def test_failure_networking_secgroup(self): hcl_res = hcl2.loads(""" resource "openstack_networking_secgroup_v2" "secgroup_1" { name = "secgroup_1" description = "My neutron security group" } resource "openstack_networking_secgroup_rule_v2" "ingress" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 3389 port_range_max = 3389 remote_ip_prefix = "0.0.0.0/0" } """) resource_conf = hcl_res['resource'][0][ 'openstack_networking_secgroup_v2']['secgroup_1'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result) resource_conf = hcl_res['resource'][1][ 'openstack_networking_secgroup_rule_v2']['ingress'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure_compute_secgroup_ipv4(self): hcl_res = hcl2.loads(""" resource "openstack_compute_secgroup_v2" "secgroup_1" { name = "my_secgroup" description = "my security group" rule { from_port = 80 to_port = 80 ip_protocol = "tcp" cidr = "0.0.0.0/0" } rule { from_port = 3389 to_port = 3389 ip_protocol = "tcp" cidr = "192.168.0.0/16" } rule { from_port = 3389 to_port = 3389 ip_protocol = "tcp" cidr = "0.0.0.0/0" } } """) resource_conf = hcl_res['resource'][0][ 'openstack_compute_secgroup_v2']['secgroup_1'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_pass_networking_secgroup_different_port(self): hcl_res = hcl2.loads(""" resource "openstack_networking_secgroup_rule_v2" "ingress" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 33890 port_range_max = 33890 remote_ip_prefix = "0.0.0.0/0" } """) resource_conf = hcl_res['resource'][0][ 'openstack_networking_secgroup_rule_v2']['ingress'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_pass_networking_secgroup_source_sg(self): hcl_res = hcl2.loads(""" resource "openstack_networking_secgroup_rule_v2" "ingress" { direction = "ingress" ethertype = "IPv4" protocol = "tcp" port_range_min = 3389 port_range_max = 3389 security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}" } """) resource_conf = hcl_res['resource'][0][ 'openstack_networking_secgroup_rule_v2']['ingress'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_unknown_networking_secgroup_egress(self): hcl_res = hcl2.loads(""" resource "openstack_networking_secgroup_rule_v2" "egress" { direction = "egress" ethertype = "IPv4" protocol = "tcp" port_range_min = 3389 port_range_max = 3389 remote_ip_prefix = "0.0.0.0/0" } """) resource_conf = hcl_res['resource'][0][ 'openstack_networking_secgroup_rule_v2']['egress'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.UNKNOWN, scan_result)
def test_pass_compute_secgroup_null_cidr(self): hcl_res = hcl2.loads(""" resource "openstack_compute_secgroup_v2" "secgroup_1" { name = "my_secgroup" description = "my security group" rule { from_port = 3389 to_port = 3389 ip_protocol = "tcp" cidr = null } } """) resource_conf = hcl_res['resource'][0][ 'openstack_compute_secgroup_v2']['secgroup_1'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)