def test_s3_has_required_tags(self):
expected_result = [
{
'failure_count': '0',
'filename': '/tf/s3_bucket/has_required_tags.tf',
'file_results': [
]
}
]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = ["id", "type", "message", "logical_resource_ids"]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/s3_bucket/has_required_tags.tf'
debug = False
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
config_dict['use_optional_rules'] = True
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: '+str(expected_result))
print('real results: '+str(real_result))
self.assertEqual(expected_result, real_result)
def test_cloudformation(self):
expected_result = [{
"failure_count":
"0",
"filename":
"/tf/cloudfront_distribution/cloudfront_distribution_without_logging.tf",
"file_results": [{
"id": "W1",
"type": "VIOLATION::WARNING",
"message":
"Specifying credentials in the template itself is probably not the safest thing",
"logical_resource_ids": ["provider"]
}, {
"id": "W10",
"type": "VIOLATION::WARNING",
"message":
"CloudFront Distribution should enable access logging",
"logical_resource_ids": ["rDistribution2"]
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/cloudfront_distribution/cloudfront_distribution_without_logging.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_results = validator.validate()
print('expected results: ' + str(expected_result.replace('\'', '"')))
print('real result: ' + str(real_results))
self.maxDiff = None
self.assertEqual(json.loads(expected_result.replace('\'', '"')),
json.loads(real_results))
def test_rds_instance_with_non_encrypted_credentials_exclude_rules(self):
expected_result = [{
'failure_count':
'0',
'filename':
'/tf/rds_instance/rds_instances_with_public_credentials.tf',
'file_results': [{
"id": "W1",
"type": "VIOLATION::WARNING",
"message":
"Specifying credentials in the template itself is probably not the safest thing",
"logical_resource_ids": ["provider"]
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/rds_instance/rds_instances_with_public_credentials.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
config_dict['excluded_rules'] = ['F23', 'F24']
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_iam_user_has_no_group_membership(self):
expected_result = [{
'failure_count':
'1',
'filename':
'/tf/iam_user/iam_user_with_no_group.tf',
'file_results': [{
'id': 'F2000',
'type': 'VIOLATION::FAILING_VIOLATION',
'message': 'User is not assigned to a group',
'logical_resource_ids': "['myuser2']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/iam_user/iam_user_with_no_group.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
self.assertEqual(expected_result, real_result)
def test_ec2_volumen_without_encryption(self):
expected_result = [{
'failure_count':
'2',
'filename':
'/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf',
'file_results': [{
'id':
'F1',
'type':
'VIOLATION::FAILING_VIOLATION',
'message':
'EBS volume should have server-side encryption enabled',
'logical_resource_ids':
"['NewVolume1', 'NewVolume2']"
}]
}]
if sys.version_info[0] < 3:
expected_result = [{
'failure_count':
'2',
'filename':
'/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf',
'file_results': [{
'id':
'F1',
'type':
'VIOLATION::FAILING_VIOLATION',
'message':
'EBS volume should have server-side encryption enabled',
'logical_resource_ids':
"['NewVolume1', 'NewVolume2']"
}]
}]
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_ebs_volume_no_tags(self):
expected_result = [{
'failure_count':
'1',
'filename':
'/tf/rds_instance/no_tags.tf',
'file_results': [{
'id': 'F88',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
'Rds instance does not have the required tags of Name, ResourceOwner, DeployedBy, Project',
'logical_resource_ids': "['PublicDB']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/rds_instance/no_tags.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
config_dict['use_optional_rules'] = True
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_multiple_security_groups(self):
expected_result = [{
'failure_count':
'0',
'filename':
'/tf/security_group/multiple_ingress_security_groups.tf',
'file_results': [{
'id': 'W5',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found with cidr open to world on egress',
