diff --git a/cmd/terrascan/main.go b/cmd/terrascan/main.go index 09cbeb556..76f613c04 100644 --- a/cmd/terrascan/main.go +++ b/cmd/terrascan/main.go @@ -16,76 +16,8 @@ package main -import ( - "flag" - "fmt" - - "github.com/accurics/terrascan/pkg/cli" - httpServer "github.com/accurics/terrascan/pkg/http-server" - "github.com/accurics/terrascan/pkg/initialize" - "github.com/accurics/terrascan/pkg/logging" - "github.com/accurics/terrascan/pkg/version" - "go.uber.org/zap" -) +import "github.com/accurics/terrascan/pkg/cli" func main() { - - // command line flags - var ( - // server mode - server = flag.Bool("server", false, "run terrascan in server mode") - - // IaC flags - iacType = flag.String("iac", "", "IaC provider (supported values: terraform)") - iacVersion = flag.String("iac-version", "v12", "IaC version (supported values: 'v12' for terraform)") - iacFilePath = flag.String("f", "", "IaC file path") - iacDirPath = flag.String("d", ".", "IaC directory path") - policyPath = flag.String("p", "", "Policy directory path") - - // cloud flags - cloudType = flag.String("cloud", "", "cloud provider (supported values: aws, azure)") - - // logging flags - logLevel = flag.String("log-level", "info", "logging level (debug, info, warn, error, panic, fatal)") - logType = flag.String("log-type", "console", "log type (json, console)") - - // config file - configFile = flag.String("config", "", "config file path") - - // output type - output = flag.String("output", "yaml", "output format (json, yaml)") - - //version - ver = flag.Bool("version", false, "terrascan version") - ) - flag.Parse() - - // if no flags are passed, print usage - if flag.NFlag() < 1 { - flag.Usage() - return - } - - // print version - if *ver { - fmt.Println(version.Get()) - return - } - - // initialize logger - logging.Init(*logType, *logLevel) - - // initialize terrascan - if err := initialize.Run(); err != nil { - zap.S().Error("failed to initialize terrascan") - return - } - - // if server mode set, run terrascan as a server, else run it as CLI - if *server { - httpServer.Start() - } else { - zap.S().Debug("running terrascan in cli mode") - cli.Run(*iacType, *iacVersion, *cloudType, *iacFilePath, *iacDirPath, *configFile, *policyPath, *output) - } + cli.Execute() } diff --git a/cmd/terrascan/terrascan b/cmd/terrascan/terrascan new file mode 100755 index 000000000..584acacb4 Binary files /dev/null and b/cmd/terrascan/terrascan differ diff --git a/go.mod b/go.mod index d16447ec9..93b2a8d0e 100644 --- a/go.mod +++ b/go.mod @@ -8,16 +8,19 @@ require ( github.com/hashicorp/go-version v1.2.0 github.com/hashicorp/hcl/v2 v2.3.0 github.com/hashicorp/terraform v0.12.28 + github.com/mitchellh/go-homedir v1.1.0 github.com/open-policy-agent/opa v0.22.0 github.com/pelletier/go-toml v1.8.0 github.com/pkg/errors v0.9.1 - github.com/spf13/afero v1.3.2 + github.com/spf13/afero v1.3.4 + github.com/spf13/cobra v1.0.0 + github.com/spf13/pflag v1.0.5 // indirect github.com/zclconf/go-cty v1.2.1 - go.uber.org/zap v1.9.1 + go.uber.org/zap v1.10.0 golang.org/x/net v0.0.0-20200625001655-4c5254603344 // indirect - golang.org/x/tools v0.0.0-20200812231640-9176cd30088c // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed // indirect gopkg.in/src-d/go-git.v4 v4.13.1 gopkg.in/yaml.v2 v2.3.0 - honnef.co/go/tools v0.0.1-2020.1.5 // indirect + k8s.io/apimachinery v0.18.8 // indirect + k8s.io/client-go v11.0.0+incompatible ) diff --git a/go.sum b/go.sum index 681052ecc..fdcc77d23 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,12 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.7 h1:fzrmmkskv067ZQbd9wERNGuxckWw67dyzoMG62p7LMo= github.com/OneOfOne/xxhash v1.2.7/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM= github.com/Unknwon/com v0.0.0-20151008135407-28b053d5a292/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no= github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= @@ -36,12 +40,14 @@ github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agl/ed25519 v0.0.0-20150830182803-278e1ec8e8a6/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0= +github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190329064014-6e358769c32a/go.mod h1:T9M45xf79ahXVelWoOBmH0y4aC1t5kXO5BxwyakgIGA= github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190103054945-8205d1f41e70/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/aliyun/aliyun-tablestore-go-sdk v4.1.2+incompatible/go.mod h1:LDQHRZylxvcg8H7wBIDfvO5g/cy4/sz1iucBlc2l3Jw= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antchfx/xpath v0.0.0-20190129040759-c8489ed3251e/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk= github.com/antchfx/xquery v0.0.0-20180515051857-ad5b8c7a47b0/go.mod h1:LzD22aAzDP8/dyiCKFp31He4m2GPjl0AFyzDtZzUu9M= @@ -53,9 +59,11 @@ github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-versions v0.0.2-0.20180815153302-64b99f7cb171/go.mod h1:JXY95WvQrPJQtudvNARshgWajS7jNNlM90altXIPNyI= github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= @@ -63,45 +71,65 @@ github.com/aws/aws-sdk-go v1.30.12/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmatcuk/doublestar v1.1.5/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/coreos/bbolt v1.3.0/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dnaeon/go-vcr v0.0.0-20180920040454-5637cf3d8a31/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/dylanmei/iso8601 v0.1.0/go.mod h1:w9KhXSgIyROl1DefbMYIE7UVSIvELTbMrCfx+QkYnoQ= github.com/dylanmei/winrmtest v0.0.0-20190225150635-99b7fe2fddf1/go.mod h1:lcy9/2gH1jn/VCLouHA6tOEwLoNVd4GW6zhuKLmHC2Y= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v0.0.0-20180820084758-c7ce16629ff4/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -111,12 +139,17 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v0.0.0-20181025225059-d3de96c4c28e/go.mod h1:Qd/q+1AKNOZr9uGQzbzCmRO6sUih6GTPZv6a1/R87v0= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -132,13 +165,16 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/gophercloud/gophercloud v0.0.0-20190208042652-bc37892e1968/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= github.com/gophercloud/utils v0.0.0-20190128072930-fbb6ab446f01/go.mod h1:wjDF8z83zTeg5eMLml5EBSlAhbF7G8DobyI1YsMuyzw= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -149,6 +185,7 @@ github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoA github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/aws-sdk-go-base v0.4.0/go.mod h1:eRhlz3c4nhqxFZJAahJEFL7gh6Jyj5rQmQc7F9eHFyQ= github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -185,6 +222,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f h1:UdxlrJz4JOnY8W+DbLISwf2B8WXEolNRA8BGCwI9jws= github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= github.com/hashicorp/hcl/v2 v2.3.0 h1:iRly8YaMwTBAKhn1Ybk7VSdzbnopghktCD031P8ggUE= github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8= @@ -198,6 +237,7 @@ github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596 h1:hjy github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/vault v0.10.4/go.mod h1:KfSyffbKxoVyspOdlaGVjIuwLobi07qD1bAbosPMpP0= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -210,6 +250,8 @@ github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeY github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/joyent/triton-go v0.0.0-20180313100802-d8f9c0314926/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= @@ -217,6 +259,7 @@ github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALr github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v2wtGp9Gmz1Ze3eVRAWJMLokvN3QjdzCHLY= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -242,6 +285,8 @@ github.com/likexian/simplejson-go v0.0.0-20190409170913-40473a74d76d/go.mod h1:T github.com/likexian/simplejson-go v0.0.0-20190419151922-c1f9f0b4f084/go.mod h1:U4O1vIJvIKwbMZKUJ62lppfdvkCdVd2nfMimHK81eec= github.com/likexian/simplejson-go v0.0.0-20190502021454-d8787b4bfa0b/go.mod h1:3BWwtmKP9cXWwYCr5bkoVDEfLywacOv0s06OBEDpyt8= github.com/lusis/go-artifactory v0.0.0-20160115162124-7e4ce345df82/go.mod h1:y54tfGmO3NKssKveTEFFzH8C/akrSOy/iW9qEAUDV84= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/masterzen/simplexml v0.0.0-20160608183007-4572e39b1ab9/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc= github.com/masterzen/winrm v0.0.0-20190223112901-5e5c9a7fe54b/go.mod h1:wr1VqkwW0AB5JS0QLy5GpVMS9E3VtRoSYXUYyVk46KY= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -269,23 +314,35 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/hashstructure v1.0.0/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/panicwrap v1.0.0/go.mod h1:pKvZHwWrZowLUzftuFq7coarnxbBXU4aQh3N0BJOeeA= github.com/mitchellh/prefixedio v0.0.0-20190213213902-5733675afd51/go.mod h1:kB1naBgV9ORnkiTVeyJOI1DavaJkG4oNIq0Af6ZVKUo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1 h1:b3iUnf1v+ppJiOfNX4yxxqfWKMQPZR5yoh8urCTFX88= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/open-policy-agent/opa v0.22.0 h1:KZvn0uMQIorBIwYk8Vc89dp8No9FIEF8eFl0sc1r/1U= github.com/open-policy-agent/opa v0.22.0/go.mod h1:rrwxoT/b011T0cyj+gg2VvxqTtn6N3gp/jzmr3fjW44= github.com/packer-community/winrmcp v0.0.0-20180102160824-81144009af58/go.mod h1:f6Izs6JvFTdnRbziASagjZ2vmf55NSIkC/weStxCHqk= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.0 h1:Keo9qb7iRJs2voHvunFtuuYFsbWeOBh8/P9v/kVMFtw= github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs= github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= @@ -303,34 +360,55 @@ github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DK github.com/prometheus/client_golang v0.0.0-20181025174421-f30f42803563/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181020173914-7e9e6cabbd39/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/afero v1.3.2 h1:GDarE4TJQI52kYSbSAmLiId1Elfj+xgSDqrUZxFhxlU= -github.com/spf13/afero v1.3.2/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= +github.com/spf13/afero v1.3.4 h1:8q6vk3hthlpb2SouZcnBVKboxWQWMDNF38bwholZrJc= +github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.0-20181021141114-fe5e611709b0 h1:BgSbPgT2Zu8hDen1jJDGLWO8voaSRVrwsk18Q/uSh5M= github.com/spf13/cobra v0.0.0-20181021141114-fe5e611709b0/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8= +github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v0.0.0-20181024212040-082b515c9490/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -346,41 +424,47 @@ github.com/tencentcloud/tencentcloud-sdk-go v3.0.82+incompatible/go.mod h1:0PfYo github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c/go.mod h1:wk2XFUg6egk4tSDNZtXeKfe2G6690UVyt163PuUxBZk= github.com/terraform-providers/terraform-provider-openstack v1.15.0/go.mod h1:2aQ6n/BtChAl1y2S60vebhyJyZXBsuAI5G4+lHrT1Ew= github.com/tmc/grpc-websocket-proxy v0.0.0-20171017195756-830351dc03c6/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v0.0.0-20180813092308-00b869d2f4a5/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ= +github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v0.0.0-20161029104018-1d6e34225557/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b h1:vVRagRXf67ESqAb72hG2C/ZwI8NtJF2u2V76EsuOHGY= github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8= github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty-yaml v1.0.1/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.9.1 h1:XCJQEf3W6eZaVwhRBof6ImoYGJSITeKWsyeh3HFu/5o= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190222235706-ffb98f73852f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -394,9 +478,7 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -411,9 +493,11 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= @@ -426,10 +510,11 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -444,15 +529,23 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed h1:J22ig1FUekjjkmZUM7pTKixYm8DvrYsvrBZdunYeIuQ= +golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -467,20 +560,7 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200809012840-6f4f008689da h1:ml5G98G4/tdKT1XNq+ky5iSRdKKux0TANlLAzmXT/hg= -golang.org/x/tools v0.0.0-20200809012840-6f4f008689da/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200811215021-48a8ffc5b207 h1:8Kg+JssU1jBZs8GIrL5pl4nVyaqyyhdmHAR4D1zGErg= -golang.org/x/tools v0.0.0-20200811215021-48a8ffc5b207/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200812231640-9176cd30088c h1:ZSTOUQugXA1i88foZV5ck1FrcnEYhGmlpiPXgDWmhG0= -golang.org/x/tools v0.0.0-20200812231640-9176cd30088c/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -501,6 +581,7 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -509,20 +590,23 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= +gopkg.in/src-d/go-git-fixtures.v3 v3.5.0 h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1 h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -530,6 +614,17 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc h1:/hemPrYIhOhy8zYrNj+069zDB68us2sMGsfkFJO0iZs= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2020.1.5 h1:nI5egYTGJakVyOryqLs1cQO5dO0ksin5XXs2pspk75k= -honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/apimachinery v0.18.8 h1:jimPrycCqgx2QPearX3to1JePz7wSbVLq+7PdBTTwQ0= +k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig= +k8s.io/client-go v1.5.1 h1:XaX/lo2/u3/pmFau8HN+sB5C/b4dc4Dmm2eXjBH4p1E= +k8s.io/client-go v11.0.0+incompatible h1:LBbX2+lOwY9flffWlJM7f1Ct8V2SRNiMRDFeiwnJo9o= +k8s.io/client-go v11.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/pkg/cli/init.go b/pkg/cli/init.go new file mode 100644 index 000000000..12f23456e --- /dev/null +++ b/pkg/cli/init.go @@ -0,0 +1,50 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cli + +import ( + "github.com/accurics/terrascan/pkg/initialize" + "github.com/accurics/terrascan/pkg/logging" + "github.com/spf13/cobra" + "go.uber.org/zap" +) + +var initCmd = &cobra.Command{ + Use: "init", + Short: "Initialize Terrascan", + Long: `Terrascan + +Initializes Terrascan and clones policies from the Terrascan GitHub repository. +`, + Run: initial, +} + +func initial(cmd *cobra.Command, args []string) { + + // initialize logger + logging.Init(LogType, LogLevel) + + // initialize terrascan + if err := initialize.Run(); err != nil { + zap.S().Error("failed to initialize terrascan") + return + } +} + +func init() { + RegisterCommand(rootCmd, initCmd) +} diff --git a/pkg/cli/register.go b/pkg/cli/register.go new file mode 100644 index 000000000..b3f793ffd --- /dev/null +++ b/pkg/cli/register.go @@ -0,0 +1,64 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cli + +import ( + "fmt" + "os" + + "github.com/spf13/cobra" +) + +// RegisterCommand Registers a new command under the base command +func RegisterCommand(baseCommand *cobra.Command, command *cobra.Command) { + baseCommand.AddCommand(command) +} + +func subCommands() (commandNames []string) { + for _, command := range rootCmd.Commands() { + commandNames = append(commandNames, append(command.Aliases, command.Name())...) + } + return +} + +// setDefaultCommand sets `scan` as default command if no other command is specified +func setDefaultCommandIfNonePresent() { + if len(os.Args) > 1 { + potentialCommand := os.Args[1] + for _, command := range subCommands() { + if command == potentialCommand { + return + } + } + os.Args = append([]string{os.Args[0], "scan"}, os.Args[1:]...) + } + +} + +// Execute the entrypoint called by main +func Execute() { + rootCmd.PersistentFlags().StringVarP(&LogLevel, "log-level", "l", "info", "log level (debug, info, warn, error, panic, fatal)") + rootCmd.PersistentFlags().StringVarP(&LogType, "log-type", "x", "console", "log output type (console, json)") + rootCmd.PersistentFlags().StringVarP(&OutputType, "output-type", "o", "yaml", "output type (json, yaml, xml)") + rootCmd.PersistentFlags().StringVarP(&ConfigFile, "config-path", "c", "", "config file path") + + setDefaultCommandIfNonePresent() + if err := rootCmd.Execute(); err != nil { + fmt.Println(err) + os.Exit(1) + } +} diff --git a/pkg/cli/root.go b/pkg/cli/root.go new file mode 100644 index 000000000..f426fa239 --- /dev/null +++ b/pkg/cli/root.go @@ -0,0 +1,45 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cli + +import ( + "github.com/accurics/terrascan/pkg/version" + "github.com/spf13/cobra" +) + +var ( + // LogLevel Logging level (debug, info, warn, error, panic, fatal) + LogLevel string + // LogType Logging output type (console, json) + LogType string + // OutputType Violation output type (text, json, yaml, xml) + OutputType string + // ConfigFile Config file path + ConfigFile string +) + +var rootCmd = &cobra.Command{ + Use: "terrascan", + Short: "Terrascan is an IaC (Infrastructure-as-Code) file scanner", + Long: `Terrascan + +An advanced IaC (Infrastructure-as-Code) file scanner written in Go. +Secure your cloud deployments at design time. +For more information, please visit https://www.accurics.com +`, + Version: version.Get(), +} diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go new file mode 100644 index 000000000..ffde6f4db --- /dev/null +++ b/pkg/cli/scan.go @@ -0,0 +1,66 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cli + +import ( + "github.com/spf13/cobra" + "go.uber.org/zap" +) + +var ( + // PolicyPath Policy path directory + PolicyPath string + // PolicyType Cloud type (aws, azure, gcp) + PolicyType string + // IacType IaC type (terraform) + IacType string + // IacVersion IaC version (for terraform:v12) + IacVersion string + // IacFilePath Path to a single IaC file + IacFilePath string + // IacDirPath Path to a directory containing one or more IaC files + IacDirPath string +) + +var scanCmd = &cobra.Command{ + Use: "scan", + Short: "Scan IaC (Infrastructure-as-Code) files for vulnerabilities.", + Long: `Terrascan + +Scan IaC (Infrastructure-as-Code) files for vulnerabilities. +`, + PreRun: func(cmd *cobra.Command, args []string) { + initial(cmd, args) + }, + Run: scan, +} + +func scan(cmd *cobra.Command, args []string) { + zap.S().Debug("running terrascan in cli mode") + Run(IacType, IacVersion, PolicyType, IacFilePath, IacDirPath, ConfigFile, PolicyPath, OutputType) +} + +func init() { + scanCmd.Flags().StringVarP(&PolicyType, "policy-type", "t", "", " policy type (aws, azure, gcp)") + scanCmd.Flags().StringVarP(&IacType, "iac-type", "i", "terraform", "iac type (terraform)") + scanCmd.Flags().StringVarP(&IacVersion, "iac-version", "", "v12", "iac version (v12)") + scanCmd.Flags().StringVarP(&IacFilePath, "iac-file", "f", "", "path to a single IaC file") + scanCmd.Flags().StringVarP(&IacDirPath, "iac-dir", "d", ".", "path to a directory containing one or more IaC files") + scanCmd.Flags().StringVarP(&PolicyPath, "policy-path", "", "", "policy path directory") + scanCmd.MarkFlagRequired("policy-type") + RegisterCommand(rootCmd, scanCmd) +} diff --git a/pkg/cli/server.go b/pkg/cli/server.go new file mode 100644 index 000000000..9f2868d6f --- /dev/null +++ b/pkg/cli/server.go @@ -0,0 +1,43 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package cli + +import ( + httpserver "github.com/accurics/terrascan/pkg/http-server" + "github.com/spf13/cobra" +) + +var serverCmd = &cobra.Command{ + Use: "server", + Short: "Run Terrascan as an API server", + Long: `Terrascan + +Run Terrascan as an API server that inspects incoming IaC (Infrastructure-as-Code) files and returns the scan results. +`, + PreRun: func(cmd *cobra.Command, args []string) { + initial(cmd, args) + }, + Run: server, +} + +func server(cmd *cobra.Command, args []string) { + httpserver.Start() +} + +func init() { + RegisterCommand(rootCmd, serverCmd) +} diff --git a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json index 87a931b83..b65bea14a 100755 --- a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json +++ b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoHTTPSTraffic", "file": "cloudfrontNoHTTPSTraffic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Use encrypted connection between CloudFront and origin server", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json index 417d50dcd..dc0641d6a 100755 --- a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json +++ b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoSecureCiphers", "file": "cloudfrontNoSecureCiphers.