def test_s3_has_required_tags(self): expected_result = [ { 'failure_count': '0', 'filename': '/tf/s3_bucket/has_required_tags.tf', 'file_results': [ ] } ] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = ["id", "type", "message", "logical_resource_ids"] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/s3_bucket/has_required_tags.tf' debug = False config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None config_dict['use_optional_rules'] = True validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: '+str(expected_result)) print('real results: '+str(real_result)) self.assertEqual(expected_result, real_result)
def test_cloudformation(self): expected_result = [{ "failure_count": "0", "filename": "/tf/cloudfront_distribution/cloudfront_distribution_without_logging.tf", "file_results": [{ "id": "W1", "type": "VIOLATION::WARNING", "message": "Specifying credentials in the template itself is probably not the safest thing", "logical_resource_ids": ["provider"] }, { "id": "W10", "type": "VIOLATION::WARNING", "message": "CloudFront Distribution should enable access logging", "logical_resource_ids": ["rDistribution2"] }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/cloudfront_distribution/cloudfront_distribution_without_logging.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_results = validator.validate() print('expected results: ' + str(expected_result.replace('\'', '"'))) print('real result: ' + str(real_results)) self.maxDiff = None self.assertEqual(json.loads(expected_result.replace('\'', '"')), json.loads(real_results))
def test_rds_instance_with_non_encrypted_credentials_exclude_rules(self): expected_result = [{ 'failure_count': '0', 'filename': '/tf/rds_instance/rds_instances_with_public_credentials.tf', 'file_results': [{ "id": "W1", "type": "VIOLATION::WARNING", "message": "Specifying credentials in the template itself is probably not the safest thing", "logical_resource_ids": ["provider"] }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/rds_instance/rds_instances_with_public_credentials.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None config_dict['excluded_rules'] = ['F23', 'F24'] validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_iam_user_has_no_group_membership(self): expected_result = [{ 'failure_count': '1', 'filename': '/tf/iam_user/iam_user_with_no_group.tf', 'file_results': [{ 'id': 'F2000', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'User is not assigned to a group', 'logical_resource_ids': "['myuser2']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/iam_user/iam_user_with_no_group.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None self.assertEqual(expected_result, real_result)
def test_ec2_volumen_without_encryption(self): expected_result = [{ 'failure_count': '2', 'filename': '/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf', 'file_results': [{ 'id': 'F1', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'EBS volume should have server-side encryption enabled', 'logical_resource_ids': "['NewVolume1', 'NewVolume2']" }] }] if sys.version_info[0] < 3: expected_result = [{ 'failure_count': '2', 'filename': '/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf', 'file_results': [{ 'id': 'F1', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'EBS volume should have server-side encryption enabled', 'logical_resource_ids': "['NewVolume1', 'NewVolume2']" }] }] new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/ec2_volume/two_ebs_volumes_with_no_encryption.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_ebs_volume_no_tags(self): expected_result = [{ 'failure_count': '1', 'filename': '/tf/rds_instance/no_tags.tf', 'file_results': [{ 'id': 'F88', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'Rds instance does not have the required tags of Name, ResourceOwner, DeployedBy, Project', 'logical_resource_ids': "['PublicDB']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/rds_instance/no_tags.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None config_dict['use_optional_rules'] = True validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_multiple_security_groups(self): expected_result = [{ 'failure_count': '0', 'filename': '/tf/security_group/multiple_ingress_security_groups.tf', 'file_results': [{ 'id': 'W5', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found with cidr open to world on egress', 'logical_resource_ids': "['emrSecurityGroup']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/security_group/multiple_ingress_security_groups.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_sqs_policy(self): expected_result = [{ 'failure_count': '0', 'filename': '/tf/sqs_queue_policy/sqs_policy_with_not_action.tf', 'file_results': [{ 'id': 'W1', 'type': 'VIOLATION::WARNING', 'message': 'Specifying credentials in the template itself is probably not the safest thing', 'logical_resource_ids': ['provider'] }, { 'id': 'W18', 'type': 'VIOLATION::WARNING', 'message': 'SQS Queue policy should not allow Allow+NotAction', 'logical_resource_ids': "['QueuePolicyWithNotAction', 'QueuePolicyWithNotAction2']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/sqs_queue_policy/sqs_policy_with_not_action.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() print('real results: ' + str(real_result)) print('expected results: ' + str( expected_result.replace('\'', '"').replace('"["', '["').replace( '"]"', '"]'))) self.maxDiff = None self.assertEqual( json.loads( expected_result.replace('\'', '"').replace('"["', '["').replace( '"]"', '"]')), json.loads(real_result))
def test_security_group_when_egress_is_empty(self): expected_result = [{ 'failure_count': '1', 'filename': '/tf/security_group/single_security_group_empty_ingress.tf', 'file_results': [{ 'id': 'F1000', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration', 'logical_resource_ids': "['sg']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/security_group/single_security_group_empty_ingress.