diff --git a/.gitattributes b/.gitattributes index e05fe016..d3cada21 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,2 @@ *.cfn linguist-language=YAML +*.tfplan linguist-language=JSON diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 40032338..58a230a6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -3,13 +3,11 @@ on: [pull_request, push] jobs: test: runs-on: ubuntu-latest - name: OPA test + name: Test steps: - uses: actions/checkout@v2 - uses: actions/setup-go@v2 - - run: | - go get github.com/open-policy-agent/opa - go install github.com/open-policy-agent/opa - - run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - - run: opa test lib rules examples tests - - run: ./scripts/check-naming.sh + with: + go-version: '^1.16' + - run: make test + - run: cd rego && ./scripts/check-naming.sh diff --git a/.gitignore b/.gitignore index f7c1a250..2e9e0b84 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,12 @@ .terraform/ .DS_Store venv/ +pkg/rego/lib +pkg/rego/rules +regula +regula-* +!regula/ +.vscode/ +.scratch/ +.regula-history +build/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..f0645f64 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,9 @@ +[submodule "providers/terraform-provider-google"] + path = providers/terraform-provider-google + url = https://github.com/hashicorp/terraform-provider-google.git +[submodule "providers/terraform-provider-aws"] + path = providers/terraform-provider-aws + url = https://github.com/hashicorp/terraform-provider-aws.git +[submodule "pkg/loader/tf_test/example-terraform-modules"] + path = pkg/loader/tf_test/example-terraform-modules + url = https://github.com/jaspervdj-luminal/example-terraform-modules.git diff --git a/Dockerfile b/Dockerfile index 5f464b3a..a4ed47ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,11 @@ -FROM python:3.9.2-alpine3.13 - -# We need bash for the main regula script since it uses arrays. -# We need git to support terraform modules -RUN apk add --update bash git && rm -rf /var/cache/apk/* - -# Install OPA. -ARG OPA_VERSION=0.26.0 -RUN wget -O '/usr/local/bin/opa' \ - "https://github.com/open-policy-agent/opa/releases/download/v${OPA_VERSION}/opa_linux_amd64" &&\ - chmod +x '/usr/local/bin/opa' - -# Install terraform. -ARG TERRAFORM_VERSION=0.14.7 -ENV TF_IN_AUTOMATION=true -RUN wget -O "/tmp/terraform-${TERRAFORM_VERSION}.zip" \ - "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" && \ - unzip -d '/usr/local/bin' "/tmp/terraform-${TERRAFORM_VERSION}.zip" &&\ - rm "/tmp/terraform-${TERRAFORM_VERSION}.zip" - -# Install cfn-flip -ARG CFNFLIP_VERSION=1.2.3 -RUN pip install "cfn-flip==${CFNFLIP_VERSION}" - -# Update regula files -RUN mkdir -p /opt/regula -COPY lib /opt/regula/lib -COPY rules /opt/regula/rules -COPY bin/regula /usr/local/bin - -ENTRYPOINT ["regula", "-d", "/opt/regula"] +FROM golang:1.16-alpine as builder +ARG version +ARG gitcommit +WORKDIR /build +COPY . . +ENV ldflags "-X \"github.com/fugue/regula/pkg/version.Version=${version}\" -X \"github.com/fugue/regula/pkg/version.GitCommit=${gitcommit}\"" +RUN go build -ldflags="${ldflags} -s -w" + +FROM alpine:latest +COPY --from=builder /build/regula /usr/local/bin +ENTRYPOINT [ "regula" ] diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..eabaf7c2 --- /dev/null +++ b/Makefile @@ -0,0 +1,94 @@ +BINARY = regula +INSTALLED_BINARY = /usr/local/bin/$(BINARY) +GO_SOURCE = $(shell find cmd pkg -type f -name '*.go') +CLI_SOURCE = $(GO_SOURCE) $(wildcard cmd/*.txt) go.mod go.sum +# MOCKS_SOURCE = $(shell grep -L 'go:generate mockgen' $(GO_SOURCE)) +MOCKS = $(wildcard pkg/mocks/*.go) +REGO_LIB_SOURCE = $(shell find rego/lib -type f -name '*.rego') +REGO_RULES_SOURCE = $(shell find rego/rules -type f -name '*.rego') +VERSION = $(shell cat VERSION) +GITCOMMIT = $(shell git rev-parse --short HEAD 2> /dev/null || true) +define LDFLAGS + -X \"github.com/fugue/regula/pkg/version.Version=$(VERSION)\" \ + -X \"github.com/fugue/regula/pkg/version.GitCommit=$(GITCOMMIT)\" +endef +CLI_BUILD = go build -ldflags="$(LDFLAGS) -s -w" +GO_BIN_DIR= $(shell go env GOPATH)/bin +GOLINT = $(GO_BIN_DIR)/golint +MOCKGEN = $(GO_BIN_DIR)/mockgen +COPIED_REGO_LIB = pkg/rego/lib +COPIED_REGO_RULES = pkg/rego/rules + +$(COPIED_REGO_LIB): $(REGO_LIB_SOURCE) + rm -rf ./$(COPIED_REGO_LIB) + cp -R rego/lib $(COPIED_REGO_LIB) + +$(COPIED_REGO_RULES): $(REGO_RULES_SOURCE) + rm -rf ./$(COPIED_REGO_RULES) + cp -R rego/rules $(COPIED_REGO_RULES) + +$(GOLINT): + go install golang.org/x/lint/golint + +$(MOCKGEN): + go install github.com/golang/mock/mockgen@v1.5.0 + +$(BINARY): $(CLI_SOURCE) $(COPIED_REGO_LIB) $(COPIED_REGO_RULES) + $(CLI_BUILD) -v -o $@ + +$(BINARY)-linux-amd64: $(SOURCE) + GOOS=linux GOARCH=amd64 $(CLI_BUILD) -o $@ + +$(BINARY)-darwin-amd64: $(SOURCE) + GOOS=darwin GOARCH=amd64 $(CLI_BUILD) -o $@ + +$(INSTALLED_BINARY): $(BINARY) + cp $(BINARY) $(INSTALLED_BINARY) + +# $(MOCKS): $(MOCKGEN) $(MOCKS_SOURCE) +# PATH=$(GO_BIN_DIR):$(PATH) go generate ./... + +release: $(BINARY)-linux-amd64 $(BINARY)-darwin-amd64 + +.PHONY: install +install: $(INSTALLED_BINARY) + +# .PHONY: mocks +# mocks: $(MOCKS) + +.PHONY: clean +clean: + rm -f coverage.out + rm -f $(BINARY) $(BINARY)-linux-amd64 $(BINARY)-darwin-amd64 + +.PHONY: test +test: $(COPIED_REGO_LIB) $(COPIED_REGO_RULES) + go test -v -cover ./... + +.PHONY: coverage +coverage: + go test ./... -coverprofile=coverage.out + go tool cover -html=coverage.out + +.PHONY: lint +lint: + $(GOLINT) ./... + go vet ./... + +.PHONY: docker +docker: $(COPIED_REGO_LIB) $(COPIED_REGO_RULES) + rm -rf build + mkdir -p build + cp -R pkg build + cp -R cmd build + cp go.mod build + cp go.sum build + cp main.go build + cp Dockerfile build + cd build + docker build \ + --build-arg version=$(VERSION) \ + --build-arg gitcommit=$(GITCOMMIT) \ + --tag fugue/regula:$(VERSION) \ + --tag fugue/regula:latest \ + . diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..3eefcb9d --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.0.0 diff --git a/bin/regula b/bin/regula deleted file mode 100755 index ac670b9b..00000000 --- a/bin/regula +++ /dev/null @@ -1,171 +0,0 @@ -#!/usr/bin/env bash -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -o nounset -o errexit -o pipefail - -# Basic command line argument handling. -if [[ $# -lt 1 || "$1" == "-h" ]]; then - 1>&2 echo "Regula is a little wrapper to run Rego validations on terraform" - 1>&2 echo "files. It is meant to be used as a pre-flight check before" - 1>&2 echo "deployment." - 1>&2 echo "" - 1>&2 echo "Usage: $0 [-d REGO_PATH] [INPUT_PATH]" - 1>&2 echo "" - 1>&2 echo "For example $0 -d /opt/regula/rules -d /opt/regula/lib infra_tf/" - 1>&2 echo "" - 1>&2 echo "INPUT_PATH can be a terraform directory, a terraform plan in" - 1>&2 echo "JSON format or a cloudformation template." - exit 1 -fi - -INPUT_PATHS=() -D_REGO_PATHS=() -if [[ "$1" == "-d" ]]; then - # New way of parsing arguments: multiple -d rego paths followed by input - # files. - while [[ "$1" == "-d" ]]; do - D_REGO_PATHS+=("-d") - D_REGO_PATHS+=("$2") - shift 2 - done - INPUT_PATHS=("$@") -else - # Old way of parsing arguments: single input followed by multiple rego paths. - INPUT_PATHS+=("$1") - shift 1 - REGO_PATHS=("$@") - - # Prepend `-d` to every argument because `opa` expects to see many `-d` - for p in "${REGO_PATHS[@]}"; do - D_REGO_PATHS+=('-d') - D_REGO_PATHS+=("$p") - done -fi - -function detect_input_type { - if [[ -d "$1" ]]; then - echo "terraform_dir" - return - fi - - opa eval "${D_REGO_PATHS[@]}" -i "$1" --format pretty \ - 'data.fugue.input_type.input_type' | \ - tr -d '"' # Unquote the string, not great but avoids jq dependency. -} - -# Setting this variable will cause terraform to print a little less information -# on what to do next. -export TF_IN_AUTOMATION=true - -# Allow overriding terraform version. -TERRAFORM="${TERRAFORM:-terraform}" - -# Hide the output of a command only if it succeeds. -function silently { - local log - log="$(mktemp -t silently.XXXXXXX)" - local exit_code - exit_code="" - 1>&2 echo "${1+$@}" - ${1+"$@"} >"$log" 2>&1 || exit_code=$? - if [[ -n "$exit_code" ]]; then - 1>&2 echo "${1+$@} failed; output ($log):" - 1>&2 cat "$log" - exit $exit_code - fi - rm "$log" -} - -# Prepare a function that will clean up all termporary files, that we'll store -# in an array. -CLEANUP_PATHS=() -function cleanup { - rm -f "${CLEANUP_PATHS[@]}" -} -trap cleanup exit - -# Preprocessing happens per input file. -PROCESSED_INPUT_PATHS=() -for INPUT_PATH in "${INPUT_PATHS[@]}"; do - # Capture stdin. - if [[ "$INPUT_PATH" == "-" ]]; then - INPUT_PATH="$(mktemp -t input.XXXXXXX)" - CLEANUP_PATHS+=("$INPUT_PATH") - cat - >"$INPUT_PATH" - fi - - # Determine input type. - INPUT_TYPE="$(detect_input_type "$INPUT_PATH")" - - if [[ "$INPUT_TYPE" == "terraform_dir" ]]; then - # Temporary files. - TERRAFORM_PLAN="$(mktemp -t plan.XXXXXXX)" - CLEANUP_PATHS+=("$TERRAFORM_PLAN") - TERRAFORM_PLAN_JSON="$TERRAFORM_PLAN.json" - # Run terraform to obtain the plan. - (cd "$INPUT_PATH" && - silently "$TERRAFORM" init && - silently "$TERRAFORM" plan -refresh=false -out="$TERRAFORM_PLAN" && - "$TERRAFORM" show -json "$TERRAFORM_PLAN" >"$TERRAFORM_PLAN_JSON") - INPUT_PATH="$TERRAFORM_PLAN_JSON" - elif [[ "$INPUT_TYPE" == "cloudformation" ]]; then - CFN_JSON="$(mktemp -t cfn.XXXXXXX)" - CLEANUP_PATHS+=("$CFN_JSON") - cfn-flip -j "$INPUT_PATH" >"$CFN_JSON" - INPUT_PATH="$CFN_JSON" - fi - PROCESSED_INPUT_PATHS+=("$INPUT_PATH") -done - -# We want Rego to have access to the filenames of whatever we are checking. -# So we merge them into a single JSON file. This is an array with the shape: -# -# [ -# { -# "filepath": "1.json", -# "content": {...} -# }, -# { -# "filepath": "2.json", -# "content": {...} -# } -# ] -# -# This works because we know that all the processed input paths are valid JSON. -INPUT_PATH="$(mktemp -t merged.XXXXXXX)" -CLEANUP_PATHS+=("$INPUT_PATH") -echo "[" >"$INPUT_PATH" -for i in "${!PROCESSED_INPUT_PATHS[@]}"; do - filepath="${INPUT_PATHS[$i]}" - echo "{\"filepath\":\"$filepath\",\"content\":" >>"$INPUT_PATH" - cat "${PROCESSED_INPUT_PATHS[$i]}" >>"$INPUT_PATH" - if [[ $(($i + 1)) == "${#PROCESSED_INPUT_PATHS[@]}" ]]; then - echo "}]" >>"$INPUT_PATH" - else - echo "}," >>"$INPUT_PATH" - fi -done - -# Finally, run OPA on the result to get out our report. -OUTPUT_PATH="$(mktemp -t output.XXXXXXX)" -CLEANUP_PATHS+=("$OUTPUT_PATH") -opa eval --format=pretty --input "$INPUT_PATH" \ - "${D_REGO_PATHS[@]}" \ - 'data.fugue.regula.report' >"$OUTPUT_PATH" -cat "$OUTPUT_PATH" -NUM_FAILED="$(opa eval --format=pretty --input "$OUTPUT_PATH" \ - "input.summary.rule_results.FAIL")" -if [[ "$NUM_FAILED" != "0" ]]; then - exit 1 -fi diff --git a/cmd/repl.go b/cmd/repl.go new file mode 100644 index 00000000..f7a2f5d2 --- /dev/null +++ b/cmd/repl.go @@ -0,0 +1,58 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "context" + _ "embed" + "fmt" + "os" + + "github.com/fugue/regula/pkg/rego" + + "github.com/spf13/cobra" +) + +func NewREPLCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "repl [rego paths]", + Short: "Start an interactive session for testing rules with Regula", + Run: func(cmd *cobra.Command, includes []string) { + userOnly, err := cmd.Flags().GetBool("user-only") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + ctx := context.TODO() + err = rego.RunREPL(®o.RunREPLOptions{ + Ctx: ctx, + UserOnly: userOnly, + Includes: includes, + }) + + if err != nil { + fmt.Println(err) + os.Exit(1) + } + }, + } + + cmd.Flags().BoolP("user-only", "u", false, "Disable built-in rules") + return cmd +} + +func init() { + rootCmd.AddCommand(NewREPLCommand()) +} diff --git a/cmd/root.go b/cmd/root.go new file mode 100644 index 00000000..9ef7e628 --- /dev/null +++ b/cmd/root.go @@ -0,0 +1,36 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "os" + + "github.com/fugue/regula/pkg/version" + "github.com/spf13/cobra" +) + +var rootCmd = &cobra.Command{ + Use: "regula", + Short: "Regula", + Version: fmt.Sprintf("v%s, build %s, built with OPA v%s", version.Version, version.GitCommit, version.OPAVersion), +} + +func Execute() { + if err := rootCmd.Execute(); err != nil { + fmt.Println(err) + os.Exit(1) + } +} diff --git a/cmd/run.go b/cmd/run.go new file mode 100644 index 00000000..e8709b51 --- /dev/null +++ b/cmd/run.go @@ -0,0 +1,136 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "context" + _ "embed" + "fmt" + "os" + + "github.com/fugue/regula/pkg/loader" + "github.com/fugue/regula/pkg/rego" + "github.com/fugue/regula/pkg/reporter" + "github.com/spf13/cobra" + "github.com/thediveo/enumflag" +) + +//go:embed run.txt +var longDescription string + +func NewRunCommand() *cobra.Command { + var inputType loader.InputType + var format reporter.Format + severity := reporter.Unknown + cmd := &cobra.Command{ + Use: "run [input...]", + Short: "Evaluate rules against infrastructure-as-code with Regula.", + Long: longDescription, + Run: func(cmd *cobra.Command, paths []string) { + includes, err := cmd.Flags().GetStringSlice("include") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + userOnly, err := cmd.Flags().GetBool("user-only") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + noIgnore, err := cmd.Flags().GetBool("no-ignore") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + ctx := context.TODO() + if err != nil { + fmt.Println(err) + os.Exit(1) + } + if len(paths) < 1 { + stat, _ := os.Stdin.Stat() + if (stat.Mode() & os.ModeCharDevice) == 0 { + paths = []string{"-"} + } else { + // Not using os.Getwd here so that we get relative paths. + // A single dot should mean the same on windows. + paths = []string{"."} + } + } + + loadedFiles, err := loader.LoadPaths(loader.LoadPathsOptions{ + Paths: paths, + InputType: inputType, + NoIgnore: noIgnore, + }) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + result, err := rego.RunRules(®o.RunRulesOptions{ + Ctx: ctx, + UserOnly: userOnly, + Includes: includes, + Input: loadedFiles.RegulaInput(), + }) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + reporterFunc, err := reporter.GetReporter(format) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + output, err := reporter.ParseRegulaOutput(loadedFiles, *result) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + report, err := reporterFunc(output) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + if report != "" { + fmt.Println(report) + } + if output.ExceedsSeverity(severity) { + os.Exit(1) + } + }, + } + + cmd.Flags().StringSliceP("include", "i", nil, "Specify additional rego files or directories to include") + cmd.Flags().BoolP("user-only", "u", false, "Disable built-in rules") + cmd.Flags().BoolP("no-ignore", "n", false, "Disable use of .gitignore") + cmd.Flags().VarP( + enumflag.New(&inputType, "input-type", loader.InputTypeIDs, enumflag.EnumCaseInsensitive), + "input-type", "t", + "Set the input type for the given paths") + cmd.Flags().VarP( + enumflag.New(&severity, "severity", reporter.SeverityIds, enumflag.EnumCaseInsensitive), + "severity", "s", + "Set the minimum severity that will result in a non-zero exit code.") + cmd.Flags().VarP( + enumflag.New(&format, "format", reporter.FormatIds, enumflag.EnumCaseInsensitive), + "format", "f", + "Set the output format") + return cmd +} + +func init() { + rootCmd.AddCommand(NewRunCommand()) +} diff --git a/cmd/run.txt b/cmd/run.txt new file mode 100644 index 00000000..ea2103af --- /dev/null +++ b/cmd/run.txt @@ -0,0 +1,32 @@ +Evaluate rules against infrastructure-as-code contained in one or more paths. When run +without any paths, Regula will recursively search for IaC configurations within the +working directory. When a directory is given Regula will recursively search for IaC +configurations within that directory. When a file is given, Regula will assume that the +file contains an IaC configuration. If an input type is set, Regula will only search +for configurations of that type in the specified directories and it will assume that +specified files are of that input type. + +By default, Regula will exclude paths based on the patterns in the .gitignore file for +a specified directory. This behavior can be disabled with the --no-ignore option. + +Input types: + auto Automatically determine input types (default) + tf-plan Terraform plan JSON + cfn CloudFormation template in YAML or JSON format + tf Terraform directory or file + +Output formats: + json A JSON report containing rule results and a summary (default) + table An ASCII table of rule results + junit The JUnit XML format + tap The Test Anything Protocol format + none Do not print any output on stdout + +Severities: + unknown Lowest setting. Used for rules without a severity specified (default) + informational + low + medium + high + critical + off Never exit with a non-zero exit code. diff --git a/cmd/show.go b/cmd/show.go new file mode 100644 index 00000000..cce90d19 --- /dev/null +++ b/cmd/show.go @@ -0,0 +1,77 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "encoding/json" + "fmt" + "os" + + "github.com/fugue/regula/pkg/loader" + "github.com/spf13/cobra" + "github.com/thediveo/enumflag" +) + +func NewShowCommand() *cobra.Command { + var inputType loader.InputType + + cmd := &cobra.Command{ + Use: "show [item]", + Short: "Show debug information.", + Long: `Show debug information. Currently the available items are: + input [file..] Show the JSON input being passed to regula`, + Run: func(cmd *cobra.Command, args []string) { + if len(args) < 1 { + fmt.Fprintf(os.Stderr, "Expected an item to show\n") + os.Exit(1) + } + + switch args[0] { + case "input": + paths := args[1:] + loadedFiles, err := loader.LoadPaths(loader.LoadPathsOptions{ + Paths: paths, + InputType: inputType, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "%s\n", err) + os.Exit(1) + } + + bytes, err := json.MarshalIndent(loadedFiles.RegulaInput(), "", " ") + if err != nil { + fmt.Fprintf(os.Stderr, "%s\n", err) + os.Exit(1) + } + fmt.Println(string(bytes)) + + default: + fmt.Fprintf(os.Stderr, "Unknown item: %s\n", args[0]) + os.Exit(1) + } + }, + } + + cmd.Flags().VarP( + enumflag.New(&inputType, "input-type", loader.InputTypeIDs, enumflag.EnumCaseInsensitive), + "input-type", "t", + "Set the input type for the given paths") + + return cmd +} + +func init() { + rootCmd.AddCommand(NewShowCommand()) +} diff --git a/cmd/test.go b/cmd/test.go new file mode 100644 index 00000000..6d7317e8 --- /dev/null +++ b/cmd/test.go @@ -0,0 +1,56 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "context" + _ "embed" + "fmt" + "os" + + "github.com/fugue/regula/pkg/rego" + + "github.com/spf13/cobra" +) + +func NewTestCommand() *cobra.Command { + cmd := &cobra.Command{ + Use: "test [rego paths]", + Short: "Run OPA test with Regula.", + Run: func(cmd *cobra.Command, includes []string) { + trace, err := cmd.Flags().GetBool("trace") + if err != nil { + fmt.Println(err) + os.Exit(1) + } + ctx := context.TODO() + err = rego.RunTest(®o.RunTestOptions{ + Ctx: ctx, + Includes: includes, + Trace: trace, + }) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + }, + } + cmd.Flags().BoolP("trace", "t", false, "Enable trace output") + return cmd +} + +func init() { + rootCmd.AddCommand(NewTestCommand()) +} diff --git a/go.mod b/go.mod new file mode 100644 index 00000000..6e9e6ae1 --- /dev/null +++ b/go.mod @@ -0,0 +1,30 @@ +module github.com/fugue/regula + +go 1.16 + +require ( + github.com/alexeyco/simpletable v1.0.0 + github.com/fatih/color v1.9.0 + github.com/go-git/go-billy/v5 v5.3.1 // indirect + github.com/go-git/go-git/v5 v5.3.0 + github.com/golang/mock v1.5.0 + github.com/hashicorp/hcl/v2 v2.10.0 + github.com/hashicorp/terraform v0.15.1 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0 + github.com/hashicorp/terraform-provider-google v1.20.0 // indirect + github.com/open-policy-agent/opa v0.28.0 + github.com/spf13/cobra v1.1.3 + github.com/stretchr/testify v1.6.1 + github.com/terraform-providers/terraform-provider-aws v1.60.0 + github.com/terraform-providers/terraform-provider-google v1.20.0 + github.com/thediveo/enumflag v0.10.1 + github.com/zclconf/go-cty v1.8.2 + gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c + tf_resource_schemas v0.0.0-00010101000000-000000000000 +) + +replace ( + github.com/terraform-providers/terraform-provider-aws => ./providers/terraform-provider-aws + github.com/terraform-providers/terraform-provider-google => ./providers/terraform-provider-google + tf_resource_schemas => ./pkg/tf_resource_schemas/ +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..d8c521d4 --- /dev/null +++ b/go.sum @@ -0,0 +1,1396 @@ +bitbucket.org/creachadair/stringset v0.0.8 h1:gQqe4vs8XWgMyijfyKE6K8o4TcyGGrRXe0JvHgx5H+M= +bitbucket.org/creachadair/stringset v0.0.8/go.mod h1:AgthVMyMxC/6FK1KBJ2ALdqkZObGN8hOetgpwXyMn34= +cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.60.0/go.mod h1:yw2G51M9IfRboUH61Us8GqCeF1PzPblB823Mn2q2eAU= +cloud.google.com/go v0.61.0/go.mod h1:XukKJg4Y7QsUu0Hxg3qQKUWR4VuWivmyMK2+rUyxAqw= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.78.0 h1:oKpsiyKMfVpwR3zSAkQixGzlVE5ovitBuO0qSmCf0bI= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/bigtable v1.5.0 h1:ylPDE1w1+koWpPOzf8HkX2PqKaIvN8hPc9t+F0GT3do= +cloud.google.com/go/bigtable v1.5.0/go.mod h1:713PsD2nkJwTioSe6vF/sFCAcjhINJ62cEtKCr8u+F8= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v51.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v52.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= +github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= +github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/Azure/go-ntlmssp v0.0.0-20180810175552-4a21cbd618b4/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4= +github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4= +github.com/GoogleCloudPlatform/declarative-resource-client-library v0.0.0-20210405181318-9364c5bf716b h1:c12WCdB689IkCc0BpR4g97jN6A7FrSAdEOxqdVTy+FI= +github.com/GoogleCloudPlatform/declarative-resource-client-library v0.0.0-20210405181318-9364c5bf716b/go.mod h1:oEeBHikdF/NrnUy0ornVaY1OT+jGvTqm+LQS0+ZDKzU= +github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= +github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk= +github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= +github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= +github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/QcloudApi/qcloud_sign_golang v0.0.0-20141224014652-e4130a326409/go.mod h1:1pk82RBxDY/JZnPQrtqHlUFfCctgdorsd9M06fMynOM= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= +github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw= +github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= +github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= +github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 h1:w1UutsfOrms1J05zt7ISrnJIXKzwaspym5BTKGx93EI= +github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0= +github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= +github.com/alexeyco/simpletable v1.0.0 h1:ZQ+LvJ4bmoeHb+dclF64d0LX+7QAi7awsfCrptZrpHk= +github.com/alexeyco/simpletable v1.0.0/go.mod h1:VJWVTtGUnW7EKbMRH8cE13SigKGx/1fO2SeeOiGeBkk= +github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190329064014-6e358769c32a/go.mod h1:T9M45xf79ahXVelWoOBmH0y4aC1t5kXO5BxwyakgIGA= +github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190103054945-8205d1f41e70/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= +github.com/aliyun/aliyun-tablestore-go-sdk v4.1.2+incompatible/go.mod h1:LDQHRZylxvcg8H7wBIDfvO5g/cy4/sz1iucBlc2l3Jw= +github.com/andybalholm/crlf v0.0.0-20171020200849-670099aa064f/go.mod h1:k8feO4+kXDxro6ErPXBRTJ/ro2mf0SsFG8s7doP9kJE= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/antchfx/xpath v0.0.0-20190129040759-c8489ed3251e/go.mod h1:Yee4kTMuNiPYJ7nSNorELQMr1J33uOpXDMByNYhvtNk= +github.com/antchfx/xquery v0.0.0-20180515051857-ad5b8c7a47b0/go.mod h1:LzD22aAzDP8/dyiCKFp31He4m2GPjl0AFyzDtZzUu9M= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= +github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= +github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= +github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= +github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= +github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= +github.com/apparentlymart/go-shquot v0.0.1/go.mod h1:lw58XsE5IgUXZ9h0cxnypdx31p9mPFIVEQ9P3c7MlrU= +github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0= +github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= +github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= +github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/apparentlymart/go-userdirs v0.0.0-20200915174352-b0c018a67c13/go.mod h1:7kfpUbyCdGJ9fDRCp3fopPQi5+cKNHgTE4ZuNrO71Cw= +github.com/apparentlymart/go-versions v1.0.1 h1:ECIpSn0adcYNsBfSRwdDdz9fWlL+S/6EUd9+irwkBgU= +github.com/apparentlymart/go-versions v1.0.1/go.mod h1:YF5j7IQtrOAOnsGkniupEA5bfCjzd7i14yu0shZavyM= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= +github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.31.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.38.19 h1:eg7LfiWRNYjbeS+w2+lHwZOKIgnh0NdYr6LkakZ112Y= +github.com/aws/aws-sdk-go v1.38.19/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= +github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= +github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs= +github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= +github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/bmatcuk/doublestar v1.1.5 h1:2bNwBOmhyFEFcoB3tGvTD5xanq+4kyOZlB8wFYbMjkk= +github.com/bmatcuk/doublestar v1.1.5/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/bytecodealliance/wasmtime-go v0.26.0 h1:wHOt9u+irLBCUjotanqDwVbnNmTJ1gWQxY2+q+XeMp4= +github.com/bytecodealliance/wasmtime-go v0.26.