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Secure ciphers are not used in CloudFront distribution", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json index 2d26be5a4..798eed6c4 100755 --- a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json +++ b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoLogging", "file": "cloudfrontNoLogging.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).", - "referenceId": "AWS.CloudFront.Logging.Medium.0567", + "reference_id": "AWS.CloudFront.Logging.Medium.0567", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json new file mode 100755 index 000000000..7096c530d --- /dev/null +++ b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json @@ -0,0 +1,12 @@ +{ + "name": "cloudfrontNoGeoRestriction", + "file": "cloudfrontNoGeoRestriction.rego", + "template_args": { + "prefix": "" + }, + "severity": "LOW", + "description": "Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.", + "reference_id": "AWS.CloudFront.Network Security.Low.0568", + "category": "Network Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego new file mode 100755 index 000000000..45f3091dc --- /dev/null +++ b/pkg/http-server/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego @@ -0,0 +1,10 @@ +package accurics + +{{.prefix}}cloudfrontNoGeoRestriction[retVal] { + cloudfront = input.aws_cloudfront_distribution[_] + some i + restrict = cloudfront.config.restrictions[i] + restrict.geo_restriction[j].restriction_type == "none" + traverse := sprintf("restrictions[%d].geo_restriction[%d].restriction_type", [i]) + retVal := { "Id": cloudfront.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "restrictions.geo_restriction.restriction_type", "AttributeDataType": "string", "Expected": "whitelist", "Actual": restrict.geo_restriction[_].restriction_type } +} \ No newline at end of file diff --git a/pkg/initialize/run.go b/pkg/initialize/run.go index 08027fa34..45943ed76 100644 --- a/pkg/initialize/run.go +++ b/pkg/initialize/run.go @@ -37,6 +37,8 @@ var ( // Run initializes terrascan if not done already func Run() error { + zap.S().Debug("initializing terrascan") + // check if policy paths exist if path, err := os.Stat(basePolicyPath); err == nil && path.IsDir() { return nil @@ -48,6 +50,7 @@ func Run() error { return err } + zap.S().Debug("intialized successfully") return nil } diff --git a/pkg/policies/opa/rego/aws/aws_ami_launch_permission/AWS.AMI.NS.Medium.1040.json b/pkg/policies/opa/rego/aws/aws_ami_launch_permission/AWS.AMI.NS.Medium.1040.json index 277464b38..a8539de5a 100755 --- a/pkg/policies/opa/rego/aws/aws_ami_launch_permission/AWS.AMI.NS.Medium.1040.json +++ b/pkg/policies/opa/rego/aws/aws_ami_launch_permission/AWS.AMI.NS.Medium.1040.json @@ -1,12 +1,12 @@ { "name": "amiSharedToMultipleAccounts", "file": "amiSharedToMultipleAccounts.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Limit access to AWS AMIs", - "referenceId": "AWS.AMI.NS.Medium.1040", + "reference_id": "AWS.AMI.NS.Medium.1040", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_method_settings/AWS.API Gateway.Logging.Medium.0569.json b/pkg/policies/opa/rego/aws/aws_api_gateway_method_settings/AWS.API Gateway.Logging.Medium.0569.json index 6b65587b0..08cf0f6d8 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_method_settings/AWS.API Gateway.Logging.Medium.0569.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_method_settings/AWS.API Gateway.Logging.Medium.0569.json @@ -1,10 +1,10 @@ { "name": "apiGatewaySettingMetrics", "file": "apiGatewaySettingMetrics.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable Detailed CloudWatch Metrics for APIs", - "referenceId": "AWS.API Gateway.Logging.Medium.0569", + "reference_id": "AWS.API Gateway.Logging.Medium.0569", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Medium.0568.json b/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Medium.0568.json index 2c84fcb04..63ffcd6d3 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Medium.0568.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Medium.0568.json @@ -1,10 +1,10 @@ { "name": "apiGatewayContentEncoding", "file": "apiGatewayContentEncoding.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable Content Encoding", - "referenceId": "AWS.APIGateway.Medium.0568", + "reference_id": "AWS.APIGateway.Medium.0568", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Network Security.Medium.0570.json b/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Network Security.Medium.0570.json index a4212322f..3e4a2b024 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Network Security.Medium.0570.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_rest_api/AWS.APIGateway.Network Security.Medium.0570.json @@ -1,10 +1,10 @@ { "name": "apiGatewayEndpointConfig", "file": "apiGatewayEndpointConfig.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "API Gateway Private Endpoints", - "referenceId": "AWS.APIGateway.Network Security.Medium.0570", + "reference_id": "AWS.APIGateway.Network Security.Medium.0570", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0567.json b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0567.json index 9a2b6b912..48635b0aa 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0567.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0567.json @@ -1,10 +1,10 @@ { "name": "apiGatewayName", "file": "apiGatewayName.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable AWS CloudWatch Logs for APIs", - "referenceId": "AWS.API Gateway.Logging.Medium.0567", + "reference_id": "AWS.API Gateway.Logging.Medium.0567", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0571.json b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0571.json index 30c5192a9..f608b294f 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0571.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0571.json @@ -1,10 +1,10 @@ { "name": "apiGatewayTracing", "file": "apiGatewayTracing.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable Active Tracing", - "referenceId": "AWS.API Gateway.Logging.Medium.0571", + "reference_id": "AWS.API Gateway.Logging.Medium.0571", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0572.json b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0572.json index a7bbdcbf4..d88d0d85a 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0572.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Logging.Medium.0572.json @@ -1,12 +1,12 @@ { "name": "apiGatewayLogging", "file": "apiGatewayLogging.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that AWS CloudWatch logs are enabled for all your APIs created with Amazon API Gateway service in order to track and analyze execution behavior at the API stage level.", - "referenceId": "AWS.API Gateway.Logging.Medium.0572", + "reference_id": "AWS.API Gateway.Logging.Medium.0572", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Network Security.Medium.0565.json b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Network Security.Medium.0565.json index 12d685baf..9de8eadc7 100755 --- a/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Network Security.Medium.0565.json +++ b/pkg/policies/opa/rego/aws/aws_api_gateway_stage/AWS.API Gateway.Network Security.Medium.0565.json @@ -1,10 +1,10 @@ { "name": "apiGatewaySslCertificate", "file": "apiGatewaySslCertificate.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable SSL Client Certificate", - "referenceId": "AWS.API Gateway.Network Security.Medium.0565", + "reference_id": "AWS.API Gateway.Network Security.Medium.0565", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_athena/AWS.Athena.Medium.0592.json b/pkg/policies/opa/rego/aws/aws_athena/AWS.Athena.Medium.0592.json deleted file mode 100755 index a3d234c90..000000000 --- a/pkg/policies/opa/rego/aws/aws_athena/AWS.Athena.Medium.0592.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "name": "athenaQueryEncryption", - "file": "athenaQueryEncryption.rego", - "templateArgs": null, - "severity": "MEDIUM", - "description": "Enable Encryption for AWS Athena Query Results", - "referenceId": "AWS.Athena.Medium.0592", - "category": " ", - "version": 1 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_athena/athenaQueryEncryption.rego b/pkg/policies/opa/rego/aws/aws_athena/athenaQueryEncryption.rego deleted file mode 100755 index d988e4582..000000000 --- a/pkg/policies/opa/rego/aws/aws_athena/athenaQueryEncryption.rego +++ /dev/null @@ -1,11 +0,0 @@ -package accurics - -athenaQueryEncryption[api.id]{ - api := input.aws_athena[_] - data := api.config.configuration[_] - resConfig := data.result_configuration[_] - encOpt := resConfig.encryption_configuration[_] - not encOpt.encryption_option == "SSE_KMS" - not encOpt.encryption_option == "CSE_KMS" - not encOpt.encryption_option == "SSE_S3" -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0599.json b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0599.json index dde62a447..f98dcb722 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0599.json +++ b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0599.json @@ -1,13 +1,13 @@ { "name": "awsCloudFormationInUse", "file": "awsCloudFormationInUse.rego", - "templateArgs": { + "template_args": { "name": "awsCloudFormationInUse", "property": "template_url" }, "severity": "MEDIUM", "description": "AWS CloudFormation Not In Use", - "referenceId": "AWS.CloudFormation.Medium.0599", + "reference_id": "AWS.CloudFormation.Medium.0599", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0601.json b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0601.json index 409c977b2..4b56452f4 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0601.json +++ b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0601.json @@ -1,10 +1,10 @@ { "name": "cloudFormationStackDrift", "file": "cloudFormationStackDrift.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "AWS CloudFormation Has Been Drifted.", - "referenceId": "AWS.CloudFormation.Medium.0601", + "reference_id": "AWS.CloudFormation.Medium.0601", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0603.json b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0603.json index 1d8ff70f7..f10d2b1a5 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0603.json +++ b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0603.json @@ -1,13 +1,13 @@ { "name": "cloudFormationStackNotifs", "file": "cloudFormationStackNotifs.rego", - "templateArgs": { + "template_args": { "name": "cloudFormationStackNotifs", "property": "notification_arns" }, "severity": "MEDIUM", "description": "Enable AWS CloudFormation Stack Notifications", - "referenceId": "AWS.CloudFormation.Medium.0603", + "reference_id": "AWS.CloudFormation.Medium.0603", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0604.json b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0604.json index 304c39752..ed2c8741d 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0604.json +++ b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0604.json @@ -1,13 +1,13 @@ { "name": "cloudFormationStackPolicy", "file": "cloudFormationStackPolicy.rego", - "templateArgs": { + "template_args": { "name": "cloudFormationStackPolicy", "property": "policy_url" }, "severity": "MEDIUM", "description": "AWS CloudFormation Stack Policy", - "referenceId": "AWS.CloudFormation.Medium.0604", + "reference_id": "AWS.CloudFormation.Medium.0604", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0605.json b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0605.json index 9cc88e624..b396e1f61 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0605.json +++ b/pkg/policies/opa/rego/aws/aws_cloudformation_stack/AWS.CloudFormation.Medium.0605.json @@ -1,10 +1,10 @@ { "name": "cloudFormationTerminationProtection", "file": "cloudFormationTerminationProtection.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable AWS CloudFormation Stack Termination Protection", - "referenceId": "AWS.CloudFormation.Medium.0605", + "reference_id": "AWS.CloudFormation.Medium.0605", "category": " ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json index 87a931b83..b65bea14a 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json +++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoHTTPSTraffic", "file": "cloudfrontNoHTTPSTraffic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Use encrypted connection between CloudFront and origin server", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json index 417d50dcd..dc0641d6a 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json +++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoSecureCiphers", "file": "cloudfrontNoSecureCiphers.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Secure ciphers are not used in CloudFront distribution", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json index 2d26be5a4..798eed6c4 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json +++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoLogging", "file": "cloudfrontNoLogging.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).", - "referenceId": "AWS.CloudFront.Logging.Medium.0567", + "reference_id": "AWS.CloudFront.Logging.Medium.0567", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json index efffc8f0d..7096c530d 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json +++ b/pkg/policies/opa/rego/aws/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoGeoRestriction", "file": "cloudfrontNoGeoRestriction.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "LOW", "description": "Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.", - "referenceId": "AWS.CloudFront.Network Security.Low.0568", + "reference_id": "AWS.CloudFront.Network Security.Low.0568", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json index ba033e951..91eadd960 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json +++ b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.High.0399.json @@ -1,12 +1,12 @@ { "name": "cloudTrailLogNotEncrypted", "file": "cloudTrailLogNotEncrypted.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Cloud Trail Log Not Enabled", - "referenceId": "AWS.CloudTrail.Logging.High.0399", + "reference_id": "AWS.CloudTrail.Logging.High.0399", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json index 8ff0317d1..02786a088 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json +++ b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Low.0559.json @@ -1,12 +1,12 @@ { "name": "reme_enableSNSTopic", "file": "enableSNSTopic.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure appropriate subscribers to each SNS topic", - "referenceId": "AWS.CloudTrail.Logging.Low.0559", + "reference_id": "AWS.CloudTrail.Logging.Low.0559", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json index 52e43d7ca..2b8f36376 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json +++ b/pkg/policies/opa/rego/aws/aws_cloudtrail/AWS.CloudTrail.Logging.Medium.0460.json @@ -1,12 +1,12 @@ { "name": "cloudTrailMultiRegionNotCreated", "file": "cloudTrailMultiRegionNotCreated.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Cloud Trail Multi Region not enabled", - "referenceId": "AWS.CloudTrail.Logging.Medium.0460", + "reference_id": "AWS.CloudTrail.Logging.Medium.0460", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.Logging.Medium.0631.json b/pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.Logging.Medium.0631.json index c352c35dc..5721851d5 100755 --- a/pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.Logging.Medium.0631.json +++ b/pkg/policies/opa/rego/aws/aws_cloudwatch/AWS.CloudWatch.Logging.Medium.0631.json @@ -1,10 +1,10 @@ { "name": "awsCloudWatchRetentionPreiod", "file": "awsCloudWatchRetentionPreiod.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "App-Tier CloudWatch Log Group Retention Period", - "referenceId": "AWS.CloudWatch.Logging.Medium.0631", + "reference_id": "AWS.CloudWatch.Logging.Medium.0631", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_config/AWS.Config.Encryption&KeyManagement.Medium.0660.json b/pkg/policies/opa/rego/aws/aws_config/AWS.Config.Encryption&KeyManagement.Medium.0660.json index 3766b2974..63da450f6 100755 --- a/pkg/policies/opa/rego/aws/aws_config/AWS.Config.Encryption&KeyManagement.Medium.0660.json +++ b/pkg/policies/opa/rego/aws/aws_config/AWS.Config.Encryption&KeyManagement.Medium.0660.json @@ -1,10 +1,10 @@ { "name": "awsConfigEncryptedVol", "file": "awsConfigEncryptedVol.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "AWS Config Rule for Web-Tier Encrypted Volumes", - "referenceId": "AWS.Config.Encryption\u0026KeyManagement.Medium.0660", + "reference_id": "AWS.Config.Encryption\u0026KeyManagement.Medium.0660", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_config_configuration_aggregator/AWS.Config.Logging.HIGH.0590.json b/pkg/policies/opa/rego/aws/aws_config_configuration_aggregator/AWS.Config.Logging.HIGH.0590.json index 5d5e24a38..eec6dbfbe 100755 --- a/pkg/policies/opa/rego/aws/aws_config_configuration_aggregator/AWS.Config.Logging.HIGH.0590.json +++ b/pkg/policies/opa/rego/aws/aws_config_configuration_aggregator/AWS.Config.Logging.HIGH.0590.json @@ -1,12 +1,12 @@ { "name": "configEnabledForAllRegions", "file": "configEnabledForAllRegions.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure AWS Config is enabled in all regions", - "referenceId": "AWS.Config.Logging.HIGH.0590", + "reference_id": "AWS.Config.Logging.HIGH.0590", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.AWS RDS.NS.High.0101.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.AWS RDS.NS.High.0101.json index 1f2eb29ea..26669c723 100755 --- a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.AWS RDS.NS.High.0101.json +++ b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.AWS RDS.NS.High.0101.json @@ -1,12 +1,12 @@ { "name": "rdsPubliclyAccessible", "file": "rdsPubliclyAccessible.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "RDS Instance publicly_accessible flag is true", - "referenceId": "AWS.AWS RDS.NS.High.0101", + "reference_id": "AWS.AWS RDS.NS.High.0101", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1041.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1041.json index 686c80a30..3aea22313 100755 --- a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1041.json +++ b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1041.json @@ -1,12 +1,12 @@ { "name": "rdsAutoMinorVersionUpgradeEnabled", "file": "rdsAutoMinorVersionUpgradeEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "RDS Instance Auto Minor Version Upgrade flag disabled", - "referenceId": "AWS.RDS.DS.High.1041", + "reference_id": "AWS.RDS.DS.High.1041", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1042.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1042.json index c96c1d5cd..3ebb3b386 100755 --- a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1042.json +++ b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DS.High.1042.json @@ -1,12 +1,12 @@ { "name": "rdsCAExpired", "file": "rdsCAExpired.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure Certificate used in RDS instance is updated", - "referenceId": "AWS.RDS.DS.High.1042", + "reference_id": "AWS.RDS.DS.High.1042", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json index a00bcec75..9c97dcd93 100755 --- a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json +++ b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0414.json @@ -1,10 +1,10 @@ { "name": "rdsHasStorageEncrypted", "file": "rdsHasStorageEncrypted.