Fixes #53 - add policy safety check to ensure function-prefix matches…

… between config and policies
manheim · Jul 29, 2020 · 9e8c914 · 9e8c914
1 parent d0e3675
commit 9e8c914
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -8,6 +8,7 @@ Changelog
 
   * Add ``function_prefix`` option to ``manheim-c7n-tools.yml`` to allow passing this option to mugc. Default it to the current/default ``custodian-``.
   * Have :py:class:`~.runner.MugcStep` use configured ``function_prefix`` instead of hard-coded ``custodian-``.
+  * New policy sanity check :py:meth:`~.PolicyGen._check_policy_function_prefix` - fail if a policy's ``function-prefix`` doesn't match the configured (``manheim-c7n-tools.yml``) ``function_prefix``.
 
 * Switch from deprecated pep8 / pytest-pep8 to pycodestyle / pytest-pycodestyle.
 

diff --git a/manheim_c7n_tools/policygen.py b/manheim_c7n_tools/policygen.py
@@ -329,6 +329,16 @@ def _check_policies(self, policies):
             raise SystemExit(1)
         logger.info('OK: All policies passed sanity/safety checks.')
 
+    def _check_policy_function_prefix(self, policy):
+        """
+        Fail if function-prefix doesn't match between manheim-c7n-tools config
+        and the policy.
+        """
+        fp = policy.get('mode', {}).get('function-prefix', 'custodian-')
+        if fp != self._config.function_prefix:
+            return False
+        return True
+
     def _check_policy_marked_for_op_first(self, policy):
         """
         Policy includes a marked-for-op filter, but it is not the first filter.

diff --git a/manheim_c7n_tools/tests/test_policygen.py b/manheim_c7n_tools/tests/test_policygen.py
@@ -74,6 +74,9 @@ def setup_method(self):
         type(self.m_conf).mailer_config = PropertyMock(
             return_value={'queue_url': 'MailerUrl'}
         )
+        type(self.m_conf).function_prefix = PropertyMock(
+            return_value='custodian-'
+        )
         type(self.m_conf).account_name = PropertyMock(return_value='myAccount')
         type(self.m_conf).account_id = PropertyMock(return_value='1234567890')
         self.m_conf.list_accounts.return_value = ['myAccount', 'otherAccount']
@@ -1905,6 +1908,66 @@ def se_strip_doc(func):
         ]
 
 
+class TestCheckPolicyFunctionPrefix(PolicyGenTester):
+
+    def test_success_no_prefix(self):
+        policy = {
+            'name': 'foo',
+            'mode': {
+                'type': 'periodic'
+            }
+        }
+        assert self.cls._check_policy_function_prefix(policy) is True
+
+    def test_success_default_prefix(self):
+        policy = {
+            'name': 'foo',
+            'mode': {
+                'type': 'periodic',
+                'function-prefix': 'custodian-'
+            }
+        }
+        assert self.cls._check_policy_function_prefix(policy) is True
+
+    def test_success_custom_prefix(self):
+        type(self.m_conf).function_prefix = PropertyMock(
+            return_value='foobar-'
+        )
+        policy = {
+            'name': 'foo',
+            'mode': {
+                'type': 'periodic',
+                'function-prefix': 'foobar-'
+            }
+        }
+        assert self.cls._check_policy_function_prefix(policy) is True
+
+    def test_fail_config_custom_prefix(self):
+        type(self.m_conf).function_prefix = PropertyMock(
+            return_value='foobar-'
+        )
+        policy = {
+            'name': 'foo',
+            'mode': {
+                'type': 'periodic'
+            }
+        }
+        assert self.cls._check_policy_function_prefix(policy) is False
+
+    def test_fail_policy_custom_prefix(self):
+        type(self.m_conf).function_prefix = PropertyMock(
+            return_value='custodian-'
+        )
+        policy = {
+            'name': 'foo',
+            'mode': {
+                'type': 'periodic',
+                'function-prefix': 'foobar-'
+            }
+        }
+        assert self.cls._check_policy_function_prefix(policy) is False
+
+
 class TestCheckPolicyMarkedForOpFirst(PolicyGenTester):
 
     def test_no_filters(self):

diff --git a/manheim_c7n_tools/version.py b/manheim_c7n_tools/version.py
@@ -17,7 +17,7 @@
 """
 
 #: The semver-compliant version of the package.
-VERSION = '1.2.3'
+VERSION = '1.2.4'
 
 #: The URL for further information about the package.
 PROJECT_URL = 'https://github.com/manheim/manheim-c7n-tools'