From 60d243d4fc284dd33963817334c90b9ad78a25c7 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Mon, 27 Jul 2020 17:35:48 +0530 Subject: [PATCH] adding more unit tests for terraform v12 --- .../terraform/v12/load-dir_test.go | 7 + .../testdata/moduleconfigs/cloudtrail/main.tf | 23 - .../v12/testdata/moduleconfigs/efs/main.tf | 24 - .../moduleconfigs/elasticcache/main.tf | 22 - .../v12/testdata/moduleconfigs/elb/main.tf | 13 - .../testdata/moduleconfigs/kinesis/main.tf | 31 - .../v12/testdata/moduleconfigs/s3/main.tf | 76 - .../v12/testdata/moduleconfigs/sg/main.tf | 411 ------ .../v12/testdata/moduleconfigs/sqs/main.tf | 4 - .../v12/testdata/tfjson/modulconfigs.json | 1314 ----------------- .../v12/testdata/tfjson/moduleconfigs.json | 369 +++++ 11 files changed, 376 insertions(+), 1918 deletions(-) delete mode 100644 pkg/iac-providers/terraform/v12/testdata/tfjson/modulconfigs.json create mode 100644 pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json diff --git a/pkg/iac-providers/terraform/v12/load-dir_test.go b/pkg/iac-providers/terraform/v12/load-dir_test.go index 1fa880dc0..f4b747a43 100644 --- a/pkg/iac-providers/terraform/v12/load-dir_test.go +++ b/pkg/iac-providers/terraform/v12/load-dir_test.go @@ -56,6 +56,13 @@ func TestLoadIacDir(t *testing.T) { tfv12: TfV12{}, wantErr: nil, }, + { + name: "module directory", + tfConfigDir: "./testdata/moduleconfigs", + tfJSONFile: "./testdata/tfjson/moduleconfigs.json", + tfv12: TfV12{}, + wantErr: nil, + }, } for _, tt := range table2 { diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf index 4f3bd49f6..651974226 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf @@ -4,26 +4,3 @@ resource "aws_cloudtrail" "missing-multi-region" { s3_key_prefix = "prefix" include_global_service_events = false } - -resource "aws_cloudtrail" "false-multi-region" { - name = "tf-trail-foobar" - s3_bucket_name = "some-s3-bucket" - s3_key_prefix = "prefix" - include_global_service_events = false - is_multi_region_trail = false -} - -resource "aws_cloudtrail" "missing-kms" { - name = "missing-kms" - s3_bucket_name = "some-s3-bucket" - s3_key_prefix = "prefix" - include_global_service_events = false -} - -resource "aws_cloudtrail" "with-kms" { - name = "with-kms" - s3_bucket_name = "some-s3-bucket" - s3_key_prefix = "prefix" - include_global_service_events = false - kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" -} diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf index 3fc186b0c..94833205f 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf @@ -5,27 +5,3 @@ resource "aws_efs_file_system" "efsNotEncrypted" { Name = "not-encrypted" } } - - -resource "aws_efs_file_system" "efsEncryptedFalse" { - creation_token = "my-product" - - tags = { - Name = "encrypted" - } - - encrypted = false - -} - -resource "aws_efs_file_system" "efsEncryptedWithNoKms" { - creation_token = "my-product" - - tags = { - Name = "encrypted" - } - - encrypted = true - -} - diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf index e573c7a3e..280c0a859 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf @@ -6,25 +6,3 @@ resource "aws_elasticache_cluster" "noMemcachedInElastiCache" { parameter_group_name = "default.memcached1.4" port = 11211 } - - -resource "aws_elasticache_cluster" "redis_version_compliant" { - cluster_id = "cluster-example" - engine = "redis" - node_type = "cache.m4.large" - num_cache_nodes = 1 - parameter_group_name = "default.redis3.2" - engine_version = "3.2.10" - port = 6379 -} - - -resource "aws_elasticache_cluster" "redis_version_non_compliant" { - cluster_id = "cluster-example" - engine = "redis" - node_type = "cache.m4.large" - num_cache_nodes = 1 - parameter_group_name = "default.redis3.2" - engine_version = "3.2.0" - port = 6379 -} diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf index faf404768..f841a1ab3 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf @@ -8,16 +8,3 @@ resource "aws_load_balancer_policy" "elbWeakCipher" { value = "true" } } - -resource "aws_load_balancer_policy" "elbSsLTsLProtocol" { - load_balancer_name = "some-name" - policy_name = "wu-tang-ssl" - policy_type_name = "SSLNegotiationPolicyType" - - policy_attribute { - name = "Protocol-SSLv3" - value = "true" - } -} - - diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf index 9106214de..ed2f59135 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf @@ -15,34 +15,3 @@ resource "aws_kinesis_stream" "kinesisEncryptedWithKms" { Environment = "kinesisEncryptedWithKms" } } - -resource "aws_kinesis_stream" "unencrypted_aws_kinesis_stream" { - name = "terraform-kinesis-test" - shard_count = 1 - retention_period = 48 - - shard_level_metrics = [ - "IncomingBytes", - "OutgoingBytes", - ] - - tags = { - Environment = "test" - } -} - - - -resource "aws_kinesis_stream" "kinesis_encrypted_but_no_kms_provided" { - name = "kinesisEncryptedWithKms" - shard_count = 1 - retention_period = 48 - - shard_level_metrics = [ - "IncomingBytes", - "OutgoingBytes", - ] - - encryption_type = "KMS" -} - diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf index 1df1f2bd3..8ab3a4082 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf @@ -7,79 +7,3 @@ resource "aws_s3_bucket" "noS3BucketSseRules" { Environment = "Dev" } } - - -resource "aws_s3_bucket" "s3BucketSseRulesWithKmsNull" { - bucket = "mybucket" - acl = "private" - - tags = { - Name = "s3BucketSseRulesWithNoKms" - Environment = "Dev" - } - - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - } - } - } -} - -resource "aws_s3_bucket" "s3BucketNoWebsiteIndexDoc" { - bucket = "website" - acl = "public-read" - - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - kms_master_key_id = "some-key-id" - sse_algorithm = "aws:kms" - } - } - } - - website { - index_document = "index.html" - error_document = "error.html" - } -} - -resource "aws_s3_bucket" "s3VersioningMfaFalse" { - bucket = "tf-test" - - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - kms_master_key_id = "some-key-id" - sse_algorithm = "aws:kms" - } - } - } - - versioning { - enabled = true - mfa_delete = false - } -} - -resource "aws_s3_bucket" "allUsersReadAccess" { - bucket = "my-tf-test-bucket" - acl = "public-read" -} - -resource "aws_s3_bucket" "authUsersReadAccess" { - bucket = "my-tf-test-bucket" - acl = "authenticated-read" -} - -resource "aws_s3_bucket" "allUsersWriteAccess" { - bucket = "my-tf-test-bucket" - acl = "public-write" -} - -resource "aws_s3_bucket" "allUsersReadWriteAccess" { - bucket = "my-tf-test-bucket" - acl = "public-read-write" -} diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf index 5143018b9..c61772631 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf @@ -15,407 +15,6 @@ resource "aws_security_group" "acme_web" { cidr_blocks = ["0.0.0.0/0", "19.16.0.0/24"] } - # HTTP access from the VPC - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - # HTTPS access from the VPC - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - from_port = 4505 - to_port = 4505 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 4506 - from_port = 4506 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 3020 - from_port = 3020 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 61621 - from_port = 61621 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 7001 - from_port = 7001 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9000 - from_port = 9000 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 8000 - from_port = 8000 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 8080 - from_port = 8080 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 636 - from_port = 636 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 1434 - from_port = 1434 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 1434 - from_port = 1434 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 135 - from_port = 135 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 1433 - from_port = 1433 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11214 - from_port = 11214 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11214 - from_port = 11214 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11215 - from_port = 11215 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11215 - from_port = 11215 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 27018 - from_port = 27018 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 3306 - from_port = 3306 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 137 - from_port = 137 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 137 - from_port = 137 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 138 - from_port = 138 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 138 - from_port = 138 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 139 - from_port = 139 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 139 - from_port = 139 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2484 - from_port = 2484 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2484 - from_port = 2484 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 5432 - from_port = 5432 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 5432 - from_port = 5432 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 3000 - from_port = 3000 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 8140 - from_port = 8140 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 161 - from_port = 161 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2382 - from_port = 2382 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2383 - from_port = 2383 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9090 - from_port = 9090 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 3389 - from_port = 3389 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9042 - from_port = 9042 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 7000 - from_port = 7000 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 