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that your RDS database instances have automated backups enabled for point-in-time recovery. To back up your database instances, AWS RDS take automatically a full daily snapshot of your data (with transactions logs) during the specified backup window and keeps the backups for a limited period of time (known as retention period) defined by the instance owner.", - "referenceId": "AWS.RDS.DataSecurity.High.0414", + "reference_id": "AWS.RDS.DataSecurity.High.0414", "category": "Data Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0577.json b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0577.json index 041946158..8388fcd6e 100755 --- a/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0577.json +++ b/pkg/policies/opa/rego/aws/aws_db_instance/AWS.RDS.DataSecurity.High.0577.json @@ -1,12 +1,12 @@ { "name": "rdsIamAuthEnabled", "file": "rdsIamAuthEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that your RDS database has IAM Authentication enabled.", - "referenceId": "AWS.RDS.DataSecurity.High.0577", + "reference_id": "AWS.RDS.DataSecurity.High.0577", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0101.json b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0101.json index 0185a8531..c2c997b0d 100755 --- a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0101.json +++ b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0101.json @@ -1,12 +1,12 @@ { "name": "rdsIsPublic", "file": "rdsIsPublic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "RDS should not be defined with public interface. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.", - "referenceId": "AWS.RDS.NetworkSecurity.High.0101", + "reference_id": "AWS.RDS.NetworkSecurity.High.0101", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0102.json b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0102.json index b4e39d29f..c5f47f161 100755 --- a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0102.json +++ b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0102.json @@ -1,12 +1,12 @@ { "name": "rdsScopeIsPublic", "file": "rdsScopeIsPublic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "RDS should not be open to a public scope. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.", - "referenceId": "AWS.RDS.NetworkSecurity.High.0102", + "reference_id": "AWS.RDS.NetworkSecurity.High.0102", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0103.json b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0103.json index 53ed03b4c..1b7afda8b 100755 --- a/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0103.json +++ b/pkg/policies/opa/rego/aws/aws_db_security_group/AWS.RDS.NetworkSecurity.High.0103.json @@ -1,12 +1,12 @@ { "name": "rdsHostsHigherThan256", "file": "rdsHostsHigherThan256.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "RDS should not be open to a large scope. Firewall and router configurations should be used to restrict connections between untrusted networks and any system components in the cloud environment.", - "referenceId": "AWS.RDS.NetworkSecurity.High.0103", + "reference_id": "AWS.RDS.NetworkSecurity.High.0103", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ebs_encryption_by_default/AWS.EBS.DataSecurity.High.0580.json b/pkg/policies/opa/rego/aws/aws_ebs_encryption_by_default/AWS.EBS.DataSecurity.High.0580.json index fa17f9bfc..91db6630d 100755 --- a/pkg/policies/opa/rego/aws/aws_ebs_encryption_by_default/AWS.EBS.DataSecurity.High.0580.json +++ b/pkg/policies/opa/rego/aws/aws_ebs_encryption_by_default/AWS.EBS.DataSecurity.High.0580.json @@ -1,12 +1,12 @@ { "name": "ebsDefaultEncryption", "file": "ebsDefaultEncryption.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that the AWS EBS that hold sensitive and critical data is encrypted by default to fulfill compliance requirements for data-at-rest encryption.", - "referenceId": "AWS.EBS.DataSecurity.High.0580", + "reference_id": "AWS.EBS.DataSecurity.High.0580", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json b/pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json index 33ac2d40e..a355cf134 100755 --- a/pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json +++ b/pkg/policies/opa/rego/aws/aws_ebs_volume/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json @@ -1,13 +1,13 @@ { "name": "ebsVolumeEncryptedWithNoKms", "file": "ebsEncryption.rego", - "templateArgs": { + "template_args": { "name": "ebsVolumeEncryptedWithNoKms", "prefix": "" }, "severity": "HIGH", "description": "Ensure that AWS EBS clusters are encrypted. Data encryption at rest, prevents unauthorized users from accessing sensitive data on your AWS EBS clusters and associated cache storage systems.", - "referenceId": "AWS.EcsCluster.EncryptionandKeyManagement.High.0413", + "reference_id": "AWS.EcsCluster.EncryptionandKeyManagement.High.0413", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ec2/AWS.EC2.Encryption&KeyManagement.Medium.0688.json b/pkg/policies/opa/rego/aws/aws_ec2/AWS.EC2.Encryption&KeyManagement.Medium.0688.json index d628d7067..d195e59d8 100755 --- a/pkg/policies/opa/rego/aws/aws_ec2/AWS.EC2.Encryption&KeyManagement.Medium.0688.json +++ b/pkg/policies/opa/rego/aws/aws_ec2/AWS.EC2.Encryption&KeyManagement.Medium.0688.json @@ -1,10 +1,10 @@ { "name": "awsAmiEncrypted", "file": "awsAmiEncrypted.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable AWS AMI Encryption", - "referenceId": "AWS.EC2.Encryption\u0026KeyManagement.Medium.0688", + "reference_id": "AWS.EC2.Encryption\u0026KeyManagement.Medium.0688", "category": "Encryption \u0026 KeyManagement", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.ECR.DataSecurity.High.0578.json b/pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.ECR.DataSecurity.High.0578.json index 4a769c4ab..1a014e10a 100755 --- a/pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.ECR.DataSecurity.High.0578.json +++ b/pkg/policies/opa/rego/aws/aws_ecr_repository/AWS.ECR.DataSecurity.High.0578.json @@ -1,12 +1,12 @@ { "name": "scanOnPushDisabled", "file": "scanOnPushDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Unscanned images may contain vulnerabilities", - "referenceId": "AWS.ECR.DataSecurity.High.0578", + "reference_id": "AWS.ECR.DataSecurity.High.0578", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ecr_repository_policy/AWS.ECR.DataSecurity.High.0579.json b/pkg/policies/opa/rego/aws/aws_ecr_repository_policy/AWS.ECR.DataSecurity.High.0579.json index b26bd0725..24a861ed5 100755 --- a/pkg/policies/opa/rego/aws/aws_ecr_repository_policy/AWS.ECR.DataSecurity.High.0579.json +++ b/pkg/policies/opa/rego/aws/aws_ecr_repository_policy/AWS.ECR.DataSecurity.High.0579.json @@ -1,12 +1,12 @@ { "name": "ecrRepoIsPublic", "file": "ecrRepoIsPublic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Identify any exposed Amazon ECR image repositories available within your AWS account and update their permissions in order to protect against unauthorized access. Amazon Elastic Container Registry (ECR) is a managed Docker registry service that makes it easy for DevOps teams to store, manage and deploy Docker container images. An ECR repository is a collection of Docker images available on AWS cloud.", - "referenceId": "AWS.ECR.DataSecurity.High.0579", + "reference_id": "AWS.ECR.DataSecurity.High.0579", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ecs_service/AWS.ECS.High.0436.json b/pkg/policies/opa/rego/aws/aws_ecs_service/AWS.ECS.High.0436.json index 69d361249..dca5c3019 100755 --- a/pkg/policies/opa/rego/aws/aws_ecs_service/AWS.ECS.High.0436.json +++ b/pkg/policies/opa/rego/aws/aws_ecs_service/AWS.ECS.High.0436.json @@ -1,10 +1,10 @@ { "name": "ecsServiceAdmin", "file": "ecsServiceAdmin.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Identify any exposed Amazon ECR image repositories available within your AWS account and update their permissions in order to protect against unauthorized access. Amazon Elastic Container Registry (ECR) is a managed Docker registry service that makes it easy for DevOps teams to store, manage and deploy Docker container images. An ECR repository is a collection of Docker images available on AWS cloud.", - "referenceId": "AWS.ECS.High.0436", + "reference_id": "AWS.ECS.High.0436", "category": "Data Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.EcsCluster.NetworkSecurity.High.0104.json b/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.EcsCluster.NetworkSecurity.High.0104.json index fa8cfc308..5c81cc237 100755 --- a/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.EcsCluster.NetworkSecurity.High.0104.json +++ b/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.EcsCluster.NetworkSecurity.High.0104.json @@ -1,12 +1,12 @@ { "name": "instanceNotInVpc", "file": "instanceNotInVpc.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Like any other EC2 instance it is recommended to place ECS instance within a VPC. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations", - "referenceId": "AWS.EcsCluster.NetworkSecurity.High.0104", + "reference_id": "AWS.EcsCluster.NetworkSecurity.High.0104", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.LaunchConfiguration.DataSecurity.High.0101.json b/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.LaunchConfiguration.DataSecurity.High.0101.json index f9777c044..a6b76d5fd 100755 --- a/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.LaunchConfiguration.DataSecurity.High.0101.json +++ b/pkg/policies/opa/rego/aws/aws_ecs_task_definition/AWS.LaunchConfiguration.DataSecurity.High.0101.json @@ -1,14 +1,14 @@ { "name": "containerDefinitionContainsPASSWORD", "file": "containerDefinitionContainsSensitiveInfo.rego", - "templateArgs": { + "template_args": { "keyword": "PASSWORD", "name": "containerDefinitionContainsPASSWORD", "prefix": "" }, "severity": "HIGH", "description": "Sensitive Information Disclosure", - "referenceId": "AWS.LaunchConfiguration.DataSecurity.High.0101", + "reference_id": "AWS.LaunchConfiguration.DataSecurity.High.0101", "category": "Data Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0409.json b/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0409.json index 30b816476..970063a3a 100755 --- a/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0409.json +++ b/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0409.json @@ -1,13 +1,13 @@ { "name": "efsEncryptedFalse", "file": "efsEncryptedFalse.rego", - "templateArgs": { + "template_args": { "name": "efsEncryptedFalse", "prefix": "" }, "severity": "HIGH", "description": "Enable encryption of your EFS file systems in order to protect your data and metadata from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.", - "referenceId": "AWS.EFS.EncryptionandKeyManagement.High.0409", + "reference_id": "AWS.EFS.EncryptionandKeyManagement.High.0409", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0410.json b/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0410.json index 3f8e4e2c7..a39e4d411 100755 --- a/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0410.json +++ b/pkg/policies/opa/rego/aws/aws_efs_file_system/AWS.EFS.EncryptionandKeyManagement.High.0410.json @@ -1,13 +1,13 @@ { "name": "efsEncryptedWithNoKms", "file": "efsEncryptedWithNoKms.rego", - "templateArgs": { + "template_args": { "name": "efsEncryptedWithNoKms", "prefix": "" }, "severity": "HIGH", "description": "Enable encryption of your EFS file systems in order to protect your data and metadata from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.", - "referenceId": "AWS.EFS.EncryptionandKeyManagement.High.0410", + "reference_id": "AWS.EFS.EncryptionandKeyManagement.High.0410", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0424.json b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0424.json index b629a4e66..4f389bf83 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0424.json +++ b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0424.json @@ -1,14 +1,14 @@ { "name": "noMemcachedInElastiCache", "file": "noMemcachedInElastiCache.rego", - "templateArgs": { + "template_args": { "elasticache_engine": "memcached", "name": "noMemcachedInElastiCache", "prefix": "" }, "severity": "HIGH", "description": "ElastiCache for Memcached is not in use in AWS PCI DSS environments", - "referenceId": "AWS.ElastiCache.DataSecurity.High.0424", + "reference_id": "AWS.ElastiCache.DataSecurity.High.0424", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0425.json b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0425.json index eddc3d33a..c08aa8f31 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0425.json +++ b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.DataSecurity.High.0425.json @@ -1,7 +1,7 @@ { "name": "redisVersionCompliance", "file": "redisVersionCompliance.rego", - "templateArgs": { + "template_args": { "allowed_versions": [ "3.2.6", "3.2.10", @@ -13,7 +13,7 @@ }, "severity": "HIGH", "description": "ElastiCache for Redis version is not compliant with AWS PCI DSS requirements", - "referenceId": "AWS.ElastiCache.DataSecurity.High.0425", + "reference_id": "AWS.ElastiCache.DataSecurity.High.0425", "category": "Data Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.HighAvailability.Medium.0757.json b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.HighAvailability.Medium.0757.json index 4d012a410..6e116c755 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.HighAvailability.Medium.0757.json +++ b/pkg/policies/opa/rego/aws/aws_elasticache_cluster/AWS.ElastiCache.HighAvailability.Medium.0757.json @@ -1,10 +1,10 @@ { "name": "elastiCacheMultiAZ", "file": "elastiCacheMultiAZ.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "AWS ElastiCache Multi-AZ", - "referenceId": "AWS.ElastiCache.HighAvailability.Medium.0757", + "reference_id": "AWS.ElastiCache.HighAvailability.Medium.0757", "category": "High Availability", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0768.json b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0768.json index a08e462e8..fa6ab85a6 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0768.json +++ b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0768.json @@ -1,10 +1,10 @@ { "name": "elastiSearchNoKms", "file": "elastiSearchNoKms.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "ElasticSearch Domain Encrypted with KMS CMKs", - "referenceId": "AWS.ElasticSearch.Encryption\u0026KeyManagement.Medium.0768", + "reference_id": "AWS.ElasticSearch.Encryption\u0026KeyManagement.Medium.0768", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0778.json b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0778.json index 49a76f02c..9ab636f6e 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0778.json +++ b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.ElasticSearch.Encryption&KeyManagement.Medium.0778.json @@ -1,10 +1,10 @@ { "name": "elastiSearchEncryptAtRest", "file": "elastiSearchEncryptAtRest.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable AWS ElasticSearch Encryption At Rest", - "referenceId": "AWS.ElasticSearch.Encryption\u0026KeyManagement.Medium.0778", + "reference_id": "AWS.ElasticSearch.Encryption\u0026KeyManagement.Medium.0778", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.Elasticsearch.Logging.Medium.0573.json b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.Elasticsearch.Logging.Medium.0573.json index d1f38ea45..d8f85a379 100755 --- a/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.Elasticsearch.Logging.Medium.0573.json +++ b/pkg/policies/opa/rego/aws/aws_elasticsearch_domain/AWS.Elasticsearch.Logging.Medium.0573.json @@ -1,12 +1,12 @@ { "name": "esloggingdisabled", "file": "esloggingdisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that your AWS Elasticsearch clusters have enabled the support for publishing slow logs to AWS CloudWatch Logs. This feature enables you to publish slow logs from the indexing and search operations performed on your ES clusters and gain full insight into the performance of these operations.", - "referenceId": "AWS.Elasticsearch.Logging.Medium.0573", + "reference_id": "AWS.Elasticsearch.Logging.Medium.0573", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_elb/AWS.ELB.NetworkPortsSecurity.Low.0563.json b/pkg/policies/opa/rego/aws/aws_elb/AWS.ELB.NetworkPortsSecurity.Low.0563.json index 3eac45d3e..94321f523 100755 --- a/pkg/policies/opa/rego/aws/aws_elb/AWS.ELB.NetworkPortsSecurity.Low.0563.json +++ b/pkg/policies/opa/rego/aws/aws_elb/AWS.ELB.NetworkPortsSecurity.Low.0563.json @@ -1,12 +1,12 @@ { "name": "elbLbProtocolNotSecured", "file": "elbLbProtocolNotSecured.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "LOW", "description": "AWS ELB incoming traffic not encrypted", - "referenceId": "AWS.ELB.NetworkPortsSecurity.Low.0563", + "reference_id": "AWS.ELB.NetworkPortsSecurity.Low.0563", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_guardduty_detector/AWS.GuardDuty Enabled.Security.Medium.0575.json b/pkg/policies/opa/rego/aws/aws_guardduty_detector/AWS.GuardDuty Enabled.Security.Medium.0575.json index b9ee8fe50..245d34e94 100755 --- a/pkg/policies/opa/rego/aws/aws_guardduty_detector/AWS.GuardDuty Enabled.Security.Medium.0575.json +++ b/pkg/policies/opa/rego/aws/aws_guardduty_detector/AWS.GuardDuty Enabled.Security.Medium.0575.json @@ -1,12 +1,12 @@ { "name": "gaurdDutyDisabled", "file": "gaurdDutyDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that Amazon GuardDuty service is currently enabled in all regions in order to protect your AWS environment and infrastructure (AWS accounts and resources, IAM credentials, guest operating systems, applications, etc) against security threats. AWS GuardDuty is a managed threat detection service that continuously monitors your VPC flow logs, AWS CloudTrail event logs and DNS logs for malicious or unauthorized behavior. The service monitors for activity such as unusual API calls, potentially compromised EC2 instances or potentially unauthorized deployments that indicate a possible AWS account compromise. AWS GuardDuty operates entirely on Amazon Web Services infrastructure and does not affect the performance or reliability of your applications. The service does not require any software agents, sensors or network appliances.", - "referenceId": "AWS.GuardDuty Enabled.Security.Medium.0575", + "reference_id": "AWS.GuardDuty Enabled.Security.Medium.0575", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0390.json b/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0390.json index 8846f55b0..3993b0a9e 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0390.json +++ b/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0390.json @@ -1,12 +1,12 @@ { "name": "noAccessKeyForRootAccount", "file": "noAccessKeyForRootAccount.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "The root account is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root account be removed. Removing access keys associated with the root account limits vectors by which the account can be compromised. Additionally, removing the root access keys encourages the creation and use of role based accounts that are least privileged.", - "referenceId": "AWS.IamUser.IAM.High.0390", + "reference_id": "AWS.IamUser.IAM.High.0390", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0391.json b/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0391.json index e1bc3ed5a..4edea2d9c 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0391.json +++ b/pkg/policies/opa/rego/aws/aws_iam_access_key/AWS.IamUser.IAM.High.0391.json @@ -1,12 +1,12 @@ { "name": "programmaticAccessCreation", "file": "programmaticAccessCreation.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that there are no exposed Amazon IAM access keys in order to protect your AWS resources against unapproved access", - "referenceId": "AWS.IamUser.IAM.High.0391", + "reference_id": "AWS.IamUser.IAM.High.0391", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0539.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0539.json index 96fee0698..8c17e9b17 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0539.