def test_failure_compute_secgroup_ipv4(self):
hcl_res = hcl2.loads("""
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
description = "my security group"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "192.168.0.0/16"
}
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
}
""")
resource_conf = hcl_res['resource'][0]['openstack_compute_secgroup_v2']['secgroup_1']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_pass_networking_secgroup_different_port(self):
hcl_res = hcl2.loads("""
resource "openstack_networking_secgroup_rule_v2" "ingress" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 222
port_range_max = 222
remote_ip_prefix = "0.0.0.0/0"
}
""")
resource_conf = hcl_res['resource'][0]['openstack_networking_secgroup_rule_v2']['ingress']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_pass_networking_secgroup_source_sg(self):
hcl_res = hcl2.loads("""
resource "openstack_networking_secgroup_rule_v2" "ingress" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
}
""")
resource_conf = hcl_res['resource'][0]['openstack_networking_secgroup_rule_v2']['ingress']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure_networking_secgroup(self):
hcl_res = hcl2.loads("""
resource "openstack_networking_secgroup_v2" "secgroup_1" {
name = "secgroup_1"
description = "My neutron security group"
}
resource "openstack_networking_secgroup_rule_v2" "ingress" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = 22
port_range_max = 22
remote_ip_prefix = "0.0.0.0/0"
}
""")
resource_conf = hcl_res['resource'][0]['openstack_networking_secgroup_v2']['secgroup_1']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
resource_conf = hcl_res['resource'][1]['openstack_networking_secgroup_rule_v2']['ingress']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_pass_compute_secgroup_null_cidr(self):
hcl_res = hcl2.loads("""
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
description = "my security group"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = null
}
}
""")
resource_conf = hcl_res['resource'][0]['openstack_compute_secgroup_v2']['secgroup_1']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)
def test_pass_compute_secgroup_no_cidr(self):
hcl_res = hcl2.loads("""
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
description = "my security group"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
from_group_id = "5338c192-5118-11ec-bf63-0242ac130002"
}
}
""")
resource_conf = hcl_res['resource'][0]['openstack_compute_secgroup_v2']['secgroup_1']
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)