7199 - from_port = 7199 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 61620 - from_port = 61620 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 8888 - from_port = 8888 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9160 - from_port = 9160 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9200 - from_port = 9200 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 9300 - from_port = 9300 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 389 - from_port = 389 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 389 - from_port = 389 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11211 - from_port = 11211 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 11211 - from_port = 11211 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 27017 - from_port = 27017 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 1521 - from_port = 1521 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2483 - from_port = 2483 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 2483 - from_port = 2483 - protocol = "udp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 6379 - from_port = 6379 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 0 - from_port = 6379 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - - ingress { - to_port = 0 - from_port = 4506 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] - } - # outbound internet access egress { from_port = 0 @@ -424,13 +23,3 @@ resource "aws_security_group" "acme_web" { cidr_blocks = ["0.0.0.0/0", "192.164.0.0/24"] } } - -resource "aws_security_group" "defaultSGNotRestrictsAllTraffic" { - name = "default" - description = "Used in the terraform" - vpc_id = "some_dummy_vpc" - - tags = { - Name = "default" - } -} diff --git a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf index db96848ea..a6753377d 100644 --- a/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf +++ b/pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf @@ -1,7 +1,3 @@ -resource "aws_sqs_queue" "sqsSseDisabled" { - name = "terraform-example-queue" -} - resource "aws_sqs_queue" "sqsQueueExposed" { name = "terraform-example-queue" kms_master_key_id = "alias/aws/sqs" diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/modulconfigs.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/modulconfigs.json deleted file mode 100644 index 01c2721e3..000000000 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/modulconfigs.json +++ /dev/null @@ -1,1314 +0,0 @@ -{ - "aws_cloudfront_distribution": [ - { - "id": "aws_cloudfront_distribution.s3-distribution-TLS-v1", - "name": "s3-distribution-TLS-v1", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudfront/main.tf", - "type": "aws_cloudfront_distribution", - "config": { - "default_cache_behavior": [ - { - "default_cache_behavior": { - "allowed_methods": [ - "DELETE", - "GET", - "HEAD", - "OPTIONS", - "PATCH", - "POST", - "PUT" - ], - "cached_methods": [ - "GET", - "HEAD" - ], - "forwarded_values": [ - { - "forwarded_values": { - "cookies": [ - { - "cookies": { - "forward": "none" - } - } - ], - "query_string": false - } - } - ], - "target_origin_id": "local.s3_origin_id", - "viewer_protocol_policy": "https-only" - } - } - ], - "enabled": true, - "ordered_cache_behavior": [ - { - "ordered_cache_behavior": { - "allowed_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "cached_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "compress": true, - "forwarded_values": [ - { - "forwarded_values": { - "cookies": [ - { - "cookies": { - "forward": "none" - } - } - ], - "headers": [ - "Origin" - ], - "query_string": false - } - } - ], - "path_pattern": "/content/immutable/*", - "target_origin_id": "local.s3_origin_id", - "viewer_protocol_policy": "allow-all" - } - }, - { - "ordered_cache_behavior": { - "allowed_methods": [ - "GET", - "HEAD", - "OPTIONS" - ], - "cached_methods": [ - "GET", - "HEAD" - ], - "forwarded_values": [ - { - "forwarded_values": { - "cookies": [ - { - "cookies": { - "forward": "none" - } - } - ], - "query_string": false - } - } - ], - "path_pattern": "/content/*", - "target_origin_id": "local.s3_origin_id", - "viewer_protocol_policy": "allow-all" - } - } - ], - "origin": [ - { - "origin": { - "domain_name": "aws_s3_bucket.b.bucket_regional_domain_name", - "origin_id": "local.s3_origin_id", - "s3_origin_config": [ - { - "s3_origin_config": { - "origin_access_identity": "origin-access-identity/cloudfront/ABCDEFG1234567" - } - } - ] - } - } - ], - "restrictions": [ - { - "restrictions": { - "geo_restriction": [ - { - "geo_restriction": { - "locations": [ - "US", - "CA", - "GB", - "DE" - ], - "restriction_type": "whitelist" - } - } - ] - } - } - ], - "viewer_certificate": [ - { - "viewer_certificate": { - "cloudfront_default_certificate": true, - "minimum_protocol_version": "TLSv1" - } - } - ] - } - } - ], - "aws_cloudtrail": [ - { - "id": "aws_cloudtrail.missing-multi-region", - "name": "missing-multi-region", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf", - "type": "aws_cloudtrail", - "config": { - "include_global_service_events": false, - "name": "tf-trail-foobar", - "s3_bucket_name": "some-s3-bucket", - "s3_key_prefix": "prefix" - } - }, - { - "id": "aws_cloudtrail.false-multi-region", - "name": "false-multi-region", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf", - "type": "aws_cloudtrail", - "config": { - "include_global_service_events": false, - "is_multi_region_trail": false, - "name": "tf-trail-foobar", - "s3_bucket_name": "some-s3-bucket", - "s3_key_prefix": "prefix" - } - }, - { - "id": "aws_cloudtrail.missing-kms", - "name": "missing-kms", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf", - "type": "aws_cloudtrail", - "config": { - "include_global_service_events": false, - "name": "missing-kms", - "s3_bucket_name": "some-s3-bucket", - "s3_key_prefix": "prefix" - } - }, - { - "id": "aws_cloudtrail.with-kms", - "name": "with-kms", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudtrail/main.tf", - "type": "aws_cloudtrail", - "config": { - "include_global_service_events": false, - "kms_key_id": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", - "name": "with-kms", - "s3_bucket_name": "some-s3-bucket", - "s3_key_prefix": "prefix" - } - } - ], - "aws_ecs_task_definition": [ - { - "id": "aws_ecs_task_definition.instanceNotInVpc", - "name": "instanceNotInVpc", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/ecs/main.tf", - "type": "aws_ecs_task_definition", - "config": { - "container_definitions": "${file(\"ecs/service.json\")}", - "family": "service", - "network_mode": "bridge" - } - } - ], - "aws_efs_file_system": [ - { - "id": "aws_efs_file_system.efsEncryptedWithNoKms", - "name": "efsEncryptedWithNoKms", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf", - "type": "aws_efs_file_system", - "config": { - "creation_token": "my-product", - "encrypted": true, - "tags": { - "Name": "encrypted" - } - } - }, - { - "id": "aws_efs_file_system.efsNotEncrypted", - "name": "efsNotEncrypted", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf", - "type": "aws_efs_file_system", - "config": { - "creation_token": "my-product", - "tags": { - "Name": "not-encrypted" - } - } - }, - { - "id": "aws_efs_file_system.efsEncryptedFalse", - "name": "efsEncryptedFalse", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/efs/main.tf", - "type": "aws_efs_file_system", - "config": { - "creation_token": "my-product", - "encrypted": false, - "tags": { - "Name": "encrypted" - } - } - } - ], - "aws_elasticache_cluster": [ - { - "id": "aws_elasticache_cluster.noMemcachedInElastiCache", - "name": "noMemcachedInElastiCache", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf", - "type": "aws_elasticache_cluster", - "config": { - "cluster_id": "cluster-example", - "engine": "memcached", - "node_type": "cache.m4.large", - "num_cache_nodes": 2, - "parameter_group_name": "default.memcached1.4", - "port": 11211 - } - }, - { - "id": "aws_elasticache_cluster.redis_version_compliant", - "name": "redis_version_compliant", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf", - "type": "aws_elasticache_cluster", - "config": { - "cluster_id": "cluster-example", - "engine": "redis", - "engine_version": "3.2.10", - "node_type": "cache.m4.large", - "num_cache_nodes": 1, - "parameter_group_name": "default.redis3.2", - "port": 6379 - } - }, - { - "id": "aws_elasticache_cluster.redis_version_non_compliant", - "name": "redis_version_non_compliant", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elasticcache/main.tf", - "type": "aws_elasticache_cluster", - "config": { - "cluster_id": "cluster-example", - "engine": "redis", - "engine_version": "3.2.0", - "node_type": "cache.m4.large", - "num_cache_nodes": 1, - "parameter_group_name": "default.redis3.2", - "port": 6379 - } - } - ], - "aws_guardduty_detector": [ - { - "id": "aws_guardduty_detector.gaurdDutyDisabled", - "name": "gaurdDutyDisabled", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/guardduty/main.tf", - "type": "aws_guardduty_detector", - "config": { - "enable": false - } - } - ], - "aws_iam_access_key": [ - { - "id": "aws_iam_access_key.noAccessKeyForRootAccount", - "name": "noAccessKeyForRootAccount", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/iam/main.tf", - "type": "aws_iam_access_key", - "config": { - "pgp_key": "keybase:some_person_that_exists", - "status": "Inactive", - "user": "root" - } - } - ], - "aws_kinesis_stream": [ - { - "id": "aws_kinesis_stream.kinesis_encrypted_but_no_kms_provided", - "name": "kinesis_encrypted_but_no_kms_provided", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf", - "type": "aws_kinesis_stream", - "config": { - "encryption_type": "KMS", - "name": "kinesisEncryptedWithKms", - "retention_period": 48, - "shard_count": 1, - "shard_level_metrics": [ - "IncomingBytes", - "OutgoingBytes" - ] - } - }, - { - "id": "aws_kinesis_stream.kinesisEncryptedWithKms", - "name": "kinesisEncryptedWithKms", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf", - "type": "aws_kinesis_stream", - "config": { - "encryption_type": "KMS", - "kms_key_id": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", - "name": "kinesisEncryptedWithKms", - "retention_period": 48, - "shard_count": 1, - "shard_level_metrics": [ - "IncomingBytes", - "OutgoingBytes" - ], - "tags": { - "Environment": "kinesisEncryptedWithKms" - } - } - }, - { - "id": "aws_kinesis_stream.unencrypted_aws_kinesis_stream", - "name": "unencrypted_aws_kinesis_stream", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/kinesis/main.tf", - "type": "aws_kinesis_stream", - "config": { - "name": "terraform-kinesis-test", - "retention_period": 48, - "shard_count": 1, - "shard_level_metrics": [ - "IncomingBytes", - "OutgoingBytes" - ], - "tags": { - "Environment": "test" - } - } - } - ], - "aws_kms_key": [ - { - "id": "aws_kms_key.kmsKeyDisabled", - "name": "kmsKeyDisabled", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/cloudfront/sub-cloudfront/main.tf", - "type": "aws_kms_key", - "config": { - "description": "KMS key 2", - "is_enabled": false, - "tags": { - "Name": "kmsKeyDisabled", - "Setup": "self-healing" - } - } - } - ], - "aws_load_balancer_policy": [ - { - "id": "aws_load_balancer_policy.elbWeakCipher", - "name": "elbWeakCipher", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf", - "type": "aws_load_balancer_policy", - "config": { - "load_balancer_name": "some-name", - "policy_attribute": [ - { - "policy_attribute": { - "name": "ECDHE-RSA-RC4-SHA", - "value": "true" - } - } - ], - "policy_name": "wu-tang-ssl", - "policy_type_name": "SSLNegotiationPolicyType" - } - }, - { - "id": "aws_load_balancer_policy.elbSsLTsLProtocol", - "name": "elbSsLTsLProtocol", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/elb/main.tf", - "type": "aws_load_balancer_policy", - "config": { - "load_balancer_name": "some-name", - "policy_attribute": [ - { - "policy_attribute": { - "name": "Protocol-SSLv3", - "value": "true" - } - } - ], - "policy_name": "wu-tang-ssl", - "policy_type_name": "SSLNegotiationPolicyType" - } - } - ], - "aws_s3_bucket": [ - { - "id": "aws_s3_bucket.s3VersioningMfaFalse", - "name": "s3VersioningMfaFalse", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "bucket": "tf-test", - "server_side_encryption_configuration": [ - { - "server_side_encryption_configuration": { - "rule": [ - { - "rule": { - "apply_server_side_encryption_by_default": [ - { - "apply_server_side_encryption_by_default": { - "kms_master_key_id": "some-key-id", - "sse_algorithm": "aws:kms" - } - } - ] - } - } - ] - } - } - ], - "versioning": [ - { - "versioning": { - "enabled": true, - "mfa_delete": false - } - } - ] - } - }, - { - "id": "aws_s3_bucket.allUsersReadAccess", - "name": "allUsersReadAccess", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "public-read", - "bucket": "my-tf-test-bucket" - } - }, - { - "id": "aws_s3_bucket.authUsersReadAccess", - "name": "authUsersReadAccess", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "authenticated-read", - "bucket": "my-tf-test-bucket" - } - }, - { - "id": "aws_s3_bucket.allUsersWriteAccess", - "name": "allUsersWriteAccess", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "public-write", - "bucket": "my-tf-test-bucket" - } - }, - { - "id": "aws_s3_bucket.allUsersReadWriteAccess", - "name": "allUsersReadWriteAccess", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "public-read-write", - "bucket": "my-tf-test-bucket" - } - }, - { - "id": "aws_s3_bucket.noS3BucketSseRules", - "name": "noS3BucketSseRules", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "private", - "bucket": "mybucket", - "tags": { - "Environment": "Dev", - "Name": "nos3BucketSseRules" - } - } - }, - { - "id": "aws_s3_bucket.s3BucketSseRulesWithKmsNull", - "name": "s3BucketSseRulesWithKmsNull", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "private", - "bucket": "mybucket", - "server_side_encryption_configuration": [ - { - "server_side_encryption_configuration": { - "rule": [ - { - "rule": { - "apply_server_side_encryption_by_default": [ - { - "apply_server_side_encryption_by_default": { - "sse_algorithm": "aws:kms" - } - } - ] - } - } - ] - } - } - ], - "tags": { - "Environment": "Dev", - "Name": "s3BucketSseRulesWithNoKms" - } - } - }, - { - "id": "aws_s3_bucket.s3BucketNoWebsiteIndexDoc", - "name": "s3BucketNoWebsiteIndexDoc", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/s3/main.tf", - "type": "aws_s3_bucket", - "config": { - "acl": "public-read", - "bucket": "website", - "server_side_encryption_configuration": [ - { - "server_side_encryption_configuration": { - "rule": [ - { - "rule": { - "apply_server_side_encryption_by_default": [ - { - "apply_server_side_encryption_by_default": { - "kms_master_key_id": "some-key-id", - "sse_algorithm": "aws:kms" - } - } - ] - } - } - ] - } - } - ], - "website": [ - { - "website": { - "error_document": "error.html", - "index_document": "index.html" - } - } - ] - } - } - ], - "aws_security_group": [ - { - "id": "aws_security_group.acme_web", - "name": "acme_web", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf", - "type": "aws_security_group", - "config": { - "description": "Used in the terraform", - "egress": [ - { - "egress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 0, - "protocol": "-1", - "to_port": 0 - } - } - ], - "ingress": [ - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "19.16.0.0/24" - ], - "from_port": 22, - "protocol": "tcp", - "to_port": 22 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 80, - "protocol": "tcp", - "to_port": 80 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 443, - "protocol": "tcp", - "to_port": 443 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 4505, - "protocol": "tcp", - "to_port": 4505 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 4506, - "protocol": "-1", - "to_port": 4506 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 3020, - "protocol": "tcp", - "to_port": 3020 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 61621, - "protocol": "-1", - "to_port": 61621 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 7001, - "protocol": "tcp", - "to_port": 7001 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9000, - "protocol": "-1", - "to_port": 9000 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 8000, - "protocol": "tcp", - "to_port": 8000 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 8080, - "protocol": "-1", - "to_port": 8080 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 636, - "protocol": "tcp", - "to_port": 636 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 1434, - "protocol": "tcp", - "to_port": 1434 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 1434, - "protocol": "udp", - "to_port": 1434 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 135, - "protocol": "tcp", - "to_port": 135 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 1433, - "protocol": "tcp", - "to_port": 1433 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11214, - "protocol": "tcp", - "to_port": 11214 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11214, - "protocol": "udp", - "to_port": 11214 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11215, - "protocol": "tcp", - "to_port": 11215 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11215, - "protocol": "udp", - "to_port": 11215 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 27018, - "protocol": "tcp", - "to_port": 27018 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 3306, - "protocol": "tcp", - "to_port": 3306 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 137, - "protocol": "tcp", - "to_port": 137 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 137, - "protocol": "udp", - "to_port": 137 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 138, - "protocol": "tcp", - "to_port": 138 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 138, - "protocol": "udp", - "to_port": 138 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 139, - "protocol": "tcp", - "to_port": 139 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 139, - "protocol": "udp", - "to_port": 139 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2484, - "protocol": "tcp", - "to_port": 2484 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2484, - "protocol": "udp", - "to_port": 2484 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 5432, - "protocol": "tcp", - "to_port": 5432 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 5432, - "protocol": "udp", - "to_port": 5432 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 3000, - "protocol": "tcp", - "to_port": 3000 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 8140, - "protocol": "tcp", - "to_port": 8140 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 161, - "protocol": "udp", - "to_port": 161 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2382, - "protocol": "tcp", - "to_port": 2382 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2383, - "protocol": "tcp", - "to_port": 2383 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9090, - "protocol": "tcp", - "to_port": 9090 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 3389, - "protocol": "tcp", - "to_port": 3389 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9042, - "protocol": "tcp", - "to_port": 9042 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 7000, - "protocol": "tcp", - "to_port": 7000 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 7199, - "protocol": "tcp", - "to_port": 7199 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 61620, - "protocol": "tcp", - "to_port": 61620 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 8888, - "protocol": "tcp", - "to_port": 8888 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9160, - "protocol": "tcp", - "to_port": 