/resources/aws.codecommit/policy'}, | |
| {'$ref': '#/definitions/resources/aws.codebuild/policy'}, | |
| {'$ref': '#/definitions/resources/aws.codepipeline/policy'}, | |
| {'$ref': '#/definitions/resources/aws.identity-pool/policy'}, | |
| {'$ref': '#/definitions/resources/aws.user-pool/policy'}, | |
| {'$ref': '#/definitions/resources/aws.config-recorder/policy'}, | |
| {'$ref': '#/definitions/resources/aws.config-rule/policy'}, | |
| {'$ref': '#/definitions/resources/aws.alarm/policy'}, | |
| {'$ref': '#/definitions/resources/aws.event-rule/policy'}, | |
| {'$ref': '#/definitions/resources/aws.event-rule-target/policy'}, | |
| {'$ref': '#/definitions/resources/aws.log-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.directory/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cloud-directory/policy'}, | |
| {'$ref': '#/definitions/resources/aws.directconnect/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dlm-policy/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dms-instance/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dms-endpoint/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dynamodb-table/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dynamodb-backup/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dynamodb-stream/policy'}, | |
| {'$ref': '#/definitions/resources/aws.dax/policy'}, | |
| {'$ref': '#/definitions/resources/aws.datapipeline/policy'}, | |
| {'$ref': '#/definitions/resources/aws.kms/policy'}, | |
| {'$ref': '#/definitions/resources/aws.kms-key/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ebs-snapshot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ebs/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecr/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecs/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecs-service/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecs-task/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecs-task-definition/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ecs-container-instance/policy'}, | |
| {'$ref': '#/definitions/resources/aws.efs/policy'}, | |
| {'$ref': '#/definitions/resources/aws.efs-mount-target/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cache-cluster/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cache-subnet-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cache-snapshot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.elasticbeanstalk/policy'}, | |
| {'$ref': '#/definitions/resources/aws.elasticbeanstalk-environment/policy'}, | |
| {'$ref': '#/definitions/resources/aws.elasticsearch/policy'}, | |
| {'$ref': '#/definitions/resources/aws.elb/policy'}, | |
| {'$ref': '#/definitions/resources/aws.eks/policy'}, | |
| {'$ref': '#/definitions/resources/aws.emr/policy'}, | |
| {'$ref': '#/definitions/resources/aws.gamelift-build/policy'}, | |
| {'$ref': '#/definitions/resources/aws.gamelift-fleet/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glacier/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-connection/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-dev-endpoint/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-job/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-crawler/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-database/policy'}, | |
| {'$ref': '#/definitions/resources/aws.glue-table/policy'}, | |
| {'$ref': '#/definitions/resources/aws.health-event/policy'}, | |
| {'$ref': '#/definitions/resources/aws.cloudhsm-cluster/policy'}, | |
| {'$ref': '#/definitions/resources/aws.hsm/policy'}, | |
| {'$ref': '#/definitions/resources/aws.hsm-hapg/policy'}, | |
| {'$ref': '#/definitions/resources/aws.hsm-client/policy'}, | |
| {'$ref': '#/definitions/resources/aws.iot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.kafka/policy'}, | |
| {'$ref': '#/definitions/resources/aws.kinesis/policy'}, | |
| {'$ref': '#/definitions/resources/aws.firehose/policy'}, | |
| {'$ref': '#/definitions/resources/aws.kinesis-analytics/policy'}, | |
| {'$ref': '#/definitions/resources/aws.lightsail-instance/policy'}, | |
| {'$ref': '#/definitions/resources/aws.lightsail-db/policy'}, | |
| {'$ref': '#/definitions/resources/aws.lightsail-elb/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ml-model/policy'}, | |
| {'$ref': '#/definitions/resources/aws.message-broker/policy'}, | |
| {'$ref': '#/definitions/resources/aws.opswork-stack/policy'}, | |
