def prepare_policies()

in src/run.py [0:0]

• 24 lines of code
• 10 McCabe index (conditional complexity)

    def prepare_policies(self, policies: list[Policy],
                         ) -> Generator[Policy, None, None]:
        """
        - aws.account: global, loaded once
        - aws.distribution: global, loaded once
        - aws.hostedzone: global, loaded once
        - aws.iam-certificate: global, loaded once
        - aws.iam-group: global, loaded once
        - aws.iam-role: global, loaded once
        - aws.iam-user: global, loaded once
        - aws.r53domain: global, loaded once
        - aws.rrset: global, loaded once
        - aws.s3: global, loaded for each region (kind of bug)
        - aws.waf: global, loaded once
        Cloud Custodian automatically knows that all the listed resource types
        are global and loads them only once, EXCEPT s3. Technically it's not
        global because each bucket is living in its own region but the api to
        list buckets is the same for all buckets for we must execute all s3
        rules only once, and they will contain results for all regions. In
        other words treat s3 rules as global
        """
        global_yielded = set()
        n_global, n_not_global = 0, 0
        for policy in policies:
            if self.is_global(policy):
                if not self._load_global:
                    continue
                if policy.name in global_yielded:
                    continue
                _LOG.debug(f'Global policy found: {policy.name}')
                self.set_global_output(policy)
                # next two lines are probably just for s3 resource types
                policy.options.region = AWS_DEFAULT_REGION
                policy.session_factory.region = AWS_DEFAULT_REGION
                global_yielded.add(policy.name)
                n_global += 1
            else:  # not global
                if self._regions and policy.options.region not in self._regions:
                    # here is tricky implementation: self._regions can
                    # contain "global" which is not a valid region.
                    # self._load_global is based on existence of "global" in
                    # self._regions. If we want to load only global rules
                    # the fact that self._regions contains only "global"
                    # will help because no policy will skip this if stmt.
                    # But if we want to load all regions, just keep empty
                    # self._regions
                    continue
                _LOG.debug(f'Not global policy found: {policy.name}')
                n_not_global += 1
                # self.set_regional_output(policy)  # Cloud Custodian does it
            yield policy
        _LOG.debug(f'Global policies: {n_global}')
        _LOG.debug(f'Not global policies: {n_not_global}')