9160 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9200, - "protocol": "tcp", - "to_port": 9200 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 9300, - "protocol": "tcp", - "to_port": 9300 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 389, - "protocol": "tcp", - "to_port": 389 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 389, - "protocol": "udp", - "to_port": 389 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11211, - "protocol": "tcp", - "to_port": 11211 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 11211, - "protocol": "udp", - "to_port": 11211 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 27017, - "protocol": "tcp", - "to_port": 27017 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 1521, - "protocol": "tcp", - "to_port": 1521 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2483, - "protocol": "tcp", - "to_port": 2483 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 2483, - "protocol": "udp", - "to_port": 2483 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 6379, - "protocol": "tcp", - "to_port": 6379 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 6379, - "protocol": "-1", - "to_port": 0 - } - }, - { - "ingress": { - "cidr_blocks": [ - "0.0.0.0/0", - "192.164.0.0/24" - ], - "from_port": 4506, - "protocol": "-1", - "to_port": 0 - } - } - ], - "name": "acme_web", - "tags": { - "Name": "acme_web" - }, - "vpc_id": "some_dummy_vpc" - } - }, - { - "id": "aws_security_group.defaultSGNotRestrictsAllTraffic", - "name": "defaultSGNotRestrictsAllTraffic", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sg/main.tf", - "type": "aws_security_group", - "config": { - "description": "Used in the terraform", - "name": "default", - "tags": { - "Name": "default" - }, - "vpc_id": "some_dummy_vpc" - } - } - ], - "aws_sqs_queue": [ - { - "id": "aws_sqs_queue.sqsSseDisabled", - "name": "sqsSseDisabled", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf", - "type": "aws_sqs_queue", - "config": { - "name": "terraform-example-queue" - } - }, - { - "id": "aws_sqs_queue.sqsQueueExposed", - "name": "sqsQueueExposed", - "source": "pkg/iac-providers/terraform/v12/testdata/moduleconfigs/sqs/main.tf", - "type": "aws_sqs_queue", - "config": { - "kms_data_key_reuse_period_seconds": 300, - "kms_master_key_id": "alias/aws/sqs", - "name": "terraform-example-queue", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\":\"Queue1_AnonymousAccess_AllActions_WhitelistIP\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:*\",\n \"Resource\": \"arn:aws:sqs:*:111122223333:queue1\"\n }] \n}\n" - } - } - ] -} diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json new file mode 100644 index 000000000..074ba47fd --- /dev/null +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json @@ -0,0 +1,369 @@ +{ + "aws_cloudfront_distribution": [ + { + "id": "aws_cloudfront_distribution.s3-distribution-TLS-v1", + "name": "s3-distribution-TLS-v1", + "source": "testdata/moduleconfigs/cloudfront/main.tf", + "type": "aws_cloudfront_distribution", + "config": { + "default_cache_behavior": [ + { + "default_cache_behavior": { + "allowed_methods": [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "forwarded_values": [ + { + "forwarded_values": { + "cookies": [ + { + "cookies": { + "forward": "none" + } + } + ], + "query_string": false + } + } + ], + "target_origin_id": "local.s3_origin_id", + "viewer_protocol_policy": "https-only" + } + } + ], + "enabled": true, + "ordered_cache_behavior": [ + { + "ordered_cache_behavior": { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "compress": true, + "forwarded_values": [ + { + "forwarded_values": { + "cookies": [ + { + "cookies": { + "forward": "none" + } + } + ], + "headers": [ + "Origin" + ], + "query_string": false + } + } + ], + "path_pattern": "/content/immutable/*", + "target_origin_id": "local.s3_origin_id", + "viewer_protocol_policy": "allow-all" + } + }, + { + "ordered_cache_behavior": { + "allowed_methods": [ + "GET", + "HEAD", + "OPTIONS" + ], + "cached_methods": [ + "GET", + "HEAD" + ], + "forwarded_values": [ + { + "forwarded_values": { + "cookies": [ + { + "cookies": { + "forward": "none" + } + } + ], + "query_string": false + } + } + ], + "path_pattern": "/content/*", + "target_origin_id": "local.s3_origin_id", + "viewer_protocol_policy": "allow-all" + } + } + ], + "origin": [ + { + "origin": { + "domain_name": "aws_s3_bucket.b.bucket_regional_domain_name", + "origin_id": "local.s3_origin_id", + "s3_origin_config": [ + { + "s3_origin_config": { + "origin_access_identity": "origin-access-identity/cloudfront/ABCDEFG1234567" + } + } + ] + } + } + ], + "restrictions": [ + { + "restrictions": { + "geo_restriction": [ + { + "geo_restriction": { + "locations": [ + "US", + "CA", + "GB", + "DE" + ], + "restriction_type": "whitelist" + } + } + ] + } + } + ], + "viewer_certificate": [ + { + "viewer_certificate": { + "cloudfront_default_certificate": true, + "minimum_protocol_version": "TLSv1" + } + } + ] + } + } + ], + "aws_cloudtrail": [ + { + "id": "aws_cloudtrail.missing-multi-region", + "name": "missing-multi-region", + "source": "testdata/moduleconfigs/cloudtrail/main.tf", + "type": "aws_cloudtrail", + "config": { + "include_global_service_events": false, + "name": "tf-trail-foobar", + "s3_bucket_name": "some-s3-bucket", + "s3_key_prefix": "prefix" + } + } + ], + "aws_ecs_task_definition": [ + { + "id": "aws_ecs_task_definition.instanceNotInVpc", + "name": "instanceNotInVpc", + "source": "testdata/moduleconfigs/ecs/main.tf", + "type": "aws_ecs_task_definition", + "config": { + "container_definitions": "${file(\"ecs/service.json\")}", + "family": "service", + "network_mode": "bridge" + } + } + ], + "aws_efs_file_system": [ + { + "id": "aws_efs_file_system.efsNotEncrypted", + "name": "efsNotEncrypted", + "source": "testdata/moduleconfigs/efs/main.tf", + "type": "aws_efs_file_system", + "config": { + "creation_token": "my-product", + "tags": { + "Name": "not-encrypted" + } + } + } + ], + "aws_elasticache_cluster": [ + { + "id": "aws_elasticache_cluster.noMemcachedInElastiCache", + "name": "noMemcachedInElastiCache", + "source": "testdata/moduleconfigs/elasticcache/main.tf", + "type": "aws_elasticache_cluster", + "config": { + "cluster_id": "cluster-example", + "engine": "memcached", + "node_type": "cache.m4.large", + "num_cache_nodes": 2, + "parameter_group_name": "default.memcached1.4", + "port": 11211 + } + } + ], + "aws_guardduty_detector": [ + { + "id": "aws_guardduty_detector.gaurdDutyDisabled", + "name": "gaurdDutyDisabled", + "source": "testdata/moduleconfigs/guardduty/main.tf", + "type": "aws_guardduty_detector", + "config": { + "enable": false + } + } + ], + "aws_iam_access_key": [ + { + "id": "aws_iam_access_key.noAccessKeyForRootAccount", + "name": "noAccessKeyForRootAccount", + "source": "testdata/moduleconfigs/iam/main.tf", + "type": "aws_iam_access_key", + "config": { + "pgp_key": "keybase:some_person_that_exists", + "status": "Inactive", + "user": "root" + } + } + ], + "aws_kinesis_stream": [ + { + "id": "aws_kinesis_stream.kinesisEncryptedWithKms", + "name": "kinesisEncryptedWithKms", + "source": "testdata/moduleconfigs/kinesis/main.tf", + "type": "aws_kinesis_stream", + "config": { + "encryption_type": "KMS", + "kms_key_id": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "name": "kinesisEncryptedWithKms", + "retention_period": 48, + "shard_count": 1, + "shard_level_metrics": [ + "IncomingBytes", + "OutgoingBytes" + ], + "tags": { + "Environment": "kinesisEncryptedWithKms" + } + } + } + ], + "aws_kms_key": [ + { + "id": "aws_kms_key.kmsKeyDisabled", + "name": "kmsKeyDisabled", + "source": "testdata/moduleconfigs/cloudfront/sub-cloudfront/main.tf", + "type": "aws_kms_key", + "config": { + "description": "KMS key 2", + "is_enabled": false, + "tags": { + "Name": "kmsKeyDisabled", + "Setup": "self-healing" + } + } + } + ], + "aws_load_balancer_policy": [ + { + "id": "aws_load_balancer_policy.elbWeakCipher", + "name": "elbWeakCipher", + "source": "testdata/moduleconfigs/elb/main.tf", + "type": "aws_load_balancer_policy", + "config": { + "load_balancer_name": "some-name", + "policy_attribute": [ + { + "policy_attribute": { + "name": "ECDHE-RSA-RC4-SHA", + "value": "true" + } + } + ], + "policy_name": "wu-tang-ssl", + "policy_type_name": "SSLNegotiationPolicyType" + } + } + ], + "aws_s3_bucket": [ + { + "id": "aws_s3_bucket.noS3BucketSseRules", + "name": "noS3BucketSseRules", + "source": "testdata/moduleconfigs/s3/main.tf", + "type": "aws_s3_bucket", + "config": { + "acl": "private", + "bucket": "mybucket", + "tags": { + "Environment": "Dev", + "Name": "nos3BucketSseRules" + } + } + } + ], + "aws_security_group": [ + { + "id": "aws_security_group.acme_web", + "name": "acme_web", + "source": "testdata/moduleconfigs/sg/main.tf", + "type": "aws_security_group", + "config": { + "description": "Used in the terraform", + "egress": [ + { + "egress": { + "cidr_blocks": [ + "0.0.0.0/0", + "192.164.0.0/24" + ], + "from_port": 0, + "protocol": "-1", + "to_port": 0 + } + } + ], + "ingress": [ + { + "ingress": { + "cidr_blocks": [ + "0.0.0.0/0", + "19.16.0.0/24" + ], + "from_port": 22, + "protocol": "tcp", + "to_port": 22 + } + } + ], + "name": "acme_web", + "tags": { + "Name": "acme_web" + }, + "vpc_id": "some_dummy_vpc" + } + } + ], + "aws_sqs_queue": [ + { + "id": "aws_sqs_queue.sqsQueueExposed", + "name": "sqsQueueExposed", + "source": "testdata/moduleconfigs/sqs/main.tf", + "type": "aws_sqs_queue", + "config": { + "kms_data_key_reuse_period_seconds": 300, + "kms_master_key_id": "alias/aws/sqs", + "name": "terraform-example-queue", + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\":\"Queue1_AnonymousAccess_AllActions_WhitelistIP\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:*\",\n \"Resource\": \"arn:aws:sqs:*:111122223333:queue1\"\n }] \n}\n" + } + } + ] +}