Merge pull request #287 from Kudbettin/fix_issue-284-temp

eerkunt · web-flow · commit d4a163fedb7a · 2020-06-07T12:56:05.000+01:00
Made error messages more clear on #284
diff --git a/terraform_compliance/steps/when/its_key_is_value.py b/terraform_compliance/steps/when/its_key_is_value.py
@@ -69,7 +69,10 @@ def to_lower_key(d):
         _step_obj.context.stash = found_list
         _step_obj.context.addresses = get_resource_address_list_from_stash(found_list)
     else:
-        if dict_value is None:
+        if object_key is Null:
+            skip_step(_step_obj, message='Could not find {} in {}.'.format(key,
+                                                                           ', '.join(_step_obj.context.addresses)))
+        elif dict_value is None:
             skip_step(_step_obj, message='Can not find {} {} in {}.'.format(value, orig_key,
                                                                             ', '.join(_step_obj.context.addresses)))
         else:
@@ -126,7 +129,10 @@ def its_key_is_not_value(_step_obj, key, value, dict_value=None, address=Null):
         _step_obj.context.stash = found_list
         _step_obj.context.addresses = get_resource_address_list_from_stash(found_list)
     else:
-        if dict_value is None:
+        if object_key is Null:
+            skip_step(_step_obj, message='Could not find {} in {}.'.format(key,
+                                                                     ', '.join(_step_obj.context.addresses)))
+        elif dict_value is None:
             skip_step(_step_obj, message='Found {} {} in {}.'.format(value, orig_key,
                                                                      ', '.join(_step_obj.context.addresses)))
         else:
diff --git a/tests/functional/test_issue-284/.expected b/tests/functional/test_issue-284/.expected
@@ -0,0 +1 @@
+SKIPPING: Could not find permissions in aws_s3_bucket.bucket.
diff --git a/tests/functional/test_issue-284/main.tf b/tests/functional/test_issue-284/main.tf
@@ -0,0 +1,59 @@
+resource "aws_s3_bucket" "bucket" {
+  bucket = "mybucket"
+
+  grant {
+    id          = "current_user_id"
+    type        = "CanonicalUser"
+    permissions = ["FULL_CONTROL"]
+  }
+
+  grant {
+    type        = "Group"
+    permissions = ["READ", "WRITE"]
+    uri         = "http://acs.amazonaws.com/groups/s3/LogDelivery"
+  }
+}
+
+# Create a new load balancer
+resource "aws_elb" "bar" {
+  name               = "foobar-terraform-elb"
+  availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
+
+  access_logs {
+    bucket        = "foo"
+    bucket_prefix = "bar"
+    interval      = 60
+  }
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
+  }
+
+  health_check {
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 3
+    target              = "HTTP:8000/"
+    interval            = 30
+  }
+
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+
+  tags = {
+    Name = "foobar-terraform-elb"
+  }
+}
diff --git a/tests/functional/test_issue-284/plan.out.json b/tests/functional/test_issue-284/plan.out.json
@@ -0,0 +1 @@
+{"format_version":"0.1","terraform_version":"0.12.25","planned_values":{"root_module":{"resources":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_name":"aws","schema_version":0,"values":{"access_logs":[{"bucket":"foo","bucket_prefix":"bar","enabled":true,"interval":60}],"availability_zones":["us-west-2a","us-west-2b","us-west-2c"],"connection_draining":true,"connection_draining_timeout":400,"cross_zone_load_balancing":true,"health_check":[{"healthy_threshold":2,"interval":30,"target":"HTTP:8000/","timeout":3,"unhealthy_threshold":2}],"idle_timeout":400,"listener":[{"instance_port":8000,"instance_protocol":"http","lb_port":443,"lb_protocol":"https","ssl_certificate_id":"arn:aws:iam::123456789012:server-certificate/certName"},{"instance_port":8000,"instance_protocol":"http","lb_port":80,"lb_protocol":"http","ssl_certificate_id":""}],"name":"foobar-terraform-elb","name_prefix":null,"tags":{"Name":"foobar-terraform-elb"}}},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_name":"aws","schema_version":0,"values":{"acl":"private","bucket":"mybucket","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[{"id":"","permissions":["READ","WRITE"],"type":"Group","uri":"http://acs.amazonaws.com/groups/s3/LogDelivery"},{"id":"current_user_id","permissions":["FULL_CONTROL"],"type":"CanonicalUser","uri":""}],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"website":[]}}]}},"resource_changes":