'logical_resource_ids': "['emrSecurityGroup']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/security_group/multiple_ingress_security_groups.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_sqs_policy(self):
expected_result = [{
'failure_count':
'0',
'filename':
'/tf/sqs_queue_policy/sqs_policy_with_not_action.tf',
'file_results': [{
'id': 'W1',
'type': 'VIOLATION::WARNING',
'message':
'Specifying credentials in the template itself is probably not the safest thing',
'logical_resource_ids': ['provider']
}, {
'id':
'W18',
'type':
'VIOLATION::WARNING',
'message':
'SQS Queue policy should not allow Allow+NotAction',
'logical_resource_ids':
"['QueuePolicyWithNotAction', 'QueuePolicyWithNotAction2']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/sqs_queue_policy/sqs_policy_with_not_action.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
print('real results: ' + str(real_result))
print('expected results: ' + str(
expected_result.replace('\'', '"').replace('"["', '["').replace(
'"]"', '"]')))
self.maxDiff = None
self.assertEqual(
json.loads(
expected_result.replace('\'', '"').replace('"["',
'["').replace(
'"]"', '"]')),
json.loads(real_result))
def test_security_group_when_egress_is_empty(self):
expected_result = [{
'failure_count':
'1',
'filename':
'/tf/security_group/single_security_group_empty_ingress.tf',
'file_results': [{
'id': 'F1000',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration',
'logical_resource_ids': "['sg']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/security_group/single_security_group_empty_ingress.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_security_group_when_inline_sg_is_open_to_world(self):
expected_result = [{
'failure_count':
'2',
'filename':
'/tf/security_group/two_security_group_two_cidr_ingress.tf',
'file_results': [{
'id': 'F1000',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration',
'logical_resource_ids': "['sg', 'sg2']"
}, {
'id': 'W2',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB',
'logical_resource_ids': "['sg2']"
}, {
'id': 'W27',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found ingress with port range instead of just a single port',
'logical_resource_ids': "['sg', 'sg2', 'sg2']"
}, {
'id': 'W9',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found with ingress cidr that is not /32',
'logical_resource_ids': "['sg2']"
}]
}]
if sys.version_info[0] < 3:
expected_result = [{
'failure_count':
'2',
'filename':
'/tf/security_group/two_security_group_two_cidr_ingress.tf',
'file_results': [{
'id': 'F1000',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration',
'logical_resource_ids': "['sg', 'sg2']"
}, {
'id': 'W2',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB',
'logical_resource_ids': "['sg2']"
}, {
'id': 'W27',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found ingress with port range instead of just a single port',
'logical_resource_ids': "['sg', 'sg2', 'sg2']"
}, {
'id': 'W9',
'type': 'VIOLATION::WARNING',
'message':
'Security Groups found with ingress cidr that is not /32',
'logical_resource_ids': "['sg2']"
}]
}]
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/security_group/two_security_group_two_cidr_ingress.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_security_group_missing_properties(self):
expected_result = [{
'failure_count':
'1',
'filename':
'/tf/security_group/sg_missing_properties.tf',
'file_results': [{
'id': 'FATAL',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
"{'Basic CloudFormation syntax error': [Cannot find required key 'Properties'. Path: '/Resources/sg']}",
'logical_resource_ids': 'None'
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/security_group/sg_missing_properties.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_s3_bucket_policy_with_wildcards(self):
expected_result = [
{
'failure_count': '3',
'filename': '/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf',
'file_results': [
{
'id': 'F15',
'type': 'VIOLATION::FAILING_VIOLATION',
'message': 'S3 Bucket policy should not allow * action',
'logical_resource_ids': "['S3BucketPolicy', 'S3BucketPolicy2']"
},
{
'id': 'F16',
'type': 'VIOLATION::FAILING_VIOLATION',
'message': 'S3 Bucket policy should not allow * principal',
'logical_resource_ids': "['S3BucketPolicy2']"
}
]
}
]
if sys.version_info[0] < 3:
expected_result = [
{
'failure_count': '3',
