def test_unsupported_syntax(self): hcl_res = hcl2.loads(""" resource "azurerm_network_security_group" "example" { name = "${var.autoscaler_prefix}autoscaler-nsg" location = azurerm_resource_group.rg.location resource_group_name = azurerm_resource_group.rg.name security_rule = [for idx, rule in var.autoscaler_ssh_permit: { name = "allow-${rule.name}" priority = 100 + idx direction = "Inbound" access = "Allow" protocol = "TCP" source_address_prefix = rule.ip source_port_range = "*" destination_address_prefix = "*" destination_port_range = "22" description = "" destination_address_prefixes = null destination_application_security_group_ids = null destination_port_ranges = null source_address_prefixes = null source_application_security_group_ids = null source_port_ranges = null }] tags = var.autoscaler_tags_nsg } """) resource_conf = hcl_res['resource'][0][ 'azurerm_network_security_group']['example'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)
def test_failure4(self): hcl_res = hcl2.loads(""" resource "azurerm_network_security_group" "example" { name = "acceptanceTestSecurityGroup1" location = azurerm_resource_group.example.location resource_group_name = azurerm_resource_group.example.name security_rule { name = "test123" priority = 100 direction = "Inbound" access = "Allow" protocol = "Udp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "/0" destination_address_prefix = "*" } tags = { environment = "Production" } } """) resource_conf = hcl_res['resource'][0][ 'azurerm_network_security_group']['example'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.FAILED, scan_result)
def test_success_rule_3(self): hcl_res = hcl2.loads(""" resource "azurerm_network_security_rule" "example" { name = "test123" priority = 100 direction = "Inbound" access = "Allow" protocol = "Tcp" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "*" } """) resource_conf = hcl_res['resource'][0]['azurerm_network_security_rule']['example'] scan_result = check.scan_resource_conf(conf=resource_conf) self.assertEqual(CheckResult.PASSED, scan_result)