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"access_logs":[{"bucket":"foo","bucket_prefix":"bar","enabled":true,"interval":60}],"availability_zones":["us-west-2a","us-west-2b","us-west-2c"],"connection_draining":true,"connection_draining_timeout":400,"cross_zone_load_balancing":true,"health_check":[{"healthy_threshold":2,"interval":30,"target":"HTTP:8000/","timeout":3,"unhealthy_threshold":2}],"idle_timeout":400,"listener":[{"instance_port":8000,"instance_protocol":"http","lb_port":443,"lb_protocol":"https","ssl_certificate_id":"arn:aws:iam::123456789012:server-certificate/certName"},{"instance_port":8000,"instance_protocol":"http","lb_port":80,"lb_protocol":"http","ssl_certificate_id":""}],"name":"foobar-terraform-elb","name_prefix":null,"tags":{"Name":"foobar-terraform-elb"}},"after_unknown":{"access_logs":[{}],"arn":true,"availability_zones":[false,false,false],"dns_name":true,"health_check":[{}],"id":true,"instances":true,"internal":true,"listener":[{},{}],"security_groups":true,"source_security_group":true,"source_security_group_id":true,"subnets":true,"tags":{},"zone_id":true}}},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"mybucket","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[{"id":"","permissions":["READ","WRITE"],"type":"Group","uri":"http://acs.amazonaws.com/groups/s3/LogDelivery"},{"id":"current_user_id","permissions":["FULL_CONTROL"],"type":"CanonicalUser","uri":""}],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[{"permissions":[false,false]},{"permissions":[false]}],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":true,"website":[],"website_domain":true,"website_endpoint":true}}}],"configuration":{"root_module":{"resources":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_config_key":"aws","expressions":{"access_logs":[{"bucket":{"constant_value":"foo"},"bucket_prefix":{"constant_value":"bar"},"interval":{"constant_value":60}}],"availability_zones":{"constant_value":["us-west-2a","us-west-2b","us-west-2c"]},"connection_draining":{"constant_value":true},"connection_draining_timeout":{"constant_value":400},"cross_zone_load_balancing":{"constant_value":true},"health_check":[{"healthy_threshold":{"constant_value":2},"interval":{"constant_value":30},"target":{"constant_value":"HTTP:8000/"},"timeout":{"constant_value":3},"unhealthy_threshold":{"constant_value":2}}],"idle_timeout":{"constant_value":400},"listener":[{"instance_port":{"constant_value":8000},"instance_protocol":{"constant_value":"http"},"lb_port":{"constant_value":80},"lb_protocol":{"constant_value":"http"}},{"instance_port":{"constant_value":8000},"instance_protocol":{"constant_value":"http"},"lb_port":{"constant_value":443},"lb_protocol":{"constant_value":"https"},"ssl_certificate_id":{"constant_value":"arn:aws:iam::123456789012:server-certificate/certName"}}],"name":{"constant_value":"foobar-terraform-elb"},"tags":{"constant_value":{"Name":"foobar-terraform-elb"}}},"schema_version":0},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_config_key":"aws","expressions":{"bucket":{"constant_value":"mybucket"},"grant":[{"id":{"constant_value":"current_user_id"},"permissions":{"constant_value":["FULL_CONTROL"]},"type":{"constant_value":"CanonicalUser"}},{"permissions":{"constant_value":["READ","WRITE"]},"type":{"constant_value":"Group"},"uri":{"constant_value":"http://acs.amazonaws.com/groups/s3/LogDelivery"}}]},"schema_version":0}]}}}
diff --git a/tests/functional/test_issue-284/test.feature b/tests/functional/test_issue-284/test.feature
@@ -0,0 +1,15 @@
+Feature: Feature for issue 284
+	In order to something
+	As engineers
+	We'll enforce something else
+
+	Scenario Outline: Ensure S3 Bucket's ACL grant does not include write permissions, test2
+		Given I have aws_s3_bucket defined
+		When it has grant
+		And its permissions does not include <value>
+	Examples:
+	| value           |
+	| WRITE_ACP       |
+	| WRITE_bidi      |
+	| FULL_CONTROL_d  |
+	| Something_bad	  |

