1.1.10 Fixed a problem whee matching functions does not work properly…

… and some types are mismatched

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 1.1.10 (2020-03-03)
+* Fixed a problem where int, bool and float types was not properly filtered and matched.
+* Fixed a problem where filtering functions does not work properly.
+
 ## 1.1.9 (2020-02-25)
 * Fixed a problem where a property within the terraform plan fails to get parsed if it is list of lists. ([#221](https://github.com/eerkunt/terraform-compliance/issues/221))
 

terraform_compliance/common/helper.py

@@ -118,6 +118,9 @@ def seek_regex_key_in_dict_values(haystack, key_name, needle, key_matched=None):
     found = list()
     if isinstance(haystack, dict):
         for key, value in haystack.items():
+            if isinstance(value, (bool, int, float)):
+                value = str(value)
+
             if key.lower() == key_name.lower() or key_matched is not None:
                 if isinstance(value, str):
                     matches = re.match(regex, value)

terraform_compliance/steps/steps.py

@@ -169,23 +169,23 @@ def its_key_is_value(_step_obj, key, value):
 
     found_list = []
     for obj in _step_obj.context.stash:
-        object_key = obj.get(key, Null)
+        object_key = obj.get('values', {})
+        if isinstance(object_key, list):
+            object_keys = []
+            for object_key_element in object_key:
+                if isinstance(object_key_element, dict):
+                    filtered_key = object_key_element.get(key)
+                    if isinstance(filtered_key, str) and filtered_key.lower() == value.lower():
+                        found_list.append(object_key_element)
+                else:
+                    object_keys.append(object_key_element.get(key, Null))
 
-        if object_key is Null:
-            object_key = obj.get('values', {})
-            if isinstance(object_key, list):
-                object_keys = []
-                for object_key_element in object_key:
-                    if isinstance(object_key_element, dict):
-                        filtered_key = object_key_element.get(key)
-                        if isinstance(filtered_key, str) and filtered_key.lower() == value.lower():
-                            found_list.append(object_key_element)
-                    else:
-                        object_keys.append(object_key_element.get(key, Null))
+            object_key = [keys for keys in object_keys if keys is not Null]
+        else:
+            object_key = object_key.get(key, Null)
 
-                object_key = [keys for keys in object_keys if keys is not Null]
-            else:
-                object_key = object_key.get(key, Null)
+        if object_key is Null:
+            object_key = obj.get(key, Null)
 
         if isinstance(object_key, str):
             if "[" in object_key:

tests/functional/test_issue-sgr/main.tf

@@ -0,0 +1,26 @@
+resource "aws_vpc" "fail" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group_rule" "pass" {
+  type        = "ingress"
+  from_port   = 1
+  to_port     = 1
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+  security_group_id = "sg-123456"
+}
+
+resource "aws_security_group_rule" "fail" {
+  type        = "egress"
+  from_port   = 2
+  to_port     = 2
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+  security_group_id = "sg-123456"
+}
+
+
+resource "aws_internet_gateway" "gw" {
+  vpc_id = aws_vpc.fail.id
+}