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= +github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/coreos/bbolt v1.3.0/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creachadair/staticfile v0.1.2/go.mod h1:a3qySzCIXEprDGxk6tSxSI+dBBdLzqeBOMhZ+o2d3pM= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= +github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dylanmei/iso8601 v0.1.0/go.mod h1:w9KhXSgIyROl1DefbMYIE7UVSIvELTbMrCfx+QkYnoQ= +github.com/dylanmei/winrmtest v0.0.0-20190225150635-99b7fe2fddf1/go.mod h1:lcy9/2gH1jn/VCLouHA6tOEwLoNVd4GW6zhuKLmHC2Y= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= +github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= +github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/gammazero/deque v0.0.0-20180920172122-f6adf94963e4 h1:R+19WKQClnfMXS60cP5BmMe1wjZ4u0evY2p2Ar0ZTXo= +github.com/gammazero/deque v0.0.0-20180920172122-f6adf94963e4/go.mod h1:GeIq9qoE43YdGnDXURnmKTnGg15pQz4mYkXSTChbneI= +github.com/gammazero/workerpool v0.0.0-20181230203049-86a96b5d5d92 h1:EipXK6U05IQ2wtuFRn4k3h0+2lXypzItoXGVyf4r9Io= +github.com/gammazero/workerpool v0.0.0-20181230203049-86a96b5d5d92/go.mod h1:w9RqFVO2BM3xwWEcAB8Fwp0OviTBBEiRmSBDfbXnd3w= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= +github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= +github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= +github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.1.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= +github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= +github.com/go-git/go-git-fixtures/v4 v4.0.2-0.20200613231340-f56387b50c12/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= +github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM= +github.com/go-git/go-git/v5 v5.3.0 h1:8WKMtJR2j8RntEXR/uvTKagfEt4GYlwQ7mntE4+0GWc= +github.com/go-git/go-git/v5 v5.3.0/go.mod h1:xdX4bWJ48aOrdhnl2XqHYstHbbp6+LFS4r4X+lNVprw= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= +github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= +github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= +github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= +github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= +github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= +github.com/go-toolsmith/astfmt v0.0.0-20180903215011-8f8ee99c3086/go.mod h1:mP93XdblcopXwlyN4X4uodxXQhldPGZbcEJIimQHrkg= +github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw= +github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU= +github.com/go-toolsmith/astp v0.0.0-20180903215135-0af7e3c24f30/go.mod h1:SV2ur98SGypH1UjcPpCatrV5hPazG6+IfNHbkDXBRrk= +github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI= +github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoMrjiy4zvdS+Bg6z9jZH82QXwkcgCBX6nOfnmdaHks= +github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc= +github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8= +github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0 h1:LUVKkCeviFUMKqHa4tXIIij/lbhnMbP7Fn5wKdKkRh4= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= +github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= +github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= +github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8= +github.com/golangci/go-tools v0.0.0-20190318055746-e32c54105b7c/go.mod h1:unzUULGw35sjyOYjUt0jMTXqHlZPpPc6e+xfO4cd6mM= +github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o= +github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU= +github.com/golangci/gofmt v0.0.0-20181222123516-0b8337e80d98/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= +github.com/golangci/golangci-lint v1.18.0/go.mod h1:kaqo8l0OZKYPtjNmG4z4HrWLgcYNIJ9B9q3LWri9uLg= +github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547/go.mod h1:0qUabqiIQgfmlAmulqxyiGkkyF6/tOGSnY2cnPVwrzU= +github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU= +github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= +github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o= +github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA= +github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI= +github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= +github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0 h1:wCKgOCHuUEVfsaQLpPSJb7VdYCdTVZQAuOdYm1yc/60= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= +github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/gophercloud/gophercloud v0.6.1-0.20191122030953-d8ac278c1c9d/go.mod h1:ozGNgr9KYOVATV5jsgHl/ceCDXGuguqOZAzoQ/2vcNM= +github.com/gophercloud/gophercloud v0.10.1-0.20200424014253-c3bfe50899e5/go.mod h1:gmC5oQqMDOMO1t1gq5DquX/yAU808e/4mzjjDA76+Ss= +github.com/gophercloud/utils v0.0.0-20200423144003-7c72efc7435d/go.mod h1:ehWUbLQJPqS0Ep+CxeD559hsm9pthPXadJNKwZkp43w= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/aws-sdk-go-base v0.6.0/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= +github.com/hashicorp/aws-sdk-go-base v0.7.1 h1:7s/aR3hFn74tYPVihzDyZe7y/+BorN70rr9ZvpV3j3o= +github.com/hashicorp/aws-sdk-go-base v0.7.1/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= +github.com/hashicorp/consul v0.0.0-20171026175957-610f3c86a089/go.mod h1:mFrjN1mfidgJfYP1xrJCF+AfRhr6Eaqhb2+sfyn/OOI= +github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= +github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg= +github.com/hashicorp/go-azure-helpers v0.14.0/go.mod h1:kR7+sTDEb9TOp/O80ss1UEJg1t4/BHLD/U8wHLS4BGQ= +github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= +github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= +github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= +github.com/hashicorp/go-getter v1.5.0/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM= +github.com/hashicorp/go-getter v1.5.1 h1:lM9sM02nvEApQGFgkXxWbhfqtyN+AyhQmi+MaMdBDOI= +github.com/hashicorp/go-getter v1.5.1/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM= +github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.15.0 h1:qMuK0wxsoW4D0ddCCYwPSTm4KQv1X1ke3WmPWZ0Mvsk= +github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-immutable-radix v0.0.0-20180129170900-7f3cd4390caa/go.mod h1:6ij3Z20p+OhOkCSrA0gImAWoHYQRGbnlcuk6XYTiaRw= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-msgpack v0.5.4/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.3.0/go.mod h1:F9eH4LrE/ZsRdbwhfjs9k9HoDUwAHnYtXdgmf1AVNs0= +github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= +github.com/hashicorp/go-plugin v1.4.1 h1:6UltRQlLN9iZO513VveELp5xyaFxVD2+1OVylE+2E+w= +github.com/hashicorp/go-plugin v1.4.1/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= +github.com/hashicorp/go-retryablehttp v0.5.2 h1:AoISa4P4IsW0/m4T6St8Yw38gTl5GtBAgfkhYh1xAz4= +github.com/hashicorp/go-retryablehttp v0.5.2/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= +github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= +github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= +github.com/hashicorp/go-slug v0.4.1/go.mod h1:I5tq5Lv0E2xcNXNkmx7BSfzi1PsJ2cNjs3cC3LwyhK8= +github.com/hashicorp/go-sockaddr v0.0.0-20180320115054-6d291a969b86/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-tfe v0.8.1/go.mod h1:XAV72S4O1iP8BDaqiaPLmL2B4EE6almocnOn8E8stHc= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.3.0 h1:McDWVJIU/y+u1BRV06dPaLfLCaT7fUTJLp5r04x7iNw= +github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= +github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8= +github.com/hashicorp/hcl/v2 v2.6.0/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY= +github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= +github.com/hashicorp/hcl/v2 v2.10.0 h1:1S1UnuhDGlv3gRFV4+0EdwB+znNP5HmcGbIqwnSCByg= +github.com/hashicorp/hcl/v2 v2.10.0/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= +github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.0/go.mod h1:ncdBp14cuox2iFOq3kDiquKU6fqsTBc3W6JvZwjxxsE= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.0.0-20160124182025-e4ec8cc423bb/go.mod h1:h/Ru6tmZazX7WO/GDmwdpS975F019L4t5ng5IgwbNrE= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/hashicorp/terraform v0.15.1 h1:dfu1/x3kf8zOTi/zDX5HiOaCukj0n4XB8D7lSo2F8cU= +github.com/hashicorp/terraform v0.15.1/go.mod h1:i8pxtLjDNjiMELBM49hWs4ClAV00Fxtn2dfglLO+wDo= +github.com/hashicorp/terraform-config-inspect v0.0.0-20210209133302-4fd17a0faac2/go.mod h1:Z0Nnk4+3Cy89smEbrq+sl1bxc9198gIP4I7wcQF6Kqs= +github.com/hashicorp/terraform-exec v0.12.0/go.mod h1:SGhto91bVRlgXQWcJ5znSz+29UZIa8kpBbkGwQ+g9E8= +github.com/hashicorp/terraform-exec v0.13.0 h1:1Pth+pdWJAufJuWWjaVOVNEkoRTOjGn3hQpAqj4aPdg= +github.com/hashicorp/terraform-exec v0.13.0/go.mod h1:SGhto91bVRlgXQWcJ5znSz+29UZIa8kpBbkGwQ+g9E8= +github.com/hashicorp/terraform-json v0.8.0 h1:XObQ3PgqU52YLQKEaJ08QtUshAfN3yu4u8ebSW0vztc= +github.com/hashicorp/terraform-json v0.8.0/go.mod h1:3defM4kkMfttwiE7VakJDwCd4R+umhSQnvJwORXbprE= +github.com/hashicorp/terraform-plugin-go v0.1.0/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4= +github.com/hashicorp/terraform-plugin-go v0.2.1 h1:EW/R8bB2Zbkjmugzsy1d27yS8/0454b3MtYHkzOknqA= +github.com/hashicorp/terraform-plugin-go v0.2.1/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.4.0/go.mod h1:JBItawj+j8Ssla5Ib6BC/W9VQkOucBfnX7VRtyx1vw8= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0 h1:4EHNOAjwiYCeBxY16rt2KwyRNNVsCaVO3kWBbiXfYM0= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0/go.mod h1:z+cMZ0iswzZOahBJ3XmNWgWkVnAd2bl8g+FhyyuPDH4= +github.com/hashicorp/terraform-provider-google v1.20.0 h1:dVzBoqMHZA4PDAJaH3ztIey2cxFx6e+kRDAr3bMSrmI= +github.com/hashicorp/terraform-provider-google v1.20.0/go.mod h1:19QAcvJTh1z3BfW6cxR5MQd89aIurcIIur99oJGbv/E= +github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0= +github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= +github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= +github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jen20/awspolicyequivalence v1.1.0 h1:cn37D6o0lXLwqx2neCokGfaB3LLNSo5CrLMLGjY609g= +github.com/jen20/awspolicyequivalence v1.1.0/go.mod h1:PV1fS2xyHhCLp83vbgSMFr2drM4GzG61wkz+k4pOG3E= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= +github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/joyent/triton-go v0.0.0-20180313100802-d8f9c0314926/go.mod h1:U+RSyWxWd04xTqnuOQxnai7XGS2PrPY2cfGoDKtMHjA= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= +github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= +github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba h1:NARVGAAgEXvoMeNPHhPFt1SBt1VMznA3Gnz9d0qj+co= +github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= +github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= +github.com/likexian/gokit v0.0.0-20190309162924-0a377eecf7aa/go.mod h1:QdfYv6y6qPA9pbBA2qXtoT8BMKha6UyNbxWGWl/9Jfk= +github.com/likexian/gokit v0.0.0-20190418170008-ace88ad0983b/go.mod h1:KKqSnk/VVSW8kEyO2vVCXoanzEutKdlBAPohmGXkxCk= +github.com/likexian/gokit v0.0.0-20190501133040-e77ea8b19cdc/go.mod h1:3kvONayqCaj+UgrRZGpgfXzHdMYCAO0KAt4/8n0L57Y= +github.com/likexian/gokit v0.20.15/go.mod h1:kn+nTv3tqh6yhor9BC4Lfiu58SmH8NmQ2PmEl+uM6nU= +github.com/likexian/simplejson-go v0.0.0-20190409170913-40473a74d76d/go.mod h1:Typ1BfnATYtZ/+/shXfFYLrovhFyuKvzwrdOnIDHlmg= +github.com/likexian/simplejson-go v0.0.0-20190419151922-c1f9f0b4f084/go.mod h1:U4O1vIJvIKwbMZKUJ62lppfdvkCdVd2nfMimHK81eec= +github.com/likexian/simplejson-go v0.0.0-20190502021454-d8787b4bfa0b/go.mod h1:3BWwtmKP9cXWwYCr5bkoVDEfLywacOv0s06OBEDpyt8= +github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= +github.com/lusis/go-artifactory v0.0.0-20160115162124-7e4ce345df82/go.mod h1:y54tfGmO3NKssKveTEFFzH8C/akrSOy/iW9qEAUDV84= +github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= +github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/masterzen/simplexml v0.0.0-20160608183007-4572e39b1ab9/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc= +github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc= +github.com/masterzen/winrm v0.0.0-20200615185753-c42b5136ff88/go.mod h1:a2HXwefeat3evJHxFXSayvRHpYEPJYtErl4uIzfaUqY= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw= +github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-runewidth v0.0.12 h1:Y41i/hVW3Pgwr8gV+J23B9YEY0zxjptBuCWEaxmAOow= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-shellwords v1.0.4/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= +github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/mitchellh/cli v1.1.1/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.1.1 h1:Bp6x9R1Wn16SIz3OfeDr0b7RnCG2OB66Y7PQyC/cvq4= +github.com/mitchellh/copystructure v1.1.1/go.mod h1:EBArHfARyrSWO/+Wyr9zwEkc6XMFB9XyNgFNmRkZZU4= +github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-linereader v0.0.0-20190213213312-1b945b3263eb/go.mod h1:OaY7UOoTkkrX3wRwjpYRKafIkkyeD0UtweSHAWWiqQM= +github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.0.4/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= +github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= +github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4= +github.com/mitchellh/hashstructure v1.1.0 h1:P6P1hdjqAAknpY/M1CGipelZgp+4y9ja9kmUZPXP+H0= +github.com/mitchellh/hashstructure v1.1.0/go.mod h1:xUDAozZz0Wmdiufv0uyhnHkUTN6/6d8ulp4AwfLKrmA= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.0.0/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/panicwrap v1.0.0 h1:67zIyVakCIvcs69A0FGfZjBdPleaonSgGlXRSRlb6fE= +github.com/mitchellh/panicwrap v1.0.0/go.mod h1:pKvZHwWrZowLUzftuFq7coarnxbBXU4aQh3N0BJOeeA= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= +github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= +github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= +github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= +github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758= +github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs= +github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U= +github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= +github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/olekukonko/tablewriter v0.0.1 h1:b3iUnf1v+ppJiOfNX4yxxqfWKMQPZR5yoh8urCTFX88= +github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= +github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg= +github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= +github.com/open-policy-agent/opa v0.28.0 h1:y4e4oNVqCKXyz2nIhVNLVwZUa4+T/N8Spch73E8Deo0= +github.com/open-policy-agent/opa v0.28.0/go.mod h1:jYuhmtyoJI9HSLgVWEqUwfKecsLi/8wk0Uv76misZDU= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/packer-community/winrmcp v0.0.0-20180921211025-c76d91c1e7db/go.mod h1:f6Izs6JvFTdnRbziASagjZ2vmf55NSIkC/weStxCHqk= +github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d h1:zapSxdmZYY6vJWXFKLQ+MkI+agc+HQyfrCGowDSHiKs= +github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= +github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/browser v0.0.0-20201207095918-0426ae3fba23/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= +github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= +github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= +github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rivo/uniseg v0.1.0 h1:+2KBaVoUmb9XzDsrx/Ct0W/EYOSFf/nWTauy++DprtY= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= +github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= +github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= +github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v0.0.0-20180222194500-ef6db91d284a/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= +github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M= +github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= +github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/svanharmelen/jsonapi v0.0.0-20180618144545-0c0828c3f16d/go.mod h1:BSTlc8jOjh0niykqEGVXOLXdi9o0r0kR8tCYiMvjFgw= +github.com/tencentcloud/tencentcloud-sdk-go v3.0.82+incompatible/go.mod h1:0PfYow01SHPMhKY31xa+EFz2RStxIqj6JFAJS+IkCi4= +github.com/tencentyun/cos-go-sdk-v5 v0.0.0-20190808065407-f07404cefc8c/go.mod h1:wk2XFUg6egk4tSDNZtXeKfe2G6690UVyt163PuUxBZk= +github.com/thediveo/enumflag v0.10.1 h1:DB3Ag69VZ7BCv6jzKECrZ0ebZrHLzFRMIFYt96s4OxM= +github.com/thediveo/enumflag v0.10.1/go.mod h1:KyVhQUPzreSw85oJi2uSjFM0ODLKXBH0rPod7zc2pmI= +github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20171017195756-830351dc03c6/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tombuildsstuff/giovanni v0.15.1/go.mod h1:0TZugJPEtqzPlMpuJHYfXY6Dq2uLPrXf98D2XQSxNbA= +github.com/ugorji/go v0.0.0-20180813092308-00b869d2f4a5/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ= +github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= +github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= +github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= +github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= +github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= +github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= +github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= +github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= +github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xlab/treeprint v0.0.0-20161029104018-1d6e34225557/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b h1:vVRagRXf67ESqAb72hG2C/ZwI8NtJF2u2V76EsuOHGY= +github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mod h1:HptNXiXVDcJjXe9SqMd0v2FsL9f8dz4GnXgltU6q/co= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= +github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= +github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty v1.5.1/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ= +github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.8.2 h1:u+xZfBKgpycDnTNjPhGiTEYZS5qS/Sb5MqSfm7vzcjg= +github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= +github.com/zclconf/go-cty-yaml v1.0.2 h1:dNyg4QLTrv2IfJpm7Wtxi55ed5gLGOlPrZ6kMd51hY0= +github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190222235706-ffb98f73852f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2 h1:It14KIkyBFYkHkwZ7k45minvA9aorojkyjGk9KJ5B/w= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1 h1:Kvvh58BN8Y9/lBi7hTekvtMpm07eUZ0ck5pRHpsMWrY= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210326060303-6b1517762897 h1:KrsHThm5nFk34YtATK1LsThyGhGbGe1olrte/HInHvs= +golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= +golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93 h1:alLDrZkL34Y2bnGHfvC1CYBRBXCXgx8AC2vY4MRtYX4= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492 h1:Paq34FxTluEPvVyayQqMPgHm+vTOrIifmcYxFBx9TLg= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190121143147-24cd39ecf745/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200626171337-aa94e735be7f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200713011307-fd294ab11aed/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200721032237-77f530d86f9a/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.34.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0 h1:12aHIhhQCpWtd3Rcp2WwbboB5W72tJHcjzyA9MCoHAw= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= +google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200721032028-5044d0edf986/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb h1:hcskBH5qZCOa7WpTUFUFvoebnSFZBYpjykLtjIp9DVk= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= +google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0 h1:o1bcQ6imQMIOpdrO3SWf2z5RV72WbDwdXuK0MDlc8As= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A= +k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA= +k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655/go.mod h1:nL6pwRT8NgfF8TT68DBI8uEePRt89cSvoXUVqbkWHq4= +k8s.io/client-go v10.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= +k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= +k8s.io/utils v0.0.0-20200411171748-3d5a2fe318e4/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= +mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= +mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= +rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= +sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/main.go b/main.go new file mode 100644 index 00000000..a506f01d --- /dev/null +++ b/main.go @@ -0,0 +1,11 @@ +package main + +import ( + "github.com/fugue/regula/cmd" +) + +//go:generate go run pkg/tf_resource_schemas/generate/main.go + +func main() { + cmd.Execute() +} diff --git a/pkg/git/input_tree.go b/pkg/git/input_tree.go new file mode 100644 index 00000000..56d6deb1 --- /dev/null +++ b/pkg/git/input_tree.go @@ -0,0 +1,108 @@ +package git + +import ( + "os" + "path/filepath" + "strings" +) + +type Relation int + +const ( + None Relation = iota + TreeNodeIsChild + TreeNodeIsParent +) + +type InputTreeNode struct { + Children map[string]*InputTreeNode +} + +func NewInputTreeNode(splitPath []string) *InputTreeNode { + t := &InputTreeNode{ + Children: map[string]*InputTreeNode{}, + } + if len(splitPath) > 0 { + t.Children[splitPath[0]] = NewInputTreeNode(splitPath[1:]) + } + return t +} + +func (t *InputTreeNode) Relation(splitPath []string) Relation { + if pathLen := len(splitPath); pathLen < 1 { + // In this case the splitPath is a parent of the tree node + return TreeNodeIsChild + } else { + if len(t.Children) == 0 { + // In this case the tree node is a parent of the split path + return TreeNodeIsParent + } + if child, ok := t.Children[splitPath[0]]; ok { + return child.Relation(splitPath[1:]) + } + + return None + } +} + +func (t *InputTreeNode) AddChild(splitPath []string) { + if len(splitPath) < 1 { + return + } + if child, ok := t.Children[splitPath[0]]; ok { + child.AddChild(splitPath[1:]) + return + } + t.Children[splitPath[0]] = NewInputTreeNode(splitPath[1:]) +} + +func NewInputTree(paths []string) *InputTreeNode { + rootNode := NewInputTreeNode(nil) + for _, path := range paths { + absPath, err := filepath.Abs(path) + if err != nil { + // This case can happen for the stdin path "-" + absPath = path + } + splitPath := strings.Split(absPath, string(os.PathSeparator)) + rootNode.AddChild(splitPath) + } + + return rootNode +} + +type SearchPath struct { + prefix string + path []string + splitPrefix []string +} + +func NewSearchPath(prefix string, path []string) SearchPath { + splitPrefix := strings.Split(prefix, string(os.PathSeparator)) + return SearchPath{ + prefix: prefix, + path: path, + splitPrefix: splitPrefix, + } +} + +func (s SearchPath) Abs() string { + fullPath := append([]string{s.prefix}, s.path...) + return filepath.Join(fullPath...) +} + +func (s SearchPath) WithAddedPath(path string) SearchPath { + return SearchPath{ + prefix: s.prefix, + path: append(s.path, path), + splitPrefix: s.splitPrefix, + } +} + +func (s SearchPath) AbsSplit() []string { + return append(s.splitPrefix, s.path...) +} + +func (s SearchPath) Path() []string { + return s.path +} diff --git a/pkg/git/repo.go b/pkg/git/repo.go new file mode 100644 index 00000000..ba6cecf8 --- /dev/null +++ b/pkg/git/repo.go @@ -0,0 +1,190 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package git + +import ( + "bufio" + "os" + "path/filepath" + "strings" + + "github.com/go-git/go-git/v5/plumbing/format/gitignore" +) + +var defaultGitIgnorePatterns = []gitignore.Pattern{ + gitignore.ParsePattern("..", []string{}), + gitignore.ParsePattern(".git", []string{}), +} + +type Repo interface { + IsPathIgnored(path string, isDir bool) bool +} + +type repo struct { + path string + ignoreMatcher gitignore.Matcher +} + +func NewRepo(path string, inputTree *InputTreeNode) (Repo, error) { + patterns, err := ReadPatterns(NewSearchPath(path, nil), inputTree, nil, None) + if err != nil { + return nil, err + } + patterns = append(patterns, defaultGitIgnorePatterns...) + return &repo{ + path: path, + ignoreMatcher: gitignore.NewMatcher(patterns), + }, nil +} + +func (r *repo) IsPathIgnored(path string, isDir bool) bool { + absPath, err := filepath.Abs(path) + if err != nil { + return false + } + relPath, err := filepath.Rel(r.path, absPath) + if err != nil { + return false + } + splitPath := strings.Split(relPath, string(os.PathSeparator)) + return r.ignoreMatcher.Match(splitPath, isDir) +} + +// RepoFinder finds the git repository for a given directory. +type RepoFinder struct { + inputTree *InputTreeNode + cache map[string]Repo +} + +// NewRepoFinder returns a new RepoFinder instance +func NewRepoFinder(inputPaths []string) *RepoFinder { + inputTree := NewInputTree(inputPaths) + return &RepoFinder{ + inputTree: inputTree, + cache: map[string]Repo{}, + } +} + +// FindRepo takes a directory path and finds the git repository for it if one exists. +// It works by searching within the given directory, followed by searching in parent +// directories until it either reaches the top-level directory or encounters an error. +func (s *RepoFinder) FindRepo(path string) Repo { + absPath, err := filepath.Abs(path) + if err != nil { + return nil + } + lastPath := "" + traversedPaths := []string{} + for absPath != lastPath { + if foundRepo, ok := s.cache[absPath]; ok { + return foundRepo + } + entries, err := os.ReadDir(absPath) + if err != nil { + // Store nil so that we don't retry this operation when child dirs are + // passed in. + s.cache[absPath] = nil + return nil + } + for _, e := range entries { + if e.Name() == ".git" { + r, err := NewRepo(absPath, s.inputTree) + if err != nil { + s.cache[absPath] = nil + return nil + } + s.cache[absPath] = r + return s.cache[absPath] + } + } + traversedPaths = append(traversedPaths, absPath) + lastPath = absPath + absPath = filepath.Dir(absPath) + } + // At this point we've traversed to the top of the tree and haven't found + // anything. We'll cache all traversed paths so that we don't repeat the + // list operations for child dirs. + for _, p := range traversedPaths { + s.cache[p] = nil + } + return nil +} + +// Vendored from go-git so that we can fix their behavior +// readIgnoreFile reads a specific git ignore file. +func readIgnoreFile(searchPath SearchPath) (ps []gitignore.Pattern, err error) { + ignoreFilePath := searchPath.WithAddedPath(".gitignore").Abs() + f, err := os.Open(ignoreFilePath) + if err == nil { + defer f.Close() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + s := scanner.Text() + if !strings.HasPrefix(s, "#") && len(strings.TrimSpace(s)) > 0 { + ps = append(ps, gitignore.ParsePattern(s, searchPath.Path())) + } + } + } else if !os.IsNotExist(err) { + return nil, err + } + + return +} + +// ReadPatterns reads gitignore patterns recursively traversing through the directory +// structure. The result is in the ascending order of priority (last higher). This +// function has been modified to respect gitignore patterns while it's traversing. This +// has a big impact for larger repositories. +func ReadPatterns(searchPath SearchPath, inputTree *InputTreeNode, accumulator []gitignore.Pattern, lastRelation Relation) ([]gitignore.Pattern, error) { + ps, _ := readIgnoreFile(searchPath) + accumulator = append(accumulator, ps...) + + var fis []os.DirEntry + fis, err := os.ReadDir(searchPath.Abs()) + if err != nil { + return nil, err + } + + matcher := gitignore.NewMatcher(accumulator) + for _, fi := range fis { + name := fi.Name() + isDir := fi.IsDir() + + if isDir && name != ".git" { + subPath := searchPath.WithAddedPath(name) + if matcher.Match(subPath.Path(), isDir) { + continue + } + if lastRelation != TreeNodeIsParent { + lastRelation = inputTree.Relation(subPath.AbsSplit()) + } + if lastRelation == None { + continue + } + var subps []gitignore.Pattern + subps, err = ReadPatterns(subPath, inputTree, accumulator, lastRelation) + if err != nil { + return nil, err + } + + if len(subps) > 0 { + ps = append(ps, subps...) + } + } + } + + return ps, nil +} diff --git a/pkg/loader/auto.go b/pkg/loader/auto.go new file mode 100644 index 00000000..8bc92968 --- /dev/null +++ b/pkg/loader/auto.go @@ -0,0 +1,33 @@ +package loader + +type AutoDetector struct { + detectors []ConfigurationDetector +} + +func (a *AutoDetector) DetectDirectory(i InputDirectory, opts DetectOptions) (IACConfiguration, error) { + for _, d := range a.detectors { + l, err := i.DetectType(d, opts) + if err == nil && l != nil { + return l, nil + } + } + + return nil, nil +} + +func (a *AutoDetector) DetectFile(i InputFile, opts DetectOptions) (IACConfiguration, error) { + for _, d := range a.detectors { + l, err := i.DetectType(d, opts) + if err == nil && l != nil { + return l, nil + } + } + + return nil, nil +} + +func NewAutoDetector(detectors ...ConfigurationDetector) *AutoDetector { + return &AutoDetector{ + detectors: detectors, + } +} diff --git a/pkg/loader/base.go b/pkg/loader/base.go new file mode 100644 index 00000000..bce8b469 --- /dev/null +++ b/pkg/loader/base.go @@ -0,0 +1,142 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package loader + +import "fmt" + +//go:generate mockgen -destination=../mocks/mock_iacconfiguration.go -package=mocks github.com/fugue/regula/pkg/loader IACConfiguration +//go:generate mockgen -destination=../mocks/mock_configurationdetector.go -package=mocks github.com/fugue/regula/pkg/loader ConfigurationDetector +//go:generate mockgen -destination=../mocks/mock_inputpath.go -package=mocks github.com/fugue/regula/pkg/loader InputPath +//go:generate mockgen -destination=../mocks/mock_inputdirectory.go -package=mocks github.com/fugue/regula/pkg/loader InputDirectory +//go:generate mockgen -destination=../mocks/mock_inputfile.go -package=mocks github.com/fugue/regula/pkg/loader InputFile + +// stdIn is the path used for stdin. +const stdIn = "" + +// InputType is a flag that determines which types regula should look for. +type InputType int + +const ( + // Auto means that regula will automatically try to determine which input types are + // in the given paths. + Auto InputType = iota + // TfPlan means that regula will only look for Terraform plan JSON files in given + // directories and it will assume that given files are Terraform plan JSON. + TfPlan + // Cfn means that regula will only look for CloudFormation template files in given + // directories and it will assume that given files are CloudFormation YAML or JSON. + Cfn + // Tf means that regula will load the HCL in the directory in a similar + // way to terraform plan, or it can also load individual files. + Tf +) + +// InputTypeIDs maps the InputType enums to string values that can be specified in +// CLI options. +var InputTypeIDs = map[InputType][]string{ + Auto: {"auto"}, + TfPlan: {"tf-plan"}, + Cfn: {"cfn"}, + Tf: {"tf"}, +} + +// InputTypeForString is a utility function to translate the string name of an input +// type to an InputType enum +func InputTypeForString(typeStr string) (InputType, error) { + switch typeStr { + case "auto": + return Auto, nil + case "cfn": + return Cfn, nil + case "tf-plan": + return TfPlan, nil + case "tf": + return Tf, nil + default: + return -1, fmt.Errorf("Unrecognized input type %v", typeStr) + } +} + +// LoadedConfigurations is a container for IACConfigurations loaded by Regula. +type LoadedConfigurations interface { + // AddConfiguration adds a configuration entry for the given path + AddConfiguration(path string, config IACConfiguration) + // Location resolves a file path and attribute path from the regula output to a + // location within a file. + Location(path string, attributePath []string) (*Location, error) + // AlreadyLoaded indicates whether the given path has already been loaded as part + // of another IACConfiguration. + AlreadyLoaded(path string) bool + // RegulaInput renders the RegulaInput from all of the contained configurations. + RegulaInput() []RegulaInput + // Count returns the number of loaded configurations. + Count() int +} + +// RegulaInput is a generic map that can be fed to OPA for regula. +type RegulaInput map[string]interface{} + +// IACConfiguration is a loaded IaC Configuration. +type IACConfiguration interface { + // RegulaInput returns a input for regula. + RegulaInput() RegulaInput + // LoadedFiles are all of the files contained within this configuration. + LoadedFiles() []string + // Location resolves an attribute path to to a file, line and column. + // The first element of the attributePath is usually the resource ID. + Location(attributePath []string) (*Location, error) +} + +// Location is a filepath, line and column. +type Location struct { + Path string + Line int + Col int +} + +// DetectOptions are options passed to the configuration detectors. +type DetectOptions struct { + IgnoreExt bool +} + +// ConfigurationDetector implements the visitor part of the visitor pattern for the +// concrete InputPath implementations. A ConfigurationDetector implementation must +// contain functions to visit both directories and files. An empty implementation +// must return nil, nil to indicate that the InputPath has been ignored. +type ConfigurationDetector interface { + DetectDirectory(i InputDirectory, opts DetectOptions) (IACConfiguration, error) + DetectFile(i InputFile, opts DetectOptions) (IACConfiguration, error) +} + +// InputPath is a generic interface to represent both directories and files that +// can serve as inputs for a ConfigurationDetector. +type InputPath interface { + DetectType(d ConfigurationDetector, opts DetectOptions) (IACConfiguration, error) + IsDir() bool + Path() string + Name() string +} + +type InputDirectory interface { + InputPath + Walk(w func(i InputPath) error) error + Children() []InputPath +} + +type InputFile interface { + InputPath + Ext() string + Contents() ([]byte, error) +} diff --git a/pkg/loader/cfn.go b/pkg/loader/cfn.go new file mode 100644 index 00000000..cc4e5ace --- /dev/null +++ b/pkg/loader/cfn.go @@ -0,0 +1,228 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package loader + +import ( + "fmt" + "strings" + + "gopkg.in/yaml.v3" +) + +var validCfnExts map[string]bool = map[string]bool{ + ".yaml": true, + ".yml": true, + ".json": true, +} + +type CfnDetector struct{} + +func (c *CfnDetector) DetectFile(i InputFile, opts DetectOptions) (IACConfiguration, error) { + if !opts.IgnoreExt && !validCfnExts[i.Ext()] { + return nil, fmt.Errorf("File does not have .yaml, .yml, or .json extension: %v", i.Path()) + } + contents, err := i.Contents() + if err != nil { + return nil, err + } + + template := &cfnTemplate{} + if err := yaml.Unmarshal(contents, &template); err != nil { + return nil, fmt.Errorf("Failed to parse file as YAML or JSON %v: %v", i.Path(), err) + } + _, hasTemplateFormatVersion := template.Contents["AWSTemplateFormatVersion"] + _, hasResources := template.Contents["Resources"] + + if !hasTemplateFormatVersion && !hasResources { + return nil, fmt.Errorf("Input file is not a CloudFormation template: %v", i.Path()) + } + + return &cfnConfiguration{ + path: i.Path(), + template: *template, + }, nil +} + +func (c *CfnDetector) DetectDirectory(i InputDirectory, opts DetectOptions) (IACConfiguration, error) { + return nil, nil +} + +type cfnConfiguration struct { + path string + template cfnTemplate +} + +func (l *cfnConfiguration) RegulaInput() RegulaInput { + return RegulaInput{ + "filepath": l.path, + "content": l.template.Contents, + } +} + +func (l *cfnConfiguration) Location(attributePath []string) (*Location, error) { + return &Location{ + Path: l.path, + Line: 0, + Col: 0, + }, nil +} + +func (l *cfnConfiguration) LoadedFiles() []string { + return []string{l.path} +} + +type cfnTemplate struct { + Contents map[string]interface{} +} + +func (t *cfnTemplate) UnmarshalYAML(node *yaml.Node) error { + contents, err := decodeMap(node) + if err != nil { + return err + } + t.Contents = contents + return nil +} + +func decodeMap(node *yaml.Node) (map[string]interface{}, error) { + if len(node.Content)%2 != 0 { + return nil, fmt.Errorf("Malformed map at line %v, col %v", node.Line, node.Column) + } + + m := map[string]interface{}{} + + for i := 0; i < len(node.Content); i += 2 { + keyNode := node.Content[i] + valNode := node.Content[i+1] + + if keyNode.Kind != yaml.ScalarNode || keyNode.Tag != "!!str" { + return nil, fmt.Errorf("Malformed map key at line %v, col %v", keyNode.Line, keyNode.Column) + } + + var key string + + if err := keyNode.Decode(&key); err != nil { + return nil, fmt.Errorf("Failed to decode map key: %v", err) + } + + val, err := decodeNode(valNode) + + if err != nil { + return nil, fmt.Errorf("Failed to decode map val: %v", err) + } + + m[key] = val + } + + return m, nil +} + +func decodeSeq(node *yaml.Node) ([]interface{}, error) { + s := []interface{}{} + for _, child := range node.Content { + i, err := decodeNode(child) + if err != nil { + return nil, fmt.Errorf("Error decoding sequence item at line %v, col %v", child.Line, child.Column) + } + s = append(s, i) + } + + return s, nil +} + +var intrinsicFns map[string]string = map[string]string{ + "!And": "Fn::And", + "!Base64": "Fn::Base64", + "!Cidr": "Fn::Cidr", + "!Equals": "Fn::Equals", + "!FindInMap": "Fn::FindInMap", + "!GetAtt": "Fn::GetAtt", + "!GetAZs": "Fn::GetAZs", + "!If": "Fn::If", + "!ImportValue": "Fn::ImportValue", + "!Join": "Fn::Join", + "!Not": "Fn::Not", + "!Or": "Fn::Or", + "!Ref": "Ref", + "!Split": "Fn::Split", + "!Sub": "Fn::Sub", + "!Transform": "Fn::Transform", +} + +func decodeIntrinsic(node *yaml.Node, name string) (map[string]interface{}, error) { + if name == "" { + name = strings.Replace(node.Tag, "!", "Fn::", 1) + } + intrinsic := map[string]interface{}{} + switch node.Kind { + case yaml.SequenceNode: + val, err := decodeSeq(node) + if err != nil { + return nil, fmt.Errorf("Failed to decode intrinsic containing sequence: %v", err) + } + intrinsic[name] = val + case yaml.MappingNode: + val, err := decodeMap(node) + if err != nil { + return nil, fmt.Errorf("Failed to decode intrinsic containing map: %v", err) + } + intrinsic[name] = val + default: + var val interface{} + if err := node.Decode(&val); err != nil { + return nil, fmt.Errorf("Failed to decode intrinsic: %v", err) + } + // Special case for GetAtt + if name == "Fn::GetAtt" { + if valString, ok := val.(string); ok { + val = strings.Split(valString, ".") + } + } + intrinsic[name] = val + } + + return intrinsic, nil +} + +func decodeNode(node *yaml.Node) (interface{}, error) { + switch node.Tag { + case "!!seq": + val, err := decodeSeq(node) + if err != nil { + return nil, fmt.Errorf("Failed to decode map val: %v", err) + } + return val, nil + case "!!map": + val, err := decodeMap(node) + if err != nil { + return nil, fmt.Errorf("Failed to decode map val: %v", err) + } + return val, nil + default: + name, isIntrinsic := intrinsicFns[node.Tag] + if isIntrinsic { + val, err := decodeIntrinsic(node, name) + if err != nil { + return nil, fmt.Errorf("Failed to decode map val: %v", err) + } + return val, nil + } + var val interface{} + if err := node.Decode(&val); err != nil { + return nil, fmt.Errorf("Failed to decode map val: %v", err) + } + return val, nil + } +} diff --git a/pkg/loader/cfn_test.go b/pkg/loader/cfn_test.go new file mode 100644 index 00000000..3f2e1116 --- /dev/null +++ b/pkg/loader/cfn_test.go @@ -0,0 +1,125 @@ +package loader_test + +import ( + "encoding/json" + "testing" + + "github.com/fugue/regula/pkg/loader" + inputs "github.com/fugue/regula/pkg/loader/test_inputs" + "github.com/fugue/regula/pkg/mocks" + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/assert" +) + +func makeMockFile(ctrl *gomock.Controller, path, ext string, contents []byte) loader.InputFile { + mockFile := mocks.NewMockInputFile(ctrl) + mockFile.EXPECT().Ext().Return(ext) + mockFile.EXPECT().Path().Return(path) + mockFile.EXPECT().Contents().Return(contents, nil) + return mockFile +} + +func TestCfnDetector(t *testing.T) { + ctrl := gomock.NewController(t) + testInputs := []struct { + path string + ext string + contents []byte + }{ + {path: "cfn.yaml", ext: ".yaml", contents: inputs.Contents(t, "cfn.yaml")}, + {path: "cfn.yml", ext: ".yml", contents: inputs.Contents(t, "cfn.yaml")}, + {path: "cfn.json", ext: ".yaml", contents: inputs.Contents(t, "cfn.json")}, + {path: "cfn_resources.yaml", ext: ".yaml", contents: inputs.Contents(t, "cfn_resources.yaml")}, + } + detector := &loader.CfnDetector{} + + for _, i := range testInputs { + f := makeMockFile(ctrl, i.path, i.ext, i.contents) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.Nil(t, err) + assert.NotNil(t, loader) + assert.Equal(t, loader.LoadedFiles(), []string{i.path}) + } +} + +func TestCfnDetectorNotCfnContents(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.CfnDetector{} + f := makeMockFile(ctrl, "other.json", ".json", inputs.Contents(t, "other.json")) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} + +func TestCfnDetectorNotCfnExt(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.CfnDetector{} + f := mocks.NewMockInputFile(ctrl) + f.EXPECT().Ext().Return(".cfn") + f.EXPECT().Path().Return("cfn.cfn") + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} + +func TestCfnDetectorIgnoreExt(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.CfnDetector{} + f := mocks.NewMockInputFile(ctrl) + f.EXPECT().Path().Return("cfn.cfn") + f.EXPECT().Contents().Return(inputs.Contents(t, "cfn.yaml"), nil) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: true, + }) + assert.Nil(t, err) + assert.NotNil(t, loader) + assert.Equal(t, loader.LoadedFiles(), []string{"cfn.cfn"}) +} + +func TestCfnDetectorNotYAML(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.CfnDetector{} + f := makeMockFile(ctrl, "not_cfn.yaml", ".yaml", inputs.Contents(t, "text.txt")) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} + +func TestCfnIntrinsics(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.CfnDetector{} + yamlFile := makeMockFile(ctrl, "cfn.yaml", ".yaml", inputs.Contents(t, "cfn_intrinsics.yaml")) + // This JSON file was produced with cfn-flip. The transformations performed by the + // loader should be identical to the output of cfn-flip. + jsonFile := makeMockFile(ctrl, "cfn.json", ".json", inputs.Contents(t, "cfn_intrinsics.json")) + yamlLoader, err := detector.DetectFile(yamlFile, loader.DetectOptions{}) + assert.Nil(t, err) + assert.NotNil(t, yamlLoader) + + jsonLoader, err := detector.DetectFile(jsonFile, loader.DetectOptions{}) + assert.Nil(t, err) + assert.NotNil(t, jsonLoader) + + yamlInput := coerceRegulaInput(t, yamlLoader.RegulaInput()) + jsonInput := coerceRegulaInput(t, jsonLoader.RegulaInput()) + + assert.Equal(t, jsonInput["content"], yamlInput["content"]) +} + +// This is annoying, but we care about the values (not the types) +func coerceRegulaInput(t *testing.T, regulaInput loader.RegulaInput) loader.RegulaInput { + coerced := loader.RegulaInput{} + bytes, err := json.Marshal(regulaInput) + assert.Nil(t, err) + err = json.Unmarshal(bytes, &coerced) + + return coerced +} diff --git a/pkg/loader/input.go b/pkg/loader/input.go new file mode 100644 index 00000000..f5b65b84 --- /dev/null +++ b/pkg/loader/input.go @@ -0,0 +1,163 @@ +package loader + +import ( + "io" + "os" + "path/filepath" + + "github.com/fugue/regula/pkg/git" +) + +type directory struct { + path string + name string + children []InputPath +} + +func (d *directory) DetectType(c ConfigurationDetector, opts DetectOptions) (IACConfiguration, error) { + return c.DetectDirectory(d, opts) +} + +func (d *directory) IsDir() bool { + return true +} + +func (d *directory) Path() string { + return d.path +} + +func (d *directory) Name() string { + return d.name +} + +func (d *directory) Walk(w func(i InputPath) error) error { + for _, c := range d.children { + if err := w(c); err != nil { + return err + } + + if dir, ok := c.(InputDirectory); ok { + if err := dir.Walk(w); err != nil { + return err + } + } + } + return nil +} + +func (d *directory) Children() []InputPath { + return d.children +} + +type directoryOptions struct { + Path string + Name string + NoIgnore bool + GitRepoFinder *git.RepoFinder +} + +func newDirectory(opts directoryOptions) (InputDirectory, error) { + contents := []InputPath{} + entries, err := os.ReadDir(opts.Path) + if err != nil { + return nil, err + } + var repo git.Repo + if !opts.NoIgnore { + repo = opts.GitRepoFinder.FindRepo(opts.Path) + } + for _, e := range entries { + n := e.Name() + p := filepath.Join(opts.Path, n) + if repo != nil { + if ignored := repo.IsPathIgnored(p, e.IsDir()); ignored { + continue + } + } + var i InputPath + if e.IsDir() { + i, err = newDirectory(directoryOptions{ + Path: p, + Name: n, + NoIgnore: opts.NoIgnore, + GitRepoFinder: opts.GitRepoFinder, + }) + if err != nil { + return nil, err + } + + } else { + i = newFile(p, n) + } + contents = append(contents, i) + } + return &directory{ + path: opts.Path, + name: opts.Name, + children: contents, + }, nil +} + +type file struct { + path string + name string + ext string + cachedContents []byte +} + +func (f *file) DetectType(d ConfigurationDetector, opts DetectOptions) (IACConfiguration, error) { + return d.DetectFile(f, opts) +} + +func (f *file) IsDir() bool { + return false +} + +func (f *file) Path() string { + return f.path +} + +func (f *file) Name() string { + return f.name +} + +func (f *file) Walk(w func(i InputPath) error) error { + return nil +} + +func (f *file) Ext() string { + return f.ext +} + +func (f *file) Contents() ([]byte, error) { + if f.cachedContents != nil { + return f.cachedContents, nil + } + + if f.name == stdIn { + contents, err := io.ReadAll(os.Stdin) + if err != nil { + f.cachedContents = []byte{} + return nil, err + } + f.cachedContents = contents + return contents, nil + } + + contents, err := os.ReadFile(f.path) + if err != nil { + f.cachedContents = []byte{} + return nil, err + } + f.cachedContents = contents + return contents, nil +} + +func newFile(path string, name string) InputFile { + ext := filepath.Ext(path) + return &file{ + path: path, + name: name, + ext: ext, + } +} diff --git a/pkg/loader/loadpaths.go b/pkg/loader/loadpaths.go new file mode 100644 index 00000000..478db2c0 --- /dev/null +++ b/pkg/loader/loadpaths.go @@ -0,0 +1,196 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package loader + +import ( + "fmt" + "os" + "path/filepath" + "sort" + + "github.com/fugue/regula/pkg/git" +) + +type LoadPathsOptions struct { + Paths []string + InputType InputType + NoIgnore bool +} + +func LoadPaths(options LoadPathsOptions) (LoadedConfigurations, error) { + configurations := newLoadedConfigurations() + detector, err := DetectorByInputType(options.InputType) + if err != nil { + return nil, err + } + walkFunc := func(i InputPath) error { + if configurations.AlreadyLoaded(i.Path()) { + return nil + } + // Ignore errors when we're recursing + loader, _ := i.DetectType(detector, DetectOptions{ + IgnoreExt: false, + }) + if loader != nil { + configurations.AddConfiguration(i.Path(), loader) + } + return nil + } + gitRepoFinder := git.NewRepoFinder(options.Paths) + for _, path := range options.Paths { + if path == "-" { + path = stdIn + } + if configurations.AlreadyLoaded(path) { + continue + } + if path == stdIn { + i := newFile(stdIn, stdIn) + loader, err := i.DetectType(detector, DetectOptions{ + IgnoreExt: true, + }) + if err != nil { + return nil, err + } + if loader != nil { + configurations.AddConfiguration(stdIn, loader) + } else { + return nil, fmt.Errorf("Unable to detect input type of stdin") + } + continue + } + name := filepath.Base(path) + info, err := os.Stat(path) + if err != nil { + return nil, err + } + if info.IsDir() { + // We want to override the gitignore behavior if the user explicitly gives + // us a directory that is ignored. + noIgnore := options.NoIgnore + if !noIgnore { + if repo := gitRepoFinder.FindRepo(path); repo != nil { + noIgnore = repo.IsPathIgnored(path, true) + } + } + i, err := newDirectory(directoryOptions{ + Path: path, + Name: name, + NoIgnore: noIgnore, + GitRepoFinder: gitRepoFinder, + }) + if err != nil { + return nil, err + } + loader, err := i.DetectType(detector, DetectOptions{ + IgnoreExt: options.InputType != Auto, + }) + if err != nil { + return nil, err + } + if loader != nil { + configurations.AddConfiguration(path, loader) + } + if err := i.Walk(walkFunc); err != nil { + return nil, err + } + } else { + i := newFile(path, name) + loader, err := i.DetectType(detector, DetectOptions{ + IgnoreExt: options.InputType != Auto, + }) + if err != nil { + return nil, err + } + if loader != nil { + configurations.AddConfiguration(path, loader) + } else { + return nil, fmt.Errorf("Unable to detect input type of file %v", i.Path()) + } + } + } + if configurations.Count() < 1 { + return nil, fmt.Errorf("No loadable files in provided paths: %v", options.Paths) + } + + return configurations, nil +} + +type loadedConfigurations struct { + configurations map[string]IACConfiguration + loadedPaths map[string]bool +} + +func newLoadedConfigurations() *loadedConfigurations { + return &loadedConfigurations{ + configurations: map[string]IACConfiguration{}, + loadedPaths: map[string]bool{}, + } +} + +func (l *loadedConfigurations) AddConfiguration(path string, config IACConfiguration) { + l.configurations[path] = config + for _, f := range config.LoadedFiles() { + l.loadedPaths[f] = true + } +} + +func (l *loadedConfigurations) RegulaInput() []RegulaInput { + keys := []string{} + for k := range l.configurations { + keys = append(keys, k) + } + sort.Strings(keys) + input := []RegulaInput{} + for _, k := range keys { + input = append(input, l.configurations[k].RegulaInput()) + } + return input +} + +func (l *loadedConfigurations) Location(path string, attributePath []string) (*Location, error) { + loader, ok := l.configurations[path] + if !ok { + return nil, fmt.Errorf("Unable to determine location for given path %v and attribute path %v", path, attributePath) + } + return loader.Location(attributePath) +} + +func (l *loadedConfigurations) AlreadyLoaded(path string) bool { + return l.loadedPaths[path] +} + +func (l *loadedConfigurations) Count() int { + return len(l.configurations) +} + +func DetectorByInputType(inputType InputType) (ConfigurationDetector, error) { + switch inputType { + case Auto: + return NewAutoDetector( + &CfnDetector{}, + &TfPlanDetector{}, + &TfDetector{}, + ), nil + case Cfn: + return &CfnDetector{}, nil + case TfPlan: + return &TfPlanDetector{}, nil + case Tf: + return &TfDetector{}, nil + default: + return nil, fmt.Errorf("Unsupported input type: %v", inputType) + } +} diff --git a/pkg/loader/loadpaths_test.go b/pkg/loader/loadpaths_test.go new file mode 100644 index 00000000..b6b7b8e5 --- /dev/null +++ b/pkg/loader/loadpaths_test.go @@ -0,0 +1,47 @@ +package loader_test + +import ( + "testing" + + "github.com/fugue/regula/pkg/loader" + "github.com/stretchr/testify/assert" +) + +func TestLoadPathsDirAuto(t *testing.T) { + loadedConfigs, err := loader.LoadPaths(loader.LoadPathsOptions{ + Paths: []string{"test_inputs/data"}, + InputType: loader.Auto, + }) + assert.Nil(t, err) + assert.NotNil(t, loadedConfigs) + assert.Greater(t, loadedConfigs.Count(), 0) + assert.True(t, loadedConfigs.AlreadyLoaded("test_inputs/data/tfplan.0.15.json")) + assert.True(t, loadedConfigs.AlreadyLoaded("test_inputs/data/cfn.yaml")) +} + +func TestLoadPathsFiles(t *testing.T) { + loadedConfigs, err := loader.LoadPaths(loader.LoadPathsOptions{ + Paths: []string{ + "test_inputs/data/cfn.yaml", + "test_inputs/data/tfplan.0.15.json", + }, + InputType: loader.Auto, + }) + assert.Nil(t, err) + assert.NotNil(t, loadedConfigs) + assert.Equal(t, 2, loadedConfigs.Count()) + assert.True(t, loadedConfigs.AlreadyLoaded("test_inputs/data/tfplan.0.15.json")) + assert.True(t, loadedConfigs.AlreadyLoaded("test_inputs/data/cfn.yaml")) +} + +func TestLoadPathsDirWithType(t *testing.T) { + loadedConfigs, err := loader.LoadPaths(loader.LoadPathsOptions{ + Paths: []string{"test_inputs/data"}, + InputType: loader.TfPlan, + }) + assert.Nil(t, err) + assert.NotNil(t, loadedConfigs) + assert.Greater(t, loadedConfigs.Count(), 0) + assert.True(t, loadedConfigs.AlreadyLoaded("test_inputs/data/tfplan.0.15.json")) + assert.False(t, loadedConfigs.AlreadyLoaded("test_inputs/data/cfn.yaml")) +} diff --git a/pkg/loader/test_inputs/data/cfn.json b/pkg/loader/test_inputs/data/cfn.json new file mode 100644 index 00000000..901778f9 --- /dev/null +++ b/pkg/loader/test_inputs/data/cfn.json @@ -0,0 +1,23 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Invalid S3 block public access configuration", + "Resources": { + "Bucket1": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl": "Private" + } + }, + "Bucket2": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl": "Private", + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + } + } + } +} \ No newline at end of file diff --git a/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn b/pkg/loader/test_inputs/data/cfn.yaml similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn rename to pkg/loader/test_inputs/data/cfn.yaml diff --git a/pkg/loader/test_inputs/data/cfn_intrinsics.json b/pkg/loader/test_inputs/data/cfn_intrinsics.json new file mode 100644 index 00000000..5ff2c0dc --- /dev/null +++ b/pkg/loader/test_inputs/data/cfn_intrinsics.json @@ -0,0 +1,215 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "Invalid public function configuration", + "Resources": { + "FunctionRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Path": "/" + } + }, + "Function": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByArn": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": { + "Fn::GetAtt": [ + "Function", + "Arn" + ] + }, + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + }, + "Function2": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByRef": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": { + "Ref": "Function2" + }, + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + }, + "Function3": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByPartialArn": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": { + "Fn::Sub": "${AWS::AccountId}:${Function3}" + }, + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + }, + "Function4": { + "Type": "AWS::Lambda::Function", + "Properties": { + "FunctionName": "function4", + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByHardcodedName": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": "function4", + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + }, + "Function5Alias": { + "Type": "AWS::Lambda::Alias", + "Properties": { + "FunctionName": { + "Ref": "Function5" + }, + "FunctionVersion": "$LATEST", + "Name": "v1" + } + }, + "Function5": { + "Type": "AWS::Lambda::Function", + "Properties": { + "FunctionName": "function5", + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByHardcodedNameAndAlias": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": "function5:v1", + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + }, + "Function6Alias": { + "Type": "AWS::Lambda::Alias", + "Properties": { + "FunctionName": { + "Ref": "Function5" + }, + "FunctionVersion": "$LATEST", + "Name": "v1" + } + }, + "Function6": { + "Type": "AWS::Lambda::Function", + "Properties": { + "FunctionName": { + "Fn::Sub": "function-${AWS::Region}" + }, + "Code": { + "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionRole", + "Arn" + ] + }, + "Runtime": "nodejs12.x" + } + }, + "FunctionPermissionByNameAndAliasUsingFunctions": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": { + "Fn::Join": [ + ":", + [ + { + "Fn::Sub": "function-${AWS::Region}" + }, + "v2" + ] + ] + }, + "Action": "lambda:InvokeFunction", + "Principal": "*" + } + } + } +} \ No newline at end of file diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn b/pkg/loader/test_inputs/data/cfn_intrinsics.yaml similarity index 100% rename from tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn rename to pkg/loader/test_inputs/data/cfn_intrinsics.yaml diff --git a/tests/lib/inputs/resource_view_02.tf b/pkg/loader/test_inputs/data/cfn_resources.yaml similarity index 53% rename from tests/lib/inputs/resource_view_02.tf rename to pkg/loader/test_inputs/data/cfn_resources.yaml index 2b5dd39f..5421cf98 100644 --- a/tests/lib/inputs/resource_view_02.tf +++ b/pkg/loader/test_inputs/data/cfn_resources.yaml @@ -11,31 +11,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -provider "aws" { - region = "us-west-2" -} - -resource "aws_s3_bucket" "example" { - bucket_prefix = "example" -} - -data "aws_iam_policy_document" "example" { - statement { - effect = "Allow" - actions = ["s3:*"] - - principals { - type = "*" - identifiers = ["*"] - } - - resources = [ - "arn:aws:s3:::some-example-bucket/*", - "arn:aws:s3:::${aws_s3_bucket.example.id}/*", - ] - } -} - -resource "aws_iam_policy" "example" { - policy = "${data.aws_iam_policy_document.example.json}" -} +Resources: + Bucket1: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + Bucket2: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + PublicAccessBlockConfiguration: + BlockPublicAcls: true + IgnorePublicAcls: true + RestrictPublicBuckets: true diff --git a/pkg/loader/test_inputs/data/other.json b/pkg/loader/test_inputs/data/other.json new file mode 100644 index 00000000..4964cd93 --- /dev/null +++ b/pkg/loader/test_inputs/data/other.json @@ -0,0 +1,4 @@ +{ + "foo": "bar", + "baz": 1 +} diff --git a/pkg/loader/test_inputs/data/text.txt b/pkg/loader/test_inputs/data/text.txt new file mode 100644 index 00000000..f856c9f7 --- /dev/null +++ b/pkg/loader/test_inputs/data/text.txt @@ -0,0 +1 @@ +This file is not yaml or json. diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego b/pkg/loader/test_inputs/data/tfplan.0.12.json similarity index 87% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego rename to pkg/loader/test_inputs/data/tfplan.0.12.json index 6ea7be3d..fc54cedc 100644 --- a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego +++ b/pkg/loader/test_inputs/data/tfplan.0.12.json @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_ssh_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.12.20", "planned_values": { "root_module": { "resources": [ @@ -60,7 +29,6 @@ mock_plan_input = { } ], "name": "invalid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -91,7 +59,6 @@ mock_plan_input = { } ], "name": "invalid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -122,7 +89,6 @@ mock_plan_input = { } ], "name": "valid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -153,7 +119,6 @@ mock_plan_input = { } ], "name": "valid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -192,7 +157,6 @@ mock_plan_input = { } ], "name": "invalid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -211,6 +175,7 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, "vpc_id": true } @@ -245,7 +210,6 @@ mock_plan_input = { } ], "name": "invalid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -264,6 +228,7 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, "vpc_id": true } @@ -298,7 +263,6 @@ mock_plan_input = { } ], "name": "valid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -317,6 +281,7 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, "vpc_id": true } @@ -351,7 +316,6 @@ mock_plan_input = { } ], "name": "valid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -370,6 +334,7 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, "vpc_id": true } diff --git a/pkg/loader/test_inputs/data/tfplan.0.13.json b/pkg/loader/test_inputs/data/tfplan.0.13.json new file mode 100644 index 00000000..3a7759bb --- /dev/null +++ b/pkg/loader/test_inputs/data/tfplan.0.13.json @@ -0,0 +1,416 @@ +{ + "format_version": "0.1", + "terraform_version": "0.13.5", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_2" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_2" + } + }, + "schema_version": 1 + } + ] + } + } +} diff --git a/pkg/loader/test_inputs/data/tfplan.0.14.json b/pkg/loader/test_inputs/data/tfplan.0.14.json new file mode 100644 index 00000000..169e2dfb --- /dev/null +++ b/pkg/loader/test_inputs/data/tfplan.0.14.json @@ -0,0 +1,416 @@ +{ + "format_version": "0.1", + "terraform_version": "0.14.11", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_2" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_2" + } + }, + "schema_version": 1 + } + ] + } + } +} diff --git a/pkg/loader/test_inputs/data/tfplan.0.15.json b/pkg/loader/test_inputs/data/tfplan.0.15.json new file mode 100644 index 00000000..584c0190 --- /dev/null +++ b/pkg/loader/test_inputs/data/tfplan.0.15.json @@ -0,0 +1,476 @@ +{ + "format_version": "0.1", + "terraform_version": "0.15.3", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + }, + "before_sensitive": false, + "after_sensitive": { + "egress": [], + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "tags_all": {} + } + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + }, + "before_sensitive": false, + "after_sensitive": { + "egress": [], + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "tags_all": {} + } + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + }, + "before_sensitive": false, + "after_sensitive": { + "egress": [], + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "tags_all": {} + } + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + }, + "before_sensitive": false, + "after_sensitive": { + "egress": [], + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "tags_all": {} + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_2" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_2" + } + }, + "schema_version": 1 + } + ] + } + } +} diff --git a/pkg/loader/test_inputs/test_inputs.go b/pkg/loader/test_inputs/test_inputs.go new file mode 100644 index 00000000..63a9acba --- /dev/null +++ b/pkg/loader/test_inputs/test_inputs.go @@ -0,0 +1,20 @@ +package test_inputs + +import ( + "embed" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" +) + +//go:embed data +var data embed.FS + +func Contents(t *testing.T, name string) []byte { + contents, err := data.ReadFile(filepath.Join("data", name)) + if err != nil { + assert.FailNow(t, err.Error()) + } + return contents +} diff --git a/pkg/loader/tf.go b/pkg/loader/tf.go new file mode 100644 index 00000000..c388833b --- /dev/null +++ b/pkg/loader/tf.go @@ -0,0 +1,874 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package loader + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path/filepath" + "reflect" + "strconv" + "strings" + + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hclsyntax" + "github.com/hashicorp/terraform/addrs" + "github.com/hashicorp/terraform/configs" + "github.com/hashicorp/terraform/lang" + "github.com/hashicorp/terraform/tfdiags" + "github.com/zclconf/go-cty/cty" + + "tf_resource_schemas" +) + +type TfDetector struct{} + +func (t *TfDetector) DetectFile(i InputFile, opts DetectOptions) (IACConfiguration, error) { + if !opts.IgnoreExt && i.Ext() != ".tf" { + return nil, fmt.Errorf("Expected a .tf extension for %s", i.Path()) + } + dir := filepath.Dir(i.Path()) + + return parseFiles([]string{}, dir, nil, false, []string{i.Path()}) +} + +func (t *TfDetector) DetectDirectory(i InputDirectory, opts DetectOptions) (IACConfiguration, error) { + // First check that a `.tf` file exists in the directory. + tfExists := false + for _, child := range i.Children() { + if c, ok := child.(InputFile); ok && c.Ext() == ".tf" { + tfExists = true + } + } + if !tfExists { + return nil, nil + } + + return ParseDirectory([]string{}, i.Path(), nil) +} + +type HclConfiguration struct { + // Path of the module. This indicates its position in the module tree. + // Example: `[]` for the root module, `["child1"]` for children. + path []string + + // Directory the configuration is loaded from. Necessary to find the + // locations of child modules, and do `file()` calls. + dir string + + // Recursively load submodules. + recurse bool + + // Filepaths that have been loaded. + filepaths []string + + // The actual HCL module. + module *configs.Module + + // A pointer to schemas we can use. + schemas tf_resource_schemas.ResourceSchemas + + // A map of loaded child modules. + children map[string]*HclConfiguration + + // Cached inputs (vars) for the child modules + childrenVars map[string]map[string]interface{} + + // Values of variables. Maybe we should make this lazy to handle cycles + // better? + vars map[string]interface{} + + // Locations of terraform modules. + moduleRegister *terraformModuleRegister +} + +func ParseDirectory( + path []string, + dir string, + moduleRegister *terraformModuleRegister, +) (*HclConfiguration, error) { + parser := configs.NewParser(nil) + var diags hcl.Diagnostics + + primary, _, diags := parser.ConfigDirFiles(dir) + if diags.HasErrors() { + return nil, diags + } + + return parseFiles(path, dir, moduleRegister, true, primary) +} + +func parseFiles( + path []string, + dir string, + moduleRegister *terraformModuleRegister, + recurse bool, + filepaths []string, +) (*HclConfiguration, error) { + configuration := new(HclConfiguration) + configuration.path = path + configuration.dir = dir + configuration.recurse = recurse + configuration.filepaths = filepaths + + if moduleRegister == nil { + configuration.moduleRegister = newTerraformRegister(dir) + } else { + configuration.moduleRegister = moduleRegister + } + + parser := configs.NewParser(nil) + var diags hcl.Diagnostics + parsedFiles := make([]*configs.File, 0) + overrideFiles := make([]*configs.File, 0) + + for _, file := range filepaths { + f, fDiags := parser.LoadConfigFile(file) + diags = append(diags, fDiags...) + parsedFiles = append(parsedFiles, f) + } + module, lDiags := configs.NewModule(parsedFiles, overrideFiles) + configuration.module = module + diags = append(diags, lDiags...) + if diags.HasErrors() { + fmt.Fprintf(os.Stderr, "%s\n", diags.Error()) + } + if configuration.module == nil { + // Only actually throw an error if we don't have a module. We can + // still try and validate what we can. + return nil, fmt.Errorf(diags.Error()) + } + + configuration.schemas = tf_resource_schemas.LoadResourceSchemas() + + // Load children + configuration.children = make(map[string]*HclConfiguration) + if recurse { + for key, moduleCall := range module.ModuleCalls { + fmt.Fprintf(os.Stderr, "Key: %s\n", key) + body, ok := moduleCall.Config.(*hclsyntax.Body) + if ok { + // We're only interested in getting the `source` attribute, this + // should not have any variables in it. + ctx := renderContext{ + dir: dir, + resolve: func(path []string) interface{} { return nil }, + } + properties := ctx.RenderBody(body) + if source, ok := properties["source"]; ok { + if str, ok := source.(string); ok { + fmt.Fprintf(os.Stderr, "Loading submodule: %s\n", str) + childDir := filepath.Join(dir, str) + if register := configuration.moduleRegister.getDir(str); register != nil { + childDir = filepath.Join(dir, *register) + } + + // Construct child path, e.g. `module.child1.aws_vpc.child`. + childPath := make([]string, len(configuration.path)) + copy(childPath, path) + childPath = append(childPath, "module") + childPath = append(childPath, key) + + child, err := ParseDirectory(childPath, childDir, configuration.moduleRegister) + if err == nil { + configuration.children[key] = child + } else { + fmt.Fprintf(os.Stderr, "warning: Error loading submodule: %s\n", err) + } + } + } + } + } + } + + configuration.childrenVars = make(map[string]map[string]interface{}) + configuration.vars = make(map[string]interface{}) + + return configuration, nil +} + +// Return a copy of a HclConfiguration with updated variables. +func (c0 *HclConfiguration) withVars(vars map[string]interface{}) *HclConfiguration { + c1 := c0 + c1.vars = vars + return c1 +} + +func (c *HclConfiguration) LoadedFiles() []string { + filepaths := []string{} + if c.recurse { + filepaths = append(filepaths, c.dir) + } + fmt.Fprintf(os.Stderr, "%v\n", c.filepaths) + for _, fp := range c.filepaths { + filepaths = append(filepaths, fp) + } + for _, child := range c.children { + if child != nil { + filepaths = append(filepaths, child.LoadedFiles()...) + } + } + return filepaths +} + +func (c *HclConfiguration) Location(attributePath []string) (*Location, error) { + return nil, nil +} + +func (c *HclConfiguration) RegulaInput() RegulaInput { + path := "" + if c.recurse { + path = c.dir + } else { + path = c.filepaths[0] + } + + return RegulaInput{ + "filepath": path, + "content": c.renderResourceView(), + } +} + +func (c *HclConfiguration) renderResourceView() map[string]interface{} { + resourceView := make(map[string]interface{}) + resourceView["hcl_resource_view_version"] = "0.0.1" + resourceView["resources"] = c.renderResources() + return resourceView +} + +func (c *HclConfiguration) qualifiedResourceId(localId string) string { + if len(c.path) == 0 { + return localId + } else { + return strings.Join(c.path, ".") + "." + localId + } +} + +func (c *HclConfiguration) renderResources() map[string]interface{} { + resources := make(map[string]interface{}) + + for resourceId, resource := range c.module.ManagedResources { + resourceId = c.qualifiedResourceId(resourceId) + resources[resourceId] = c.renderResource(resourceId, resource) + } + for resourceId, resource := range c.module.DataResources { + resourceId = c.qualifiedResourceId(resourceId) + resources[resourceId] = c.renderResource(resourceId, resource) + } + + for key, _ := range c.children { + if child, ok := c.GetChild(key); ok { + for resourceId, resource := range child.renderResources() { + resources[resourceId] = resource + } + } + } + + return resources +} + +func (c *HclConfiguration) renderResource( + resourceId string, resource *configs.Resource, +) interface{} { + context := c.renderContext(resourceId) + context.schema = c.schemas[resource.Type] + + properties := make(map[string]interface{}) + properties["_type"] = resource.Type + properties["id"] = resourceId + + body, ok := resource.Config.(*hclsyntax.Body) + if !ok { + return properties + } + + bodyProperties := context.RenderBody(body) + for k, v := range bodyProperties { + properties[k] = v + } + + // `provider` may be explicitly set. + if provider, ok := properties["provider"]; ok { + properties["_provider"] = provider + delete(properties, "provider") + } else { + properties["_provider"] = resource.Provider.ForDisplay() + } + + return properties +} + +func (c *HclConfiguration) getResource(id string) (*configs.Resource, bool) { + if r, ok := c.module.ManagedResources[id]; ok { + return r, true + } + if r, ok := c.module.DataResources[id]; ok { + return r, true + } + return nil, false +} + +func (c *HclConfiguration) resolveResourceReference(self string, path []string) interface{} { + if len(path) < 1 { + return nil + } + idx := 2 + if path[0] == "data" { + idx = 3 + } + + if len(path) == 2 && path[0] == "var" { + if value, ok := c.vars[path[1]]; ok { + return value + } else { + return nil + } + } + + if len(path) == 3 && path[0] == "module" { + if child, ok := c.GetChild(path[1]); ok { + out := child.GetOutput(path[2]) + fmt.Fprintf(os.Stderr, "%v -> %v\n", path, out) + return out + } + + return nil + } + + if len(path) > 2 && path[0] == "random_string" { + // Random strings are occasionally used to name resource, e.g.: + // "server-${random_string.foo.result}". By not resolving these, + // we get something like "server-random_string.foo.result" which + // usually doesn't conform to naming constraints but it's unique + // enough to make most validations work. + return nil + } + + resourceId := "" + attributePath := []string{} + + if len(path) == 1 { + // Assume it is a local reference and update `path` to point to this + // reference inside `self`. + resourceId = self + attributePath = []string{path[0]} + } else { + resourceId = strings.Join(path[:idx], ".") + attributePath = path[idx:] + } + + if resource, ok := c.getResource(resourceId); ok { + resourceNode := TfNode{Object: resource.Config, Range: resource.DeclRange} + if node, err := resourceNode.GetDescendant(attributePath); err == nil { + // NOTE: We could handle non-attribute cases but we're usually not + // using these to work with lists and blocks. + if node.Attribute != nil { + expr := node.Attribute.Expr + if e, ok := expr.(hclsyntax.Expression); ok { + ctx := c.renderContext(resourceId) + return ctx.RenderExpr(e) + } + } + } + + return c.qualifiedResourceId(resourceId) + } + return nil +} + +func (c *HclConfiguration) GetChild(name string) (*HclConfiguration, bool) { + if child, ok := c.children[name]; ok { + childVars, haveChildVars := c.childrenVars[name] + if !haveChildVars { + moduleCall := c.module.ModuleCalls[name] + body, ok := moduleCall.Config.(*hclsyntax.Body) + if ok { + ctx := renderContext{ + dir: c.dir, + resolve: func(path []string) interface{} { + return c.resolveResourceReference("module."+name, path) + }, + } + childVars = ctx.RenderBody(body) + for key, val := range childVars { + fmt.Fprintf(os.Stderr, "%s: setting %v to %v\n", name, key, val) + } + } else { + childVars = make(map[string]interface{}) + } + + c.childrenVars[name] = childVars + } + + return child.withVars(childVars), true + } + + return nil, false +} + +func (c *HclConfiguration) GetOutput(name string) interface{} { + if output, ok := c.module.Outputs[name]; ok { + if e, ok := output.Expr.(hclsyntax.Expression); ok { + ctx := c.renderContext("") + return ctx.RenderExpr(e) + } + } + + return nil +} + +func (c *HclConfiguration) renderContext(self string) renderContext { + return renderContext{ + dir: c.dir, + resolve: func(path []string) interface{} { return c.resolveResourceReference(self, path) }, + } +} + +// This is a structure passed down that contains all additional information +// apart from the thing being rendered, which is passed separately. +type renderContext struct { + dir string + schema *tf_resource_schemas.Schema + resolve func([]string) interface{} +} + +// Create a copy of the renderContext with a different schema +func (c *renderContext) WithSchema(schema *tf_resource_schemas.Schema) *renderContext { + c1 := c + c1.schema = schema + return c1 +} + +func (c *renderContext) RenderBody(body *hclsyntax.Body) map[string]interface{} { + properties := make(map[string]interface{}) + + for _, attribute := range body.Attributes { + properties[attribute.Name] = c.WithSchema( + tf_resource_schemas.GetAttribute(c.schema, attribute.Name), + ).RenderAttribute(attribute) + } + + tf_resource_schemas.SetDefaultAttributes(c.schema, properties) + + renderedBlocks := make(map[string][]interface{}) + for _, block := range body.Blocks { + if _, ok := renderedBlocks[block.Type]; !ok { + renderedBlocks[block.Type] = make([]interface{}, 0) + } + + childSchema := tf_resource_schemas.GetAttribute(c.schema, block.Type) + if s := tf_resource_schemas.GetElem(childSchema); s != nil { + childSchema = s + } + + entry := c.WithSchema(childSchema).RenderBlock(block) + renderedBlocks[block.Type] = append(renderedBlocks[block.Type], entry) + } + for key, renderedBlock := range renderedBlocks { + properties[key] = renderedBlock + } + + return properties +} + +func (c *renderContext) RenderAttribute(attribute *hclsyntax.Attribute) interface{} { + if attribute.Expr == nil { + return nil + } + return c.RenderExpr(attribute.Expr) +} + +func (c *renderContext) RenderBlock(block *hclsyntax.Block) interface{} { + if block.Body == nil { + return nil + } + return c.RenderBody(block.Body) +} + +// This returns a string or array of references. +func (c *renderContext) ExpressionReferences(expr hclsyntax.Expression) interface{} { + references := make([]interface{}, 0) + for _, traversal := range expr.Variables() { + path := c.RenderTraversal(traversal) + resolved := c.resolve(path) + if resolved != nil { + references = append(references, resolved) + } + } + if len(references) == 0 { + return nil + } else if len(references) == 1 { + return references[0] + } else { + return references + } +} + +// Auxiliary function to determine if the expression should be ignored from +// sets, lists, etc. +func voidExpression(expr hclsyntax.Expression) bool { + switch e := expr.(type) { + case *hclsyntax.TemplateExpr: + return len(e.Parts) == 0 + } + return false +} + +func (c *renderContext) RenderExpr(expr hclsyntax.Expression) interface{} { + switch e := expr.(type) { + case *hclsyntax.TemplateWrapExpr: + return c.RenderExpr(e.Wrapped) + case *hclsyntax.ScopeTraversalExpr: + path := c.RenderTraversal(e.Traversal) + ref := c.resolve(path) + if ref != nil { + return ref + } else { + // Is this useful? This should just map to variables? + return strings.Join(path, ".") + } + case *hclsyntax.TemplateExpr: + if len(e.Parts) == 1 { + return c.RenderExpr(e.Parts[0]) + } + + // This is commonly used to refer to resources, so we pick out the + // references. + refs := c.ExpressionReferences(e) + if refs != nil { + return refs + } + + str := "" + for _, part := range e.Parts { + val := c.RenderExpr(part) + if s, ok := val.(string); ok { + str += s + } + } + return str + case *hclsyntax.LiteralValueExpr: + return c.RenderValue(e.Val) + case *hclsyntax.TupleConsExpr: + arr := make([]interface{}, 0) + ctx := c.WithSchema(tf_resource_schemas.GetElem(c.schema)) + for _, elem := range e.Exprs { + if !voidExpression(elem) { + arr = append(arr, ctx.RenderExpr(elem)) + } + } + return arr + case *hclsyntax.ObjectConsExpr: + object := make(map[string]interface{}) + for _, item := range e.Items { + ctx := c.WithSchema(nil) // Or pass string+elem schema? + key := ctx.RenderExpr(item.KeyExpr) + val := ctx.RenderExpr(item.ValueExpr) + if str, ok := key.