View test_foo.py
from common import BaseTest
class UnitTest(BaseTest):
def test_ingress_remove(self):
# replay a recorded session
factory = self.replay_flight_data(
'test_security_group_ingress_filter')
# record a new session
#factory = self.record_flight_data(
View foo.yml
policies:
- name: ec2-resizer
resource: ec2
filters:
- type: value
key: InstanceType
op: in
value:
- m4.10xlarge
- m4.4xlarge
View lambda-data.yml
policies:
- name: all-lambdas
resource: lambda
- name: custodian-lambdas
resource: lambda
filters:
- type: value
key: FunctionName
value: "^custodian*"
View foo.yml
policies:
- name: aws-cloudtrail-not-enabled
resource: account
region: us-east-1
tags:
- level:high
description: |
Policy scans for accounts which do not have CloudTrails enabled in the current region
filters:
- type: check-cloudtrail
View developer-diff-notes.md

Three python diff libraries were evaluated for comparing resource revisions.

  • jsonpatch
  • dictdiffer
  • DeepDiff

Additional a consideration of rolling our own thats specific to custodian's needs.

jsonpatch

View gist:a4b0e8ff8ae1342e00568311e0bbca13
(custodian)60f81dc15d88:custodian ylv522$ custodian run -c rule.yml -s out -v
2016-10-07 07:43:04,779: custodian.output:DEBUG Storing output with <DirectoryOutput to dir:out/sg-check>
2016-10-07 07:43:04,779: custodian.policy:INFO Provisioning policy lambda sg-check
2016-10-07 07:43:04,886: custodian.lambda:DEBUG Created custodian lambda archive size: 0.51mb
2016-10-07 07:43:05,210: custodian.lambda:INFO Publishing custodian policy lambda function custodian-sg-check
2016-10-07 07:43:09,103: custodian.lambda:DEBUG Publishing custodian lambda alias current
2016-10-07 07:43:09,823: custodian.lambda:DEBUG Adding config rule for custodian-sg-check
2016-10-07 07:43:10,253: custodian.lambda:DEBUG Added event source: <ConfigRule> to function: arn:aws:lambda:us-east-1:644160558196:function:custodian-sg-check:current
(custodian)60f81dc15d88:custodian ylv522$ cat rule.yml
View cidr_refactor.diff
diff --git a/c7n/resources/vpc.py b/c7n/resources/vpc.py
index bfc3793..4139f42 100644
--- a/c7n/resources/vpc.py
+++ b/c7n/resources/vpc.py
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+
from botocore.exceptions import ClientError
View network-eni.yml
policies:
- resource: eni
name: all-nics
- resource: eni
description: Amazon ELB
name: elb-nics
filters:
- RequesterManaged: true
View docker-volume-plugins.md

Docker Volumes

Examining opensource docker volumes for aws ebs support.

Key requirements in this case are simplicity, support for aws ebs volumes, with kms, snapshots, and use of instance roles for credentails.

Aka secure, encrypted, and with backups.

Ideally with some notion of zone awareness and distinguishing that on container move.

View gist:c386867f209ac1b55d33b8817c9b3f91
(custodian)60f81dc15d88:c7n ylv522$ git diff tags.py
diff --git a/c7n/tags.py b/c7n/tags.py
index a24e1d6..e83fa32 100644
--- a/c7n/tags.py
+++ b/c7n/tags.py
@@ -289,11 +289,15 @@ class Tag(Action, ResourceTag):
batch_size = self.data.get('batch_size', self.batch_size)
+ id_key = self.manager.get_model().id