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0539.json @@ -1,7 +1,7 @@ { "name": "passwordResuseNotAllowed", "file": "passwordResuseNotAllowed.rego", - "templateArgs": { + "template_args": { "name": "passwordResuseNotAllowed", "parameter": "password_reuse_prevention", "prefix": "", @@ -9,7 +9,7 @@ }, "severity": "LOW", "description": "It is recommended that the password policy prevent the reuse of passwords.Preventing password reuse increases account resiliency against brute force login attempts", - "referenceId": "AWS.Iam.IAM.Low.0539", + "reference_id": "AWS.Iam.IAM.Low.0539", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0540.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0540.json index b9df1d00a..fd2c69de5 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0540.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Low.0540.json @@ -1,13 +1,13 @@ { "name": "passwordRotateEvery90Days", "file": "passwordRotateEvery90Days.rego", - "templateArgs": { + "template_args": { "name": "passwordRotateEvery90Days", "prefix": "" }, "severity": "LOW", "description": "Reducing the password lifetime increases account resiliency against brute force login attempts", - "referenceId": "AWS.Iam.IAM.Low.0540", + "reference_id": "AWS.Iam.IAM.Low.0540", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0454.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0454.json index 3fc67b062..b6de4de6a 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0454.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0454.json @@ -1,14 +1,14 @@ { "name": "passwordRequireLowerCase", "file": "passwordPolicyRequirement.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireLowerCase", "prefix": "", "required_parameter": "require_lowercase_characters" }, "severity": "MEDIUM", "description": "Lower case alphabet not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack", - "referenceId": "AWS.Iam.IAM.Medium.0454", + "reference_id": "AWS.Iam.IAM.Medium.0454", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0455.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0455.json index e35773b24..e3c393dfb 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0455.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0455.json @@ -1,14 +1,14 @@ { "name": "passwordRequireNumber", "file": "passwordPolicyRequirement.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireNumber", "prefix": "", "required_parameter": "require_numbers" }, "severity": "MEDIUM", "description": "Number not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack", - "referenceId": "AWS.Iam.IAM.Medium.0455", + "reference_id": "AWS.Iam.IAM.Medium.0455", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0456.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0456.json index a3fa77f15..001226724 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0456.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0456.json @@ -1,14 +1,14 @@ { "name": "passwordRequireSymbol", "file": "passwordPolicyRequirement.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireSymbol", "prefix": "", "required_parameter": "require_symbols" }, "severity": "MEDIUM", "description": "Special symbols not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack", - "referenceId": "AWS.Iam.IAM.Medium.0456", + "reference_id": "AWS.Iam.IAM.Medium.0456", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0457.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0457.json index a05fa6b48..7d958f671 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0457.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0457.json @@ -1,14 +1,14 @@ { "name": "passwordRequireUpperCase", "file": "passwordPolicyRequirement.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireUpperCase", "prefix": "", "required_parameter": "require_uppercase_characters" }, "severity": "MEDIUM", "description": "Upper case alphabet not present in the Password, Password Complexity is not high. Increased Password complexity increases resiliency against brute force attack", - "referenceId": "AWS.Iam.IAM.Medium.0457", + "reference_id": "AWS.Iam.IAM.Medium.0457", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0458.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0458.json index f7099f01a..52d2b9553 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0458.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0458.json @@ -1,7 +1,7 @@ { "name": "passwordRequireMinLength14", "file": "passwordMinLength.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireMinLength14", "parameter": "minimum_password_length", "prefix": "", @@ -9,7 +9,7 @@ }, "severity": "MEDIUM", "description": "Setting a lengthy password increases account resiliency against brute force login attempts", - "referenceId": "AWS.Iam.IAM.Medium.0458", + "reference_id": "AWS.Iam.IAM.Medium.0458", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0495.json b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0495.json index 6247989fd..18cca334f 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0495.json +++ b/pkg/policies/opa/rego/aws/aws_iam_account_password_policy/AWS.Iam.IAM.Medium.0495.json @@ -1,7 +1,7 @@ { "name": "passwordRequireMinLength", "file": "passwordMinLength.rego", - "templateArgs": { + "template_args": { "name": "passwordRequireMinLength", "parameter": "minimum_password_length", "prefix": "", @@ -9,7 +9,7 @@ }, "severity": "MEDIUM", "description": "Setting a lengthy password increases account resiliency against brute force login attempts", - "referenceId": "AWS.Iam.IAM.Medium.0495", + "reference_id": "AWS.Iam.IAM.Medium.0495", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_group_policy/AWS.IamPolicy.IAM.High.0392.json b/pkg/policies/opa/rego/aws/aws_iam_group_policy/AWS.IamPolicy.IAM.High.0392.json index 04116e916..6bc8cb35a 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_group_policy/AWS.IamPolicy.IAM.High.0392.json +++ b/pkg/policies/opa/rego/aws/aws_iam_group_policy/AWS.IamPolicy.IAM.High.0392.json @@ -1,12 +1,12 @@ { "name": "iamGrpPolicyWithFullAdminCntrl", "file": "iamGrpPolicyWithFullAdminCntrl.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.", - "referenceId": "AWS.IamPolicy.IAM.High.0392", + "reference_id": "AWS.IamPolicy.IAM.High.0392", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_policy/AWS.IamPolicy.IAM.High.0392.json b/pkg/policies/opa/rego/aws/aws_iam_policy/AWS.IamPolicy.IAM.High.0392.json index 1680636e0..cc1bada1a 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_policy/AWS.IamPolicy.IAM.High.0392.json +++ b/pkg/policies/opa/rego/aws/aws_iam_policy/AWS.IamPolicy.IAM.High.0392.json @@ -1,12 +1,12 @@ { "name": "reme_iamPolicyWithFullAdminControl", "file": "iamPolicyWithFullAdminControl.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.", - "referenceId": "AWS.IamPolicy.IAM.High.0392", + "reference_id": "AWS.IamPolicy.IAM.High.0392", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_role/AWS.IamPolicy.IAM.High.0392.json b/pkg/policies/opa/rego/aws/aws_iam_role/AWS.IamPolicy.IAM.High.0392.json index 1c8849129..1cdbfa26e 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_role/AWS.IamPolicy.IAM.High.0392.json +++ b/pkg/policies/opa/rego/aws/aws_iam_role/AWS.IamPolicy.IAM.High.0392.json @@ -1,12 +1,12 @@ { "name": "iamRoleWithFullAdminCntrl", "file": "iamRoleWithFullAdminCntrl.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.", - "referenceId": "AWS.IamPolicy.IAM.High.0392", + "reference_id": "AWS.IamPolicy.IAM.High.0392", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_role_policy/AWS.IamPolicy.IAM.High.0392.json b/pkg/policies/opa/rego/aws/aws_iam_role_policy/AWS.IamPolicy.IAM.High.0392.json index 5d4810eb8..7066e3b43 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_role_policy/AWS.IamPolicy.IAM.High.0392.json +++ b/pkg/policies/opa/rego/aws/aws_iam_role_policy/AWS.IamPolicy.IAM.High.0392.json @@ -1,12 +1,12 @@ { "name": "iamRolePolicyWithFullAdminCntrl", "file": "iamRolePolicyWithFullAdminCntrl.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.", - "referenceId": "AWS.IamPolicy.IAM.High.0392", + "reference_id": "AWS.IamPolicy.IAM.High.0392", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_user_login_profile/AWS.Iam.IAM.High.0391.json b/pkg/policies/opa/rego/aws/aws_iam_user_login_profile/AWS.Iam.IAM.High.0391.json index ee7ae0938..a69752f13 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_user_login_profile/AWS.Iam.IAM.High.0391.json +++ b/pkg/policies/opa/rego/aws/aws_iam_user_login_profile/AWS.Iam.IAM.High.0391.json @@ -1,12 +1,12 @@ { "name": "noPasswordPolicyEnabled", "file": "noPasswordPolicyEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets, have minimal length, rotation and history restrictions", - "referenceId": "AWS.Iam.IAM.High.0391", + "reference_id": "AWS.Iam.IAM.High.0391", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamPolicy.IAM.High.0392.json b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamPolicy.IAM.High.0392.json index 8a2472c69..e778079b6 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamPolicy.IAM.High.0392.json +++ b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamPolicy.IAM.High.0392.json @@ -1,12 +1,12 @@ { "name": "iamPolicyWithFullAdminControl", "file": "iamPolicyWithFullAdminControl.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "It is recommended and considered a standard security advice to grant least privileges that is, granting only the permissions required to perform a task. IAM policies are the means by which privileges are granted to users, groups, or roles. Determine what users need to do and then craft policies for them that let the users perform only those tasks, instead of granting full administrative privileges.", - "referenceId": "AWS.IamPolicy.IAM.High.0392", + "reference_id": "AWS.IamPolicy.IAM.High.0392", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0387.json b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0387.json index cdee7d311..2e62c5a4f 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0387.json +++ b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0387.json @@ -1,12 +1,12 @@ { "name": "rootUserNotContainMfaTypeHardware", "file": "rootUserNotContainMfaTypeHardware.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure Hardware MFA device is enabled for the \"root\" account", - "referenceId": "AWS.IamUser.IAM.High.0387", + "reference_id": "AWS.IamUser.IAM.High.0387", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0388.json b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0388.json index 4a6c74079..f07b12ab8 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0388.json +++ b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0388.json @@ -1,12 +1,12 @@ { "name": "rootUserNotContainMfaTypeVirtual", "file": "rootUserNotContainMfaTypeVirtual.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure Virtual MFA device is enabled for the \"root\" account", - "referenceId": "AWS.IamUser.IAM.High.0388", + "reference_id": "AWS.IamUser.IAM.High.0388", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0389.json b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0389.json index da8ab9656..e28b118f0 100755 --- a/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0389.json +++ b/pkg/policies/opa/rego/aws/aws_iam_user_policy/AWS.IamUser.IAM.High.0389.json @@ -1,12 +1,12 @@ { "name": "userWithPassNotContainMfaActive", "file": "passAndMFA.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "It is recommended that MFA be enabled for all accounts that have a console password. Enabling MFA provides increased security for console access as it requires the authenticating principal to possess a device that emits a time-sensitive key and have knowledge of a credential", - "referenceId": "AWS.IamUser.IAM.High.0389", + "reference_id": "AWS.IamUser.IAM.High.0389", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_instance/AWS.Instance.NetworkSecurity.Medium.0506.json b/pkg/policies/opa/rego/aws/aws_instance/AWS.Instance.NetworkSecurity.Medium.0506.json index c38981ff7..41e7053bd 100755 --- a/pkg/policies/opa/rego/aws/aws_instance/AWS.Instance.NetworkSecurity.Medium.0506.json +++ b/pkg/policies/opa/rego/aws/aws_instance/AWS.Instance.NetworkSecurity.Medium.0506.json @@ -1,12 +1,12 @@ { "name": "instanceWithNoVpc", "file": "instanceWithNoVpc.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.", - "referenceId": "AWS.Instance.NetworkSecurity.Medium.0506", + "reference_id": "AWS.Instance.NetworkSecurity.Medium.0506", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_kinesis_firehose_delivery_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0411.json b/pkg/policies/opa/rego/aws/aws_kinesis_firehose_delivery_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0411.json index b614a7bef..d7059f4b7 100755 --- a/pkg/policies/opa/rego/aws/aws_kinesis_firehose_delivery_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0411.json +++ b/pkg/policies/opa/rego/aws/aws_kinesis_firehose_delivery_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0411.json @@ -1,12 +1,12 @@ { "name": "kinesisSseNotConfigured", "file": "kinesis_sse_not_configured.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "AWS Kinesis Server data at rest has server side encryption (SSE)", - "referenceId": "AWS.Kinesis.EncryptionandKeyManagement.High.0411", + "reference_id": "AWS.Kinesis.EncryptionandKeyManagement.High.0411", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_kinesis_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0412.json b/pkg/policies/opa/rego/aws/aws_kinesis_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0412.json index 05a0a7ba5..b22984447 100755 --- a/pkg/policies/opa/rego/aws/aws_kinesis_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0412.json +++ b/pkg/policies/opa/rego/aws/aws_kinesis_stream/AWS.Kinesis.EncryptionandKeyManagement.High.0412.json @@ -1,12 +1,12 @@ { "name": "kinesisNotEncryptedWithKms", "file": "aws_kinesis_stream.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Kinesis Streams and metadata are not protected", - "referenceId": "AWS.Kinesis.EncryptionandKeyManagement.High.0412", + "reference_id": "AWS.Kinesis.EncryptionandKeyManagement.High.0412", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.Logging.High.0400.json b/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.Logging.High.0400.json index adc28d47f..ee476acec 100755 --- a/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.Logging.High.0400.json +++ b/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.Logging.High.0400.json @@ -1,12 +1,12 @@ { "name": "kmsKeyNoDeletionWindow", "file": "kmsKeyNoDeletionWindow.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure rotation for customer created CMKs is enabled", - "referenceId": "AWS.KMS.Logging.High.0400", + "reference_id": "AWS.KMS.Logging.High.0400", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.NetworkSecurity.High.0566.json b/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.NetworkSecurity.High.0566.json index 48513be47..2d281918f 100755 --- a/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.NetworkSecurity.High.0566.json +++ b/pkg/policies/opa/rego/aws/aws_kms_key/AWS.KMS.NetworkSecurity.High.0566.json @@ -1,12 +1,12 @@ { "name": "kmsKeyExposedPolicy", "file": "kmsKeyExposedPolicy.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Identify any publicly accessible AWS Key Management Service master keys and update their access policy in order to stop any unsigned requests made to these resources.", - "referenceId": "AWS.KMS.NetworkSecurity.High.0566", + "reference_id": "AWS.KMS.NetworkSecurity.High.0566", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_lambda/AWS.ElasticSearch.IAM.Medium.0878.json b/pkg/policies/opa/rego/aws/aws_lambda/AWS.ElasticSearch.IAM.Medium.0878.json index 7fc5e90cb..cc82d5f61 100755 --- a/pkg/policies/opa/rego/aws/aws_lambda/AWS.ElasticSearch.IAM.Medium.0878.json +++ b/pkg/policies/opa/rego/aws/aws_lambda/AWS.ElasticSearch.IAM.Medium.0878.json @@ -1,10 +1,10 @@ { "name": "awsLambdaRole", "file": "awsLambdaRole.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Lambda Functions with Admin Privileges", - "referenceId": "AWS.ElasticSearch.IAM.Medium.0878", + "reference_id": "AWS.ElasticSearch.IAM.Medium.0878", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_lambda_function/AWS.VPC.Logging.Medium.0470.json b/pkg/policies/opa/rego/aws/aws_lambda_function/AWS.VPC.Logging.Medium.0470.json index fdd7fb5b5..69add0581 100755 --- a/pkg/policies/opa/rego/aws/aws_lambda_function/AWS.VPC.Logging.Medium.0470.json +++ b/pkg/policies/opa/rego/aws/aws_lambda_function/AWS.VPC.Logging.Medium.0470.json @@ -1,12 +1,12 @@ { "name": "lambdaXRayTracingDisabled", "file": "lambdaXRayTracingDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "LOW", "description": "Lambda tracing is not enabled.", - "referenceId": "AWS.VPC.Logging.Medium.0470", + "reference_id": "AWS.VPC.Logging.Medium.0470", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json index f7db277f3..710ce9688 100755 --- a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json +++ b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.EcsCluster.EncryptionandKeyManagement.High.0413.json @@ -1,12 +1,12 @@ { "name": "launchConfigurationEBSBlockUnEncrypted", "file": "launchConfigurationEBSBlockUnEncrypted.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that AWS ECS clusters are encrypted. Data encryption at rest, prevents unauthorized users from accessing sensitive data on your AWS ECS clusters and associated cache storage systems.", - "referenceId": "AWS.EcsCluster.EncryptionandKeyManagement.High.0413", + "reference_id": "AWS.EcsCluster.EncryptionandKeyManagement.High.0413", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0101.json b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0101.json index bd85ed5f7..be56de554 100755 --- a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0101.json +++ b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0101.json @@ -1,12 +1,12 @@ { "name": "hardCodedShellScript", "file": "hardCodedShellScript.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Avoid using base64 encoded shell script as part of config", - "referenceId": "AWS.LaunchConfiguration.DataSecurity.High.0101", + "reference_id": "AWS.LaunchConfiguration.DataSecurity.High.0101", "category": "Data Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0102.json b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0102.json index c72437096..a2dae0063 100755 --- a/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0102.json +++ b/pkg/policies/opa/rego/aws/aws_launch_configuration/AWS.LaunchConfiguration.DataSecurity.High.0102.json @@ -1,12 +1,12 @@ { "name": "hardCodedKey", "file": "hardCodedKey.