Skip to content

Commit

Permalink
Merge branch 'master' into feature/split_up_terraform_version_testing…
Browse files Browse the repository at this point in the history 
…_rules_and_files
  • Loading branch information
@milldr
milldr authored Mar 5, 2020
2 parents 076ee43 + fea94a6 commit 390fcf0
Show file tree
Hide file tree
Showing 11 changed files with 108 additions and 58 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ dist/
.vscode/**/*
.release/
.idea/
.DS_Store
.test/
*/coverage.out
*/*packr.go
Expand Down
14 changes: 12 additions & 2 deletions .goreleaser.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,19 @@
# Make sure to check the documentation at http://goreleaser.com

builds:
- main: ./cli
-
main: ./cli
env:
- CGO_ENABLED=0
- CGO_ENABLED=0
goos:
- linux
- darwin
- windows
goarch:
- 386
- amd64
- arm
- arm64
archives:
- id: archive
replacements:
Expand Down
9 changes: 8 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@ docker run -v $(pwd):/foobar stelligent/config-lint -terraform /foobar/foo.tf
docker run --mount src="$(pwd)",target=/foobar,type=bind stelligent/config-lint -terraform /foobar/foo.tf
```

If wishing to test Kubernetes configuration, you will need to put the example Kubernetes rules into your local path and reference it accordingly, or you can have your own set of rules that you want to validate against.

For example:
```
docker run -v $(pwd):/foobar stelligent/config-lint -rules /foobar/path/to/my/rules/kubernetes.yml /foobar/path/to/my/configs
```
If you don't have your own set of custom rules that you want to run against your Kubernetes file then feel free to copy or download the example set from [example-files/rules/kubernetes.yml](example-files/rules/kubernetes.yml).

## Manually

Alternatively, you can install manually from the [releases](https://github.com/stelligent/config-lint/releases).
Expand Down Expand Up @@ -302,4 +310,3 @@ written in Terraform v0.12 syntax. Where should be the first place to check for
op: eq
value: ami-f2d3638a
```

2 changes: 1 addition & 1 deletion assertion/expression.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ func searchAndMatch(expression Expression, resource Resource) (MatchResult, erro
return matchError(err)
}
match, err := isMatch(v, expression)
Debugf("Key: %s Output: %v Looking for %v %v\n", expression.Key, v, expression.Op, expression.Value)
Debugf("ResourceID: %s Type: %s %v\n",
resource.ID,
resource.Type,
Expand Down Expand Up @@ -229,6 +228,7 @@ func CheckExpression(rule Rule, expression Expression, resource Resource) (Resul
}
match, err := booleanExpression(expression, resource)
if err != nil {
DebugJSON("Error: ", err)
result.Status = "FAILURE"
result.Message = err.Error()
return result, err
Expand Down
2 changes: 1 addition & 1 deletion assertion/rules.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ func CheckRule(rule Rule, resource Resource, e ExternalRuleInvoker) (string, []V
return returnStatus, violations, nil
}
for _, ruleAssertion := range rule.Assertions {
Debugf("Checking %s %s %s\n", resource.Category, resource.Type, resource.ID)
Debugf("Checking Category: %s, Type: %s, Id: %s\n", resource.Category, resource.Type, resource.ID)
expressionResult, err := CheckExpression(rule, ruleAssertion, resource)
if err != nil {
return "FAILURE", violations, err
Expand Down
1 change: 1 addition & 0 deletions assertion/search.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,5 +9,6 @@ func SearchData(expression string, data interface{}) (interface{}, error) {
if len(expression) == 0 {
return "null", nil
}