(string); ok { + object[str] = val + } else { + fmt.Fprintf(os.Stderr, "warning: non-string key: %s\n", reflect.TypeOf(key).String()) + } + } + return object + case *hclsyntax.ObjectConsKeyExpr: + // Keywords are interpreted as keys. + if key := hcl.ExprAsKeyword(e); key != "" { + return key + } else { + return c.RenderExpr(e.Wrapped) + } + case *hclsyntax.FunctionCallExpr: + // This is handled using evaluation. + default: + fmt.Fprintf(os.Stderr, "warning: unhandled expression type %s\n", reflect.TypeOf(expr).String()) + } + + // Fall back to normal eval. + return c.EvaluateExpr(expr) +} + +func (c *renderContext) EvaluateExpr(expr hcl.Expression) interface{} { + // We set up a scope and context to be close to regula terraform, and we + // reuse the functions that it exposes. + scope := lang.Scope{ + Data: c, + SelfAddr: nil, + PureOnly: false, + } + // NOTE: we could try to convert the variables we have into native cty.Value + // items and insert them again as variables. + vars := map[string]cty.Value{ + "path": cty.MapVal(map[string]cty.Value{ + "module": cty.StringVal(c.dir), + }), + } + ctx := hcl.EvalContext{ + Functions: scope.Functions(), + Variables: vars, + } + + val, err := expr.Value(&ctx) + if err != nil { + fmt.Fprintf(os.Stderr, "Evaluation error: %s\n", err) + } + return c.RenderValue(val) +} + +func (c *renderContext) RenderTraversal(traversal hcl.Traversal) []string { + parts := make([]string, 0) + + for _, traverser := range traversal { + switch t := traverser.(type) { + case hcl.TraverseRoot: + parts = append(parts, t.Name) + case hcl.TraverseAttr: + parts = append(parts, t.Name) + case hcl.TraverseIndex: + // Should be an integer but treat it a bit more generically. + part := fmt.Sprintf("%v", c.RenderValue(t.Key)) + parts = append(parts, part) + } + } + + return parts +} + +func (c *renderContext) RenderValue(val cty.Value) interface{} { + if !val.IsKnown() { + return nil + } + + if val.Type() == cty.Bool { + return val.True() + } else if val.Type() == cty.Number { + b := val.AsBigFloat() + if b.IsInt() { + i, _ := b.Int64() + return i + } else { + f, _ := b.Float64() + return f + } + } else if val.Type() == cty.String { + return val.AsString() + } else if val.Type().IsTupleType() || val.Type().IsSetType() || val.Type().IsListType() { + ctx := c.WithSchema(tf_resource_schemas.GetElem(c.schema)) + array := make([]interface{}, 0) + for _, elem := range val.AsValueSlice() { + array = append(array, ctx.RenderValue(elem)) + } + return array + } else if val.Type().IsMapType() || val.Type().IsObjectType() { + object := make(map[string]interface{}, 0) + for key, attr := range val.AsValueMap() { + ctx := c.WithSchema(tf_resource_schemas.GetAttribute(c.schema, key)) + object[key] = ctx.RenderValue(attr) + } + return object + } + + fmt.Fprintf(os.Stderr, "Unknown type: %v\n", val.Type().GoString()) + fmt.Fprintf(os.Stderr, "Wholly known: %v\n", val.HasWhollyKnownType()) + return nil +} + +//////////////////////////////////////////////////////////////////////////////// +// This implements the lang.Data interface on the renderContext. Most of the +// functions we're interested in do not use lang.Data, but we can't use a `nil`. + +type UnsupportedOperationDiag struct { +} + +func (d UnsupportedOperationDiag) Severity() tfdiags.Severity { + return tfdiags.Error +} + +func (d UnsupportedOperationDiag) Description() tfdiags.Description { + return tfdiags.Description{ + Summary: "Unsupported operation", + Detail: "This operation cannot currently be performed by regula.", + } +} + +func (d UnsupportedOperationDiag) Source() tfdiags.Source { + return tfdiags.Source{} +} + +func (d UnsupportedOperationDiag) FromExpr() *tfdiags.FromExpr { + return nil +} + +func (c *renderContext) StaticValidateReferences(refs []*addrs.Reference, self addrs.Referenceable) tfdiags.Diagnostics { + return tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetCountAttr(addrs.CountAttr, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetForEachAttr(addrs.ForEachAttr, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetResource(addrs.Resource, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetLocalValue(addrs.LocalValue, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetModule(addrs.ModuleCall, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetPathAttr(attr addrs.PathAttr, diags tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetTerraformAttr(addrs.TerraformAttr, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +func (c *renderContext) GetInputVariable(addrs.InputVariable, tfdiags.SourceRange) (cty.Value, tfdiags.Diagnostics) { + return cty.UnknownVal(cty.DynamicPseudoType), tfdiags.Diagnostics{UnsupportedOperationDiag{}} +} + +//////////////////////////////////////////////////////////////////////////////// +// utilities for traversing to a path in a HCL tree somewhat generically + +// A `TfNode` represents a syntax tree in the HCL config. +type TfNode struct { + // Exactly one of the next three fields will be set. + Object hcl.Body + Array hcl.Blocks + Attribute *hcl.Attribute + + // This will always be set. + Range hcl.Range +} + +func (node *TfNode) GetChild(key string) (*TfNode, error) { + child := TfNode{} + + if node.Object != nil { + bodyContent, _, diags := node.Object.PartialContent(&hcl.BodySchema{ + Attributes: []hcl.AttributeSchema{ + { + Name: key, + Required: false, + }, + }, + Blocks: []hcl.BlockHeaderSchema{ + { + Type: key, + }, + }, + }) + if diags.HasErrors() { + return nil, fmt.Errorf(diags.Error()) + } + + blocks := bodyContent.Blocks.OfType(key) + if len(blocks) > 0 { + child.Array = blocks + child.Range = blocks[0].DefRange + } + + if attribute, ok := bodyContent.Attributes[key]; ok { + child.Attribute = attribute + child.Range = attribute.Range + } + } else if node.Array != nil { + index, err := strconv.Atoi(key) + if err != nil { + return nil, err + } else { + if index < 0 || index >= len(node.Array) { + return nil, fmt.Errorf("TfNode.Get: out of bounds: %d", index) + } + + child.Object = node.Array[index].Body + child.Range = node.Array[index].DefRange + } + } + + return &child, nil +} + +func (node *TfNode) GetDescendant(path []string) (*TfNode, error) { + if len(path) == 0 { + return node, nil + } + + child, err := node.GetChild(path[0]) + if err != nil { + return nil, err + } + + return child.GetDescendant(path[1:]) +} + +func (node *TfNode) Location() string { + return fmt.Sprintf( + "%s:%d:%d", + node.Range.Filename, + node.Range.Start.Line, + node.Range.Start.Column, + ) +} + +//////////////////////////////////////////////////////////////////////////////// +// utilities for traversing to a path in a HCL tree somewhat generically +// `terraform init` downloads modules and writes a helpful file +// `.terraform/modules/modules.json` that tells us where to find modules + +//{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"acm","Source":"terraform-aws-modules/acm/aws","Version":"3.0.0","Dir":".terraform/modules/acm"}]} +type terraformModuleRegister struct { + Modules []terraformModuleRegisterEntry `json:"Modules"` +} + +type terraformModuleRegisterEntry struct { + Source string `json:"Source"` + Dir string `json:"Dir"` +} + +func newTerraformRegister(dir string) *terraformModuleRegister { + registry := terraformModuleRegister{ + Modules: []terraformModuleRegisterEntry{}, + } + path := filepath.Join(dir, ".terraform/modules/modules.json") + bytes, err := ioutil.ReadFile(path) + if err != nil { + return ®istry + } + json.Unmarshal(bytes, ®istry) + for _, entry := range registry.Modules { + fmt.Fprintf(os.Stderr, "Entry: %s -> %s", entry.Source, entry.Dir) + } + return ®istry +} + +func (r *terraformModuleRegister) getDir(source string) *string { + for _, entry := range r.Modules { + if entry.Source == source { + return &entry.Dir + } + } + return nil +} diff --git a/pkg/loader/tf_test.go b/pkg/loader/tf_test.go new file mode 100644 index 00000000..c275e19f --- /dev/null +++ b/pkg/loader/tf_test.go @@ -0,0 +1,61 @@ +package loader_test + +import ( + "encoding/json" + "io/ioutil" + "os" + "path/filepath" + "testing" + + "github.com/fugue/regula/pkg/loader" + "github.com/stretchr/testify/assert" +) + +func TestTf(t *testing.T) { + testDir := "tf_test" + + c, err := ioutil.ReadDir(testDir) + if err != nil { + t.Fatal(err) + } + + fixTests := false + for _, arg := range os.Args { + if arg == "tf-test-fix" { + fixTests = true + } + } + + for _, entry := range c { + if entry.IsDir() { + dir := filepath.Join(testDir, entry.Name()) + outputPath := filepath.Join(testDir, entry.Name()+".json") + + hcl, err := loader.ParseDirectory([]string{}, dir) + if err != nil { + t.Fatal(err) + } + + actualBytes, err := json.MarshalIndent(hcl.RegulaInput(), "", " ") + if err != nil { + t.Fatal(err) + } + + expectedBytes := []byte{} + if _, err := os.Stat(outputPath); err == nil { + expectedBytes, _ = ioutil.ReadFile(outputPath) + if err != nil { + t.Fatal(err) + } + } + + actual := string(actualBytes) + expected := string(expectedBytes) + assert.Equal(t, expected, actual) + + if fixTests { + ioutil.WriteFile(outputPath, actualBytes, 0644) + } + } + } +} diff --git a/pkg/loader/tf_test/example-terraform-modules b/pkg/loader/tf_test/example-terraform-modules new file mode 160000 index 00000000..89a426dc --- /dev/null +++ b/pkg/loader/tf_test/example-terraform-modules @@ -0,0 +1 @@ +Subproject commit 89a426dc646af4484abe9149da40a97fd165a32a diff --git a/pkg/loader/tf_test/example-terraform-modules.json b/pkg/loader/tf_test/example-terraform-modules.json new file mode 100644 index 00000000..05c0722c --- /dev/null +++ b/pkg/loader/tf_test/example-terraform-modules.json @@ -0,0 +1,50 @@ +{ + "content": { + "hcl_resource_view_version": "0.0.1", + "resources": { + "aws_security_group.parent": { + "_provider": "hashicorp/aws", + "_type": "aws_security_group", + "id": "aws_security_group.parent", + "vpc_id": "module.child1.module.grandchild1.aws_vpc.grandchild" + }, + "aws_vpc.parent": { + "_provider": "hashicorp/aws", + "_type": "aws_vpc", + "cidr_block": "10.0.0.0/16", + "id": "aws_vpc.parent" + }, + "module.child1.aws_vpc.child": { + "_provider": "hashicorp/aws", + "_type": "aws_vpc", + "cidr_block": "10.0.0.0/16", + "id": "module.child1.aws_vpc.child" + }, + "module.child1.module.grandchild1.aws_security_group.grandchild": { + "_provider": "hashicorp/aws", + "_type": "aws_security_group", + "id": "module.child1.module.grandchild1.aws_security_group.grandchild", + "vpc_id": "module.child1.module.grandchild1.aws_vpc.grandchild" + }, + "module.child1.module.grandchild1.aws_vpc.grandchild": { + "_provider": "hashicorp/aws", + "_type": "aws_vpc", + "cidr_block": "10.0.0.0/16", + "id": "module.child1.module.grandchild1.aws_vpc.grandchild" + }, + "module.child2.aws_security_group.child": { + "_provider": "hashicorp/aws", + "_type": "aws_security_group", + "id": "module.child2.aws_security_group.child", + "vpc_id": "module.child1.module.grandchild1.aws_vpc.grandchild" + }, + "module.child2.aws_vpc.child": { + "_provider": "hashicorp/aws", + "_type": "aws_vpc", + "cidr_block": "10.0.0.0/16", + "id": "module.child2.aws_vpc.child" + } + } + }, + "filepath": "tf_test/example-terraform-modules" +} \ No newline at end of file diff --git a/pkg/loader/tf_test/file.json b/pkg/loader/tf_test/file.json new file mode 100644 index 00000000..5bf4e14e --- /dev/null +++ b/pkg/loader/tf_test/file.json @@ -0,0 +1,18 @@ +{ + "content": { + "hcl_resource_view_version": "0.0.1", + "resources": { + "aws_s3_bucket.trail_bucket": { + "_provider": "hashicorp/aws", + "_type": "aws_s3_bucket", + "force_destroy": true, + "id": "aws_s3_bucket.trail_bucket", + "tags": { + "file1": "Hello\n", + "file2": "Hello\n" + } + } + } + }, + "filepath": "tf_test/file" +} \ No newline at end of file diff --git a/pkg/loader/tf_test/file/hello.txt b/pkg/loader/tf_test/file/hello.txt new file mode 100644 index 00000000..e965047a --- /dev/null +++ b/pkg/loader/tf_test/file/hello.txt @@ -0,0 +1 @@ +Hello diff --git a/pkg/loader/tf_test/file/main.tf b/pkg/loader/tf_test/file/main.tf new file mode 100644 index 00000000..3dbe9533 --- /dev/null +++ b/pkg/loader/tf_test/file/main.tf @@ -0,0 +1,7 @@ +resource "aws_s3_bucket" "trail_bucket" { + force_destroy = true + tags = { + file1 = file("tf_test/file/hello.txt") + file2 = file("${path.module}/hello.txt") + } +} diff --git a/pkg/loader/tf_test/resource-local-ref.json b/pkg/loader/tf_test/resource-local-ref.json new file mode 100644 index 00000000..909f624e --- /dev/null +++ b/pkg/loader/tf_test/resource-local-ref.json @@ -0,0 +1,18 @@ +{ + "content": { + "hcl_resource_view_version": "0.0.1", + "resources": { + "aws_s3_bucket.trail_bucket": { + "_provider": "hashicorp/aws", + "_type": "aws_s3_bucket", + "bucket_prefix": "hello", + "force_destroy": true, + "id": "aws_s3_bucket.trail_bucket", + "tags": { + "prefix": "hello" + } + } + } + }, + "filepath": "tf_test/resource-local-ref" +} \ No newline at end of file diff --git a/pkg/loader/tf_test/resource-local-ref/main.tf b/pkg/loader/tf_test/resource-local-ref/main.tf new file mode 100644 index 00000000..c4fe523d --- /dev/null +++ b/pkg/loader/tf_test/resource-local-ref/main.tf @@ -0,0 +1,7 @@ +resource "aws_s3_bucket" "trail_bucket" { + bucket_prefix = "hello" + force_destroy = true + tags = { + prefix = bucket_prefix + } +} diff --git a/pkg/loader/tfplan.go b/pkg/loader/tfplan.go new file mode 100644 index 00000000..6eb8f17d --- /dev/null +++ b/pkg/loader/tfplan.go @@ -0,0 +1,75 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package loader + +import ( + "fmt" + + "gopkg.in/yaml.v3" +) + +type TfPlanDetector struct{} + +func (t *TfPlanDetector) DetectFile(i InputFile, opts DetectOptions) (IACConfiguration, error) { + if !opts.IgnoreExt && i.Ext() != ".json" { + return nil, fmt.Errorf("File does not have .json extension: %v", i.Path()) + } + contents, err := i.Contents() + if err != nil { + return nil, err + } + j := &map[string]interface{}{} + if err := yaml.Unmarshal(contents, j); err != nil { + return nil, fmt.Errorf("Failed to parse JSON file %v: %v", i.Path(), err) + } + _, hasTerraformVersion := (*j)["terraform_version"] + + if !hasTerraformVersion { + return nil, fmt.Errorf("Input file is not Terraform Plan JSON: %v", i.Path()) + } + + return &tfPlanLoader{ + path: i.Path(), + content: j, + }, nil +} + +func (c *TfPlanDetector) DetectDirectory(i InputDirectory, opts DetectOptions) (IACConfiguration, error) { + return nil, nil +} + +type tfPlanLoader struct { + path string + content *map[string]interface{} +} + +func (l *tfPlanLoader) RegulaInput() RegulaInput { + return RegulaInput{ + "filepath": l.path, + "content": l.content, + } +} + +func (l *tfPlanLoader) LoadedFiles() []string { + return []string{l.path} +} + +func (l *tfPlanLoader) Location(attributePath []string) (*Location, error) { + return &Location{ + Path: l.path, + Line: 0, + Col: 0, + }, nil +} diff --git a/pkg/loader/tfplan_test.go b/pkg/loader/tfplan_test.go new file mode 100644 index 00000000..733a4a48 --- /dev/null +++ b/pkg/loader/tfplan_test.go @@ -0,0 +1,85 @@ +package loader_test + +import ( + "testing" + + "github.com/fugue/regula/pkg/loader" + inputs "github.com/fugue/regula/pkg/loader/test_inputs" + "github.com/fugue/regula/pkg/mocks" + "github.com/golang/mock/gomock" + "github.com/stretchr/testify/assert" +) + +func TestTfPlanDetector(t *testing.T) { + ctrl := gomock.NewController(t) + testInputs := []struct { + path string + ext string + contents []byte + }{ + {path: "tfplan.json", ext: ".json", contents: inputs.Contents(t, "tfplan.0.12.json")}, + {path: "tfplan.json", ext: ".json", contents: inputs.Contents(t, "tfplan.0.13.json")}, + {path: "tfplan.json", ext: ".json", contents: inputs.Contents(t, "tfplan.0.14.json")}, + {path: "tfplan.json", ext: ".json", contents: inputs.Contents(t, "tfplan.0.15.json")}, + } + detector := &loader.TfPlanDetector{} + + for _, i := range testInputs { + f := makeMockFile(ctrl, i.path, i.ext, i.contents) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.Nil(t, err) + assert.NotNil(t, loader) + assert.Equal(t, loader.LoadedFiles(), []string{i.path}) + } +} + +func TestTfPlanDetectorNotTfContents(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.TfPlanDetector{} + f := makeMockFile(ctrl, "other.json", ".json", inputs.Contents(t, "other.json")) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} + +func TestTfPlanDetectorNotJsonExt(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.TfPlanDetector{} + f := mocks.NewMockInputFile(ctrl) + f.EXPECT().Ext().Return(".tfplan") + f.EXPECT().Path().Return("plan.tfplan") + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} + +func TestTfPlanDetectorIgnoreExt(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.TfPlanDetector{} + f := mocks.NewMockInputFile(ctrl) + f.EXPECT().Path().Return("plan.tfplan") + f.EXPECT().Contents().Return(inputs.Contents(t, "tfplan.0.15.json"), nil) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: true, + }) + assert.Nil(t, err) + assert.NotNil(t, loader) + assert.Equal(t, loader.LoadedFiles(), []string{"plan.tfplan"}) +} + +func TestTfPlanDetectorNotYAML(t *testing.T) { + ctrl := gomock.NewController(t) + detector := &loader.TfPlanDetector{} + f := makeMockFile(ctrl, "not_tfplan.json", ".json", inputs.Contents(t, "text.txt")) + loader, err := detector.DetectFile(f, loader.DetectOptions{ + IgnoreExt: false, + }) + assert.NotNil(t, err) + assert.Nil(t, loader) +} diff --git a/pkg/mocks/mock_configurationdetector.go b/pkg/mocks/mock_configurationdetector.go new file mode 100644 index 00000000..5f5edc78 --- /dev/null +++ b/pkg/mocks/mock_configurationdetector.go @@ -0,0 +1,65 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/fugue/regula/pkg/loader (interfaces: ConfigurationDetector) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + loader "github.com/fugue/regula/pkg/loader" + gomock "github.com/golang/mock/gomock" +) + +// MockConfigurationDetector is a mock of ConfigurationDetector interface. +type MockConfigurationDetector struct { + ctrl *gomock.Controller + recorder *MockConfigurationDetectorMockRecorder +} + +// MockConfigurationDetectorMockRecorder is the mock recorder for MockConfigurationDetector. +type MockConfigurationDetectorMockRecorder struct { + mock *MockConfigurationDetector +} + +// NewMockConfigurationDetector creates a new mock instance. +func NewMockConfigurationDetector(ctrl *gomock.Controller) *MockConfigurationDetector { + mock := &MockConfigurationDetector{ctrl: ctrl} + mock.recorder = &MockConfigurationDetectorMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockConfigurationDetector) EXPECT() *MockConfigurationDetectorMockRecorder { + return m.recorder +} + +// DetectDirectory mocks base method. +func (m *MockConfigurationDetector) DetectDirectory(arg0 loader.InputDirectory, arg1 loader.DetectOptions) (loader.IACConfiguration, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DetectDirectory", arg0, arg1) + ret0, _ := ret[0].(loader.IACConfiguration) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DetectDirectory indicates an expected call of DetectDirectory. +func (mr *MockConfigurationDetectorMockRecorder) DetectDirectory(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetectDirectory", reflect.TypeOf((*MockConfigurationDetector)(nil).DetectDirectory), arg0, arg1) +} + +// DetectFile mocks base method. +func (m *MockConfigurationDetector) DetectFile(arg0 loader.InputFile, arg1 loader.DetectOptions) (loader.IACConfiguration, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DetectFile", arg0, arg1) + ret0, _ := ret[0].(loader.IACConfiguration) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DetectFile indicates an expected call of DetectFile. +func (mr *MockConfigurationDetectorMockRecorder) DetectFile(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetectFile", reflect.TypeOf((*MockConfigurationDetector)(nil).DetectFile), arg0, arg1) +} diff --git a/pkg/mocks/mock_iacconfiguration.go b/pkg/mocks/mock_iacconfiguration.go new file mode 100644 index 00000000..8af89008 --- /dev/null +++ b/pkg/mocks/mock_iacconfiguration.go @@ -0,0 +1,78 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/fugue/regula/pkg/loader (interfaces: IACConfiguration) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + loader "github.com/fugue/regula/pkg/loader" + gomock "github.com/golang/mock/gomock" +) + +// MockIACConfiguration is a mock of IACConfiguration interface. +type MockIACConfiguration struct { + ctrl *gomock.Controller + recorder *MockIACConfigurationMockRecorder +} + +// MockIACConfigurationMockRecorder is the mock recorder for MockIACConfiguration. +type MockIACConfigurationMockRecorder struct { + mock *MockIACConfiguration +} + +// NewMockIACConfiguration creates a new mock instance. +func NewMockIACConfiguration(ctrl *gomock.Controller) *MockIACConfiguration { + mock := &MockIACConfiguration{ctrl: ctrl} + mock.recorder = &MockIACConfigurationMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockIACConfiguration) EXPECT() *MockIACConfigurationMockRecorder { + return m.recorder +} + +// LoadedFiles mocks base method. +func (m *MockIACConfiguration) LoadedFiles() []string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "LoadedFiles") + ret0, _ := ret[0].([]string) + return ret0 +} + +// LoadedFiles indicates an expected call of LoadedFiles. +func (mr *MockIACConfigurationMockRecorder) LoadedFiles() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LoadedFiles", reflect.TypeOf((*MockIACConfiguration)(nil).LoadedFiles)) +} + +// Location mocks base method. +func (m *MockIACConfiguration) Location(arg0 []string) (*loader.Location, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Location", arg0) + ret0, _ := ret[0].(*loader.Location) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Location indicates an expected call of Location. +func (mr *MockIACConfigurationMockRecorder) Location(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Location", reflect.TypeOf((*MockIACConfiguration)(nil).Location), arg0) +} + +// RegulaInput mocks base method. +func (m *MockIACConfiguration) RegulaInput() loader.RegulaInput { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "RegulaInput") + ret0, _ := ret[0].(loader.RegulaInput) + return ret0 +} + +// RegulaInput indicates an expected call of RegulaInput. +func (mr *MockIACConfigurationMockRecorder) RegulaInput() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RegulaInput", reflect.TypeOf((*MockIACConfiguration)(nil).RegulaInput)) +} diff --git a/pkg/mocks/mock_inputdirectory.go b/pkg/mocks/mock_inputdirectory.go new file mode 100644 index 00000000..4402d8fa --- /dev/null +++ b/pkg/mocks/mock_inputdirectory.go @@ -0,0 +1,120 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/fugue/regula/pkg/loader (interfaces: InputDirectory) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + loader "github.com/fugue/regula/pkg/loader" + gomock "github.com/golang/mock/gomock" +) + +// MockInputDirectory is a mock of InputDirectory interface. +type MockInputDirectory struct { + ctrl *gomock.Controller + recorder *MockInputDirectoryMockRecorder +} + +// MockInputDirectoryMockRecorder is the mock recorder for MockInputDirectory. +type MockInputDirectoryMockRecorder struct { + mock *MockInputDirectory +} + +// NewMockInputDirectory creates a new mock instance. +func NewMockInputDirectory(ctrl *gomock.Controller) *MockInputDirectory { + mock := &MockInputDirectory{ctrl: ctrl} + mock.recorder = &MockInputDirectoryMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockInputDirectory) EXPECT() *MockInputDirectoryMockRecorder { + return m.recorder +} + +// Children mocks base method. +func (m *MockInputDirectory) Children() []loader.InputPath { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Children") + ret0, _ := ret[0].([]loader.InputPath) + return ret0 +} + +// Children indicates an expected call of Children. +func (mr *MockInputDirectoryMockRecorder) Children() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Children", reflect.TypeOf((*MockInputDirectory)(nil).Children)) +} + +// DetectType mocks base method. +func (m *MockInputDirectory) DetectType(arg0 loader.ConfigurationDetector, arg1 loader.DetectOptions) (loader.IACConfiguration, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DetectType", arg0, arg1) + ret0, _ := ret[0].(loader.IACConfiguration) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DetectType indicates an expected call of DetectType. +func (mr *MockInputDirectoryMockRecorder) DetectType(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetectType", reflect.TypeOf((*MockInputDirectory)(nil).DetectType), arg0, arg1) +} + +// IsDir mocks base method. +func (m *MockInputDirectory) IsDir() bool { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "IsDir") + ret0, _ := ret[0].(bool) + return ret0 +} + +// IsDir indicates an expected call of IsDir. +func (mr *MockInputDirectoryMockRecorder) IsDir() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsDir", reflect.TypeOf((*MockInputDirectory)(nil).IsDir)) +} + +// Name mocks base method. +func (m *MockInputDirectory) Name() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Name") + ret0, _ := ret[0].(string) + return ret0 +} + +// Name indicates an expected call of Name. +func (mr *MockInputDirectoryMockRecorder) Name() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Name", reflect.TypeOf((*MockInputDirectory)(nil).Name)) +} + +// Path mocks base method. +func (m *MockInputDirectory) Path() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Path") + ret0, _ := ret[0].