コード例 #1
0
    def test_success_remove_node_pool(self):
        hcl_res = hcl2.loads("""
                    resource "google_container_cluster" "primary" {
                      name     = "my-gke-cluster"
                      location = "us-central1"
                    
                      # We can't create a cluster with no node pool defined, but we want to only use
                      # separately managed node pools. So we create the smallest possible default
                      # node pool and immediately delete it.
                      remove_default_node_pool = true
                      initial_node_count       = 1
                    
                      master_auth {
                        username = ""
                        password = ""
                    
                        client_certificate_config {
                          issue_client_certificate = false
                        }
                      }
                    }

                """)
        resource_conf = hcl_res['resource'][0]['google_container_cluster']['primary']
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)
コード例 #2
0
 def test_success_case_insensitive(self):
     resource_conf = {
         'name': ['google_cluster'],
         'enable_legacy_abac': [False],
         'resource_labels': [{
             'Owner': ['SomeoneNotWorkingHere']
         }],
         'node_config': [{
             'image_type': ['COS_CONTAINERD']
         }]
     }
     scan_result = check.scan_resource_conf(conf=resource_conf)
     self.assertEqual(CheckResult.PASSED, scan_result)
コード例 #3
0
 def test_failure(self):
     resource_conf = {
         'name': ['google_cluster_bad'],
         'monitoring_service': ['none'],
         'enable_legacy_abac': [True],
         'master_authorized_networks_config': [{
             'cidr_blocks': [{
                 'cidr_block': ['0.0.0.0/0'],
                 'display_name': ['The world']
             }]
         }],
         'master_auth': [{
             'username': ['test'],
             'password': ['password']
         }],
         'resource_labels': [{}]
     }
     scan_result = check.scan_resource_conf(conf=resource_conf)
     self.assertEqual(CheckResult.FAILED, scan_result)
コード例 #4
0
    def test_failure(self):
        hcl_res = hcl2.loads("""
    resource "google_container_node_pool" "tfer" {
      autoscaling {
        max_node_count = "4"
        min_node_count = "1"
      }

      cluster            = google_container_cluster.tfer.name
      initial_node_count = "2"
      location           = "us-west1"

      management {
        auto_repair  = "true"
        auto_upgrade = "true"
      }

      max_pods_per_node = "110"
      name              = "async-pool-2"

      node_config {
        disk_size_gb = "400"
        disk_type    = "pd-ssd"
        image_type   = "SomethingElse"

        labels = {
          async = "true"
        }

        local_ssd_count = "0"
        machine_type    = "custom-32-65536"

        metadata = {
          async                    = "true"
          disable-legacy-endpoints = "true"
        }

        oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
        preemptible     = "false"
        service_account = "default"

        shielded_instance_config {
          enable_integrity_monitoring = "true"
          enable_secure_boot          = "true"
        }
      }

      node_count     = "1"
      node_locations = ["us-west1-b", "us-west1-a"]
      project        = "test-project"

      upgrade_settings {
        max_surge       = "1"
        max_unavailable = "0"
      }

      version = "1.14.10-gke.36"
      zone    = "us-west1"
    }
                    """)
        resource_conf = hcl_res['resource'][0]['google_container_node_pool'][
            'tfer']
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.FAILED, scan_result)