security group rule must take fromPort and toPort as input about cli HOT 11 CLOSED

@eerkunt #69 gives better UX, since that is not possible immediately, I am suggesting this approach.

from cli.

oh sure that is a custom name, you can even set it to <karthikeayan>

from cli.

I think the new pull request merge broke the functionality.

I have this in tf file,

resource "aws_security_group" "cluster" {
  name_prefix = "${var.cluster_name}"
  description = "EKS cluster security group."
  vpc_id      = "${var.vpc_id}"
  count       = "${var.cluster_create_security_group ? 1 : 0}"
}

resource "aws_security_group_rule" "cluster_ingress_internet" {
  description       = "Allow cluster mysql ingress access from the Internet."
  protocol          = "tcp"
  security_group_id = "${aws_security_group.cluster.id}"
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 3306
  to_port           = 3306
  type              = "ingress"
  count             = "${var.cluster_create_security_group ? 1 : 0}"
}

When I run terraform-compliance with 0.5.2, getting the below output:

1 features (1 passed)
9 scenarios (9 passed)
26 steps (26 passed)
Run 1549441862 finished within a moment
Cleaning up.

Same feature with same tf file when run with, 0.5.1,

1 features (0 passed, 1 failed)
9 scenarios (8 passed, 1 failed)
26 steps (25 passed, 1 failed)
Run 1549441949 finished within a moment
Cleaning up.

I am using the example/example_01/aws/security_groups.feature in this repo.

from cli.

Of course, but instead of using Scenario you can use Scenario Outline and keep port ranges as a parameter like ;

    Scenario Outline: No publicly open ports for given ranges
    Given I have AWS Security Group defined
    When it contains ingress
    Then it must not have <proto> protocol and port <port_range> for 0.0.0.0/0

    Examples:
        | ComplianceId | proto | port_ranges |
        | COMP001      | tcp   | 1-21        |
        | COMP002      | tcp   | 23-79       |
        | COMP003      | tcp   | 81-442      |
        | COMP004      | tcp   | 444-65535   |

.. which gave an idea that we need to have a step defined similarly;

Then it must only have <proto> protocol and port <port_range> for <cidr>

from cli.

Oh looks like I misunderstood #68 completely.
Port ranges were not supported, but this can be a very easy implementation. Will have a look tonight!

from cli.

instead of adding a new BDD sentence, maybe we can just do it like this ;

Then it must not have <proto> protocol and port <portNumber> for 0.0.0.0/0

| Proto | portNumber  |
| tcp     | 1000-65535 |

Which will be applied either a port range or a single port.

What do you think ?

from cli.

This is cool, portRange maybe the field name.

from cli.

Can you test it again with 0.5.2 release @karthikeayan please ?

from cli.

Looks like different tests are required to be implemented. Will check in few hours

from cli.

Yes, you are right, found and fixed the problem.

Releasing 0.5.3, must be there in few minutes after PR is approved.

from cli.

Great, thanks for implementing this.

Can I have same scenario twice in single feature with different values?

So, when I want to have all the ports should not have 0.0.0.0/0 except for few ports.
Ex: I want only 22, 80 and 443 accessible from 0.0.0.0/0.

Can I do the below, I tried and got syntax error, is this the default behavior of Radish? Workaround is to have separate feature files.

Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 1-21 for 0.0.0.0/0

Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 23-79 for 0.0.0.0/0

Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 81-442 for 0.0.0.0/0

Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 444-65535 for 0.0.0.0/0

from cli.