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_security_group_when_inline_sg_is_open_to_world(self): expected_result = [{ 'failure_count': '2', 'filename': '/tf/security_group/two_security_group_two_cidr_ingress.tf', 'file_results': [{ 'id': 'F1000', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration', 'logical_resource_ids': "['sg', 'sg2']" }, { 'id': 'W2', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB', 'logical_resource_ids': "['sg2']" }, { 'id': 'W27', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found ingress with port range instead of just a single port', 'logical_resource_ids': "['sg', 'sg2', 'sg2']" }, { 'id': 'W9', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found with ingress cidr that is not /32', 'logical_resource_ids': "['sg2']" }] }] if sys.version_info[0] < 3: expected_result = [{ 'failure_count': '2', 'filename': '/tf/security_group/two_security_group_two_cidr_ingress.tf', 'file_results': [{ 'id': 'F1000', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'Missing egress rule means all traffic is allowed outbound. Make this explicit if it is desired configuration', 'logical_resource_ids': "['sg', 'sg2']" }, { 'id': 'W2', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found with cidr open to world on ingress. This should never be true on instance. Permissible on ELB', 'logical_resource_ids': "['sg2']" }, { 'id': 'W27', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found ingress with port range instead of just a single port', 'logical_resource_ids': "['sg', 'sg2', 'sg2']" }, { 'id': 'W9', 'type': 'VIOLATION::WARNING', 'message': 'Security Groups found with ingress cidr that is not /32', 'logical_resource_ids': "['sg2']" }] }] new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/security_group/two_security_group_two_cidr_ingress.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_security_group_missing_properties(self): expected_result = [{ 'failure_count': '1', 'filename': '/tf/security_group/sg_missing_properties.tf', 'file_results': [{ 'id': 'FATAL', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': "{'Basic CloudFormation syntax error': [Cannot find required key 'Properties'. Path: '/Resources/sg']}", 'logical_resource_ids': 'None' }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/security_group/sg_missing_properties.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_s3_bucket_policy_with_wildcards(self): expected_result = [ { 'failure_count': '3', 'filename': '/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf', 'file_results': [ { 'id': 'F15', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'S3 Bucket policy should not allow * action', 'logical_resource_ids': "['S3BucketPolicy', 'S3BucketPolicy2']" }, { 'id': 'F16', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'S3 Bucket policy should not allow * principal', 'logical_resource_ids': "['S3BucketPolicy2']" } ] } ] if sys.version_info[0] < 3: expected_result = [ { 'failure_count': '3', 'filename': '/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf', 'file_results': [ { 'id': 'F15', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'S3 Bucket policy should not allow * action', 'logical_resource_ids': "['S3BucketPolicy', 'S3BucketPolicy2']" }, { 'id': 'F16', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'S3 Bucket policy should not allow * principal', 'logical_resource_ids': "['S3BucketPolicy2']" } ] } ] new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = ["id", "type", "message", "logical_resource_ids"] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/s3_bucket_policy/s3_bucket_with_wildcards.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: '+str(expected_result)) print('real results: '+str(real_result)) self.assertEqual(expected_result, real_result)
def test_two_loadbalancers_without_access_logging_enabled(self): expected_result = [{ 'failure_count': '0', 'filename': '/tf/elasticloadbalancing_loadbalancer/two_load_balancers_with_no_logging.tf', 'file_results': [{ 'id': 'W26', 'type': 'VIOLATION::WARNING', 'message': 'Elastic Load Balancer should have access logging enabled', 'logical_resource_ids': "['elb2']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/elasticloadbalancing_loadbalancer/two_load_balancers_with_no_logging.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None self.assertEqual(expected_result, real_result)
def test_ec2_instance_insensitive_authentication(self): expected_result = [{ 'failure_count': '1', 'filename': '/json/ec2_instance/cfn_insensitive_authentication.json', 'file_results': [{ 'id': 'F3', 'type': 'VIOLATION::FAILING_VIOLATION', 'message': 'IAM role should not allow * action on its permissions policy', 'logical_resource_ids': "['RootRole']" }, { 'id': 'W11', 'type': 'VIOLATION::WARNING', 'message': 'IAM role should not allow * resource on its permissions policy', 'logical_resource_ids': "['RootRole']" }] }] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = [ "id", "type", "message", "logical_resource_ids" ] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname( os.path.dirname(os.path.realpath(__file__)) ) + '/terraform_validator/test_templates/tf/ec2_instance/cfn_insensitive_authentication.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: ' + str(expected_result)) print('real results: ' + str(real_result)) self.assertEqual(expected_result, real_result)
def test_ebs_volume_no_tags(self): expected_result = [ { "failure_count": "1", "filename": "/tf/ec2_volume/no_tags.tf", "file_results": [ { "id": "F89", "type": "VIOLATION::FAILING_VIOLATION", "message": "Ebs volume does not have the required tags of Name, ResourceOwner, DeployedBy, Project", "logical_resource_ids": ["NewVolume"] }, { "id": "W1", "type": "VIOLATION::WARNING", "message": "Specifying credentials in the template itself is probably not the safest thing", "logical_resource_ids": ["provider"] } ] } ] if sys.version_info[0] < 3: new_file_results = [] for info in expected_result[0]['file_results']: print('info: ' + str(info)) print('type: ' + str(type(info))) order_of_keys = ["id", "type", "message", "logical_resource_ids"] new_results = OrderedDict() for key in order_of_keys: new_results[key] = info[key] new_file_results.append(new_results) print('new file results: ' + str(new_file_results)) expected_result[0]['file_results'] = new_file_results order_of_keys = ["failure_count", "filename", "file_results"] list_of_tuples = [(key, expected_result[0][key]) for key in order_of_keys] expected_result = [OrderedDict(list_of_tuples)] expected_result = pretty(expected_result) template_name = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))+'/terraform_validator/test_templates/tf/ec2_volume/no_tags.tf' debug = True config_dict = {} config_dict['template_file'] = template_name config_dict['debug'] = debug config_dict['profile'] = None config_dict['rules_directory'] = None config_dict['input_path'] = None config_dict['profile'] = None config_dict['allow_suppression'] = False config_dict['print_suppression'] = False config_dict['parameter_values_path'] = None config_dict['isolate_custom_rule_exceptions'] = None config_dict['use_optional_rules'] = True validator = class_to_test(config_dict) real_result = validator.validate() self.maxDiff = None print('expected results: '+str(expected_result)) print('real results: '+str(real_result)) self.assertEqual(json.loads(expected_result.replace('\'','"')), json.loads(real_result))