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Avoid using base64 encoded private keys as part of config", - "referenceId": "AWS.LaunchConfiguration.DataSecurity.High.0102", + "reference_id": "AWS.LaunchConfiguration.DataSecurity.High.0102", "category": "Data Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0401.json b/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0401.json index 06d89a9bd..5e2d6df3a 100755 --- a/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0401.json +++ b/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0401.json @@ -1,7 +1,7 @@ { "name": "elbSsLTsLProtocol", "file": "elbSsLTsLProtocol.rego", - "templateArgs": { + "template_args": { "prefix": "", "security_protocols": [ "Protocol-SSLv3", @@ -10,7 +10,7 @@ }, "severity": "HIGH", "description": "Using insecure ciphers for your ELB Predefined or Custom Security Policy, could make the SSL connection between the client and the load balancer vulnerable to exploits. TLS 1.0 was recommended to be disabled by PCI Council after June 30, 2016", - "referenceId": "AWS.ELB.EncryptionandKeyManagement.High.0401", + "reference_id": "AWS.ELB.EncryptionandKeyManagement.High.0401", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0403.json b/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0403.json index 799fd1062..b9625e141 100755 --- a/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0403.json +++ b/pkg/policies/opa/rego/aws/aws_load_balancer_policy/AWS.ELB.EncryptionandKeyManagement.High.0403.json @@ -1,7 +1,7 @@ { "name": "elbWeakCipher", "file": "elbWeakCipher.rego", - "templateArgs": { + "template_args": { "prefix": "", "weak_ciphers": [ "DHE-DSS-AES128-SHA", @@ -77,7 +77,7 @@ }, "severity": "HIGH", "description": "Remove insecure ciphers for your ELB Predefined or Custom Security Policy, to reduce the risk of the SSL connection between the client and the load balancer being exploited.", - "referenceId": "AWS.ELB.EncryptionandKeyManagement.High.0403", + "reference_id": "AWS.ELB.EncryptionandKeyManagement.High.0403", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_macie_member_account_association/AWS.Macie.Security.Medium.0576.json b/pkg/policies/opa/rego/aws/aws_macie_member_account_association/AWS.Macie.Security.Medium.0576.json deleted file mode 100755 index b7fe3091a..000000000 --- a/pkg/policies/opa/rego/aws/aws_macie_member_account_association/AWS.Macie.Security.Medium.0576.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "macieIsNotAssociated", - "file": "macieIsNotAssociated.rego", - "templateArgs": { - "prefix": "" - }, - "severity": "MEDIUM", - "description": "Ensure that Amazon Macie service is currently in use in order to classify and protect sensitive information such as credit cards, financial records or Personally Identifiable Information (PII), available in your AWS account. AWS Macie is a data security service that utilizes machine learning to automatically discover, classify and protect critical data within AWS cloud. Once enabled and configured, Macie will scan your S3 buckets to identify sensitive information, bring this data to your attention and analyze access patterns and user behavior to prevent any data leakage. Macie can also help you with governance, compliance and audit standards. For example, the service can enable you to comply with General Data Protection Regulation (GDPR)regulations around encryption and pseudonymization of data as it recognizes Personally Identifiable Information (PII).", - "referenceId": "AWS.Macie.Security.Medium.0576", - "category": "Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_macie_member_account_association/macieIsNotAssociated.rego b/pkg/policies/opa/rego/aws/aws_macie_member_account_association/macieIsNotAssociated.rego deleted file mode 100755 index e4223f7b3..000000000 --- a/pkg/policies/opa/rego/aws/aws_macie_member_account_association/macieIsNotAssociated.rego +++ /dev/null @@ -1,16 +0,0 @@ -package accurics - -{{.prefix}}macieIsNotAssociated[retVal] { - check_empty(input) - rc := "ZGF0YSAiYXdzX2NhbGxlcl9pZGVudGl0eSIgImN1cnJlbnQiIHt9CgpyZXNvdXJjZSAiYXdzX21hY2llX21lbWJlcl9hY2NvdW50X2Fzc29jaWF0aW9uIiAibWFjaWVfbWVtYmVyX2Fzc29jaWF0aW9uX25hbWUiIHsKICAgICJtZW1iZXJfYWNjb3VudF9pZCI6ICIke2RhdGEuYXdzX2NhbGxlcl9pZGVudGl0eS5jdXJyZW50LmFjY291bnRfaWR9Igp9" - traverse = "" - retVal := { "Id": "no_macie_member_account_association", "ReplaceType": "add", "CodeType": "resource", "Traverse": traverse, "Attribute": "", "AttributeDataType": "resource", "Expected": rc, "Actual": null } -} - -check_empty(macie_input) = true { - not macie_input.aws_macie_member_account_association -} - -check_empty(macie_input) = true { - count(macie_input.aws_macie_member_account_association) <= 0 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.Logging.Medium.0885.json b/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.Logging.Medium.0885.json index 0664b7ccf..4c070d6cb 100755 --- a/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.Logging.Medium.0885.json +++ b/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.Logging.Medium.0885.json @@ -1,10 +1,10 @@ { "name": "awsMqLoggingEnabled", "file": "awsMqLoggingEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Enable AWS MQ Log Exports", - "referenceId": "AWS.ElasticSearch.Logging.Medium.0885", + "reference_id": "AWS.ElasticSearch.Logging.Medium.0885", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.NetworkSecurity.Medium.0887.json b/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.NetworkSecurity.Medium.0887.json index 9d4e0fc75..0479a5135 100755 --- a/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.NetworkSecurity.Medium.0887.json +++ b/pkg/policies/opa/rego/aws/aws_mq/AWS.ElasticSearch.NetworkSecurity.Medium.0887.json @@ -1,10 +1,10 @@ { "name": "awsMqPubliclyAccessible", "file": "awsMqPubliclyAccessible.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Publicly Accessible MQ Brokers", - "referenceId": "AWS.ElasticSearch.NetworkSecurity.Medium.0887", + "reference_id": "AWS.ElasticSearch.NetworkSecurity.Medium.0887", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_organizations_policy/AWS.Organizations.IAM.MEDIUM.0590.json b/pkg/policies/opa/rego/aws/aws_organizations_policy/AWS.Organizations.IAM.MEDIUM.0590.json index 3330bdc28..a23523e78 100755 --- a/pkg/policies/opa/rego/aws/aws_organizations_policy/AWS.Organizations.IAM.MEDIUM.0590.json +++ b/pkg/policies/opa/rego/aws/aws_organizations_policy/AWS.Organizations.IAM.MEDIUM.0590.json @@ -1,12 +1,12 @@ { "name": "scpFullAccess", "file": "scpFullAccess.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that All Features is enabled within your Amazon Organizations to achieve full control over the use of AWS services and actions across multiple AWS accounts using Service Control Policies (SCPs).", - "referenceId": "AWS.Organizations.IAM.MEDIUM.0590", + "reference_id": "AWS.Organizations.IAM.MEDIUM.0590", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_rds_cluster/AWS.RDS.EncryptionandKeyManagement.High.0414.json b/pkg/policies/opa/rego/aws/aws_rds_cluster/AWS.RDS.EncryptionandKeyManagement.High.0414.json index c56e73b31..f9c21d8a1 100755 --- a/pkg/policies/opa/rego/aws/aws_rds_cluster/AWS.RDS.EncryptionandKeyManagement.High.0414.json +++ b/pkg/policies/opa/rego/aws/aws_rds_cluster/AWS.RDS.EncryptionandKeyManagement.High.0414.json @@ -1,12 +1,12 @@ { "name": "storageNotEncrypted", "file": "storageNotEncrypted.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Encrypt Amazon RDS instances and snapshots at rest, by enabling the encryption option for your Amazon RDS DB instance", - "referenceId": "AWS.RDS.EncryptionandKeyManagement.High.0414", + "reference_id": "AWS.RDS.EncryptionandKeyManagement.High.0414", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.EncryptionandKeyManagement.High.0415.json b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.EncryptionandKeyManagement.High.0415.json index 67f8d28bd..01f6f8ec4 100755 --- a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.EncryptionandKeyManagement.High.0415.json +++ b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.EncryptionandKeyManagement.High.0415.json @@ -1,12 +1,12 @@ { "name": "redshiftEncryptedFalse", "file": "redshiftEncryptedFalse.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Use customer-managed KMS keys instead of AWS-managed keys, to have granular control over encrypting and encrypting data. Encrypt Redshift clusters with a Customer-managed KMS key. This is a recommended best practice.", - "referenceId": "AWS.Redshift.EncryptionandKeyManagement.High.0415", + "reference_id": "AWS.Redshift.EncryptionandKeyManagement.High.0415", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.Logging.Medium.0565.json b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.Logging.Medium.0565.json index e03a420a6..9908d33f9 100755 --- a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.Logging.Medium.0565.json +++ b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.Logging.Medium.0565.json @@ -1,12 +1,12 @@ { "name": "redshiftAuditLogs", "file": "redshiftAuditLogs.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure audit logging is enabled for Redshift clusters for security and troubleshooting purposes.", - "referenceId": "AWS.Redshift.Logging.Medium.0565", + "reference_id": "AWS.Redshift.Logging.Medium.0565", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.NetworkSecurity.HIGH.0564.json b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.NetworkSecurity.HIGH.0564.json index d4b1cd65a..6603d78de 100755 --- a/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.NetworkSecurity.HIGH.0564.json +++ b/pkg/policies/opa/rego/aws/aws_redshift_cluster/AWS.Redshift.NetworkSecurity.HIGH.0564.json @@ -1,12 +1,12 @@ { "name": "redshiftPublicAccess", "file": "redshiftPublicAccess.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure Redshift clusters are not publicly accessible to minimise security risks.", - "referenceId": "AWS.Redshift.NetworkSecurity.HIGH.0564", + "reference_id": "AWS.Redshift.NetworkSecurity.HIGH.0564", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_route53_query_log/AWS.Route53 query logs.Logging.Medium.0574.json b/pkg/policies/opa/rego/aws/aws_route53_query_log/AWS.Route53 query logs.Logging.Medium.0574.json index 3b2e84187..3700ffdcf 100755 --- a/pkg/policies/opa/rego/aws/aws_route53_query_log/AWS.Route53 query logs.Logging.Medium.0574.json +++ b/pkg/policies/opa/rego/aws/aws_route53_query_log/AWS.Route53 query logs.Logging.Medium.0574.json @@ -1,12 +1,12 @@ { "name": "route53LoggingDisabled", "file": "route53LoggingDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure CloudWatch logging is enabled for Route53 hosted zones.", - "referenceId": "AWS.Route53 query logs.Logging.Medium.0574", + "reference_id": "AWS.Route53 query logs.Logging.Medium.0574", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_route53_record/AWS.Route53HostedZone.DNSManagement.High.0422.json b/pkg/policies/opa/rego/aws/aws_route53_record/AWS.Route53HostedZone.DNSManagement.High.0422.json index 63a9bd81f..6050cd53d 100755 --- a/pkg/policies/opa/rego/aws/aws_route53_record/AWS.Route53HostedZone.DNSManagement.High.0422.json +++ b/pkg/policies/opa/rego/aws/aws_route53_record/AWS.Route53HostedZone.DNSManagement.High.0422.json @@ -1,12 +1,12 @@ { "name": "noRoute53RecordSet", "file": "noRoute53RecordSet.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Route53HostedZone should have recordSets.", - "referenceId": "AWS.Route53HostedZone.DNSManagement.High.0422", + "reference_id": "AWS.Route53HostedZone.DNSManagement.High.0422", "category": "DNS Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.DS.High.1043.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.DS.High.1043.json index c6886c6a5..7aecfa060 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.DS.High.1043.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.DS.High.1043.json @@ -1,12 +1,12 @@ { "name": "s3EnforceUserACL", "file": "s3EnforceUserACL.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "S3 bucket Access is allowed to all AWS Account Users.", - "referenceId": "AWS.S3Bucket.DS.High.1043", + "reference_id": "AWS.S3Bucket.DS.High.1043", "category": "S3", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.EncryptionandKeyManagement.High.0405.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.EncryptionandKeyManagement.High.0405.json index ffc4645d6..bb61533c0 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.EncryptionandKeyManagement.High.0405.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.EncryptionandKeyManagement.High.0405.json @@ -1,12 +1,12 @@ { "name": "s3BucketSseRulesWithKmsNull", "file": "s3BucketSseRulesWithKmsNull.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that S3 Buckets have server side encryption at rest enabled with KMS key to protect sensitive data.", - "referenceId": "AWS.S3Bucket.EncryptionandKeyManagement.High.0405", + "reference_id": "AWS.S3Bucket.EncryptionandKeyManagement.High.0405", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0370.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0370.json index 262a45897..5faed9bfb 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0370.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0370.json @@ -1,12 +1,12 @@ { "name": "s3Versioning", "file": "s3Versioning.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Enabling S3 versioning will enable easy recovery from both unintended user actions, like deletes and overwrites", - "referenceId": "AWS.S3Bucket.IAM.High.0370", + "reference_id": "AWS.S3Bucket.IAM.High.0370", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0377.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0377.json index 3354d2579..85e950676 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0377.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0377.json @@ -1,14 +1,14 @@ { "name": "allUsersReadAccess", "file": "s3AclGrants.rego", - "templateArgs": { + "template_args": { "access": "public-read", "name": "allUsersReadAccess", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0377", + "reference_id": "AWS.S3Bucket.IAM.High.0377", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0378.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0378.json index 1879b8dc3..ac5cc8076 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0378.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0378.json @@ -1,14 +1,14 @@ { "name": "authUsersReadAccess", "file": "s3AclGrants.rego", - "templateArgs": { + "template_args": { "access": "authenticated-read", "name": "authUsersReadAccess", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0378", + "reference_id": "AWS.S3Bucket.IAM.High.0378", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0379.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0379.json index 1fcbb5622..d00eae3ee 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0379.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0379.json @@ -1,14 +1,14 @@ { "name": "allUsersWriteAccess", "file": "s3AclGrants.rego", - "templateArgs": { + "template_args": { "access": "public-read-write", "name": "allUsersWriteAccess", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0379", + "reference_id": "AWS.S3Bucket.IAM.High.0379", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0381.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0381.json index 7d8313989..0e035f836 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0381.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.IAM.High.0381.json @@ -1,14 +1,14 @@ { "name": "allUsersReadWriteAccess", "file": "s3AclGrants.rego", - "templateArgs": { + "template_args": { "access": "public-read-write", "name": "allUsersReadWriteAccess", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0381", + "reference_id": "AWS.S3Bucket.IAM.High.0381", "category": "IAM", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.NetworkSecurity.High.0417.json b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.NetworkSecurity.High.0417.json index 11f0c2764..f469a6ced 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.NetworkSecurity.High.0417.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket/AWS.S3Bucket.NetworkSecurity.High.0417.json @@ -1,12 +1,12 @@ { "name": "s3BucketNoWebsiteIndexDoc", "file": "s3BucketNoWebsiteIndexDoc.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that there are not any static websites being hosted on buckets you aren't aware of", - "referenceId": "AWS.S3Bucket.NetworkSecurity.High.0417", + "reference_id": "AWS.S3Bucket.NetworkSecurity.High.0417", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0373.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0373.json index 8395d227d..64a2fd28a 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0373.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0373.json @@ -1,14 +1,14 @@ { "name": "allowGetActionFromAllPrncpls", "file": "actionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "Action": "s3:Get", "name": "allowGetActionFromAllPrncpls", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.IamPolicy.IAM.High.0373", + "reference_id": "AWS.IamPolicy.IAM.High.0373", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0374.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0374.json index 497176f1a..448b505a7 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0374.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0374.json @@ -1,14 +1,14 @@ { "name": "allowListActionFromAllPrncpls", "file": "actionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "Action": "s3:List", "name": "allowListActionFromAllPrncpls", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.IamPolicy.IAM.High.0374", + "reference_id": "AWS.IamPolicy.IAM.High.0374", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0375.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0375.json index 5faced8be..4d6c9583b 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0375.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0375.json @@ -1,14 +1,14 @@ { "name": "allowPutActionFromAllPrncpls", "file": "actionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "Action": "s3:Put", "name": "allowPutActionFromAllPrncpls", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.IamPolicy.IAM.High.0375", + "reference_id": "AWS.IamPolicy.IAM.High.0375", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0376.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0376.json index 990945694..9be06a3c2 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0376.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.IamPolicy.IAM.High.0376.json @@ -1,14 +1,14 @@ { "name": "allowWriteACPActionFromAllPrncpls", "file": "actionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "Action": "s3:PutBucketAcl", "name": "allowWriteACPActionFromAllPrncpls", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.IamPolicy.IAM.High.0376", + "reference_id": "AWS.IamPolicy.IAM.High.0376", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0371.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0371.json index 23beecd9f..b9d4af665 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0371.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0371.json @@ -1,12 +1,12 @@ { "name": "allowActionsFromAllPrincipals", "file": "allowActionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0371", + "reference_id": "AWS.S3Bucket.IAM.High.0371", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0372.json b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0372.json index d56acd755..00bbc6d41 100755 --- a/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0372.json +++ b/pkg/policies/opa/rego/aws/aws_s3_bucket_policy/AWS.S3Bucket.IAM.High.0372.json @@ -1,14 +1,14 @@ { "name": "allowDeleteActionFromAllPrncpls", "file": "actionsFromAllPrincipals.rego", - "templateArgs": { + "template_args": { "Action": "s3:Delete", "name": "allowDeleteActionFromAllPrncpls", "prefix": "" }, "severity": "HIGH", "description": "Misconfigured S3 buckets can leak private information to the entire internet or allow unauthorized data tampering / deletion", - "referenceId": "AWS.S3Bucket.IAM.High.0372", + "reference_id": "AWS.S3Bucket.IAM.High.0372", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json index bc83db676..d9d20d547 100755 --- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json +++ b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json @@ -1,12 +1,12 @@ { "name": "unrestrictedIngressAccess", "file": "unrestrictedIngressAccess.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": " It is recommended that no security group allows unrestricted ingress access", - "referenceId": "AWS.SecurityGroup.NetworkSecurity.High.0094", + "reference_id": "AWS.SecurityGroup.NetworkSecurity.High.0094", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_sns_topic/AWS.SNS.NS.Medium.1044.json b/pkg/policies/opa/rego/aws/aws_sns_topic/AWS.SNS.NS.Medium.1044.json index 4ea0d17e0..656b5a6dd 100755 --- a/pkg/policies/opa/rego/aws/aws_sns_topic/AWS.SNS.NS.Medium.1044.json +++ b/pkg/policies/opa/rego/aws/aws_sns_topic/AWS.SNS.NS.Medium.1044.json @@ -1,12 +1,12 @@ { "name": "snsPublicAccess", "file": "snsPublicAccess.