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+SKIPPING: Could not find permissions in aws_s3_bucket.bucket.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+{"format_version":"0.1","terraform_version":"0.12.25","planned_values":{"root_module":{"resources":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_name":"aws","schema_version":0,"values":{"access_logs":[{"bucket":"foo","bucket_prefix":"bar","enabled":true,"interval":60}],"availability_zones":["us-west-2a","us-west-2b","us-west-2c"],"connection_draining":true,"connection_draining_timeout":400,"cross_zone_load_balancing":true,"health_check":[{"healthy_threshold":2,"interval":30,"target":"HTTP:8000/","timeout":3,"unhealthy_threshold":2}],"idle_timeout":400,"listener":[{"instance_port":8000,"instance_protocol":"http","lb_port":443,"lb_protocol":"https","ssl_certificate_id":"arn:aws:iam::123456789012:server-certificate/certName"},{"instance_port":8000,"instance_protocol":"http","lb_port":80,"lb_protocol":"http","ssl_certificate_id":""}],"name":"foobar-terraform-elb","name_prefix":null,"tags":{"Name":"foobar-terraform-elb"}}},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_name":"aws","schema_version":0,"values":{"acl":"private","bucket":"mybucket","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[{"id":"","permissions":["READ","WRITE"],"type":"Group","uri":"http://acs.amazonaws.com/groups/s3/LogDelivery"},{"id":"current_user_id","permissions":["FULL_CONTROL"],"type":"CanonicalUser","uri":""}],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"website":[]}}]}},"resource_changes":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"access_logs":[{"bucket":"foo","bucket_prefix":"bar","enabled":true,"interval":60}],"availability_zones":["us-west-2a","us-west-2b","us-west-2c"],"connection_draining":true,"connection_draining_timeout":400,"cross_zone_load_balancing":true,"health_check":[{"healthy_threshold":2,"interval":30,"target":"HTTP:8000/","timeout":3,"unhealthy_threshold":2}],"idle_timeout":400,"listener":[{"instance_port":8000,"instance_protocol":"http","lb_port":443,"lb_protocol":"https","ssl_certificate_id":"arn:aws:iam::123456789012:server-certificate/certName"},{"instance_port":8000,"instance_protocol":"http","lb_port":80,"lb_protocol":"http","ssl_certificate_id":""}],"name":"foobar-terraform-elb","name_prefix":null,"tags":{"Name":"foobar-terraform-elb"}},"after_unknown":{"access_logs":[{}],"arn":true,"availability_zones":[false,false,false],"dns_name":true,"health_check":[{}],"id":true,"instances":true,"internal":true,"listener":[{},{}],"security_groups":true,"source_security_group":true,"source_security_group_id":true,"subnets":true,"tags":{},"zone_id":true}}},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"mybucket","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[{"id":"","permissions":["READ","WRITE"],"type":"Group","uri":"http://acs.amazonaws.com/groups/s3/LogDelivery"},{"id":"current_user_id","permissions":["FULL_CONTROL"],"type":"CanonicalUser","uri":""}],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[{"permissions":[false,false]},{"permissions":[false]}],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":true,"website":[],"website_domain":true,"website_endpoint":true}}}],"configuration":{"root_module":{"resources":[{"address":"aws_elb.bar","mode":"managed","type":"aws_elb","name":"bar","provider_config_key":"aws","expressions":{"access_logs":[{"bucket":{"constant_value":"foo"},"bucket_prefix":{"constant_value":"bar"},"interval":{"constant_value":60}}],"availability_zones":{"constant_value":["us-west-2a","us-west-2b","us-west-2c"]},"connection_draining":{"constant_value":true},"connection_draining_timeout":{"constant_value":400},"cross_zone_load_balancing":{"constant_value":true},"health_check":[{"healthy_threshold":{"constant_value":2},"interval":{"constant_value":30},"target":{"constant_value":"HTTP:8000/"},"timeout":{"constant_value":3},"unhealthy_threshold":{"constant_value":2}}],"idle_timeout":{"constant_value":400},"listener":[{"instance_port":{"constant_value":8000},"instance_protocol":{"constant_value":"http"},"lb_port":{"constant_value":80},"lb_protocol":{"constant_value":"http"}},{"instance_port":{"constant_value":8000},"instance_protocol":{"constant_value":"http"},"lb_port":{"constant_value":443},"lb_protocol":{"constant_value":"https"},"ssl_certificate_id":{"constant_value":"arn:aws:iam::123456789012:server-certificate/certName"}}],"name":{"constant_value":"foobar-terraform-elb"},"tags":{"constant_value":{"Name":"foobar-terraform-elb"}}},"schema_version":0},{"address":"aws_s3_bucket.bucket","mode":"managed","type":"aws_s3_bucket","name":"bucket","provider_config_key":"aws","expressions":{"bucket":{"constant_value":"mybucket"},"grant":[{"id":{"constant_value":"current_user_id"},"permissions":{"constant_value":["FULL_CONTROL"]},"type":{"constant_value":"CanonicalUser"}},{"permissions":{"constant_value":["READ","WRITE"]},"type":{"constant_value":"Group"},"uri":{"constant_value":"http://acs.amazonaws.com/groups/s3/LogDelivery"}}]},"schema_version":0}]}}}