Comments (4)
eerkunt
commented on June 4, 2024
Hi @vrbcntrl,
In case encryption_property does not have what you want for using encryption is enabled step, you can also drill down the resource with @when(u'it contain {something:ANY}') and @then(u'it must {condition:ANY} have {proto:ANY} protocol and port {port} for {cidr:ANY}') steps.
As a similar example for aws_elb ;
Scenario: TLS enforcement on ELB resources
Given I have AWS ELB resource defined
When it contains listener
Then it must contain ssl_certificate_idI also added
"aws_elasticache_replication_group": "at_rest_encryption_enabled"
to terraform-compliance 1.0.0 which will be released soon.
For the CHANGELOG, you can have a peek on https://github.com/eerkunt/terraform-compliance/blob/feature/1.0.0/CHANGELOG.md
from cli.
vrbcntrl
commented on June 4, 2024
Hi @eerkunt , thanks for your prompt response.
My test case is as follows:
encryption_at_rest.feature
Scenario: AWS Elastic Cache
Given I have AWS Elastic Cache defined
Then encryption must be enabled
encryption_in_flight.feature
Scenario: AWS Elastic Cache
Given I have AWS Elastic Cache defined
Then encryption must be enabled
when I run the above 2 scenarios, separately, the first one i.e at_rest scenario works as expected, however the in_flight scenario always PASSED regardless of the transit_encryption_enabled value (true|false), but if I comment the at_rest_encryption_enabled property as shown below, the in_flight scenario works as expected.
encryption_property = {
"aws_elasticache_replication_group": "transit_encryption_enabled",
"aws_elasticache_replication_group": "at_rest_encryption_enabled"
}
So, I hope this helps to understand the issue.
from cli.
eerkunt
commented on June 4, 2024
Hi @vrbcntrl,
That is quite normal, because you are running the same test against a same resource. You need to change one of your tests to cover both in-flight and at-rest encryption tests.
Currently, at_rest_encryption_enabled will be used for
Then encryption must be enabledscenarios for aws_elasticache_replication_group
from cli.
vrbcntrl
commented on June 4, 2024
Hi @eerkunt ,
I am able to cover both the encryption properties in a single test using Scenario Outline show below
` Scenario Outline: AWS Elastic Cache Replication Group
Given I have aws_elasticache_replication_group defined
Then it must contain
Examples:
| encryption |
| at_rest_encryption_enabled |
| transit_encryption_enabled |`
please let me know if there is any other better way...i am trying avoid the need for creating a new step :)
from cli.
Related Issues (20)
- cleanup tmp HOT 3
- --coverage flag with docker HOT 1
- FATAL ERROR: Unsupported terraform version (1.4.0). HOT 4
- Support for Terraform 1.4.* HOT 2
- Add support for testing the terraform block HOT 1
- tagging feature - false positive for aws_lambda_function's "environment" argument HOT 2
- Terregarrunt support
- Applying test cases to only resources from specific provider HOT 1
- Support for Terraform 1.5.* HOT 8
- Can not find aws_msk_cluster defined in target terraform plan
- Question: Using Terraform Compliance in CircleCI with Terraform and Python Orbs HOT 4
- Add support for Terraform Version 1.6.0 HOT 4
- Is `or` logic supported at all? HOT 1
- STDERR isn't being used, log level cannot be changed.
- THEN's condition matches for child properties in absence of a property at expected level. Is this expected? HOT 1
- 'AttributeError: 'str' object has no attribute 'append'' HOT 2
- "AttributeError: 'dict' object has no attribute 'startswith'" when using resources defining their own "references" blocks
- FATAL ERROR: Unsupported terraform version (1.7.0)
- Get rid of "/root/.cache" directory
- When condition on resource which has its own type property fails HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cli.