(string) + return ret0 +} + +// Path indicates an expected call of Path. +func (mr *MockInputDirectoryMockRecorder) Path() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Path", reflect.TypeOf((*MockInputDirectory)(nil).Path)) +} + +// Walk mocks base method. +func (m *MockInputDirectory) Walk(arg0 func(loader.InputPath) error) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Walk", arg0) + ret0, _ := ret[0].(error) + return ret0 +} + +// Walk indicates an expected call of Walk. +func (mr *MockInputDirectoryMockRecorder) Walk(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Walk", reflect.TypeOf((*MockInputDirectory)(nil).Walk), arg0) +} diff --git a/pkg/mocks/mock_inputfile.go b/pkg/mocks/mock_inputfile.go new file mode 100644 index 00000000..7485d2a6 --- /dev/null +++ b/pkg/mocks/mock_inputfile.go @@ -0,0 +1,121 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/fugue/regula/pkg/loader (interfaces: InputFile) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + loader "github.com/fugue/regula/pkg/loader" + gomock "github.com/golang/mock/gomock" +) + +// MockInputFile is a mock of InputFile interface. +type MockInputFile struct { + ctrl *gomock.Controller + recorder *MockInputFileMockRecorder +} + +// MockInputFileMockRecorder is the mock recorder for MockInputFile. +type MockInputFileMockRecorder struct { + mock *MockInputFile +} + +// NewMockInputFile creates a new mock instance. +func NewMockInputFile(ctrl *gomock.Controller) *MockInputFile { + mock := &MockInputFile{ctrl: ctrl} + mock.recorder = &MockInputFileMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockInputFile) EXPECT() *MockInputFileMockRecorder { + return m.recorder +} + +// Contents mocks base method. +func (m *MockInputFile) Contents() ([]byte, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Contents") + ret0, _ := ret[0].([]byte) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Contents indicates an expected call of Contents. +func (mr *MockInputFileMockRecorder) Contents() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Contents", reflect.TypeOf((*MockInputFile)(nil).Contents)) +} + +// DetectType mocks base method. +func (m *MockInputFile) DetectType(arg0 loader.ConfigurationDetector, arg1 loader.DetectOptions) (loader.IACConfiguration, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DetectType", arg0, arg1) + ret0, _ := ret[0].(loader.IACConfiguration) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DetectType indicates an expected call of DetectType. +func (mr *MockInputFileMockRecorder) DetectType(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetectType", reflect.TypeOf((*MockInputFile)(nil).DetectType), arg0, arg1) +} + +// Ext mocks base method. +func (m *MockInputFile) Ext() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Ext") + ret0, _ := ret[0].(string) + return ret0 +} + +// Ext indicates an expected call of Ext. +func (mr *MockInputFileMockRecorder) Ext() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ext", reflect.TypeOf((*MockInputFile)(nil).Ext)) +} + +// IsDir mocks base method. +func (m *MockInputFile) IsDir() bool { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "IsDir") + ret0, _ := ret[0].(bool) + return ret0 +} + +// IsDir indicates an expected call of IsDir. +func (mr *MockInputFileMockRecorder) IsDir() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsDir", reflect.TypeOf((*MockInputFile)(nil).IsDir)) +} + +// Name mocks base method. +func (m *MockInputFile) Name() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Name") + ret0, _ := ret[0].(string) + return ret0 +} + +// Name indicates an expected call of Name. +func (mr *MockInputFileMockRecorder) Name() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Name", reflect.TypeOf((*MockInputFile)(nil).Name)) +} + +// Path mocks base method. +func (m *MockInputFile) Path() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Path") + ret0, _ := ret[0].(string) + return ret0 +} + +// Path indicates an expected call of Path. +func (mr *MockInputFileMockRecorder) Path() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Path", reflect.TypeOf((*MockInputFile)(nil).Path)) +} diff --git a/pkg/mocks/mock_inputpath.go b/pkg/mocks/mock_inputpath.go new file mode 100644 index 00000000..e3864a9b --- /dev/null +++ b/pkg/mocks/mock_inputpath.go @@ -0,0 +1,92 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: github.com/fugue/regula/pkg/loader (interfaces: InputPath) + +// Package mocks is a generated GoMock package. +package mocks + +import ( + reflect "reflect" + + loader "github.com/fugue/regula/pkg/loader" + gomock "github.com/golang/mock/gomock" +) + +// MockInputPath is a mock of InputPath interface. +type MockInputPath struct { + ctrl *gomock.Controller + recorder *MockInputPathMockRecorder +} + +// MockInputPathMockRecorder is the mock recorder for MockInputPath. +type MockInputPathMockRecorder struct { + mock *MockInputPath +} + +// NewMockInputPath creates a new mock instance. +func NewMockInputPath(ctrl *gomock.Controller) *MockInputPath { + mock := &MockInputPath{ctrl: ctrl} + mock.recorder = &MockInputPathMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockInputPath) EXPECT() *MockInputPathMockRecorder { + return m.recorder +} + +// DetectType mocks base method. +func (m *MockInputPath) DetectType(arg0 loader.ConfigurationDetector, arg1 loader.DetectOptions) (loader.IACConfiguration, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DetectType", arg0, arg1) + ret0, _ := ret[0].(loader.IACConfiguration) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DetectType indicates an expected call of DetectType. +func (mr *MockInputPathMockRecorder) DetectType(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DetectType", reflect.TypeOf((*MockInputPath)(nil).DetectType), arg0, arg1) +} + +// IsDir mocks base method. +func (m *MockInputPath) IsDir() bool { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "IsDir") + ret0, _ := ret[0].(bool) + return ret0 +} + +// IsDir indicates an expected call of IsDir. +func (mr *MockInputPathMockRecorder) IsDir() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IsDir", reflect.TypeOf((*MockInputPath)(nil).IsDir)) +} + +// Name mocks base method. +func (m *MockInputPath) Name() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Name") + ret0, _ := ret[0].(string) + return ret0 +} + +// Name indicates an expected call of Name. +func (mr *MockInputPathMockRecorder) Name() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Name", reflect.TypeOf((*MockInputPath)(nil).Name)) +} + +// Path mocks base method. +func (m *MockInputPath) Path() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Path") + ret0, _ := ret[0].(string) + return ret0 +} + +// Path indicates an expected call of Path. +func (mr *MockInputPathMockRecorder) Path() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Path", reflect.TypeOf((*MockInputPath)(nil).Path)) +} diff --git a/pkg/rego/base.go b/pkg/rego/base.go new file mode 100644 index 00000000..c5154e94 --- /dev/null +++ b/pkg/rego/base.go @@ -0,0 +1,14 @@ +package rego + +import ( + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" +) + +type RegoFile interface { + Raw() []byte + String() string + AstModule() (*ast.Module, error) + RegoModule() func(r *rego.Rego) + Path() string +} diff --git a/pkg/rego/builtin.go b/pkg/rego/builtin.go new file mode 100644 index 00000000..a4d9dff6 --- /dev/null +++ b/pkg/rego/builtin.go @@ -0,0 +1,100 @@ +package rego + +import ( + "encoding/json" + "path/filepath" + + "github.com/fugue/regula/pkg/loader" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/types" +) + +func resolvePath(path, location string) string { + if !filepath.IsAbs(path) { + if location == "" { + location = "." + } else { + location = filepath.Dir(location) + } + path = filepath.Join(location, path) + } + return path +} + +func loadToAstTerm(options loader.LoadPathsOptions) (*ast.Term, error) { + configs, err := loader.LoadPaths(options) + if err != nil { + return nil, err + } + + parseable := []interface{}{} + + raw, _ := json.Marshal(configs.RegulaInput()) + _ = json.Unmarshal(raw, &parseable) + + v, err := ast.InterfaceToValue(parseable) + if err != nil { + return nil, err + } + + return ast.NewTerm(v), nil +} + +func regulaLoad(ctx rego.BuiltinContext, a *ast.Term) (*ast.Term, error) { + var path string + if err := ast.As(a.Value, &path); err != nil { + return nil, err + } + + path = resolvePath(path, ctx.Location.File) + + return loadToAstTerm(loader.LoadPathsOptions{ + Paths: []string{path}, + InputType: loader.Auto, + NoIgnore: false, + }) +} + +func regulaLoadType(ctx rego.BuiltinContext, a *ast.Term, b *ast.Term) (*ast.Term, error) { + var path string + var inputTypeStr string + if err := ast.As(a.Value, &path); err != nil { + return nil, err + } + if err := ast.As(b.Value, &inputTypeStr); err != nil { + return nil, err + } + + inputType, err := loader.InputTypeForString(inputTypeStr) + if err != nil { + return nil, err + } + + path = resolvePath(path, ctx.Location.File) + + return loadToAstTerm(loader.LoadPathsOptions{ + Paths: []string{path}, + InputType: inputType, + NoIgnore: false, + }) +} + +func RegisterBuiltins() { + rego.RegisterBuiltin1( + ®o.Function{ + Name: "regula_load", + Decl: types.NewFunction(types.Args(types.S), types.A), + Memoize: true, + }, + regulaLoad, + ) + rego.RegisterBuiltin2( + ®o.Function{ + Name: "regula_load_type", + Decl: types.NewFunction(types.Args(types.S, types.S), types.A), + Memoize: true, + }, + regulaLoadType, + ) +} diff --git a/pkg/rego/load.go b/pkg/rego/load.go new file mode 100644 index 00000000..bf6fa2d8 --- /dev/null +++ b/pkg/rego/load.go @@ -0,0 +1,159 @@ +package rego + +import ( + "embed" + "io/fs" + "os" + "path/filepath" + + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" +) + +//go:embed lib +var regulaLib embed.FS + +//go:embed rules +var regulaRules embed.FS + +var loadExts map[string]bool = map[string]bool{ + ".rego": true, + // TODO: We should evaluate how useful it is for end-users to load non-rego files + // in their rules. We'll need to change how these files get loaded into OPA in + // order to support these other extensions. + // ".yaml": true, + // ".yml": true, + // ".json": true, +} + +type regoFile struct { + path string + contents []byte +} + +func (r *regoFile) Raw() []byte { + return r.contents +} + +func (r *regoFile) String() string { + return string(r.contents) +} + +func (r *regoFile) AstModule() (*ast.Module, error) { + return ast.ParseModule(r.Path(), r.String()) +} + +func (r *regoFile) RegoModule() func(r *rego.Rego) { + return rego.Module(r.Path(), r.String()) +} + +func (r *regoFile) Path() string { + return r.path +} + +func newRegoFile(fsys fs.FS, path string) (RegoFile, error) { + contents, err := fs.ReadFile(fsys, path) + if err != nil { + return nil, err + } + return ®oFile{ + path: path, + contents: contents, + }, nil +} + +func loadDirectory(fsys fs.FS, path string, cb func(r RegoFile) error) error { + walkDirFunc := func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + if d.IsDir() { + return nil + } + if ext := filepath.Ext(path); !loadExts[ext] { + return nil + } + regoFile, err := newRegoFile(fsys, path) + if err != nil { + return err + } + if err := cb(regoFile); err != nil { + return err + } + return nil + } + + if err := fs.WalkDir(fsys, path, walkDirFunc); err != nil { + return err + } + + return nil +} + +func LoadOSFiles(paths []string, cb func(r RegoFile) error) error { + fsys := &osFs{} + for _, path := range paths { + info, err := os.Stat(path) + if err != nil { + return err + } + if info.IsDir() { + err := loadDirectory(fsys, path, cb) + if err != nil { + return err + } + continue + } + file, err := newRegoFile(fsys, path) + if err != nil { + return err + } + if err := cb(file); err != nil { + return err + } + } + return nil +} + +func LoadRegula(userOnly bool, cb func(r RegoFile) error) error { + if err := loadDirectory(regulaLib, "lib", cb); err != nil { + return err + } + if !userOnly { + if err := loadDirectory(regulaRules, "rules", cb); err != nil { + return err + } + } + + return nil +} + +// I might be missing something, but it looks like the only fs.FS implementation +// with os methods is os.DirFS, which has behavior that we don't want. +type osFs struct { + fs.FS + fs.GlobFS + fs.ReadDirFS + fs.ReadFileFS + fs.StatFS +} + +func (o *osFs) Open(name string) (fs.File, error) { + return os.Open(name) +} + +func (o *osFs) Glob(pattern string) ([]string, error) { + return filepath.Glob(pattern) +} + +func (o *osFs) ReadDir(name string) ([]fs.DirEntry, error) { + return os.ReadDir(name) +} + +func (o *osFs) ReadFile(name string) ([]byte, error) { + return os.ReadFile(name) +} + +func (o *osFs) Stat(name string) (fs.FileInfo, error) { + return os.Stat(name) +} diff --git a/pkg/rego/rego_test.go b/pkg/rego/rego_test.go new file mode 100644 index 00000000..6d38a82d --- /dev/null +++ b/pkg/rego/rego_test.go @@ -0,0 +1,70 @@ +package rego_test + +import ( + "context" + "fmt" + "strings" + "testing" + + "github.com/fugue/regula/pkg/rego" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/storage/inmem" + "github.com/open-policy-agent/opa/tester" + "github.com/stretchr/testify/assert" +) + +func formatFailedTest(r *tester.Result) string { + return fmt.Sprintf("%s.%s in file %s", r.Package, r.Name, r.Location.String()) +} + +func runRegoTest(t *testing.T, userOnly bool, includes []string) { + rego.RegisterBuiltins() + modules := map[string]*ast.Module{} + cb := func(r rego.RegoFile) error { + module, err := r.AstModule() + if err != nil { + return err + } + modules[r.Path()] = module + return nil + } + if err := rego.LoadRegula(userOnly, cb); err != nil { + assert.Fail(t, "Failed to load regula", userOnly, err) + } + if err := rego.LoadOSFiles(includes, cb); err != nil { + assert.Fail(t, "Failed to load regula tests", err) + } + ctx := context.Background() + ch, err := tester.NewRunner().SetStore(inmem.New()).Run(ctx, modules) + if err != nil { + assert.Fail(t, "Failed to run tests through OPA", err) + } + failedTests := []string{} + hasFailures := false + errors := []error{} + for r := range ch { + if r.Fail { + hasFailures = true + failedTests = append(failedTests, formatFailedTest(r)) + } + hasFailures = hasFailures || r.Fail + if r.Error != nil { + errors = append(errors, r.Error) + } + } + + assert.Empty(t, errors) + assert.Falsef(t, hasFailures, "Some tests failed:\n%v", strings.Join(failedTests, "\n")) +} + +func TestRegulaLib(t *testing.T) { + runRegoTest(t, true, []string{"../../rego/tests/lib"}) +} + +func TestRegulaRules(t *testing.T) { + runRegoTest(t, false, []string{"../../rego/tests/rules"}) +} + +func TestRegulaExamples(t *testing.T) { + runRegoTest(t, true, []string{"../../rego/examples", "../../rego/tests/examples"}) +} diff --git a/pkg/rego/runrepl.go b/pkg/rego/runrepl.go new file mode 100644 index 00000000..d0122ac4 --- /dev/null +++ b/pkg/rego/runrepl.go @@ -0,0 +1,75 @@ +package rego + +import ( + "context" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/fugue/regula/pkg/version" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/repl" + "github.com/open-policy-agent/opa/storage" + "github.com/open-policy-agent/opa/storage/inmem" +) + +type RunREPLOptions struct { + Ctx context.Context + UserOnly bool + Includes []string +} + +func RunREPL(options *RunREPLOptions) error { + RegisterBuiltins() + store, err := initStore(options.Ctx, options.UserOnly, options.Includes) + if err != nil { + return err + } + var historyPath string + if homeDir, err := os.UserHomeDir(); err == nil { + historyPath = filepath.Join(homeDir, ".regula-history") + } else { + historyPath = filepath.Join(".", ".regula-history") + } + r := repl.New( + store, + historyPath, + os.Stdout, + "pretty", + ast.CompileErrorLimitDefault, + getBanner()) + r.OneShot(options.Ctx, "strict-builtin-errors") + r.Loop(options.Ctx) + return nil +} + +func initStore(ctx context.Context, userOnly bool, includes []string) (storage.Store, error) { + store := inmem.New() + txn, err := store.NewTransaction(ctx, storage.TransactionParams{ + Write: true, + }) + if err != nil { + return nil, err + } + cb := func(r RegoFile) error { + return store.UpsertPolicy(ctx, txn, r.Path(), r.Raw()) + } + if err := LoadRegula(userOnly, cb); err != nil { + return nil, err + } + if err := LoadOSFiles(includes, cb); err != nil { + return nil, err + } + if err := store.Commit(ctx, txn); err != nil { + return nil, err + } + return store, nil +} + +func getBanner() string { + var sb strings.Builder + sb.WriteString(fmt.Sprintf("Regula v%v - built with OPA v%v\n", version.Version, version.OPAVersion)) + sb.WriteString("Run 'help' to see a list of commands.") + return sb.String() +} diff --git a/pkg/rego/runrules.go b/pkg/rego/runrules.go new file mode 100644 index 00000000..6ff31964 --- /dev/null +++ b/pkg/rego/runrules.go @@ -0,0 +1,66 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rego + +import ( + "context" + "fmt" + + "github.com/fugue/regula/pkg/loader" + "github.com/open-policy-agent/opa/rego" +) + +// RunRulesOptions is the set of options for RunRules +type RunRulesOptions struct { + Ctx context.Context + UserOnly bool + Includes []string + Input []loader.RegulaInput +} + +// RunRules runs regula and user-specified rules on loaded inputs +func RunRules(options *RunRulesOptions) (*rego.Result, error) { + RegisterBuiltins() + query, err := prepare(options.Ctx, options.UserOnly, options.Includes) + if err != nil { + return nil, err + } + results, err := query.Eval(options.Ctx, rego.EvalInput(options.Input)) + if err != nil { + return nil, err + } + return &results[0], nil +} + +func prepare(ctx context.Context, userOnly bool, includes []string) (*rego.PreparedEvalQuery, error) { + regoFuncs := []func(r *rego.Rego){ + rego.Query("data.fugue.regula.report"), + } + cb := func(r RegoFile) error { + regoFuncs = append(regoFuncs, rego.Module(r.Path(), r.String())) + return nil + } + if err := LoadRegula(userOnly, cb); err != nil { + return nil, err + } + if err := LoadOSFiles(includes, cb); err != nil { + return nil, err + } + query, err := rego.New(regoFuncs...).PrepareForEval(ctx) + if err != nil { + return nil, fmt.Errorf("Failed to initialize OPA: %v", err) + } + return &query, nil +} diff --git a/pkg/rego/runtest.go b/pkg/rego/runtest.go new file mode 100644 index 00000000..cd1bd1b8 --- /dev/null +++ b/pkg/rego/runtest.go @@ -0,0 +1,50 @@ +package rego + +import ( + "context" + "os" + + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/storage/inmem" + "github.com/open-policy-agent/opa/tester" +) + +type RunTestOptions struct { + Ctx context.Context + Includes []string + Trace bool +} + +func RunTest(options *RunTestOptions) error { + RegisterBuiltins() + modules := map[string]*ast.Module{} + cb := func(r RegoFile) error { + module, err := r.AstModule() + if err != nil { + return err + } + modules[r.Path()] = module + return nil + } + if err := LoadRegula(true, cb); err != nil { + return err + } + if err := LoadOSFiles(options.Includes, cb); err != nil { + return err + } + ch, err := tester. + NewRunner(). + SetStore(inmem.New()). + EnableTracing(options.Trace). + Run(options.Ctx, modules) + if err != nil { + return err + } + reporter := tester.PrettyReporter{ + Output: os.Stdout, + FailureLine: true, + Verbose: options.Trace, + } + reporter.Report(ch) + return nil +} diff --git a/pkg/reporter/base.go b/pkg/reporter/base.go new file mode 100644 index 00000000..3b8f34c7 --- /dev/null +++ b/pkg/reporter/base.go @@ -0,0 +1,218 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import ( + "encoding/json" + "sort" + + "github.com/fugue/regula/pkg/loader" + "github.com/open-policy-agent/opa/rego" +) + +type Severity int + +const ( + Unknown Severity = iota + Informational + Low + Medium + High + Critical + Off +) + +var SeverityIds = map[Severity][]string{ + Unknown: {"unknown"}, + Informational: {"informational"}, + Low: {"low"}, + Medium: {"medium"}, + High: {"high"}, + Critical: {"critical"}, + Off: {"off"}, +} + +type Format int + +const ( + JSON Format = iota + Table + Junit + Tap + None +) + +var FormatIds = map[Format][]string{ + JSON: {"json"}, + Table: {"table"}, + Junit: {"junit"}, + Tap: {"tap"}, + None: {"none"}, +} + +type RegulaOutput struct { + RuleResults []RuleResult `json:"rule_results"` + Summary Summary `json:"summary"` +} + +var regulaSeverities map[string]Severity = map[string]Severity{ + "Unknown": Unknown, + "Informational": Informational, + "Low": Low, + "Medium": Medium, + "High": High, + "Critical": Critical, +} + +func (o RegulaOutput) ExceedsSeverity(severity Severity) bool { + if o.Summary.RuleResults["FAIL"] < 1 { + return false + } + maxSeverity := Unknown + for s, count := range o.Summary.Severities { + if count < 1 { + continue + } + level, ok := regulaSeverities[s] + if !ok { + continue + } + if level > maxSeverity { + maxSeverity = level + } + } + + return maxSeverity >= severity +} + +type ResourceResults struct { + ResourceID string + ResourceType string + Results []RuleResult + Pass bool +} + +type FilepathResults struct { + Filepath string + Results map[string]ResourceResults + Pass bool +} + +func (f FilepathResults) SortedKeys() []string { + keys := []string{} + for k := range f.Results { + keys = append(keys, k) + } + sort.Strings(keys) + return keys +} + +type ResultsByFilepath map[string]FilepathResults + +func (r ResultsByFilepath) SortedKeys() []string { + keys := []string{} + for k := range r { + keys = append(keys, k) + } + sort.Strings(keys) + return keys +} + +func (o RegulaOutput) AggregateByFilepath() ResultsByFilepath { + byFilepath := ResultsByFilepath{} + for _, r := range o.RuleResults { + filepathResults, ok := byFilepath[r.Filepath] + if !ok { + filepathResults = FilepathResults{ + Filepath: r.Filepath, + Results: map[string]ResourceResults{}, + Pass: !r.IsFail(), + } + } + resourceResults, ok := filepathResults.Results[r.ResourceID] + if !ok { + resourceResults = ResourceResults{ + ResourceID: r.ResourceID, + ResourceType: r.ResourceType, + Results: []RuleResult{}, + Pass: !r.IsFail(), + } + } + resourceResults.Results = append(resourceResults.Results, r) + resourceResults.Pass = resourceResults.Pass && !r.IsFail() + filepathResults.Results[r.ResourceID] = resourceResults + filepathResults.Pass = filepathResults.Pass && resourceResults.Pass + byFilepath[r.Filepath] = filepathResults + } + return byFilepath +} + +type RuleResult struct { + Controls []string `json:"controls"` + Filepath string `json:"filepath"` + Platform string `json:"platform"` + Provider string `json:"provider"` + ResourceID string `json:"resource_id"` + ResourceType string `json:"resource_type"` + RuleDescription string `json:"rule_description"` + RuleID string `json:"rule_id"` + RuleMessage string `json:"rule_message"` + RuleName string `json:"rule_name"` + RuleResult string `json:"rule_result"` + RuleSeverity string `json:"rule_severity"` + RuleSummary string `json:"rule_summary"` +} + +func (r RuleResult) IsWaived() bool { + return r.RuleResult == "WAIVED" +} + +func (r RuleResult) IsPass() bool { + return r.RuleResult == "PASS" +} + +func (r RuleResult) IsFail() bool { + return r.RuleResult == "FAIL" +} + +func (r RuleResult) Message() string { + if r.RuleMessage != "" { + return r.RuleMessage + } + if r.RuleSummary != "" { + return r.RuleSummary + } + return r.RuleDescription +} + +type Summary struct { + Filepaths []string `json:"filepaths"` + RuleResults map[string]int `json:"rule_results"` + Severities map[string]int `json:"severities"` +} + +func ParseRegulaOutput(_ loader.LoadedConfigurations, r rego.Result) (*RegulaOutput, error) { + j, err := json.Marshal(r.Expressions[0].Value) + if err != nil { + return nil, err + } + output := &RegulaOutput{} + if err = json.Unmarshal(j, output); err != nil { + return nil, err + } + return output, nil +} + +type Reporter func(r *RegulaOutput) (string, error) diff --git a/pkg/reporter/getreporter.go b/pkg/reporter/getreporter.go new file mode 100644 index 00000000..fbc3d237 --- /dev/null +++ b/pkg/reporter/getreporter.go @@ -0,0 +1,38 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import "fmt" + +func GetReporter(format Format) (Reporter, error) { + switch format { + case JSON: + return JSONReporter, nil + case Table: + return TableReporter, nil + case Junit: + return JUnitReporter, nil + case Tap: + return TapReporter, nil + case None: + return noneReporter, nil + default: + return nil, fmt.Errorf("Unsupported or unrecognized reporter: %v", FormatIds[format]) + } +} + +func noneReporter(o *RegulaOutput) (string, error) { + return "", nil +} diff --git a/pkg/reporter/json.go b/pkg/reporter/json.go new file mode 100644 index 00000000..76ff7c0b --- /dev/null +++ b/pkg/reporter/json.go @@ -0,0 +1,31 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import ( + "bytes" + "encoding/json" +) + +func JSONReporter(r *RegulaOutput) (string, error) { + buf := &bytes.Buffer{} + enc := json.NewEncoder(buf) + enc.SetEscapeHTML(false) + enc.SetIndent("", " ") + if err := enc.Encode(r); err != nil { + return "", err + } + return buf.String(), nil +} diff --git a/pkg/reporter/junit.go b/pkg/reporter/junit.go new file mode 100644 index 00000000..6b8ee8b7 --- /dev/null +++ b/pkg/reporter/junit.go @@ -0,0 +1,129 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import ( + "encoding/xml" + "fmt" + "sort" +) + +func JUnitReporter(o *RegulaOutput) (string, error) { + testSuites := o.AggregateByFilepath().ToTestSuites() + x, err := xml.MarshalIndent(testSuites, "", " ") + if err != nil { + return "", err + } + return string(x), nil +} + +func (r ResourceResults) ToTestCase() JUnitTestCase { + results := r.Results + sort.SliceStable(results, func(i, j int) bool { + return results[i].RuleName < results[j].RuleName + }) + skips := []JUnitSkipMessage{} + failures := []JUnitFailure{} + for _, result := range results { + if result.IsWaived() { + skips = append(skips, JUnitSkipMessage{ + Message: result.Message(), + }) + } else if result.IsFail() { + failures = append(failures, JUnitFailure{ + Message: result.Message(), + Type: result.RuleName, + Contents: failureMessage(result), + }) + } + } + testCase := JUnitTestCase{ + Name: r.ResourceID, + ClassName: r.ResourceType, + Assertions: len(r.Results), + } + if len(skips) > 0 { + testCase.SkipMessage = &skips + } + if len(failures) > 0 { + testCase.Failures = &failures + } + return testCase +} + +func (r FilepathResults) ToTestSuite() JUnitTestSuite { + testCases := []JUnitTestCase{} + for _, k := range r.SortedKeys() { + testCases = append(testCases, r.Results[k].ToTestCase()) + } + return JUnitTestSuite{ + Name: r.Filepath, + Tests: len(testCases), + TestCases: testCases, + } +} + +func (r ResultsByFilepath) ToTestSuites() JUnitTestSuites { + testSuites := []JUnitTestSuite{} + for _, k := range r.SortedKeys() { + testSuites = append(testSuites, r[k].ToTestSuite()) + } + return JUnitTestSuites{ + Name: "Regula", + TestSuites: testSuites, + } +} + +func failureMessage(r RuleResult) string { + return fmt.Sprintf( + "Rule ID: %v\nRule Name: %v\nSeverity: %v\nMessage: %v", + r.RuleID, + r.RuleName, + r.RuleSeverity, + r.Message(), + ) +} + +type JUnitTestSuites struct { + XMLName xml.Name `xml:"testsuites"` + Name string `xml:"name,attr"` + TestSuites []JUnitTestSuite `xml:"testsuite"` +} + +type JUnitTestSuite struct { + XMLName xml.Name `xml:"testsuite"` + Name string `xml:"name,attr"` + Tests int `xml:"tests,attr"` + TestCases []JUnitTestCase `xml:"testcase"` +} + +type JUnitTestCase struct { + XMLName xml.Name `xml:"testcase"` + Name string `xml:"name,attr"` + ClassName string `xml:"classname,attr"` + Assertions int `xml:"assertions,attr"` + SkipMessage *[]JUnitSkipMessage `xml:"skipped,omitempty"` + Failures *[]JUnitFailure `xml:"failure,omitempty"` +} + +type JUnitFailure struct { + Message string `xml:"message,attr"` + Type string `xml:"type,attr"` + Contents string `xml:",chardata"` +} + +type JUnitSkipMessage struct { + Message string `xml:"message,attr"` +} diff --git a/pkg/reporter/table.go b/pkg/reporter/table.go new file mode 100644 index 00000000..61bb7710 --- /dev/null +++ b/pkg/reporter/table.go @@ -0,0 +1,160 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import ( + "sort" + + "github.com/alexeyco/simpletable" + "github.com/fatih/color" +) + +func TableReporter(o *RegulaOutput) (string, error) { + tableData := []TableRow{} + var overall string + if o.Summary.RuleResults["FAIL"] > 0 { + overall = "FAIL" + } else { + overall = "PASS" + } + for _, r := range o.RuleResults { + message := r.RuleMessage + if message == "" { + message = r.RuleSummary + } + tableRow := TableRow{ + Resource: r.ResourceID, + Type: r.ResourceType, + Filepath: r.Filepath, + Severity: colorizeSeverity(r), + RuleID: r.RuleID, + RuleName: r.RuleName, + Message: message, + Result: colorizeResult(r.RuleResult), + } + tableData = append(tableData, tableRow) + } + + sort.SliceStable(tableData, func(i, j int) bool { + if tableData[i].Filepath == tableData[j].Filepath { + if tableData[i].Resource == tableData[j].Resource { + return tableData[i].RuleID < tableData[j].RuleID + } + return tableData[i].Resource < tableData[j].Resource + } + return tableData[i].Filepath < tableData[j].Filepath + }) + + table := simpletable.New() + table.Header = &simpletable.Header{ + Cells: []*simpletable.Cell{ + {Align: simpletable.AlignCenter, Text: "Resource"}, + {Align: simpletable.AlignCenter, Text: "Type"}, + {Align: simpletable.AlignCenter, Text: "Filepath"}, + {Align: simpletable.AlignCenter, Text: "Severity"}, + {Align: simpletable.AlignCenter, Text: "Rule ID"}, + {Align: simpletable.AlignCenter, Text: "Rule Name"}, + {Align: simpletable.AlignCenter, Text: "Message"}, + {Align: simpletable.AlignCenter, Text: "Result"}, + }, + } + for _, row := range tableData { + table.Body.Cells = append(table.Body.Cells, row.toCell()) + } + table.Footer = &simpletable.Footer{ + Cells: []*simpletable.Cell{ + {}, + {}, + {}, + {}, + {}, + {}, + {Align: simpletable.AlignRight, Text: "Overall"}, + {Align: simpletable.AlignRight, Text: colorizeResult(overall)}, + }, + } + + table.SetStyle(simpletable.StyleDefault) + return table.String(), nil +} + +type TableRow struct { + Resource string + Type string + Filepath string + Severity string + RuleID string + RuleName string + Message string + Result string +} + +func (r TableRow) toCell() []*simpletable.Cell { + return []*simpletable.Cell{ + {Text: r.Resource}, + {Text: r.Type}, + {Text: r.Filepath}, + {Text: r.Severity}, + {Text: r.RuleID}, + {Text: r.RuleName}, + {Text: r.Message}, + {Text: r.Result}, + } +} + +var waivedColor func(...interface{}) string = color.New(color.FgBlack).SprintFunc() +var failedColor func(...interface{}) string = color.New(color.FgRed).SprintFunc() +var passedColor func(...interface{}) string = color.New(color.FgGreen).SprintFunc() +var unknownColor func(...interface{}) string = color.New(color.FgMagenta).SprintFunc() +var lowColor func(...interface{}) string = color.New(color.FgBlue).SprintFunc() +var mediumColor func(...interface{}) string = color.New(color.FgYellow).SprintFunc() +var highColor func(...interface{}) string = color.New(color.FgRed).SprintFunc() +var criticalColor func(...interface{}) string = color.New(color.BgRed, color.FgBlack).SprintFunc() + +func colorizeResult(result string) string { + switch result { + case "PASS": + return passedColor(result) + case "FAIL": + return failedColor(result) + case "WAIVED": + return waivedColor(result) + default: + return result + } +} + +func colorizeSeverity(r RuleResult) string { + if r.RuleResult == "PASS" { + return r.RuleSeverity + } + + if r.RuleResult == "WAIVED" { + return waivedColor(r.RuleSeverity) + } + + switch r.RuleSeverity { + case "Low": + return lowColor(r.RuleSeverity) + case "Medium": + return mediumColor(r.RuleSeverity) + case "High": + return highColor(r.RuleSeverity) + case "Critical": + return criticalColor(r.RuleSeverity) + default: + return r.RuleSeverity + } +} diff --git a/pkg/reporter/tap.go b/pkg/reporter/tap.go new file mode 100644 index 00000000..40fb2dc0 --- /dev/null +++ b/pkg/reporter/tap.go @@ -0,0 +1,69 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reporter + +import ( + "fmt" + "sort" + "strings" +) + +func TapReporter(o *RegulaOutput) (string, error) { + results := o.RuleResults + sort.SliceStable(results, func(i, j int) bool { + if results[i].ResourceID == results[j].ResourceID { + return results[i].RuleID < results[j].RuleID + } + return results[i].ResourceID < results[j].ResourceID + }) + + tapOutput := []string{} + for idx, r := range results { + tapOutput = append(tapOutput, r.ToTapRow(idx).String("")) + } + + return strings.Join(tapOutput, "\n"), nil +} + +type TapRow struct { + Ok string + Index int + Message string + Directive string + Resource string + RuleID string +} + +func (r TapRow) String(indent string) string { + return fmt.Sprintf("%s%s %d %s: %s%s", indent, r.Ok, r.Index, r.Resource, r.Message, r.Directive) +} + +func (r RuleResult) ToTapRow(idx int) TapRow { + ok := "ok" + if r.IsFail() { + ok = "not ok" + } + directive := "" + if r.IsWaived() { + directive = " # SKIP: rule waived" + } + return TapRow{ + Ok: ok, + Index: idx, + Message: r.Message(), + Directive: directive, + Resource: r.ResourceID, + } +} diff --git a/pkg/tf_resource_schemas/generate/main.go b/pkg/tf_resource_schemas/generate/main.go new file mode 100644 index 00000000..92aa3661 --- /dev/null +++ b/pkg/tf_resource_schemas/generate/main.go @@ -0,0 +1,89 @@ +// Generates a minimal version of terraform's resource schemas that has just +// the info we need and that we can embed easily. Note that these schemas +// focus on how the resource types will be represented in JSON. +package main + +import ( + "encoding/json" + "os" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + provider_aws "github.com/terraform-providers/terraform-provider-aws/aws" + provider_google "github.com/terraform-providers/terraform-provider-google/google" + + "tf_resource_schemas" +) + +func check(e error) { + if e != nil { + panic(e) + } +} + +func ExtractResourceSchema(r *schema.Resource) *tf_resource_schemas.Schema { + objectSchema := new(tf_resource_schemas.Schema) + objectSchema.Attributes = make(map[string]*tf_resource_schemas.Schema) + for key, attr := range r.Schema { + attrSchema := ExtractSchema(attr) + if attrSchema != nil { + objectSchema.Attributes[key] = attrSchema + } + } + + if len(objectSchema.Attributes) > 0 { + return objectSchema + } else { + return nil + } +} + +func ExtractSchema(s *schema.Schema) *tf_resource_schemas.Schema { + switch elem := s.Elem.(type) { + case *schema.Resource: + elemSchema := ExtractResourceSchema(elem) + if elemSchema != nil { + return &tf_resource_schemas.Schema{Elem: elemSchema} + } else { + return nil + } + } + + if s.Default != nil { + return &tf_resource_schemas.Schema{Default: s.Default} + } + + if s.DefaultFunc != nil { + def, err := s.DefaultFunc() + if err == nil { + return &tf_resource_schemas.Schema{Default: def} + } + } + + return nil +} + +func main() { + f, err := os.Create("pkg/tf_resource_schemas/resource_schemas.json") + check(err) + defer f.Close() + + resourceSchemas := make(tf_resource_schemas.ResourceSchemas) + + providers := []*schema.Provider{ + provider_aws.Provider(), + provider_google.Provider(), + } + + for _, provider := range providers { + for resourceType, resource := range provider.ResourcesMap { + resourceSchema := ExtractResourceSchema(resource) + if resourceSchema != nil { + resourceSchemas[resourceType] = resourceSchema + } + } + } + + bytes, err := json.Marshal(resourceSchemas) + check(err) + f.Write(bytes) +} diff --git a/pkg/tf_resource_schemas/go.mod b/pkg/tf_resource_schemas/go.mod new file mode 100644 index 00000000..b48dafc2 --- /dev/null +++ b/pkg/tf_resource_schemas/go.mod @@ -0,0 +1,3 @@ +module main + +go 1.16 diff --git a/pkg/tf_resource_schemas/load.go b/pkg/tf_resource_schemas/load.go new file mode 100644 index 00000000..725af16c --- /dev/null +++ b/pkg/tf_resource_schemas/load.go @@ -0,0 +1,24 @@ +package tf_resource_schemas + +import ( + _ "embed" + "encoding/json" +) + +//go:embed resource_schemas.json +var resourceSchemasJson []byte + +var resourceSchemas ResourceSchemas + +func LoadResourceSchemas() ResourceSchemas { + if resourceSchemas != nil { + return resourceSchemas + } + + resourceSchemas := make(ResourceSchemas) + err := json.Unmarshal(resourceSchemasJson, &resourceSchemas) + if err != nil { + panic(err) + } + return resourceSchemas +} diff --git a/pkg/tf_resource_schemas/resource_schemas.json b/pkg/tf_resource_schemas/resource_schemas.json new file mode 100644 index 00000000..0e624229 --- /dev/null +++ b/pkg/tf_resource_schemas/resource_schemas.json @@ -0,0 +1 @@ +{"aws_accessanalyzer_analyzer":{"attributes":{"type":{"default":"ACCOUNT"}}},"aws_acm_certificate":{"attributes":{"options":{"elem":{"attributes":{"certificate_transparency_logging_preference":{"default":"ENABLED"}}}}}},"aws_acmpca_certificate_authority":{"attributes":{"enabled":{"default":true},"permanent_deletion_time_in_days":{"default":30},"type":{"default":"SUBORDINATE"}}},"aws_alb":{"attributes":{"access_logs":{"elem":{"attributes":{"enabled":{"default":false}}}},"drop_invalid_header_fields":{"default":false},"enable_cross_zone_load_balancing":{"default":false},"enable_deletion_protection":{"default":false},"enable_http2":{"default":true},"idle_timeout":{"default":60},"load_balancer_type":{"default":"application"}}},"aws_alb_listener":{"attributes":{"default_action":{"elem":{"attributes":{"forward":{"elem":{"attributes":{"stickiness":{"elem":{"attributes":{"enabled":{"default":false}}}},"target_group":{"elem":{"attributes":{"weight":{"default":1}}}}}}},"redirect":{"elem":{"attributes":{"host":{"default":"#{host}"},"path":{"default":"/#{path}"},"port":{"default":"#{port}"},"protocol":{"default":"#{protocol}"},"query":{"default":"#{query}"}}}}}}}}},"aws_alb_listener_rule":{"attributes":{"action":{"elem":{"attributes":{"forward":{"elem":{"attributes":{"stickiness":{"elem":{"attributes":{"enabled":{"default":false}}}},"target_group":{"elem":{"attributes":{"weight":{"default":1}}}}}}},"redirect":{"elem":{"attributes":{"host":{"default":"#{host}"},"path":{"default":"/#{path}"},"port":{"default":"#{port}"},"protocol":{"default":"#{protocol}"},"query":{"default":"#{query}"}}}}}}}}},"aws_alb_target_group":{"attributes":{"deregistration_delay":{"default":300},"health_check":{"elem":{"attributes":{"enabled":{"default":true},"healthy_threshold":{"default":3},"interval":{"default":30},"port":{"default":"traffic-port"},"protocol":{"default":"HTTP"},"unhealthy_threshold":{"default":3}}}},"lambda_multi_value_headers_enabled":{"default":false},"proxy_protocol_v2":{"default":false},"slow_start":{"default":0},"stickiness":{"elem":{"attributes":{"cookie_duration":{"default":86400},"enabled":{"default":true}}}},"target_type":{"default":"instance"}}},"aws_ami":{"attributes":{"architecture":{"default":"x86_64"},"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true},"volume_type":{"default":"standard"}}}},"sriov_net_support":{"default":"simple"},"virtualization_type":{"default":"paravirtual"}}},"aws_ami_copy":{"attributes":{"encrypted":{"default":false}}},"aws_api_gateway_api_key":{"attributes":{"description":{"default":"Managed by Terraform"},"enabled":{"default":true}}},"aws_api_gateway_authorizer":{"attributes":{"authorizer_result_ttl_in_seconds":{"default":300},"identity_source":{"default":"method.request.header.Authorization"},"type":{"default":"TOKEN"}}},"aws_api_gateway_integration":{"attributes":{"connection_type":{"default":"INTERNET"},"timeout_milliseconds":{"default":29000}}},"aws_api_gateway_method":{"attributes":{"api_key_required":{"default":false}}},"aws_api_gateway_method_settings":{"attributes":{"settings":{"elem":{"attributes":{"throttling_burst_limit":{"default":-1},"throttling_rate_limit":{"default":-1}}}}}},"aws_api_gateway_request_validator":{"attributes":{"validate_request_body":{"default":false},"validate_request_parameters":{"default":false}}},"aws_api_gateway_rest_api":{"attributes":{"minimum_compression_size":{"default":-1}}},"aws_api_gateway_usage_plan":{"attributes":{"quota_settings":{"elem":{"attributes":{"offset":{"default":0}}}},"throttle_settings":{"elem":{"attributes":{"burst_limit":{"default":0},"rate_limit":{"default":0}}}}}},"aws_apigatewayv2_api":{"attributes":{"api_key_selection_expression":{"default":"$request.header.x-api-key"},"route_selection_expression":{"default":"$request.method $request.path"}}},"aws_apigatewayv2_integration":{"attributes":{"connection_type":{"default":"INTERNET"},"passthrough_behavior":{"default":"WHEN_NO_MATCH"},"payload_format_version":{"default":"1.0"}}},"aws_apigatewayv2_route":{"attributes":{"api_key_required":{"default":false},"authorization_type":{"default":"NONE"}}},"aws_apigatewayv2_stage":{"attributes":{"auto_deploy":{"default":false},"default_route_settings":{"elem":{"attributes":{"data_trace_enabled":{"default":false},"detailed_metrics_enabled":{"default":false}}}},"route_settings":{"elem":{"attributes":{"data_trace_enabled":{"default":false},"detailed_metrics_enabled":{"default":false}}}}}},"aws_appautoscaling_policy":{"attributes":{"policy_type":{"default":"StepScaling"},"target_tracking_scaling_policy_configuration":{"elem":{"attributes":{"disable_scale_in":{"default":false}}}}}},"aws_appautoscaling_scheduled_action":{"attributes":{"timezone":{"default":"UTC"}}},"aws_appmesh_mesh":{"attributes":{"spec":{"elem":{"attributes":{"egress_filter":{"elem":{"attributes":{"type":{"default":"DROP_ALL"}}}}}}}}},"aws_appmesh_route":{"attributes":{"spec":{"elem":{"attributes":{"grpc_route":{"elem":{"attributes":{"match":{"elem":{"attributes":{"metadata":{"elem":{"attributes":{"invert":{"default":false}}}}}}}}}},"http2_route":{"elem":{"attributes":{"match":{"elem":{"attributes":{"header":{"elem":{"attributes":{"invert":{"default":false}}}}}}}}}},"http_route":{"elem":{"attributes":{"match":{"elem":{"attributes":{"header":{"elem":{"attributes":{"invert":{"default":false}}}}}}}}}}}}}}},"aws_appmesh_virtual_gateway":{"attributes":{"spec":{"elem":{"attributes":{"backend_defaults":{"elem":{"attributes":{"client_policy":{"elem":{"attributes":{"tls":{"elem":{"attributes":{"enforce":{"default":true}}}}}}}}}}}}}}},"aws_appmesh_virtual_node":{"attributes":{"spec":{"elem":{"attributes":{"backend":{"elem":{"attributes":{"virtual_service":{"elem":{"attributes":{"client_policy":{"elem":{"attributes":{"tls":{"elem":{"attributes":{"enforce":{"default":true}}}}}}}}}}}}},"backend_defaults":{"elem":{"attributes":{"client_policy":{"elem":{"attributes":{"tls":{"elem":{"attributes":{"enforce":{"default":true}}}}}}}}}}}}}}},"aws_appsync_api_key":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_appsync_function":{"attributes":{"function_version":{"default":"2018-05-29"}}},"aws_appsync_graphql_api":{"attributes":{"log_config":{"elem":{"attributes":{"exclude_verbose_content":{"default":false}}}}}},"aws_appsync_resolver":{"attributes":{"kind":{"default":"UNIT"}}},"aws_athena_database":{"attributes":{"force_destroy":{"default":false}}},"aws_athena_named_query":{"attributes":{"workgroup":{"default":"primary"}}},"aws_athena_workgroup":{"attributes":{"configuration":{"elem":{"attributes":{"enforce_workgroup_configuration":{"default":true},"publish_cloudwatch_metrics_enabled":{"default":true}}}},"force_destroy":{"default":false},"state":{"default":"ENABLED"}}},"aws_autoscaling_group":{"attributes":{"force_delete":{"default":false},"force_delete_warm_pool":{"default":false},"health_check_grace_period":{"default":300},"instance_refresh":{"elem":{"attributes":{"preferences":{"elem":{"attributes":{"min_healthy_percentage":{"default":90}}}}}}},"metrics_granularity":{"default":"1Minute"},"mixed_instances_policy":{"elem":{"attributes":{"launch_template":{"elem":{"attributes":{"launch_template_specification":{"elem":{"attributes":{"version":{"default":"$Default"}}}},"override":{"elem":{"attributes":{"launch_template_specification":{"elem":{"attributes":{"version":{"default":"$Default"}}}}}}}}}}}}},"protect_from_scale_in":{"default":false},"wait_for_capacity_timeout":{"default":"10m"},"warm_pool":{"elem":{"attributes":{"max_group_prepared_capacity":{"default":-1},"min_size":{"default":0},"pool_state":{"default":"Stopped"}}}}}},"aws_autoscaling_policy":{"attributes":{"policy_type":{"default":"SimpleScaling"},"target_tracking_configuration":{"elem":{"attributes":{"disable_scale_in":{"default":false}}}}}},"aws_autoscalingplans_scaling_plan":{"attributes":{"scaling_instruction":{"elem":{"attributes":{"disable_dynamic_scaling":{"default":false},"scaling_policy_update_behavior":{"default":"KeepExternalPolicies"},"target_tracking_configuration":{"elem":{"attributes":{"disable_scale_in":{"default":false}}}}}}}}},"aws_backup_plan":{"attributes":{"rule":{"elem":{"attributes":{"completion_window":{"default":180},"enable_continuous_backup":{"default":false},"start_window":{"default":60}}}}}},"aws_batch_compute_environment":{"attributes":{"state":{"default":"ENABLED"}}},"aws_budgets_budget":{"attributes":{"cost_types":{"elem":{"attributes":{"include_credit":{"default":true},"include_discount":{"default":true},"include_other_subscription":{"default":true},"include_recurring":{"default":true},"include_refund":{"default":true},"include_subscription":{"default":true},"include_support":{"default":true},"include_tax":{"default":true},"include_upfront":{"default":true},"use_amortized":{"default":false},"use_blended":{"default":false}}}},"time_period_end":{"default":"2087-06-15_00:00"}}},"aws_cloudformation_stack_set":{"attributes":{"permission_model":{"default":"SELF_MANAGED"}}},"aws_cloudformation_stack_set_instance":{"attributes":{"retain_stack":{"default":false}}},"aws_cloudfront_cache_policy":{"attributes":{"default_ttl":{"default":86400},"max_ttl":{"default":31536000},"min_ttl":{"default":0}}},"aws_cloudfront_distribution":{"attributes":{"default_cache_behavior":{"elem":{"attributes":{"compress":{"default":false},"lambda_function_association":{"elem":{"attributes":{"include_body":{"default":false}}}},"min_ttl":{"default":0}}}},"http_version":{"default":"http2"},"is_ipv6_enabled":{"default":false},"logging_config":{"elem":{"attributes":{"include_cookies":{"default":false},"prefix":{"default":""}}}},"ordered_cache_behavior":{"elem":{"attributes":{"compress":{"default":false},"lambda_function_association":{"elem":{"attributes":{"include_body":{"default":false}}}},"min_ttl":{"default":0}}}},"origin":{"elem":{"attributes":{"custom_origin_config":{"elem":{"attributes":{"origin_keepalive_timeout":{"default":5},"origin_read_timeout":{"default":30}}}}}}},"price_class":{"default":"PriceClass_All"},"retain_on_delete":{"default":false},"viewer_certificate":{"elem":{"attributes":{"minimum_protocol_version":{"default":"TLSv1"}}}},"wait_for_deployment":{"default":true}}},"aws_cloudfront_origin_access_identity":{"attributes":{"comment":{"default":""}}},"aws_cloudtrail":{"attributes":{"enable_log_file_validation":{"default":false},"enable_logging":{"default":true},"event_selector":{"elem":{"attributes":{"include_management_events":{"default":true},"read_write_type":{"default":"All"}}}},"include_global_service_events":{"default":true},"is_multi_region_trail":{"default":false},"is_organization_trail":{"default":false}}},"aws_cloudwatch_composite_alarm":{"attributes":{"actions_enabled":{"default":true}}},"aws_cloudwatch_event_permission":{"attributes":{"action":{"default":"events:PutEvents"},"event_bus_name":{"default":"default"}}},"aws_cloudwatch_event_rule":{"attributes":{"event_bus_name":{"default":"default"},"is_enabled":{"default":true}}},"aws_cloudwatch_event_target":{"attributes":{"ecs_target":{"elem":{"attributes":{"launch_type":{"default":"EC2"},"network_configuration":{"elem":{"attributes":{"assign_public_ip":{"default":false}}}},"task_count":{"default":1}}}},"event_bus_name":{"default":"default"}}},"aws_cloudwatch_log_group":{"attributes":{"retention_in_days":{"default":0}}},"aws_cloudwatch_log_subscription_filter":{"attributes":{"distribution":{"default":"ByLogStream"}}},"aws_cloudwatch_metric_alarm":{"attributes":{"actions_enabled":{"default":true},"metric_query":{"elem":{"attributes":{"return_data":{"default":false}}}},"treat_missing_data":{"default":"missing"}}},"aws_codebuild_project":{"attributes":{"artifacts":{"elem":{"attributes":{"encryption_disabled":{"default":false},"override_artifact_name":{"default":false}}}},"badge_enabled":{"default":false},"build_timeout":{"default":"60"},"cache":{"elem":{"attributes":{"type":{"default":"NO_CACHE"}}}},"environment":{"elem":{"attributes":{"environment_variable":{"elem":{"attributes":{"type":{"default":"PLAINTEXT"}}}},"image_pull_credentials_type":{"default":"CODEBUILD"},"privileged_mode":{"default":false}}}},"logs_config":{"elem":{"attributes":{"cloudwatch_logs":{"elem":{"attributes":{"status":{"default":"ENABLED"}}}},"s3_logs":{"elem":{"attributes":{"encryption_disabled":{"default":false},"status":{"default":"DISABLED"}}}}}}},"queued_timeout":{"default":"480"},"secondary_artifacts":{"elem":{"attributes":{"encryption_disabled":{"default":false},"namespace_type":{"default":"NONE"},"override_artifact_name":{"default":false},"packaging":{"default":"NONE"}}}}}},"aws_codebuild_report_group":{"attributes":{"delete_reports":{"default":false},"export_config":{"elem":{"attributes":{"s3_destination":{"elem":{"attributes":{"packaging":{"default":"NONE"}}}}}}}}},"aws_codebuild_webhook":{"attributes":{"filter_group":{"elem":{"attributes":{"filter":{"elem":{"attributes":{"exclude_matched_pattern":{"default":false}}}}}}}}},"aws_codedeploy_app":{"attributes":{"compute_platform":{"default":"Server"}}},"aws_codedeploy_deployment_config":{"attributes":{"compute_platform":{"default":"Server"},"traffic_routing_config":{"elem":{"attributes":{"type":{"default":"AllAtOnce"}}}}}},"aws_codedeploy_deployment_group":{"attributes":{"alarm_configuration":{"elem":{"attributes":{"ignore_poll_alarm_failure":{"default":false}}}},"deployment_config_name":{"default":"CodeDeployDefault.OneAtATime"},"deployment_style":{"elem":{"attributes":{"deployment_option":{"default":"WITHOUT_TRAFFIC_CONTROL"},"deployment_type":{"default":"IN_PLACE"}}}}}},"aws_codestarnotifications_notification_rule":{"attributes":{"status":{"default":"ENABLED"},"target":{"elem":{"attributes":{"type":{"default":"SNS"}}}}}},"aws_cognito_identity_pool":{"attributes":{"allow_unauthenticated_identities":{"default":false},"cognito_identity_providers":{"elem":{"attributes":{"server_side_token_check":{"default":false}}}}}},"aws_cognito_user_pool":{"attributes":{"email_configuration":{"elem":{"attributes":{"email_sending_account":{"default":"COGNITO_DEFAULT"}}}},"mfa_configuration":{"default":"OFF"},"verification_message_template":{"elem":{"attributes":{"default_email_option":{"default":"CONFIRM_WITH_CODE"}}}}}},"aws_cognito_user_pool_client":{"attributes":{"refresh_token_validity":{"default":30},"token_validity_units":{"elem":{"attributes":{"access_token":{"default":"hours"},"id_token":{"default":"hours"},"refresh_token":{"default":"days"}}}}}},"aws_cognito_user_pool_ui_customization":{"attributes":{"client_id":{"default":"ALL"}}},"aws_config_config_rule":{"attributes":{"source":{"elem":{"attributes":{"source_detail":{"elem":{"attributes":{"event_source":{"default":"aws.config"}}}}}}}}},"aws_config_configuration_aggregator":{"attributes":{"account_aggregation_source":{"elem":{"attributes":{"all_regions":{"default":false}}}},"organization_aggregation_source":{"elem":{"attributes":{"all_regions":{"default":false}}}}}},"aws_config_configuration_recorder":{"attributes":{"name":{"default":"default"},"recording_group":{"elem":{"attributes":{"all_supported":{"default":true}}}}}},"aws_config_delivery_channel":{"attributes":{"name":{"default":"default"}}},"aws_cur_report_definition":{"attributes":{"refresh_closed_reports":{"default":true},"report_versioning":{"default":"CREATE_NEW_REPORT"}}},"aws_datasync_location_efs":{"attributes":{"subdirectory":{"default":"/"}}},"aws_datasync_location_smb":{"attributes":{"mount_options":{"elem":{"attributes":{"version":{"default":"AUTOMATIC"}}}}}},"aws_datasync_task":{"attributes":{"options":{"elem":{"attributes":{"atime":{"default":"BEST_EFFORT"},"bytes_per_second":{"default":-1},"gid":{"default":"INT_VALUE"},"mtime":{"default":"PRESERVE"},"posix_permissions":{"default":"PRESERVE"},"preserve_deleted_files":{"default":"PRESERVE"},"preserve_devices":{"default":"NONE"},"uid":{"default":"INT_VALUE"},"verify_mode":{"default":"POINT_IN_TIME_CONSISTENT"}}}}}},"aws_dax_cluster":{"attributes":{"server_side_encryption":{"elem":{"attributes":{"enabled":{"default":false}}}}}},"aws_db_event_subscription":{"attributes":{"enabled":{"default":true}}},"aws_db_instance":{"attributes":{"auto_minor_version_upgrade":{"default":true},"copy_tags_to_snapshot":{"default":false},"delete_automated_backups":{"default":true},"monitoring_interval":{"default":0},"performance_insights_enabled":{"default":false},"publicly_accessible":{"default":false},"skip_final_snapshot":{"default":false}}},"aws_db_option_group":{"attributes":{"option_group_description":{"default":"Managed