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure SNS Topic is Publicly Accessible For Subscription", - "referenceId": "AWS.SNS.NS.Medium.1044", + "reference_id": "AWS.SNS.NS.Medium.1044", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0569.json b/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0569.json index 40f74167e..a278efefc 100755 --- a/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0569.json +++ b/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0569.json @@ -1,12 +1,12 @@ { "name": "sqsQueueExposed", "file": "sqsQueueExposed.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Identify any publicly accessible SQS queues available in your AWS account and update their permissions in order to protect against unauthorized users.", - "referenceId": "AWS.SQS.NetworkSecurity.High.0569", + "reference_id": "AWS.SQS.NetworkSecurity.High.0569", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0570.json b/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0570.json index 1138ac326..0042e8aa4 100755 --- a/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0570.json +++ b/pkg/policies/opa/rego/aws/aws_sqs_queue/AWS.SQS.NetworkSecurity.High.0570.json @@ -1,12 +1,12 @@ { "name": "sqsSseDisabled", "file": "sqsSseDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Ensure that your Amazon Simple Queue Service (SQS) queues are protecting the contents of their messages using Server-Side Encryption (SSE). The SQS service uses an AWS KMS Customer Master Key (CMK) to generate data keys required for the encryption/decryption process of SQS messages. There is no additional charge for using SQS Server-Side Encryption, however, there is a charge for using AWS KMS", - "referenceId": "AWS.SQS.NetworkSecurity.High.0570", + "reference_id": "AWS.SQS.NetworkSecurity.High.0570", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0470.json b/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0470.json index cae0c8b4b..79e31bdc8 100755 --- a/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0470.json +++ b/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0470.json @@ -1,12 +1,12 @@ { "name": "vpcFlowLogsNotEnabled", "file": "vpcFlowLogsNotEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure VPC flow logging is enabled in all VPCs", - "referenceId": "AWS.VPC.Logging.Medium.0470", + "reference_id": "AWS.VPC.Logging.Medium.0470", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0471.json b/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0471.json index d731e86b3..b34a2e8ca 100755 --- a/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0471.json +++ b/pkg/policies/opa/rego/aws/aws_vpc/AWS.VPC.Logging.Medium.0471.json @@ -1,12 +1,12 @@ { "name": "defaultVpcExist", "file": "defaultVpcExist.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Avoid creating resources in default VPC", - "referenceId": "AWS.VPC.Logging.Medium.0471", + "reference_id": "AWS.VPC.Logging.Medium.0471", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json index 30a41c9be..7f0e5ea92 100755 --- a/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json +++ b/pkg/policies/opa/rego/azure/azurerm_application_gateway/accurics.azure.NS.147.json @@ -1,12 +1,12 @@ { "name": "reme_appGatewayWAFEnabled", "file": "appGatewayWAFEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure Azure Application Gateway Web application firewall (WAF) is enabled", - "referenceId": "accurics.azure.NS.147", + "reference_id": "accurics.azure.NS.147", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json index ffbb52b7d..b0ad52b44 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.AKS.3.json @@ -1,12 +1,12 @@ { "name": "reme_containerRegistryResourceLock", "file": "containerRegistryResourceLock.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure Container Registry has locks", - "referenceId": "accurics.azure.AKS.3", + "reference_id": "accurics.azure.AKS.3", "category": "Azure Container Services", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json index 6e3bc0b93..9d6ce08cc 100755 --- a/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_container_registry/accurics.azure.EKM.164.json @@ -1,12 +1,12 @@ { "name": "reme_containerRegistryAdminEnabled", "file": "containerRegistryAdminEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that admin user is disabled for Container Registry", - "referenceId": "accurics.azure.EKM.164", + "reference_id": "accurics.azure.EKM.164", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json index 5f34b68a4..8dcdf45b7 100755 --- a/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json +++ b/pkg/policies/opa/rego/azure/azurerm_cosmosdb_account/accurics.azure.CAM.162.json @@ -1,12 +1,12 @@ { "name": "reme_noTags", "file": "noTags.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that Cosmos DB Account has an associated tag", - "referenceId": "accurics.azure.CAM.162", + "reference_id": "accurics.azure.CAM.162", "category": "Cloud Assets Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json index a1c581dfa..26d27562c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.164.json @@ -1,12 +1,12 @@ { "name": "reme_keyVaultSoftDeleteEnabled", "file": "keyVaultSoftDeleteEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure the key vault is recoverable - enable \"Soft Delete\" setting for a Key Vault", - "referenceId": "accurics.azure.EKM.164", + "reference_id": "accurics.azure.EKM.164", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json index d3f39083b..8838c308a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault/accurics.azure.EKM.20.json @@ -1,12 +1,12 @@ { "name": "reme_keyVaultAuditLoggingEnabled", "file": "keyVaultAuditLoggingEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that logging for Azure KeyVault is 'Enabled'", - "referenceId": "accurics.azure.EKM.20", + "reference_id": "accurics.azure.EKM.20", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json index 0dee8bd34..b62d7c09a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_key/accurics.azure.EKM.25.json @@ -1,12 +1,12 @@ { "name": "reme_checkKeyExpirationIsSet", "file": "checkKeyExpirationIsSet.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all keys", - "referenceId": "accurics.azure.EKM.25", + "reference_id": "accurics.azure.EKM.25", "category": "Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json index c0412daf9..3db60840a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json +++ b/pkg/policies/opa/rego/azure/azurerm_key_vault_secret/accurics.azure.EKM.26.json @@ -1,12 +1,12 @@ { "name": "reme_checkSecretExpirationIsSet", "file": "checkSecretExpirationIsSet.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that the expiration date is set on all secrets", - "referenceId": "accurics.azure.EKM.26", + "reference_id": "accurics.azure.EKM.26", "category": "Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json index 557554d9e..9a43c0a4f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.382.json @@ -1,10 +1,10 @@ { "name": "networkPolicyEnabled", "file": "networkPolicyEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure AKS cluster has Network Policy configured.", - "referenceId": "accurics.azure.NS.382", + "reference_id": "accurics.azure.NS.382", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json index 5d68d0ff0..6e3bc05e9 100755 --- a/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json +++ b/pkg/policies/opa/rego/azure/azurerm_kubernetes_cluster/accurics.azure.NS.383.json @@ -1,10 +1,10 @@ { "name": "KubeDashboardDisabled", "file": "KubeDashboardDisabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure Kube Dashboard is disabled", - "referenceId": "accurics.azure.NS.383", + "reference_id": "accurics.azure.NS.383", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json index 8164f7535..bfb3f8036 100755 --- a/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json +++ b/pkg/policies/opa/rego/azure/azurerm_managed_disk/accurics.azure.EKM.156.json @@ -1,12 +1,12 @@ { "name": "reme_checkDataDisksEncrypted", "file": "checkDataDisksEncrypted.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that 'OS disk' are encrypted", - "referenceId": "accurics.azure.EKM.156", + "reference_id": "accurics.azure.EKM.156", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json index d4631dbb0..d76bba655 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.171.json @@ -1,7 +1,7 @@ { "name": "reme_networkPort3389ExposedPublicEntire", "file": "networkPortExposedPublic.rego", - "templateArgs": { + "template_args": { "endLimit": 0, "evalHosts": true, "name": "networkPort3389ExposedPublicEntire", @@ -12,7 +12,7 @@ }, "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the entire public internet", - "referenceId": "accurics.azure.NPS.171", + "reference_id": "accurics.azure.NPS.171", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json index d64397813..120e76cfb 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.172.json @@ -1,7 +1,7 @@ { "name": "reme_networkPort22ExposedPublicEntire", "file": "networkPortExposedPublic.rego", - "templateArgs": { + "template_args": { "endLimit": 0, "evalHosts": true, "name": "networkPort22ExposedPublicEntire", @@ -12,7 +12,7 @@ }, "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the entire public internet", - "referenceId": "accurics.azure.NPS.172", + "reference_id": "accurics.azure.NPS.172", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json index 57414c54b..551c54ebe 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.35.json @@ -1,7 +1,7 @@ { "name": "reme_networkPort9090ExposedPublicWide", "file": "networkPortExposedPublic.rego", - "templateArgs": { + "template_args": { "endLimit": 1, "evalHosts": false, "name": "networkPort9090ExposedPublicWide", @@ -12,7 +12,7 @@ }, "severity": "HIGH", "description": "CiscoSecure, WebSM (TCP:9090) is exposed to the wide public internet", - "referenceId": "accurics.azure.NPS.35", + "reference_id": "accurics.azure.NPS.35", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json index 62760d897..b40936f66 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.36.json @@ -1,7 +1,7 @@ { "name": "reme_networkPort3389ExposedPublicWide", "file": "networkPortExposedPublic.rego", - "templateArgs": { + "template_args": { "endLimit": 1, "evalHosts": false, "name": "networkPort3389ExposedPublicWide", @@ -12,7 +12,7 @@ }, "severity": "HIGH", "description": "Remote Desktop (TCP:3389) is exposed to the wide public internet", - "referenceId": "accurics.azure.NPS.36", + "reference_id": "accurics.azure.NPS.36", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json index 40d552cef..d22d8a4f8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_security_rule/accurics.azure.NPS.37.json @@ -1,7 +1,7 @@ { "name": "reme_networkPort22ExposedPublicWide", "file": "networkPortExposedPublic.rego", - "templateArgs": { + "template_args": { "endLimit": 1, "evalHosts": false, "name": "networkPort22ExposedPublicWide", @@ -12,7 +12,7 @@ }, "severity": "HIGH", "description": "SSH (TCP:22) is exposed to the wide public internet", - "referenceId": "accurics.azure.NPS.37", + "reference_id": "accurics.azure.NPS.37", "category": "Network Ports Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher/accurics.azure.NS.387.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher/accurics.azure.NS.387.json deleted file mode 100755 index 24ea25ff7..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher/accurics.azure.NS.387.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "name": "reme_networkWatcherExist", - "file": "networkWatcherExist.rego", - "templateArgs": { - "prefix": "reme_" - }, - "severity": "HIGH", - "description": "Ensure that Network Watcher is 'Enabled'", - "referenceId": "accurics.azure.NS.387", - "category": "Network Security", - "version": 2 -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher/networkWatcherExist.rego b/pkg/policies/opa/rego/azure/azurerm_network_watcher/networkWatcherExist.rego deleted file mode 100755 index 21085e73c..000000000 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher/networkWatcherExist.rego +++ /dev/null @@ -1,15 +0,0 @@ -package accurics - -{{.prefix}}networkWatcherExist[retVal] { - not input.azurerm_network_watcher - rc = "cmVzb3VyY2UgImF6dXJlcm1fbmV0d29ya193YXRjaGVyIiAibmV0d29ya193YXRjaGVyIiB7CiAgbmFtZSAgICAgICAgICAgICAgICA9ICJuZXR3b3JrX3dhdGNoZXIiCiAgbG9jYXRpb24gICAgICAgICAgICA9ICMjcmVzb3VyY2VfZ3JvdXBfbG9jYXRpb24jIwogIHJlc291cmNlX2dyb3VwX25hbWUgPSAjI3Jlc291cmNlX2dyb3VwX25hbWUjIwp9" - traverse = "" - retVal := { "Id": "network_watcher_does_not_exist", "ReplaceType": "add", "CodeType": "resource", "Traverse": traverse, "Attribute": "", "AttributeDataType": "base64", "Expected": rc, "Actual": null } -} - -{{.prefix}}networkWatcherExist[retVal] { - count(input.azurerm_network_watcher) <= 0 - rc = "cmVzb3VyY2UgImF6dXJlcm1fbmV0d29ya193YXRjaGVyIiAibmV0d29ya193YXRjaGVyIiB7CiAgbmFtZSAgICAgICAgICAgICAgICA9ICJuZXR3b3JrX3dhdGNoZXIiCiAgbG9jYXRpb24gICAgICAgICAgICA9ICMjcmVzb3VyY2VfZ3JvdXBfbG9jYXRpb24jIwogIHJlc291cmNlX2dyb3VwX25hbWUgPSAjI3Jlc291cmNlX2dyb3VwX25hbWUjIwp9" - traverse = "" - retVal := { "Id": "network_watcher_does_not_exist", "ReplaceType": "add", "CodeType": "resource", "Traverse": traverse, "Attribute": "", "AttributeDataType": "base64", "Expected": rc, "Actual": null } -} \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json index 31f0e88c9..69c85928a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.11.json @@ -1,12 +1,12 @@ { "name": "reme_networkWatcherEnabled", "file": "networkWatcherCheck.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.", - "referenceId": "accurics.azure.NS.11", + "reference_id": "accurics.azure.NS.11", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json index c28bb3117..1e8e1fb41 100755 --- a/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json +++ b/pkg/policies/opa/rego/azure/azurerm_network_watcher_flow_log/accurics.azure.NS.342.json @@ -1,12 +1,12 @@ { "name": "reme_logRetensionGraterThan90Days", "file": "networkWatcherCheck.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Network Security Group Flow Logs should be enabled and the retention period is set to greater than or equal to 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.", - "referenceId": "accurics.azure.NS.342", + "reference_id": "accurics.azure.NS.342", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json index 3ed3be2b9..2e383392c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.BDR.163.json @@ -1,12 +1,12 @@ { "name": "reme_geoRedundancyDisabled", "file": "geoRedundancyDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that Geo Redundant Backups is enabled on PostgreSQL", - "referenceId": "accurics.azure.BDR.163", + "reference_id": "accurics.azure.BDR.163", "category": "Backup and Disaster Recovery", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json index e4057b64c..29cae6e06 100755 --- a/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json +++ b/pkg/policies/opa/rego/azure/azurerm_postgresql_server/accurics.azure.EKM.1.json @@ -1,12 +1,12 @@ { "name": "reme_sslEnforceDisabled", "file": "sslEnforceDisabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server", - "referenceId": "accurics.azure.EKM.1", + "reference_id": "accurics.azure.EKM.1", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json index 44997883e..201152c30 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.EKM.23.json @@ -1,12 +1,12 @@ { "name": "reme_nonSslEnabled", "file": "nonSslEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that the Redis Cache accepts only SSL connections", - "referenceId": "accurics.azure.EKM.23", + "reference_id": "accurics.azure.EKM.23", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json index 9320b6859..3837ba95f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.13.json @@ -1,12 +1,12 @@ { "name": "reme_redisCacheNoUpdatePatchSchedule", "file": "redisCacheNoUpdatePatchSchedule.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that Redis is updated regularly with security and operational updates.\n\nNote this feature is only available to Premium tier Redis Caches.", - "referenceId": "accurics.azure.NS.13", + "reference_id": "accurics.azure.NS.13", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json index d41afddf9..52e14ee6b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.166.json @@ -1,12 +1,12 @@ { "name": "reme_allowLessHosts", "file": "allowLessHosts.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure there are no firewall rules allowing Redis Cache access for a large number of source IPs", - "referenceId": "accurics.azure.NS.166", + "reference_id": "accurics.azure.NS.166", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json index 9829654f7..d7a03d1e8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.30.json @@ -1,14 +1,14 @@ { "name": "reme_entirelyAccessible", "file": "publiclyAccessible.rego", - "templateArgs": { + "template_args": { "isEntire": true, "name": "entirelyAccessible", "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from the Internet", - "referenceId": "accurics.azure.NS.30", + "reference_id": "accurics.azure.NS.30", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json index 4a691d7a1..fe51fba0a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json +++ b/pkg/policies/opa/rego/azure/azurerm_redis_cache/accurics.azure.NS.31.json @@ -1,14 +1,14 @@ { "name": "reme_publiclyAccessible", "file": "publiclyAccessible.rego", - "templateArgs": { + "template_args": { "isEntire": false, "name": "publiclyAccessible", "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure there are no firewall rules allowing unrestricted access to Redis from other Azure sources", - "referenceId": "accurics.azure.NS.31", + "reference_id": "accurics.azure.NS.31", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json index 76505b6d2..153c4488f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json +++ b/pkg/policies/opa/rego/azure/azurerm_resource_group/accurics.azure.NS.272.json @@ -1,12 +1,12 @@ { "name": "reme_resourceGroupLock", "file": "resourceGroupLock.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "LOW", "description": "Ensure that Azure Resource Group has resource lock enabled", - "referenceId": "accurics.azure.NS.272", + "reference_id": "accurics.azure.NS.272", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json index 783742eb9..ca322d0b8 100755 --- a/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json +++ b/pkg/policies/opa/rego/azure/azurerm_role_assignment/accurics.azure.IAM.388.json @@ -1,12 +1,12 @@ { "name": "reme_checkGuestUser", "file": "checkGuestUser.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that there are no guest users", - "referenceId": "accurics.azure.IAM.388", + "reference_id": "accurics.azure.IAM.388", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json index 93539ac0e..7da13582a 100755 --- a/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json +++ b/pkg/policies/opa/rego/azure/azurerm_security_center_subscription_pricing/accurics.azure.OPS.349.json @@ -1,12 +1,12 @@ { "name": "reme_securityCenterPrincingTier", "file": "securityCenterPrincingTier.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that standard pricing tiers are selected", - "referenceId": "accurics.azure.OPS.349", + "reference_id": "accurics.azure.OPS.349", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json index 1ed03fc76..0bcdc2c4c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_active_directory_administrator/accurics.azure.IAM.137.json @@ -1,12 +1,12 @@ { "name": "reme_sqlServerADPredictableAccount", "file": "sqlServerADPredictableAccount.