return jmespath.Search(expression, data)
}
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ require (
golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6 // indirect
golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
golang.org/x/sys v0.0.0-20200217220822-9197077df867 // indirect
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b // indirect
golang.org/x/tools v0.0.0-20200304024140-c4206d458c3f // indirect
)
64 changes: 12 additions & 52 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -518,59 +518,19 @@ golang.org/x/tools v0.0.0-20200225022059-a0ec867d517c h1:cmkqWf0jTLsPn3dn28dkzCF
golang.org/x/tools v0.0.0-20200225022059-a0ec867d517c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200227193342-b3f10971cb29 h1:gZO+3X1BaUgKEk78zRnb5VySro9NQVkdA1UakZx/Ojg=
golang.org/x/tools v0.0.0-20200227193342-b3f10971cb29/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d h1:7M9AXzLrJWWGdDYtBblPHBTnHtaN6KKQ98OYb35mLlY=
golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200228135638-5c7c66ced534 h1:XVzrScQUlfS6ssloilmEJdJhlMDtnculCx+0zmVHSA8=
golang.org/x/tools v0.0.0-20200228135638-5c7c66ced534/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200228194328-a628ca32ebc0 h1:bC/KxYpsTCppyXiguiVppCnZLkQpMNIi042/S5bYanA=
golang.org/x/tools v0.0.0-20200228194328-a628ca32ebc0/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200304143113-d6a4d55695f2 h1:fRkP4IAibCxA/Xm3eihEsPrwWG5MniPSM5zrl9GfOrM=
golang.org/x/tools v0.0.0-20200304143113-d6a4d55695f2/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200305140159-d7d444866696 h1:uuiLBSsR+ZDddgZ/2k23Y7FrUNl29gq4sEFcO170R5k=
golang.org/x/tools v0.0.0-20200305140159-d7d444866696/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b h1:kWwtroURwYKTlrhKtLws/aJ3iuNdVB417e2FCSutkIs=
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/ini.v1 v1.42.0 h1:7N3gPTt50s8GuLortA00n8AqRTk75qOP98+mTPpgzRk=
gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
golang.org/x/tools v0.0.0-20200301222351-066e0c02454c h1:FD7jysxM+EJqg5UYYy3XYDsAiUickFsn4UiaanJkf8c=
golang.org/x/tools v0.0.0-20200301222351-066e0c02454c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200302155637-b1e4e04173e0 h1:fgnkocwzO9swV2pnFKnfje0dMOdhcdolLbvr1gNEtlQ=
golang.org/x/tools v0.0.0-20200302155637-b1e4e04173e0/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200302225559-9b52d559c609 h1:3/QY44rOqJoMLCsQz9bAgInYa08qsu+dH52Uk4DWH3w=
golang.org/x/tools v0.0.0-20200302225559-9b52d559c609/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200303165918-5bcca83a7881 h1:6bcQ/hWOMu5dXxMPcdxhx5uOoQBkeleqvbGdt4lh8hg=
golang.org/x/tools v0.0.0-20200303165918-5bcca83a7881/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200303225724-c5a141475315 h1:jrsCSJf5IvTN6gQom0Li545p3vfFph8bzsPvSGM56wM=
golang.org/x/tools v0.0.0-20200303225724-c5a141475315/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200304024140-c4206d458c3f h1:haxFuLhmPh0vRpVv5MeXoGyfCB39/Ohsq7A68h65qAg=
golang.org/x/tools v0.0.0-20200304024140-c4206d458c3f/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
7 changes: 7 additions & 0 deletions linter/terraform_v12_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,14 @@ func TestTerraform12LinterCases(t *testing.T) {
5,
"TAG_VALID",
},
"TF12ExplicitChar": {
"./testdata/resources/explicit_chars.tf",
"./testdata/rules/explicit_chars.yml",
1,
"CHECK_FOR_COLON",
},
}

for name, tc := range testCases {
options := Options{
Tags: []string{},
Expand Down
45 changes: 45 additions & 0 deletions linter/testdata/resources/explicit_chars.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Fail
resource "aws_s3_bucket_policy" "a" {
bucket = aws_s3_bucket.a.id
policy =<<POLICY
{
"Version": "2018-08-09",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:*",
"Principal": {"AWS": [
"*"
]},
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
],
"Condition": { "Bool": { "aws:SecureTransport": "true" } }
}]
}
POLICY
}

# Pass
resource "aws_s3_bucket_policy" "b" {
bucket = aws_s3_bucket.b.id
policy =<<POLICY
{
"Version": "2018-08-09",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:*",
"Principal": {"AWS": [
"*"
]},
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
],
"Condition": { "Bool": { "aws:SecureTransport": "false" } }
}]
}
POLICY
}
19 changes: 19 additions & 0 deletions linter/testdata/rules/explicit_chars.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
version: 1
description: Explicit string check test
type: Terraform12
files:
- "*.tf"
rules:
- id: "CHECK_FOR_COLON"
message: "Testing for key with a colon"
resources:
- aws_s3_bucket_policy
severity: FAILURE
category: resource
assertions:
- some:
key: policy.Statement[]
expressions:
- key: Condition.Bool."aws:SecureTransport"
op: eq
value: false

0 comments on commit 390fcf0

Please sign in to comment.