def test(self):
test_files_dir = Path(__file__).parent / "example_RDSCACertIsRecent"
report = Runner().run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_db_instance.pass",
"aws_db_instance.pass2",
}
failing_resources = {
"aws_db_instance.fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFACLCVE202144228"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_wafv2_web_acl.pass",
"aws_wafv2_web_acl.multi_rules",
}
failing_resources = {
"aws_wafv2_web_acl.no_rule",
"aws_wafv2_web_acl.wrong_rule",
"aws_wafv2_web_acl.rule_count",
"aws_wafv2_web_acl.rule_group_count",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_WAFEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_cloudfront_distribution.pass",
}
failing_resources = {
"aws_cloudfront_distribution.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_CloudMySqlLocalInfileOff"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_sql_database_instance.pass",
"google_sql_database_instance.pass2",
"google_sql_database_instance.pass3",
"google_sql_database_instance.pass4",
}
failing_resources = {
"google_sql_database_instance.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_EBSEncryption"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_ebs_volume.enabled",
}
failing_resources = {
"aws_ebs_volume.default",
"aws_ebs_volume.disabled",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_GoogleKMSRotationPeriod"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_kms_crypto_key.minimum",
"google_kms_crypto_key.ninety_days",
}
failing_resources = {
"google_kms_crypto_key.default",
"google_kms_crypto_key.half_year",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_CloudStorageVersioningEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_storage_bucket.pass",
}
failing_resources = {
"google_storage_bucket.fail",
"google_storage_bucket.fail2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_GoogleComputeProjectOSLogin"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_compute_project_metadata.pass",
}
failing_resources = {
"google_compute_project_metadata.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_CloudBuildWorkersArePrivate"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_cloudbuild_worker_pool.pass",
}
failing_resources = {
"google_cloudbuild_worker_pool.fail",
"google_cloudbuild_worker_pool.fail2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_GoogleComputeFirewallUnrestrictedIngress3306"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_compute_firewall.restricted",
"google_compute_firewall.allow_different_int",
"google_compute_firewall.allow_null",
}
failing_resources = {
"google_compute_firewall.allow_multiple",
"google_compute_firewall.allow_mysql_int",
"google_compute_firewall.allow_all",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(summary["resource_count"], 7) # 1 unknown
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_RDSIAMAuthentication"
report = Runner().run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_db_instance.enabled_mysql",
"aws_db_instance.enabled_postgres",
}
failing_resources = {
"aws_db_instance.default_mysql",
"aws_db_instance.default_postgres",
"aws_db_instance.disabled_mysql",
"aws_db_instance.disabled_postgres",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_VMCredsInCustomData"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"azurerm_virtual_machine.no_secret",
"azurerm_virtual_machine.no_custom_data",
"azurerm_virtual_machine.empty_os_profile",
"azurerm_virtual_machine.no_os_profile",
}
failing_resources = {
"azurerm_virtual_machine.secret",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_GoogleKMSPreventDestroy"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_kms_crypto_key.pass",
}
failing_resources = {
"google_kms_crypto_key.fail",
"google_kms_crypto_key.fail2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_AzureManagedDiskEncryption"
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"azurerm_managed_disk.pass",
"azurerm_managed_disk.pass2",
"azurerm_managed_disk.pass3",
}
failing_resources = {
"azurerm_managed_disk.fail",
"azurerm_managed_disk.fail2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_BigTableInstanceEncryptedWithCMK"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_bigtable_instance.pass",
}
failing_resources = {
"google_bigtable_instance.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_CodeArtifactDomainEncryptedWithCMK"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_codeartifact_domain.pass",
}
failing_resources = {
"aws_codeartifact_domain.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(summary["resource_count"], 2)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_MQBrokerVersion"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_mq_broker.pass",
"aws_mq_broker.pass2",
"aws_mq_configuration.pass",
}
failing_resources = {
"aws_mq_broker.fail",
"aws_mq_broker.fail2",
"aws_mq_configuration.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(
__file__).parent / "example_CloudSplainingPrivilegeEscalation"
report = Runner().run(root_folder=test_files_dir,
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_iam_policy_document.pass",
}
failing_resources = {
"aws_iam_policy_document.fail",
}
passed_check_resources = set(
[c.resource for c in report.passed_checks])
failed_check_resources = set(
[c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(