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server Active Directory Administrator account", - "referenceId": "accurics.azure.IAM.137", + "reference_id": "accurics.azure.IAM.137", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json index 4e6ac6145..359f70b6e 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_database/accurics.azure.MON.157.json @@ -1,12 +1,12 @@ { "name": "reme_checkAuditEnabled", "file": "checkAuditEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that 'Threat Detection' is enabled for Azure SQL Database", - "referenceId": "accurics.azure.MON.157", + "reference_id": "accurics.azure.MON.157", "category": "Monitoring", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json index c5ee6dfb0..549e2bf7c 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.169.json @@ -1,12 +1,12 @@ { "name": "reme_moreHostsAllowed", "file": "moreHostsAllowed.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Restrict Azure SQL Server accessibility to a minimal address range", - "referenceId": "accurics.azure.NS.169", + "reference_id": "accurics.azure.NS.169", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json index 9473e9851..3326bd00f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.21.json @@ -1,14 +1,14 @@ { "name": "reme_sqlIngressAccess", "file": "checkPublicAccessNotAllow.rego", - "templateArgs": { + "template_args": { "isEntire": false, "name": "sqlIngressAccess", "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that no SQL Server allows ingress from 0.0.0.0/0 (ANY IP)", - "referenceId": "accurics.azure.NS.21", + "reference_id": "accurics.azure.NS.21", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json index 90343b405..b64c3c080 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_firewall_rule/accurics.azure.NS.5.json @@ -1,14 +1,14 @@ { "name": "reme_sqlPublicAccess", "file": "checkPublicAccessNotAllow.rego", - "templateArgs": { + "template_args": { "isEntire": true, "name": "sqlPublicAccess", "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure entire Azure infrastructure doesn't have access to Azure SQL ServerEnsure entire Azure infrastructure doesn't have access to Azure SQL Server", - "referenceId": "accurics.azure.NS.5", + "reference_id": "accurics.azure.NS.5", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json index 834c84439..566e76c22 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.10.json @@ -1,12 +1,12 @@ { "name": "reme_sqlServerADAdminConfigured", "file": "sqlServerADAdminConfigured.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that Azure Active Directory Admin is configured for SQL Server", - "referenceId": "accurics.azure.IAM.10", + "reference_id": "accurics.azure.IAM.10", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json index 6270c62f0..e42c803cd 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.IAM.138.json @@ -1,12 +1,12 @@ { "name": "reme_sqlServerPredictableAccount", "file": "sqlServerPredictableAccount.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Avoid using names like 'Admin' for an Azure SQL Server admin account login", - "referenceId": "accurics.azure.IAM.138", + "reference_id": "accurics.azure.IAM.138", "category": "Identity and Access Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json index 142f604a6..67e7cef09 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.LOG.356.json @@ -1,10 +1,10 @@ { "name": "sqlAuditingRetention", "file": "sqlAuditingRetention.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers.", - "referenceId": "accurics.azure.LOG.356", + "reference_id": "accurics.azure.LOG.356", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json index 00c00b181..1bccf29aa 100755 --- a/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json +++ b/pkg/policies/opa/rego/azure/azurerm_sql_server/accurics.azure.MON.354.json @@ -1,10 +1,10 @@ { "name": "sqlServerAuditingEnabled", "file": "sqlServerAuditingEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that 'Auditing' is set to 'On' for SQL servers", - "referenceId": "accurics.azure.MON.354", + "reference_id": "accurics.azure.MON.354", "category": "Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json index 2dd9cb18e..f5bca5b10 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.EKM.7.json @@ -1,12 +1,12 @@ { "name": "reme_storageAccountEnableHttps", "file": "storageAccountEnableHttps.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that 'Secure transfer required' is enabled for Storage Accounts", - "referenceId": "accurics.azure.EKM.7", + "reference_id": "accurics.azure.EKM.7", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json index 89040ea40..aba7ae27b 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.2.json @@ -1,12 +1,12 @@ { "name": "reme_storageAccountTrustedMicrosoftServicesEnabled", "file": "storageAccountTrustedMicrosoftServicesEnabled.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access", - "referenceId": "accurics.azure.NS.2", + "reference_id": "accurics.azure.NS.2", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json index bd3ca6a16..4eb41fe78 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_account/accurics.azure.NS.4.json @@ -1,12 +1,12 @@ { "name": "reme_storageAccountOpenToPublic", "file": "storageAccountOpenToPublic.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure default network access rule for Storage Accounts is not open to public", - "referenceId": "accurics.azure.NS.4", + "reference_id": "accurics.azure.NS.4", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json index 3cce9018b..06f145e7f 100755 --- a/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json +++ b/pkg/policies/opa/rego/azure/azurerm_storage_container/accurics.azure.IAM.368.json @@ -1,12 +1,12 @@ { "name": "reme_checkStorageContainerAccess", "file": "checkStorageContainerAccess.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.", - "referenceId": "accurics.azure.IAM.368", + "reference_id": "accurics.azure.IAM.368", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json index 346e27da1..6877aa9c5 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_machine/accurics.azure.NS.18.json @@ -1,12 +1,12 @@ { "name": "reme_vmAttachedToNetwork", "file": "vmAttachedToNetwork.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "HIGH", "description": "Ensure that at least one Network Security Group is attached to all VMs and subnets that are public", - "referenceId": "accurics.azure.NS.18", + "reference_id": "accurics.azure.NS.18", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json index 7fb2acf75..907585538 100755 --- a/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json +++ b/pkg/policies/opa/rego/azure/azurerm_virtual_network/accurics.azure.NS.161.json @@ -1,12 +1,12 @@ { "name": "reme_noSecurityGroupAssociated", "file": "noSecurityGroupAssociated.rego", - "templateArgs": { + "template_args": { "prefix": "reme_" }, "severity": "MEDIUM", "description": "Ensure that Azure Virtual Network subnet is configured with a Network Security Group", - "referenceId": "accurics.azure.NS.161", + "reference_id": "accurics.azure.NS.161", "category": "Network Security", "version": 2 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/github_repository/accurics.gcp.IAM.145.json b/pkg/policies/opa/rego/gcp/github_repository/accurics.gcp.IAM.145.json index e20203af8..21c35a144 100755 --- a/pkg/policies/opa/rego/gcp/github_repository/accurics.gcp.IAM.145.json +++ b/pkg/policies/opa/rego/gcp/github_repository/accurics.gcp.IAM.145.json @@ -1,10 +1,10 @@ { "name": "privateRepoEnabled", "file": "privateRepoEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Repository is Not Private.", - "referenceId": "accurics.gcp.IAM.145", + "reference_id": "accurics.gcp.IAM.145", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_bigquery_dataset/accurics.gcp.IAM.106.json b/pkg/policies/opa/rego/gcp/google_bigquery_dataset/accurics.gcp.IAM.106.json index 8679e8cec..169e6f627 100755 --- a/pkg/policies/opa/rego/gcp/google_bigquery_dataset/accurics.gcp.IAM.106.json +++ b/pkg/policies/opa/rego/gcp/google_bigquery_dataset/accurics.gcp.IAM.106.json @@ -1,10 +1,10 @@ { "name": "bqDatasetPubliclyAccessible", "file": "bqDatasetPubliclyAccessible.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "BigQuery datasets may be anonymously or publicly accessible.", - "referenceId": "accurics.gcp.IAM.106", + "reference_id": "accurics.gcp.IAM.106", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_disk/accurics.gcp.EKM.131.json b/pkg/policies/opa/rego/gcp/google_compute_disk/accurics.gcp.EKM.131.json index ea9e827e6..34323cf4e 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_disk/accurics.gcp.EKM.131.json +++ b/pkg/policies/opa/rego/gcp/google_compute_disk/accurics.gcp.EKM.131.json @@ -1,10 +1,10 @@ { "name": "vmEncryptedwithCsek", "file": "vmEncryptedwithCsek.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) .", - "referenceId": "accurics.gcp.EKM.131", + "reference_id": "accurics.gcp.EKM.131", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.123.json b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.123.json index df56fcbfe..f1a5bcc3e 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.123.json +++ b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.123.json @@ -1,10 +1,10 @@ { "name": "unrestrictedRdpAccess", "file": "unrestrictedRdpAccess.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure Google compute firewall ingress does not allow unrestricted rdp access.", - "referenceId": "accurics.gcp.NS.123", + "reference_id": "accurics.gcp.NS.123", "category": "Network Security ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.017.json b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.148.json similarity index 80% rename from pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.017.json rename to pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.148.json index 0d9381450..4c1f15f38 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.017.json +++ b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.148.json @@ -1,13 +1,13 @@ { "name": "port22Open", "file": "portIsOpen.rego", - "templateArgs": { + "template_args": { "name": "port22Open", "port_number": "22" }, "severity": "MEDIUM", "description": "Ensure that SSH access is restricted from the internet", - "referenceId": "accurics.gcp.NS.017", + "reference_id": "accurics.gcp.NS.148", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.111.json b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.149.json similarity index 81% rename from pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.111.json rename to pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.149.json index e62d58bb6..656c73498 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.111.json +++ b/pkg/policies/opa/rego/gcp/google_compute_firewall/accurics.gcp.NS.149.json @@ -1,13 +1,13 @@ { "name": "port3389Open", "file": "portIsOpen.rego", - "templateArgs": { + "template_args": { "name": "port3389Open", "port_number": "3389" }, "severity": "MEDIUM", "description": "Ensure that SSH access is restricted from the internet", - "referenceId": "accurics.gcp.NS.111", + "reference_id": "accurics.gcp.NS.149", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.EKM.132.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.EKM.132.json index d390cfbb8..11b10f41c 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.EKM.132.json +++ b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.EKM.132.json @@ -1,10 +1,10 @@ { "name": "encryptedwithCsek", "file": "encryptedwithCsek.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) .", - "referenceId": "accurics.gcp.EKM.132", + "reference_id": "accurics.gcp.EKM.132", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.124.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.124.json index 3d5e5ab47..bfa478fa3 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.124.json +++ b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.IAM.124.json @@ -1,10 +1,10 @@ { "name": "defaultServiceAccountUsed", "file": "defaultServiceAccountUsed.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs", - "referenceId": "accurics.gcp.IAM.124", + "reference_id": "accurics.gcp.IAM.124", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.125.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.125.json index a1488c856..42d58ee89 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.125.json +++ b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.125.json @@ -1,10 +1,10 @@ { "name": "checkVM_NoFullCloudAccess", "file": "checkVM_NoFullCloudAccess.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Instances may have been configured to use the default service account with full access to all Cloud APIs", - "referenceId": "accurics.gcp.NS.125", + "reference_id": "accurics.gcp.NS.125", "category": "Access Control", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json index bcedd7c86..24e1d0f27 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json +++ b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json @@ -1,10 +1,10 @@ { "name": "checkIpForward", "file": "checkIpForward.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure IP forwarding is not enabled on Instances.", - "referenceId": "accurics.gcp.NS.130", + "reference_id": "accurics.gcp.NS.130", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.133.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.133.json index 6afeccef6..a0155b5c5 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.133.json +++ b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.133.json @@ -1,10 +1,10 @@ { "name": "shieldedVmEenabled", "file": "shieldedVmEenabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure Compute instances are launched with Shielded VM enabled.", - "referenceId": "accurics.gcp.NS.133", + "reference_id": "accurics.gcp.NS.133", "category": "Network Security ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_project_metadata/accurics.gcp.IAM.127.json b/pkg/policies/opa/rego/gcp/google_compute_project_metadata/accurics.gcp.IAM.127.json index 9525cc591..9daf3300c 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_project_metadata/accurics.gcp.IAM.127.json +++ b/pkg/policies/opa/rego/gcp/google_compute_project_metadata/accurics.gcp.IAM.127.json @@ -1,10 +1,10 @@ { "name": "checkOSLoginEnabled", "file": "checkOSLoginEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure oslogin is enabled for a Project", - "referenceId": "accurics.gcp.IAM.127", + "reference_id": "accurics.gcp.IAM.127", "category": "Access Control", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_ssl_policy/accurics.gcp.EKM.134.json b/pkg/policies/opa/rego/gcp/google_compute_ssl_policy/accurics.gcp.EKM.134.json index 137749fdb..5111a107f 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_ssl_policy/accurics.gcp.EKM.134.json +++ b/pkg/policies/opa/rego/gcp/google_compute_ssl_policy/accurics.gcp.EKM.134.json @@ -1,10 +1,10 @@ { "name": "weakCipherSuitesEnabled", "file": "weakCipherSuitesEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites.", - "referenceId": "accurics.gcp.EKM.134", + "reference_id": "accurics.gcp.EKM.134", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_compute_subnetwork/accurics.gcp.LOG.118.json b/pkg/policies/opa/rego/gcp/google_compute_subnetwork/accurics.gcp.LOG.118.json index c467a5a51..3e7cf548f 100755 --- a/pkg/policies/opa/rego/gcp/google_compute_subnetwork/accurics.gcp.LOG.118.json +++ b/pkg/policies/opa/rego/gcp/google_compute_subnetwork/accurics.gcp.LOG.118.json @@ -1,10 +1,10 @@ { "name": "vpcFlowLogEnabled", "file": "vpcFlowLogEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network.", - "referenceId": "accurics.gcp.LOG.118", + "reference_id": "accurics.gcp.LOG.118", "category": "Logging ", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.104.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.104.json index 8fabda924..a4d51531b 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.104.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.104.json @@ -1,10 +1,10 @@ { "name": "clientCertificateEnabled", "file": "clientCertificateEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Kubernetes Cluster is created with Client Certificate enabled.", - "referenceId": "accurics.gcp.IAM.104", + "reference_id": "accurics.gcp.IAM.104", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.110.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.110.json index a8cdc2e08..f7c746f2e 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.110.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.110.json @@ -1,10 +1,10 @@ { "name": "gkeBasicAuthDisabled", "file": "gkeBasicAuthDisabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure GKE basic auth is disabled.", - "referenceId": "accurics.gcp.IAM.110", + "reference_id": "accurics.gcp.IAM.110", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.142.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.142.json index ca81dd704..1c82938ca 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.142.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.IAM.142.json @@ -1,10 +1,10 @@ { "name": "legacyAuthEnabled", "file": "legacyAuthEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Legacy Authorization is set to disabled on Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.IAM.142", + "reference_id": "accurics.gcp.IAM.142", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.LOG.100.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.LOG.100.json index e2249957c..fe372dcff 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.LOG.100.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.LOG.100.json @@ -1,10 +1,10 @@ { "name": "stackDriverLoggingEnabled", "file": "stackDriverLoggingEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Stackdriver Logging is enabled on Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.LOG.100", + "reference_id": "accurics.gcp.LOG.100", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.MON.143.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.MON.143.json index 5c985b757..6c5a640c0 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.MON.143.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.MON.143.json @@ -1,10 +1,10 @@ { "name": "stackDriverMonitoringEnabled", "file": "stackDriverMonitoringEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", - "description": "Ensure Stackdriver Logging is enabled on Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.MON.143", + "description": "Ensure Stackdriver Monitoring is enabled on Kubernetes Engine Clusters.", + "reference_id": "accurics.gcp.MON.143", "category": "Monitoring", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.103.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.103.json index 8996bea8b..4bdb34d97 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.103.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.103.json @@ -1,10 +1,10 @@ { "name": "networkPolicyEnabled", "file": "networkPolicyEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Network policy is enabled on Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.NS.103", + "reference_id": "accurics.gcp.NS.103", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.109.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.109.json index 9e7cd8b38..9d86bed43 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.109.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.109.json @@ -1,10 +1,10 @@ { "name": "gkeControlPlaneNotPublic", "file": "gkeControlPlaneNotPublic.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure GKE Control Plane is not public.", - "referenceId": "accurics.gcp.NS.109", + "reference_id": "accurics.gcp.NS.109", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.112.