'filename': '/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf',
'file_results': [
{
'id': 'F15',
'type': 'VIOLATION::FAILING_VIOLATION',
'message': 'S3 Bucket policy should not allow * action',
'logical_resource_ids': "['S3BucketPolicy', 'S3BucketPolicy2']"
},
{
'id': 'F16',
'type': 'VIOLATION::FAILING_VIOLATION',
'message': 'S3 Bucket policy should not allow * principal',
'logical_resource_ids': "['S3BucketPolicy2']"
}
]
}
]
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = ["id", "type", "message", "logical_resource_ids"]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: '+str(expected_result))
print('real results: '+str(real_result))
self.assertEqual(expected_result, real_result)
def test_two_loadbalancers_without_access_logging_enabled(self):
expected_result = [{
'failure_count':
'0',
'filename':
'/tf/elasticloadbalancing_loadbalancer/two_load_balancers_with_no_logging.tf',
'file_results': [{
'id': 'W26',
'type': 'VIOLATION::WARNING',
'message':
'Elastic Load Balancer should have access logging enabled',
'logical_resource_ids': "['elb2']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/elasticloadbalancing_loadbalancer/two_load_balancers_with_no_logging.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
self.assertEqual(expected_result, real_result)
def test_ec2_instance_insensitive_authentication(self):
expected_result = [{
'failure_count':
'1',
'filename':
'/json/ec2_instance/cfn_insensitive_authentication.json',
'file_results': [{
'id': 'F3',
'type': 'VIOLATION::FAILING_VIOLATION',
'message':
'IAM role should not allow * action on its permissions policy',
'logical_resource_ids': "['RootRole']"
}, {
'id': 'W11',
'type': 'VIOLATION::WARNING',
'message':
'IAM role should not allow * resource on its permissions policy',
'logical_resource_ids': "['RootRole']"
}]
}]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = [
"id", "type", "message", "logical_resource_ids"
]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key])
for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(
os.path.dirname(os.path.realpath(__file__))
) + '/terraform_validator/test_templates/tf/ec2_instance/cfn_insensitive_authentication.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: ' + str(expected_result))
print('real results: ' + str(real_result))
self.assertEqual(expected_result, real_result)
def test_ebs_volume_no_tags(self):
expected_result = [
{
"failure_count": "1",
"filename": "/tf/ec2_volume/no_tags.tf",
"file_results": [
{
"id": "F89",
"type": "VIOLATION::FAILING_VIOLATION",
"message": "Ebs volume does not have the required tags of Name, ResourceOwner, DeployedBy, Project",
"logical_resource_ids": ["NewVolume"]
},
{
"id": "W1",
"type": "VIOLATION::WARNING",
"message": "Specifying credentials in the template itself is probably not the safest thing",
"logical_resource_ids": ["provider"]
}
]
}
]
if sys.version_info[0] < 3:
new_file_results = []
for info in expected_result[0]['file_results']:
print('info: ' + str(info))
print('type: ' + str(type(info)))
order_of_keys = ["id", "type", "message", "logical_resource_ids"]
new_results = OrderedDict()
for key in order_of_keys:
new_results[key] = info[key]
new_file_results.append(new_results)
print('new file results: ' + str(new_file_results))
expected_result[0]['file_results'] = new_file_results
order_of_keys = ["failure_count", "filename", "file_results"]
list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys]
expected_result = [OrderedDict(list_of_tuples)]
expected_result = pretty(expected_result)
template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/ec2_volume/no_tags.tf'
debug = True
config_dict = {}
config_dict['template_file'] = template_name
config_dict['debug'] = debug
config_dict['profile'] = None
config_dict['rules_directory'] = None
config_dict['input_path'] = None
config_dict['profile'] = None
config_dict['allow_suppression'] = False
config_dict['print_suppression'] = False
config_dict['parameter_values_path'] = None
config_dict['isolate_custom_rule_exceptions'] = None
config_dict['use_optional_rules'] = True
validator = class_to_test(config_dict)
real_result = validator.validate()
self.maxDiff = None
print('expected results: '+str(expected_result))
print('real results: '+str(real_result))
self.assertEqual(json.loads(expected_result.replace('\'','"')), json.loads(real_result))