__file__).parent / "example_QLDBLedgerDeletionProtection"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_qldb_ledger.default",
"aws_qldb_ledger.enabled",
}
failing_resources = {
"aws_qldb_ledger.disabled",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_CodeBuildProjectEncrypted"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_codebuild_project.enabled",
}
failing_resources = {
"aws_codebuild_project.default",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(summary["resource_count"], 3)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(
__file__).parent / "example_AzureInstanceExtensions"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"azurerm_linux_virtual_machine.disabled",
"azurerm_windows_virtual_machine.disabled",
}
failing_resources = {
"azurerm_linux_virtual_machine.default",
"azurerm_linux_virtual_machine.enabled",
"azurerm_windows_virtual_machine.default",
"azurerm_windows_virtual_machine.enabled",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 4)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_GoogleSubnetworkLoggingEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"google_compute_subnetwork.enabled",
}
failing_resources = {
"google_compute_subnetwork.default",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(summary["resource_count"], 3) # 1 unknown
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_AdminPolicyDocument"
report = Runner().run(root_folder=test_files_dir, runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_iam_policy_document.list",
"aws_iam_policy_document.pass",
}
failing_resources = {
"aws_iam_policy_document.fail",
"aws_iam_policy_document.no_effect",
}
passed_check_resources = set([c.resource for c in report.passed_checks])
failed_check_resources = set([c.resource for c in report.failed_checks])
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_MemoryDBEncryptionWithCMK"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_memorydb_cluster.pass",
}
failing_resources = {
"aws_memorydb_cluster.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 1)
self.assertEqual(summary["failed"], 1)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_GlueSecurityConfigurationEnabled"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_glue_crawler.enabled",
"aws_glue_dev_endpoint.enabled",
"aws_glue_job.enabled",
}
failing_resources = {
"aws_glue_crawler.default",
"aws_glue_dev_endpoint.default",
"aws_glue_job.default",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(
__file__).parent / "example_IAMRoleAllowAssumeFromAccount"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"aws_iam_role.pass",
"aws_iam_role.pass2",
}
failing_resources = {
"aws_iam_role.fail",
"aws_iam_role.fail2",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_SecretsEncrypted"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"github_actions_environment_secret.pass",
"github_actions_organization_secret.pass",
"github_actions_secret.pass",
"github_actions_secret.value_ref",
}
failing_resources = {
"github_actions_environment_secret.fail",
"github_actions_organization_secret.fail",
"github_actions_secret.fail",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_NSGRuleRDPAccessRestricted"
# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"azurerm_network_security_rule.https",
"azurerm_network_security_rule.rdp_restricted_prefixes",
"azurerm_network_security_group.rdp_restricted",
}
failing_resources = {
"azurerm_network_security_rule.all",
"azurerm_network_security_rule.range",
"azurerm_network_security_rule.ranges_prefixes",
"azurerm_network_security_rule.rdp",
"azurerm_network_security_group.ranges",
"azurerm_network_security_rule.ranges_prefixes_lower_case",
"azurerm_network_security_rule.range_prefix_lower_case",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 3)
self.assertEqual(summary["failed"], 7)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
test_files_dir = Path(__file__).parent / "example_EC2PublicIP"
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
summary = report.get_summary()
passing_resources = {
"aws_instance.default",
"aws_instance.private",
"aws_launch_template.default",
"aws_launch_template.private",
}
failing_resources = {
"aws_instance.public",
"aws_launch_template.public",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 4)
self.assertEqual(summary["failed"], 2)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
def test(self):
# given
test_files_dir = Path(__file__).parent / "example_StorageAccountName"
# when
report = Runner().run(root_folder=str(test_files_dir),
runner_filter=RunnerFilter(checks=[check.id]))
# then
summary = report.get_summary()
passing_resources = {
"azurerm_storage_account.pass",
"azurerm_storage_account.pass_number",
}
failing_resources = {
"azurerm_storage_account.camel_case",
"azurerm_storage_account.kebab_case",
"azurerm_storage_account.too_long",
}
passed_check_resources = {c.resource for c in report.passed_checks}
failed_check_resources = {c.resource for c in report.failed_checks}
self.assertEqual(summary["passed"], 2)
self.assertEqual(summary["failed"], 3)
self.assertEqual(summary["skipped"], 0)
self.assertEqual(summary["parsing_errors"], 0)
self.assertEqual(summary["resource_count"], 8) # 3 unknown
self.assertEqual(passing_resources, passed_check_resources)
self.assertEqual(failing_resources, failed_check_resources)