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.112.json index 9006a735d..3469d7179 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.112.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.112.json @@ -1,10 +1,10 @@ { "name": "masterAuthEnabled", "file": "masterAuthEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Master Authentication is set to enabled on Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.NS.112", + "reference_id": "accurics.gcp.NS.112", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.117.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.117.json index edb4f73e5..83fc5878e 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.117.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.NS.117.json @@ -1,10 +1,10 @@ { "name": "privateClusterEnabled", "file": "privateClusterEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Kubernetes Cluster is created with Private cluster enabled.", - "referenceId": "accurics.gcp.NS.117", + "reference_id": "accurics.gcp.NS.117", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.113.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.113.json index 9bed69456..7c13f89bd 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.113.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.113.json @@ -1,10 +1,10 @@ { "name": "clusterLabelsEnabled", "file": "clusterLabelsEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Kubernetes Clusters are configured with Labels.", - "referenceId": "accurics.gcp.OPS.113", + "reference_id": "accurics.gcp.OPS.113", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.115.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.115.json index e47f6ef62..4e3355e4b 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.115.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.115.json @@ -1,10 +1,10 @@ { "name": "ipAliasingEnabled", "file": "ipAliasingEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Kubernetes Cluster is created with Alias IP ranges enabled", - "referenceId": "accurics.gcp.OPS.115", + "reference_id": "accurics.gcp.OPS.115", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.116.json b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.116.json index 4fc96fcb9..7280c676f 100755 --- a/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.116.json +++ b/pkg/policies/opa/rego/gcp/google_container_cluster/accurics.gcp.OPS.116.json @@ -1,10 +1,10 @@ { "name": "podSecurityPolicyEnabled", "file": "podSecurityPolicyEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters.", - "referenceId": "accurics.gcp.OPS.116", + "reference_id": "accurics.gcp.OPS.116", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.101.json b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.101.json index a2c455b1c..547764bea 100755 --- a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.101.json +++ b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.101.json @@ -1,10 +1,10 @@ { "name": "autoNodeUpgradeEnabled", "file": "autoNodeUpgradeEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters.", - "referenceId": "accurics.gcp.OPS.101", + "reference_id": "accurics.gcp.OPS.101", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.114.json b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.114.json index eadea4754..b871a33f3 100755 --- a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.114.json +++ b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.114.json @@ -1,10 +1,10 @@ { "name": "cosNodeImageUsed", "file": "cosNodeImageUsed.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.", - "referenceId": "accurics.gcp.OPS.114", + "reference_id": "accurics.gcp.OPS.114", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.144.json b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.144.json index 113362121..9a16018ca 100755 --- a/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.144.json +++ b/pkg/policies/opa/rego/gcp/google_container_node_pool/accurics.gcp.OPS.144.json @@ -1,10 +1,10 @@ { "name": "autoNodeRepairEnabled", "file": "autoNodeRepairEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure 'Automatic node repair' is enabled for Kubernetes Clusters.", - "referenceId": "accurics.gcp.OPS.144", + "reference_id": "accurics.gcp.OPS.144", "category": "Operational Efficiency", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.EKM.108.json b/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.EKM.108.json index d3a5b282b..f676e85b3 100755 --- a/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.EKM.108.json +++ b/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.EKM.108.json @@ -1,10 +1,10 @@ { "name": "rsaSha1NotUsedDNSSEC", "file": "rsaSha1NotUsedDNSSEC.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC.", - "referenceId": "accurics.gcp.EKM.108", + "reference_id": "accurics.gcp.EKM.108", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.NS.107.json b/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.NS.107.json index b8b66baf7..4de57e66c 100755 --- a/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.NS.107.json +++ b/pkg/policies/opa/rego/gcp/google_dns_managed_zone/accurics.gcp.NS.107.json @@ -1,10 +1,10 @@ { "name": "dnsStateIsNotOn", "file": "dnsStateIsNotOn.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that DNSSEC is enabled for Cloud DNS.", - "referenceId": "accurics.gcp.NS.107", + "reference_id": "accurics.gcp.NS.107", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.007.json b/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.007.json index 2c69a2437..3387471ac 100755 --- a/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.007.json +++ b/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.007.json @@ -1,10 +1,10 @@ { "name": "checkRotation365Days", "file": "checkRotation365Days.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure Encryption keys are rotated within a period of 365 days.", - "referenceId": "accurics.gcp.EKM.007", + "reference_id": "accurics.gcp.EKM.007", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.139.json b/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.139.json index ea1a93d7d..01ee2db34 100755 --- a/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.139.json +++ b/pkg/policies/opa/rego/gcp/google_kms_crypto_key/accurics.gcp.EKM.139.json @@ -1,10 +1,10 @@ { "name": "checkRotation90Days", "file": "checkRotation90Days.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure Encryption keys are rotated within a period of 90 days.", - "referenceId": "accurics.gcp.EKM.139", + "reference_id": "accurics.gcp.EKM.139", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project/accurics.gcp.NS.119.json b/pkg/policies/opa/rego/gcp/google_project/accurics.gcp.NS.119.json index 31ed7b676..6b28b7a08 100755 --- a/pkg/policies/opa/rego/gcp/google_project/accurics.gcp.NS.119.json +++ b/pkg/policies/opa/rego/gcp/google_project/accurics.gcp.NS.119.json @@ -1,10 +1,10 @@ { "name": "autoCreateNetDisabled", "file": "autoCreateNetDisabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that the default network does not exist in a project.", - "referenceId": "accurics.gcp.NS.119", + "reference_id": "accurics.gcp.NS.119", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project_iam_audit_config/accurics.gcp.LOG.010.json b/pkg/policies/opa/rego/gcp/google_project_iam_audit_config/accurics.gcp.LOG.010.json index 249bedcc7..66abdca78 100755 --- a/pkg/policies/opa/rego/gcp/google_project_iam_audit_config/accurics.gcp.LOG.010.json +++ b/pkg/policies/opa/rego/gcp/google_project_iam_audit_config/accurics.gcp.LOG.010.json @@ -1,10 +1,10 @@ { "name": "checkAuditLoggingConfig", "file": "checkAuditLoggingConfig.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that Cloud Audit Logging is configured properly across all services and all users from a project.", - "referenceId": "accurics.gcp.LOG.010", + "reference_id": "accurics.gcp.LOG.010", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.136.json b/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.136.json index 1720dd60d..d7c6fee0d 100755 --- a/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.136.json +++ b/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.136.json @@ -1,10 +1,10 @@ { "name": "iamServiceAccountUsed", "file": "iamServiceAccountUsed.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level.", - "referenceId": "accurics.gcp.IAM.136", + "reference_id": "accurics.gcp.IAM.136", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.002.json b/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.150.json similarity index 78% rename from pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.002.json rename to pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.150.json index 406bb6e6f..bfed380e9 100755 --- a/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.002.json +++ b/pkg/policies/opa/rego/gcp/google_project_iam_binding/accurics.gcp.IAM.150.json @@ -1,10 +1,10 @@ { "name": "noGmailAccount", "file": "noGmailAccount.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that corporate login credentials are used instead of Gmail accounts.", - "referenceId": "accurics.gcp.IAM.002", + "reference_id": "accurics.gcp.IAM.150", "category": "Identity and Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.137.json b/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.137.json index 6a21bf281..bbcd89885 100755 --- a/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.137.json +++ b/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.137.json @@ -1,10 +1,10 @@ { "name": "iamServiceAccountUsed", "file": "iamServiceAccountUsed.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level.", - "referenceId": "accurics.gcp.IAM.137", + "reference_id": "accurics.gcp.IAM.137", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.138.json b/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.138.json index 5a4001f91..c5da6a6bf 100755 --- a/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.138.json +++ b/pkg/policies/opa/rego/gcp/google_project_iam_member/accurics.gcp.IAM.138.json @@ -1,10 +1,10 @@ { "name": "serviceAccountAdminPriviledges", "file": "serviceAccountAdminPriviledges.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that Service Account has no Admin privileges.", - "referenceId": "accurics.gcp.IAM.138", + "reference_id": "accurics.gcp.IAM.138", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.BDR.105.json b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.BDR.105.json index c4df825a1..ed655f3c5 100755 --- a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.BDR.105.json +++ b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.BDR.105.json @@ -1,10 +1,10 @@ { "name": "backupConfigEnabled", "file": "backupConfigEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure all Cloud SQL database instance have backup configuration enabled.", - "referenceId": "accurics.gcp.BDR.105", + "reference_id": "accurics.gcp.BDR.105", "category": "Backup \u0026 Disaster Recovery", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.EKM.141.json b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.EKM.141.json index 11e1063be..25e5366e6 100755 --- a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.EKM.141.json +++ b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.EKM.141.json @@ -1,10 +1,10 @@ { "name": "checkRequireSSLEnabled", "file": "checkDatabaseSettings.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that Cloud SQL database instance requires all incoming connections to use SSL", - "referenceId": "accurics.gcp.EKM.141", + "reference_id": "accurics.gcp.EKM.141", "category": "Encryption \u0026 Key Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.NS.102.json b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.NS.102.json index d030b5ee1..9fb0f171c 100755 --- a/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.NS.102.json +++ b/pkg/policies/opa/rego/gcp/google_sql_database_instance/accurics.gcp.NS.102.json @@ -1,10 +1,10 @@ { "name": "checkNoPublicAccess", "file": "checkDatabaseSettings.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that Cloud SQL database Instances are not open to the world.", - "referenceId": "accurics.gcp.NS.102", + "reference_id": "accurics.gcp.NS.102", "category": "Network Security", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.IAM.122.json b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.IAM.122.json index 7a745caef..d20464950 100755 --- a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.IAM.122.json +++ b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.IAM.122.json @@ -1,10 +1,10 @@ { "name": "uniformBucketEnabled", "file": "uniformBucketEnabled.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that Cloud Storage buckets have uniform bucket-level access enabled.", - "referenceId": "accurics.gcp.IAM.122", + "reference_id": "accurics.gcp.IAM.122", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.012.json b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.146.json similarity index 76% rename from pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.012.json rename to pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.146.json index f1940d10a..a77d9686d 100755 --- a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.012.json +++ b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.146.json @@ -1,10 +1,10 @@ { "name": "checkVersioningEnabled", "file": "checkStorageBucketConfig.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that object versioning is enabled on log-buckets.", - "referenceId": "accurics.gcp.LOG.012", + "reference_id": "accurics.gcp.LOG.146", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.023.json b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.147.json similarity index 76% rename from pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.023.json rename to pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.147.json index 4ed0ae3b9..948f146cc 100755 --- a/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.023.json +++ b/pkg/policies/opa/rego/gcp/google_storage_bucket/accurics.gcp.LOG.147.json @@ -1,10 +1,10 @@ { "name": "checkLoggingEnabled", "file": "checkStorageBucketConfig.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that logging is enabled for Cloud storage buckets.", - "referenceId": "accurics.gcp.LOG.023", + "reference_id": "accurics.gcp.LOG.147", "category": "Logging", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_binding/accurics.gcp.IAM.121.json b/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_binding/accurics.gcp.IAM.121.json index 9399307c8..b7ea5d6fb 100755 --- a/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_binding/accurics.gcp.IAM.121.json +++ b/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_binding/accurics.gcp.IAM.121.json @@ -1,10 +1,10 @@ { "name": "checkPubliclyAccessible", "file": "checkPubliclyAccessible.rego", - "templateArgs": null, + "template_args": null, "severity": "MEDIUM", "description": "Ensure that Cloud Storage bucket is not anonymously or publicly accessible.", - "referenceId": "accurics.gcp.IAM.121", + "reference_id": "accurics.gcp.IAM.121", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_member/accurics.gcp.IAM.120.json b/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_member/accurics.gcp.IAM.120.json index a6f625866..7a9a6000f 100755 --- a/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_member/accurics.gcp.IAM.120.json +++ b/pkg/policies/opa/rego/gcp/google_storage_bucket_iam_member/accurics.gcp.IAM.120.json @@ -1,10 +1,10 @@ { "name": "checkNoPublicAccess", "file": "checkNoPublicAccess.rego", - "templateArgs": null, + "template_args": null, "severity": "HIGH", "description": "Ensure that Cloud Storage bucket is not anonymously or publicly Accessible.", - "referenceId": "accurics.gcp.IAM.120", + "reference_id": "accurics.gcp.IAM.120", "category": "Identity \u0026 Access Management", "version": 1 } \ No newline at end of file diff --git a/pkg/policy/opa/types.go b/pkg/policy/opa/types.go index d4aea3d6e..ed1bbf00e 100644 --- a/pkg/policy/opa/types.go +++ b/pkg/policy/opa/types.go @@ -29,10 +29,10 @@ import ( type RegoMetadata struct { Name string `json:"name"` File string `json:"file"` - TemplateArgs map[string]interface{} `json:"templateArgs"` + TemplateArgs map[string]interface{} `json:"template_args"` Severity string `json:"severity"` Description string `json:"description"` - ReferenceID string `json:"referenceId"` + ReferenceID string `json:"reference_id"` Category string `json:"category"` Version int `json:"version"` } diff --git a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json index 87a931b83..b65bea14a 100755 --- a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json +++ b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0407.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoHTTPSTraffic", "file": "cloudfrontNoHTTPSTraffic.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Use encrypted connection between CloudFront and origin server", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0407", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json index 417d50dcd..dc0641d6a 100755 --- a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json +++ b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.EncryptionandKeyManagement.High.0408.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoSecureCiphers", "file": "cloudfrontNoSecureCiphers.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "HIGH", "description": "Secure ciphers are not used in CloudFront distribution", - "referenceId": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", + "reference_id": "AWS.CloudFront.EncryptionandKeyManagement.High.0408", "category": "Encryption and Key Management", "version": 2 } \ No newline at end of file diff --git a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json index 2d26be5a4..798eed6c4 100755 --- a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json +++ b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Logging.Medium.0567.json @@ -1,12 +1,12 @@ { "name": "cloudfrontNoLogging", "file": "cloudfrontNoLogging.rego", - "templateArgs": { + "template_args": { "prefix": "" }, "severity": "MEDIUM", "description": "Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).", - "referenceId": "AWS.CloudFront.Logging.Medium.0567", + "reference_id": "AWS.CloudFront.Logging.Medium.0567", "category": "Logging", "version": 2 } \ No newline at end of file diff --git a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json new file mode 100755 index 000000000..7096c530d --- /dev/null +++ b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/AWS.CloudFront.Network Security.Low.0568.json @@ -0,0 +1,12 @@ +{ + "name": "cloudfrontNoGeoRestriction", + "file": "cloudfrontNoGeoRestriction.rego", + "template_args": { + "prefix": "" + }, + "severity": "LOW", + "description": "Ensure that geo restriction is enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.", + "reference_id": "AWS.CloudFront.Network Security.Low.0568", + "category": "Network Security", + "version": 2 +} \ No newline at end of file diff --git a/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego new file mode 100755 index 000000000..45f3091dc --- /dev/null +++ b/pkg/runtime/testdata/testpolicies/aws_cloudfront_distribution/cloudfrontNoGeoRestriction.rego @@ -0,0 +1,10 @@ +package accurics + +{{.prefix}}cloudfrontNoGeoRestriction[retVal] { + cloudfront = input.aws_cloudfront_distribution[_] + some i + restrict = cloudfront.config.restrictions[i] + restrict.geo_restriction[j].restriction_type == "none" + traverse := sprintf("restrictions[%d].geo_restriction[%d].restriction_type", [i]) + retVal := { "Id": cloudfront.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "restrictions.geo_restriction.restriction_type", "AttributeDataType": "string", "Expected": "whitelist", "Actual": restrict.geo_restriction[_].restriction_type } +} \ No newline at end of file