tests/functional/test_issue-sgr/plan.out.json

@@ -0,0 +1 @@
+{"format_version":"0.1","terraform_version":"0.12.21","planned_values":{"root_module":{"resources":[{"address":"aws_internet_gateway.gw","mode":"managed","type":"aws_internet_gateway","name":"gw","provider_name":"aws","schema_version":0,"values":{"tags":null}},{"address":"aws_security_group.allow_tls","mode":"managed","type":"aws_security_group","name":"allow_tls","provider_name":"aws","schema_version":1,"values":{"description":"Allow TLS inbound traffic","ingress":[{"cidr_blocks":["0.0.0.0/0"],"description":"","from_port":1,"ipv6_cidr_blocks":[],"prefix_list_ids":[],"protocol":"tcp","security_groups":[],"self":false,"to_port":3000}],"name":"allow_tls","name_prefix":null,"revoke_rules_on_delete":false,"tags":null,"timeouts":null}},{"address":"aws_security_group_rule.allow_all","mode":"managed","type":"aws_security_group_rule","name":"allow_all","provider_name":"aws","schema_version":2,"values":{"cidr_blocks":["0.0.0.0/0"],"description":null,"from_port":0,"ipv6_cidr_blocks":null,"prefix_list_ids":null,"protocol":"tcp","security_group_id":"sg-123456","self":false,"to_port":65535,"type":"ingress"}},{"address":"aws_vpc.fail","mode":"managed","type":"aws_vpc","name":"fail","provider_name":"aws","schema_version":1,"values":{"assign_generated_ipv6_cidr_block":false,"cidr_block":"10.0.0.0/16","enable_dns_support":true,"instance_tenancy":"default","tags":null}}]}},"resource_changes":[{"address":"aws_internet_gateway.gw","mode":"managed","type":"aws_internet_gateway","name":"gw","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"tags":null},"after_unknown":{"id":true,"owner_id":true,"vpc_id":true}}},{"address":"aws_security_group.allow_tls","mode":"managed","type":"aws_security_group","name":"allow_tls","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"description":"Allow TLS inbound traffic","ingress":[{"cidr_blocks":["0.0.0.0/0"],"description":"","from_port":1,"ipv6_cidr_blocks":[],"prefix_list_ids":[],"protocol":"tcp","security_groups":[],"self":false,"to_port":3000}],"name":"allow_tls","name_prefix":null,"revoke_rules_on_delete":false,"tags":null,"timeouts":null},"after_unknown":{"arn":true,"egress":true,"id":true,"ingress":[{"cidr_blocks":[false],"ipv6_cidr_blocks":[],"prefix_list_ids":[],"security_groups":[]}],"owner_id":true,"vpc_id":true}}},{"address":"aws_security_group_rule.allow_all","mode":"managed","type":"aws_security_group_rule","name":"allow_all","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"cidr_blocks":["0.0.0.0/0"],"description":null,"from_port":0,"ipv6_cidr_blocks":null,"prefix_list_ids":null,"protocol":"tcp","security_group_id":"sg-123456","self":false,"to_port":65535,"type":"ingress"},"after_unknown":{"cidr_blocks":[false],"id":true,"source_security_group_id":true}}},{"address":"aws_vpc.fail","mode":"managed","type":"aws_vpc","name":"fail","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"assign_generated_ipv6_cidr_block":false,"cidr_block":"10.0.0.0/16","enable_dns_support":true,"instance_tenancy":"default","tags":null},"after_unknown":{"arn":true,"default_network_acl_id":true,"default_route_table_id":true,"default_security_group_id":true,"dhcp_options_id":true,"enable_classiclink":true,"enable_classiclink_dns_support":true,"enable_dns_hostnames":true,"id":true,"ipv6_association_id":true,"ipv6_cidr_block":true,"main_route_table_id":true,"owner_id":true}}}],"configuration":{"root_module":{"resources":[{"address":"aws_internet_gateway.gw","mode":"managed","type":"aws_internet_gateway","name":"gw","provider_config_key":"aws","expressions":{"vpc_id":{"references":["aws_vpc.fail"]}},"schema_version":0},{"address":"aws_security_group.allow_tls","mode":"managed","type":"aws_security_group","name":"allow_tls","provider_config_key":"aws","expressions":{"description":{"constant_value":"Allow TLS inbound traffic"},"name":{"constant_value":"allow_tls"},"vpc_id":{"references":["aws_vpc.fail"]}},"schema_version":1},{"address":"aws_security_group_rule.allow_all","mode":"managed","type":"aws_security_group_rule","name":"allow_all","provider_config_key":"aws","expressions":{"cidr_blocks":{"constant_value":["0.0.0.0/0"]},"from_port":{"constant_value":0},"protocol":{"constant_value":"tcp"},"security_group_id":{"constant_value":"sg-123456"},"to_port":{"constant_value":65535},"type":{"constant_value":"ingress"}},"schema_version":2},{"address":"aws_vpc.fail","mode":"managed","type":"aws_vpc","name":"fail","provider_config_key":"aws","expressions":{"cidr_block":{"constant_value":"10.0.0.0/16"}},"schema_version":1}]}}}

tests/functional/test_issue-sgr/test.feature

@@ -0,0 +1,6 @@
+Feature: test
+
+  Scenario: No 0.0.0.0/0 for ingress on rule
+    Given I have aws_security_group_rule defined
+    When its type is ingress
+    Then its from_port must be 0