| {'$ref': '#/definitions/resources/aws.opswork-cm/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-subscription/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-snapshot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-subnet-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-reserved/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-param-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-cluster-param-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-cluster/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rds-cluster-snapshot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.redshift/policy'}, | |
| {'$ref': '#/definitions/resources/aws.redshift-subnet-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.redshift-snapshot/policy'}, | |
| {'$ref': '#/definitions/resources/aws.hostedzone/policy'}, | |
| {'$ref': '#/definitions/resources/aws.healthcheck/policy'}, | |
| {'$ref': '#/definitions/resources/aws.rrset/policy'}, | |
| {'$ref': '#/definitions/resources/aws.r53domain/policy'}, | |
| {'$ref': '#/definitions/resources/aws.s3/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-notebook/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-job/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-transform-job/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-endpoint/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-endpoint-config/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sagemaker-model/policy'}, | |
| {'$ref': '#/definitions/resources/aws.secrets-manager/policy'}, | |
| {'$ref': '#/definitions/resources/aws.step-machine/policy'}, | |
| {'$ref': '#/definitions/resources/aws.simpledb/policy'}, | |
| {'$ref': '#/definitions/resources/aws.snowball-cluster/policy'}, | |
| {'$ref': '#/definitions/resources/aws.snowball/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sns/policy'}, | |
| {'$ref': '#/definitions/resources/aws.storage-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.sqs/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ssm-parameter/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ssm-managed-instance/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ssm-activation/policy'}, | |
| {'$ref': '#/definitions/resources/aws.ops-item/policy'}, | |
| {'$ref': '#/definitions/resources/aws.support-case/policy'}, | |
| {'$ref': '#/definitions/resources/aws.vpc/policy'}, | |
| {'$ref': '#/definitions/resources/aws.subnet/policy'}, | |
| {'$ref': '#/definitions/resources/aws.security-group/policy'}, | |
| {'$ref': '#/definitions/resources/aws.eni/policy'}, | |
| {'$ref': '#/definitions/resources/aws.route-table/policy'}, | |
| {'$ref': '#/definitions/resources/aws.transit-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.transit-attachment/policy'}, | |
| {'$ref': '#/definitions/resources/aws.peering-connection/policy'}, | |
| {'$ref': '#/definitions/resources/aws.network-acl/policy'}, | |
| {'$ref': '#/definitions/resources/aws.network-addr/policy'}, | |
| {'$ref': '#/definitions/resources/aws.customer-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.internet-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.nat-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.vpn-connection/policy'}, | |
| {'$ref': '#/definitions/resources/aws.vpn-gateway/policy'}, | |
| {'$ref': '#/definitions/resources/aws.vpc-endpoint/policy'}, | |
| {'$ref': '#/definitions/resources/aws.key-pair/policy'}, | |
| {'$ref': '#/definitions/resources/aws.waf/policy'}, | |
| {'$ref': '#/definitions/resources/aws.waf-regional/policy'}, | |
| {'$ref': '#/definitions/resources/aws.fsx/policy'}, | |
| {'$ref': '#/definitions/resources/aws.fsx-backup/policy'}, | |
| {'$ref': '#/definitions/resources/aws.workspaces/policy'}]} | |
| On instance['policies'][0]: | |
| {'actions': [{'key': 'VolumeId', | |
| 'resource': 'ebs', | |
| 'skip_missing': True, | |
| 'tags': 'Team', | |
| 'type': 'copy-related-tag'}], | |
| 'comments': 'Copy EBS volume tag with key "Team" to EBS snapshots\n', | |
| 'description': 'Cloud Custodian EBS Snapshot Team Tag Audit\n', | |
| 'filters': [{'or': [{'tag:Team': 'empty'}, {'tag:Team': 'absent'}]}], | |
| 'name': 'team-tag-ebs-snapshot-audit', | |
| 'resource': 'ebs-snapshot'} | |
| Semantic Error | |
| 'Team' is not valid under any of the given schemas | |
| Failed validating 'oneOf' in schema[2]['properties']['tags']: | |
| {'oneOf': [{'enum': ['*']}, {'type': 'array'}]} | |
| On instance['tags']: | |
| 'Team' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment