Comments (11)
@eerkunt #69 gives better UX, since that is not possible immediately, I am suggesting this approach.
from cli.
oh sure that is a custom name, you can even set it to <karthikeayan>
from cli.
I think the new pull request merge broke the functionality.
I have this in tf file,
resource "aws_security_group" "cluster" {
name_prefix = "${var.cluster_name}"
description = "EKS cluster security group."
vpc_id = "${var.vpc_id}"
count = "${var.cluster_create_security_group ? 1 : 0}"
}
resource "aws_security_group_rule" "cluster_ingress_internet" {
description = "Allow cluster mysql ingress access from the Internet."
protocol = "tcp"
security_group_id = "${aws_security_group.cluster.id}"
cidr_blocks = ["0.0.0.0/0"]
from_port = 3306
to_port = 3306
type = "ingress"
count = "${var.cluster_create_security_group ? 1 : 0}"
}
When I run terraform-compliance with 0.5.2, getting the below output:
1 features (1 passed)
9 scenarios (9 passed)
26 steps (26 passed)
Run 1549441862 finished within a moment
Cleaning up.
Same feature with same tf file when run with, 0.5.1,
1 features (0 passed, 1 failed)
9 scenarios (8 passed, 1 failed)
26 steps (25 passed, 1 failed)
Run 1549441949 finished within a moment
Cleaning up.
I am using the example/example_01/aws/security_groups.feature in this repo.
from cli.
Of course, but instead of using Scenario
you can use Scenario Outline
and keep port ranges as a parameter like ;
Scenario Outline: No publicly open ports for given ranges
Given I have AWS Security Group defined
When it contains ingress
Then it must not have <proto> protocol and port <port_range> for 0.0.0.0/0
Examples:
| ComplianceId | proto | port_ranges |
| COMP001 | tcp | 1-21 |
| COMP002 | tcp | 23-79 |
| COMP003 | tcp | 81-442 |
| COMP004 | tcp | 444-65535 |
.. which gave an idea that we need to have a step defined similarly;
Then it must only have <proto> protocol and port <port_range> for <cidr>
from cli.
Oh looks like I misunderstood #68 completely.
Port ranges were not supported, but this can be a very easy implementation. Will have a look tonight!
from cli.
instead of adding a new BDD sentence, maybe we can just do it like this ;
Then it must not have <proto> protocol and port <portNumber> for 0.0.0.0/0
| Proto | portNumber |
| tcp | 1000-65535 |
Which will be applied either a port range or a single port.
What do you think ?
from cli.
This is cool, portRange
maybe the field name.
from cli.
Can you test it again with 0.5.2
release @karthikeayan please ?
from cli.
Looks like different tests are required to be implemented. Will check in few hours
from cli.
Yes, you are right, found and fixed the problem.
Releasing 0.5.3
, must be there in few minutes after PR is approved.
from cli.
Great, thanks for implementing this.
Can I have same scenario twice in single feature with different values?
So, when I want to have all the ports should not have 0.0.0.0/0 except for few ports.
Ex: I want only 22, 80 and 443 accessible from 0.0.0.0/0.
Can I do the below, I tried and got syntax error, is this the default behavior of Radish? Workaround is to have separate feature files.
Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 1-21 for 0.0.0.0/0
Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 23-79 for 0.0.0.0/0Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 81-442 for 0.0.0.0/0Scenario: No publicly open ports
Given I have AWS Security Group defined
When it contains ingress
Then it must not have tcp protocol and port 444-65535 for 0.0.0.0/0
from cli.
Related Issues (20)
- cleanup tmp HOT 3
- --coverage flag with docker HOT 1
- FATAL ERROR: Unsupported terraform version (1.4.0). HOT 4
- Support for Terraform 1.4.* HOT 2
- Add support for testing the terraform block HOT 1
- tagging feature - false positive for aws_lambda_function's "environment" argument HOT 2
- Terregarrunt support
- Applying test cases to only resources from specific provider HOT 1
- Support for Terraform 1.5.* HOT 8
- Can not find aws_msk_cluster defined in target terraform plan
- Question: Using Terraform Compliance in CircleCI with Terraform and Python Orbs HOT 4
- Add support for Terraform Version 1.6.0 HOT 4
- Is `or` logic supported at all? HOT 1
- STDERR isn't being used, log level cannot be changed.
- THEN's condition matches for child properties in absence of a property at expected level. Is this expected? HOT 1
- 'AttributeError: 'str' object has no attribute 'append'' HOT 2
- "AttributeError: 'dict' object has no attribute 'startswith'" when using resources defining their own "references" blocks
- FATAL ERROR: Unsupported terraform version (1.7.0)
- Get rid of "/root/.cache" directory
- When condition on resource which has its own type property fails HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.