by Terraform"}}},"aws_db_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"},"parameter":{"elem":{"attributes":{"apply_method":{"default":"immediate"}}}}}},"aws_db_proxy_default_target_group":{"attributes":{"connection_pool_config":{"elem":{"attributes":{"connection_borrow_timeout":{"default":120},"max_connections_percent":{"default":100},"max_idle_connections_percent":{"default":50}}}}}},"aws_db_security_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_db_subnet_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_default_security_group":{"attributes":{"egress":{"elem":{"attributes":{"self":{"default":false}}}},"ingress":{"elem":{"attributes":{"self":{"default":false}}}},"revoke_rules_on_delete":{"default":false}}},"aws_default_vpc":{"attributes":{"enable_dns_support":{"default":true}}},"aws_directory_service_directory":{"attributes":{"enable_sso":{"default":false},"type":{"default":"SimpleAD"}}},"aws_dlm_lifecycle_policy":{"attributes":{"policy_details":{"elem":{"attributes":{"schedule":{"elem":{"attributes":{"create_rule":{"elem":{"attributes":{"interval_unit":{"default":"HOURS"}}}}}}}}}},"state":{"default":"ENABLED"}}},"aws_dms_endpoint":{"attributes":{"elasticsearch_settings":{"elem":{"attributes":{"error_retry_duration":{"default":300},"full_load_error_percentage":{"default":10}}}},"kafka_settings":{"elem":{"attributes":{"topic":{"default":"kafka-default-topic"}}}},"kinesis_settings":{"elem":{"attributes":{"message_format":{"default":"json"}}}},"mongodb_settings":{"elem":{"attributes":{"auth_mechanism":{"default":"default"},"auth_source":{"default":"admin"},"auth_type":{"default":"password"},"docs_to_investigate":{"default":"1000"},"extract_doc_id":{"default":"false"},"nesting_level":{"default":"none"}}}},"s3_settings":{"elem":{"attributes":{"bucket_folder":{"default":""},"bucket_name":{"default":""},"compression_type":{"default":"NONE"},"csv_delimiter":{"default":","},"csv_row_delimiter":{"default":"\\n"},"date_partition_enabled":{"default":false},"external_table_definition":{"default":""},"service_access_role_arn":{"default":""}}}}}},"aws_dms_event_subscription":{"attributes":{"enabled":{"default":true}}},"aws_docdb_cluster":{"attributes":{"backup_retention_period":{"default":1},"engine":{"default":"docdb"},"port":{"default":27017},"skip_final_snapshot":{"default":false}}},"aws_docdb_cluster_instance":{"attributes":{"auto_minor_version_upgrade":{"default":true},"engine":{"default":"docdb"},"promotion_tier":{"default":0}}},"aws_docdb_cluster_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"},"parameter":{"elem":{"attributes":{"apply_method":{"default":"pending-reboot"}}}}}},"aws_docdb_subnet_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_dx_hosted_private_virtual_interface":{"attributes":{"mtu":{"default":1500}}},"aws_dx_hosted_transit_virtual_interface":{"attributes":{"mtu":{"default":1500}}},"aws_dx_lag":{"attributes":{"force_destroy":{"default":false}}},"aws_dx_private_virtual_interface":{"attributes":{"mtu":{"default":1500}}},"aws_dx_transit_virtual_interface":{"attributes":{"mtu":{"default":1500}}},"aws_dynamodb_table":{"attributes":{"billing_mode":{"default":"PROVISIONED"},"ttl":{"elem":{"attributes":{"enabled":{"default":false}}}}}},"aws_ebs_encryption_by_default":{"attributes":{"enabled":{"default":true}}},"aws_ec2_capacity_reservation":{"attributes":{"ebs_optimized":{"default":false},"end_date_type":{"default":"unlimited"},"ephemeral_storage":{"default":false},"instance_match_criteria":{"default":"open"},"tenancy":{"default":"default"}}},"aws_ec2_client_vpn_endpoint":{"attributes":{"split_tunnel":{"default":false},"transport_protocol":{"default":"udp"}}},"aws_ec2_fleet":{"attributes":{"excess_capacity_termination_policy":{"default":"termination"},"on_demand_options":{"elem":{"attributes":{"allocation_strategy":{"default":"lowestPrice"}}}},"spot_options":{"elem":{"attributes":{"allocation_strategy":{"default":"lowestPrice"},"instance_interruption_behavior":{"default":"terminate"},"instance_pools_to_use_count":{"default":1}}}},"terminate_instances":{"default":false},"type":{"default":"maintain"}}},"aws_ec2_transit_gateway":{"attributes":{"amazon_side_asn":{"default":64512},"auto_accept_shared_attachments":{"default":"disable"},"default_route_table_association":{"default":"enable"},"default_route_table_propagation":{"default":"enable"},"dns_support":{"default":"enable"},"vpn_ecmp_support":{"default":"enable"}}},"aws_ec2_transit_gateway_prefix_list_reference":{"attributes":{"blackhole":{"default":false}}},"aws_ec2_transit_gateway_route":{"attributes":{"blackhole":{"default":false}}},"aws_ec2_transit_gateway_vpc_attachment":{"attributes":{"appliance_mode_support":{"default":"disable"},"dns_support":{"default":"enable"},"ipv6_support":{"default":"disable"},"transit_gateway_default_route_table_association":{"default":true},"transit_gateway_default_route_table_propagation":{"default":true}}},"aws_ec2_transit_gateway_vpc_attachment_accepter":{"attributes":{"transit_gateway_default_route_table_association":{"default":true},"transit_gateway_default_route_table_propagation":{"default":true}}},"aws_ecr_repository":{"attributes":{"encryption_configuration":{"elem":{"attributes":{"encryption_type":{"default":"AES256"}}}},"image_tag_mutability":{"default":"MUTABLE"}}},"aws_ecrpublic_repository":{"attributes":{"force_destroy":{"default":false}}},"aws_ecs_service":{"attributes":{"deployment_controller":{"elem":{"attributes":{"type":{"default":"ECS"}}}},"deployment_maximum_percent":{"default":200},"deployment_minimum_healthy_percent":{"default":100},"enable_ecs_managed_tags":{"default":false},"enable_execute_command":{"default":false},"network_configuration":{"elem":{"attributes":{"assign_public_ip":{"default":false}}}},"scheduling_strategy":{"default":"REPLICA"},"wait_for_steady_state":{"default":false}}},"aws_ecs_task_definition":{"attributes":{"proxy_configuration":{"elem":{"attributes":{"type":{"default":"APPMESH"}}}},"volume":{"elem":{"attributes":{"docker_volume_configuration":{"elem":{"attributes":{"autoprovision":{"default":false}}}},"efs_volume_configuration":{"elem":{"attributes":{"root_directory":{"default":"/"}}}}}}}}},"aws_efs_file_system":{"attributes":{"throughput_mode":{"default":"bursting"}}},"aws_eks_cluster":{"attributes":{"vpc_config":{"elem":{"attributes":{"endpoint_private_access":{"default":false},"endpoint_public_access":{"default":true}}}}}},"aws_elastic_beanstalk_application_version":{"attributes":{"force_delete":{"default":false}}},"aws_elastic_beanstalk_environment":{"attributes":{"tier":{"default":"WebServer"},"wait_for_ready_timeout":{"default":"20m"}}},"aws_elasticache_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_elasticache_replication_group":{"attributes":{"auto_minor_version_upgrade":{"default":true},"automatic_failover_enabled":{"default":false},"engine":{"default":"redis"},"multi_az_enabled":{"default":false}}},"aws_elasticache_security_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_elasticache_subnet_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_elasticsearch_domain":{"attributes":{"advanced_security_options":{"elem":{"attributes":{"internal_user_database_enabled":{"default":false}}}},"cluster_config":{"elem":{"attributes":{"dedicated_master_enabled":{"default":false},"instance_count":{"default":1},"instance_type":{"default":"m3.medium.elasticsearch"},"zone_awareness_config":{"elem":{"attributes":{"availability_zone_count":{"default":2}}}}}}},"cognito_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"domain_endpoint_options":{"elem":{"attributes":{"custom_endpoint_enabled":{"default":false},"enforce_https":{"default":true}}}},"elasticsearch_version":{"default":"1.5"},"log_publishing_options":{"elem":{"attributes":{"enabled":{"default":true}}}}}},"aws_elastictranscoder_preset":{"attributes":{"video":{"elem":{"attributes":{"sizing_policy":{"default":"Fit"}}}}}},"aws_elb":{"attributes":{"access_logs":{"elem":{"attributes":{"enabled":{"default":true},"interval":{"default":60}}}},"connection_draining":{"default":false},"connection_draining_timeout":{"default":300},"cross_zone_load_balancing":{"default":true},"idle_timeout":{"default":60}}},"aws_emr_cluster":{"attributes":{"core_instance_fleet":{"elem":{"attributes":{"instance_type_configs":{"elem":{"attributes":{"bid_price_as_percentage_of_on_demand_price":{"default":100},"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"weighted_capacity":{"default":1}}}},"launch_specifications":{"elem":{"attributes":{"spot_specification":{"elem":{"attributes":{"block_duration_minutes":{"default":0}}}}}}},"target_on_demand_capacity":{"default":0},"target_spot_capacity":{"default":0}}}},"core_instance_group":{"elem":{"attributes":{"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"instance_count":{"default":1}}}},"master_instance_fleet":{"elem":{"attributes":{"instance_type_configs":{"elem":{"attributes":{"bid_price_as_percentage_of_on_demand_price":{"default":100},"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"weighted_capacity":{"default":1}}}},"launch_specifications":{"elem":{"attributes":{"spot_specification":{"elem":{"attributes":{"block_duration_minutes":{"default":0}}}}}}},"target_on_demand_capacity":{"default":0},"target_spot_capacity":{"default":0}}}},"master_instance_group":{"elem":{"attributes":{"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"instance_count":{"default":1}}}},"step_concurrency_level":{"default":1},"visible_to_all_users":{"default":true}}},"aws_emr_instance_fleet":{"attributes":{"instance_type_configs":{"elem":{"attributes":{"bid_price_as_percentage_of_on_demand_price":{"default":100},"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"weighted_capacity":{"default":1}}}},"launch_specifications":{"elem":{"attributes":{"spot_specification":{"elem":{"attributes":{"block_duration_minutes":{"default":0}}}}}}},"target_on_demand_capacity":{"default":0},"target_spot_capacity":{"default":0}}},"aws_emr_instance_group":{"attributes":{"ebs_config":{"elem":{"attributes":{"volumes_per_instance":{"default":1}}}},"instance_count":{"default":1}}},"aws_flow_log":{"attributes":{"log_destination_type":{"default":"cloud-watch-logs"},"max_aggregation_interval":{"default":600}}},"aws_fms_policy":{"attributes":{"delete_all_policy_resources":{"default":true}}},"aws_fsx_lustre_file_system":{"attributes":{"copy_tags_to_backups":{"default":false},"deployment_type":{"default":"SCRATCH_1"},"storage_type":{"default":"SSD"}}},"aws_fsx_windows_file_system":{"attributes":{"automatic_backup_retention_days":{"default":7},"copy_tags_to_backups":{"default":false},"deployment_type":{"default":"SINGLE_AZ_1"},"self_managed_active_directory":{"elem":{"attributes":{"file_system_administrators_group":{"default":"Domain Admins"}}}},"skip_final_backup":{"default":false},"storage_type":{"default":"SSD"}}},"aws_gamelift_fleet":{"attributes":{"fleet_type":{"default":"ON_DEMAND"},"new_game_session_protection_policy":{"default":"NoProtection"}}},"aws_glacier_vault_lock":{"attributes":{"ignore_deletion_error":{"default":false}}},"aws_globalaccelerator_accelerator":{"attributes":{"attributes":{"elem":{"attributes":{"flow_logs_enabled":{"default":false}}}},"enabled":{"default":true},"ip_address_type":{"default":"IPV4"}}},"aws_globalaccelerator_endpoint_group":{"attributes":{"health_check_interval_seconds":{"default":30},"health_check_protocol":{"default":"TCP"},"threshold_count":{"default":3},"traffic_dial_percentage":{"default":100}}},"aws_globalaccelerator_listener":{"attributes":{"client_affinity":{"default":"NONE"}}},"aws_glue_classifier":{"attributes":{"csv_classifier":{"elem":{"attributes":{"disable_value_trimming":{"default":true}}}}}},"aws_glue_connection":{"attributes":{"connection_type":{"default":"JDBC"}}},"aws_glue_crawler":{"attributes":{"dynamodb_target":{"elem":{"attributes":{"scan_all":{"default":true}}}},"lineage_configuration":{"elem":{"attributes":{"crawler_lineage_settings":{"default":"DISABLE"}}}},"mongodb_target":{"elem":{"attributes":{"scan_all":{"default":true}}}},"recrawl_policy":{"elem":{"attributes":{"recrawl_behavior":{"default":"CRAWL_EVERYTHING"}}}},"schema_change_policy":{"elem":{"attributes":{"delete_behavior":{"default":"DEPRECATE_IN_DATABASE"},"update_behavior":{"default":"UPDATE_IN_DATABASE"}}}}}},"aws_glue_job":{"attributes":{"command":{"elem":{"attributes":{"name":{"default":"glueetl"}}}},"execution_property":{"elem":{"attributes":{"max_concurrent_runs":{"default":1}}}},"timeout":{"default":2880}}},"aws_glue_ml_transform":{"attributes":{"timeout":{"default":2880}}},"aws_glue_security_configuration":{"attributes":{"encryption_configuration":{"elem":{"attributes":{"cloudwatch_encryption":{"elem":{"attributes":{"cloudwatch_encryption_mode":{"default":"DISABLED"}}}},"job_bookmarks_encryption":{"elem":{"attributes":{"job_bookmarks_encryption_mode":{"default":"DISABLED"}}}},"s3_encryption":{"elem":{"attributes":{"s3_encryption_mode":{"default":"DISABLED"}}}}}}}}},"aws_glue_trigger":{"attributes":{"enabled":{"default":true},"predicate":{"elem":{"attributes":{"conditions":{"elem":{"attributes":{"logical_operator":{"default":"EQUALS"}}}},"logical":{"default":"AND"}}}}}},"aws_guardduty_detector":{"attributes":{"enable":{"default":true}}},"aws_guardduty_publishing_destination":{"attributes":{"destination_type":{"default":"S3"}}},"aws_iam_account_password_policy":{"attributes":{"allow_users_to_change_password":{"default":true},"minimum_password_length":{"default":6}}},"aws_iam_group":{"attributes":{"path":{"default":"/"}}},"aws_iam_instance_profile":{"attributes":{"path":{"default":"/"}}},"aws_iam_policy":{"attributes":{"path":{"default":"/"}}},"aws_iam_role":{"attributes":{"force_detach_policies":{"default":false},"max_session_duration":{"default":3600},"path":{"default":"/"}}},"aws_iam_server_certificate":{"attributes":{"path":{"default":"/"}}},"aws_iam_user":{"attributes":{"force_destroy":{"default":false},"path":{"default":"/"}}},"aws_iam_user_login_profile":{"attributes":{"password_length":{"default":20},"password_reset_required":{"default":true}}},"aws_imagebuilder_image":{"attributes":{"enhanced_image_metadata_enabled":{"default":true},"image_tests_configuration":{"elem":{"attributes":{"image_tests_enabled":{"default":true},"timeout_minutes":{"default":720}}}}}},"aws_imagebuilder_image_pipeline":{"attributes":{"enhanced_image_metadata_enabled":{"default":true},"image_tests_configuration":{"elem":{"attributes":{"image_tests_enabled":{"default":true},"timeout_minutes":{"default":720}}}},"schedule":{"elem":{"attributes":{"pipeline_execution_start_condition":{"default":"EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE"}}}},"status":{"default":"ENABLED"}}},"aws_imagebuilder_infrastructure_configuration":{"attributes":{"logging":{"elem":{"attributes":{"s3_logs":{"elem":{"attributes":{"s3_key_prefix":{"default":"/"}}}}}}},"terminate_instance_on_failure":{"default":false}}},"aws_instance":{"attributes":{"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"get_password_data":{"default":false},"network_interface":{"elem":{"attributes":{"delete_on_termination":{"default":false}}}},"root_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"source_dest_check":{"default":true}}},"aws_iot_role_alias":{"attributes":{"credential_duration":{"default":3600}}},"aws_iot_thing_type":{"attributes":{"deprecated":{"default":false}}},"aws_iot_topic_rule":{"attributes":{"error_action":{"elem":{"attributes":{"republish":{"elem":{"attributes":{"qos":{"default":0}}}},"sns":{"elem":{"attributes":{"message_format":{"default":"RAW"}}}}}}},"republish":{"elem":{"attributes":{"qos":{"default":0}}}},"sns":{"elem":{"attributes":{"message_format":{"default":"RAW"}}}}}},"aws_kinesis_firehose_delivery_stream":{"attributes":{"elasticsearch_configuration":{"elem":{"attributes":{"buffering_interval":{"default":300},"buffering_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"index_rotation_period":{"default":"OneDay"},"retry_duration":{"default":300},"s3_backup_mode":{"default":"FailedDocumentsOnly"}}}},"extended_s3_configuration":{"elem":{"attributes":{"buffer_interval":{"default":300},"buffer_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"compression_format":{"default":"UNCOMPRESSED"},"data_format_conversion_configuration":{"elem":{"attributes":{"enabled":{"default":true},"input_format_configuration":{"elem":{"attributes":{"deserializer":{"elem":{"attributes":{"open_x_json_ser_de":{"elem":{"attributes":{"case_insensitive":{"default":true},"convert_dots_in_json_keys_to_underscores":{"default":false}}}}}}}}}},"output_format_configuration":{"elem":{"attributes":{"serializer":{"elem":{"attributes":{"orc_ser_de":{"elem":{"attributes":{"block_size_bytes":{"default":268435456},"bloom_filter_false_positive_probability":{"default":0.05},"compression":{"default":"SNAPPY"},"dictionary_key_threshold":{"default":0},"enable_padding":{"default":false},"format_version":{"default":"V0_12"},"padding_tolerance":{"default":0.05},"row_index_stride":{"default":10000},"stripe_size_bytes":{"default":67108864}}}},"parquet_ser_de":{"elem":{"attributes":{"block_size_bytes":{"default":268435456},"compression":{"default":"SNAPPY"},"enable_dictionary_compression":{"default":false},"max_padding_bytes":{"default":0},"page_size_bytes":{"default":1048576},"writer_version":{"default":"V1"}}}}}}}}}},"schema_configuration":{"elem":{"attributes":{"version_id":{"default":"LATEST"}}}}}}},"s3_backup_configuration":{"elem":{"attributes":{"buffer_interval":{"default":300},"buffer_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"compression_format":{"default":"UNCOMPRESSED"}}}},"s3_backup_mode":{"default":"Disabled"}}}},"http_endpoint_configuration":{"elem":{"attributes":{"buffering_interval":{"default":300},"buffering_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"request_configuration":{"elem":{"attributes":{"content_encoding":{"default":"NONE"}}}},"retry_duration":{"default":300},"s3_backup_mode":{"default":"FailedDataOnly"}}}},"redshift_configuration":{"elem":{"attributes":{"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"retry_duration":{"default":3600},"s3_backup_configuration":{"elem":{"attributes":{"buffer_interval":{"default":300},"buffer_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"compression_format":{"default":"UNCOMPRESSED"}}}},"s3_backup_mode":{"default":"Disabled"}}}},"s3_configuration":{"elem":{"attributes":{"buffer_interval":{"default":300},"buffer_size":{"default":5},"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"compression_format":{"default":"UNCOMPRESSED"}}}},"server_side_encryption":{"elem":{"attributes":{"enabled":{"default":false},"key_type":{"default":"AWS_OWNED_CMK"}}}},"splunk_configuration":{"elem":{"attributes":{"cloudwatch_logging_options":{"elem":{"attributes":{"enabled":{"default":false}}}},"hec_acknowledgment_timeout":{"default":180},"hec_endpoint_type":{"default":"Raw"},"retry_duration":{"default":3600},"s3_backup_mode":{"default":"FailedEventsOnly"}}}}}},"aws_kinesis_stream":{"attributes":{"encryption_type":{"default":"NONE"},"enforce_consumer_deletion":{"default":false},"retention_period":{"default":24}}},"aws_kinesis_video_stream":{"attributes":{"data_retention_in_hours":{"default":0}}},"aws_kms_external_key":{"attributes":{"deletion_window_in_days":{"default":30}}},"aws_kms_grant":{"attributes":{"retire_on_delete":{"default":false}}},"aws_kms_key":{"attributes":{"customer_master_key_spec":{"default":"SYMMETRIC_DEFAULT"},"enable_key_rotation":{"default":false},"is_enabled":{"default":true},"key_usage":{"default":"ENCRYPT_DECRYPT"}}},"aws_lakeformation_permissions":{"attributes":{"catalog_resource":{"default":false},"table":{"elem":{"attributes":{"wildcard":{"default":false}}}}}},"aws_lambda_event_source_mapping":{"attributes":{"enabled":{"default":true}}},"aws_lambda_function":{"attributes":{"memory_size":{"default":128},"package_type":{"default":"Zip"},"publish":{"default":false},"reserved_concurrent_executions":{"default":-1},"timeout":{"default":3}}},"aws_lambda_function_event_invoke_config":{"attributes":{"maximum_retry_attempts":{"default":2}}},"aws_launch_configuration":{"attributes":{"associate_public_ip_address":{"default":false},"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"enable_monitoring":{"default":true},"root_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}}}},"aws_lb":{"attributes":{"access_logs":{"elem":{"attributes":{"enabled":{"default":false}}}},"drop_invalid_header_fields":{"default":false},"enable_cross_zone_load_balancing":{"default":false},"enable_deletion_protection":{"default":false},"enable_http2":{"default":true},"idle_timeout":{"default":60},"load_balancer_type":{"default":"application"}}},"aws_lb_listener":{"attributes":{"default_action":{"elem":{"attributes":{"forward":{"elem":{"attributes":{"stickiness":{"elem":{"attributes":{"enabled":{"default":false}}}},"target_group":{"elem":{"attributes":{"weight":{"default":1}}}}}}},"redirect":{"elem":{"attributes":{"host":{"default":"#{host}"},"path":{"default":"/#{path}"},"port":{"default":"#{port}"},"protocol":{"default":"#{protocol}"},"query":{"default":"#{query}"}}}}}}}}},"aws_lb_listener_rule":{"attributes":{"action":{"elem":{"attributes":{"forward":{"elem":{"attributes":{"stickiness":{"elem":{"attributes":{"enabled":{"default":false}}}},"target_group":{"elem":{"attributes":{"weight":{"default":1}}}}}}},"redirect":{"elem":{"attributes":{"host":{"default":"#{host}"},"path":{"default":"/#{path}"},"port":{"default":"#{port}"},"protocol":{"default":"#{protocol}"},"query":{"default":"#{query}"}}}}}}}}},"aws_lb_target_group":{"attributes":{"deregistration_delay":{"default":300},"health_check":{"elem":{"attributes":{"enabled":{"default":true},"healthy_threshold":{"default":3},"interval":{"default":30},"port":{"default":"traffic-port"},"protocol":{"default":"HTTP"},"unhealthy_threshold":{"default":3}}}},"lambda_multi_value_headers_enabled":{"default":false},"proxy_protocol_v2":{"default":false},"slow_start":{"default":0},"stickiness":{"elem":{"attributes":{"cookie_duration":{"default":86400},"enabled":{"default":true}}}},"target_type":{"default":"instance"}}},"aws_lex_bot":{"attributes":{"create_version":{"default":false},"detect_sentiment":{"default":false},"enable_model_improvements":{"default":false},"idle_session_ttl_in_seconds":{"default":300},"locale":{"default":"en-US"},"nlu_intent_confidence_threshold":{"default":0},"process_behavior":{"default":"SAVE"}}},"aws_lex_bot_alias":{"attributes":{"description":{"default":""}}},"aws_lex_intent":{"attributes":{"create_version":{"default":false},"slot":{"elem":{"attributes":{"description":{"default":""},"priority":{"default":0}}}}}},"aws_lex_slot_type":{"attributes":{"create_version":{"default":false},"description":{"default":""},"value_selection_strategy":{"default":"ORIGINAL_VALUE"}}},"aws_licensemanager_license_configuration":{"attributes":{"license_count_hard_limit":{"default":false}}},"aws_macie_s3_bucket_association":{"attributes":{"classification_type":{"elem":{"attributes":{"continuous":{"default":"FULL"},"one_time":{"default":"NONE"}}}}}},"aws_media_convert_queue":{"attributes":{"pricing_plan":{"default":"ON_DEMAND"},"status":{"default":"ACTIVE"}}},"aws_media_package_channel":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_mq_broker":{"attributes":{"apply_immediately":{"default":false},"auto_minor_version_upgrade":{"default":false},"deployment_mode":{"default":"SINGLE_INSTANCE"},"encryption_options":{"elem":{"attributes":{"use_aws_owned_key":{"default":true}}}},"publicly_accessible":{"default":false},"user":{"elem":{"attributes":{"console_access":{"default":false}}}}}},"aws_msk_cluster":{"attributes":{"broker_node_group_info":{"elem":{"attributes":{"az_distribution":{"default":"DEFAULT"}}}},"encryption_info":{"elem":{"attributes":{"encryption_in_transit":{"elem":{"attributes":{"client_broker":{"default":"TLS"},"in_cluster":{"default":true}}}}}}},"enhanced_monitoring":{"default":"DEFAULT"}}},"aws_neptune_cluster":{"attributes":{"backup_retention_period":{"default":1},"engine":{"default":"neptune"},"neptune_cluster_parameter_group_name":{"default":"default.neptune1"},"port":{"default":8182},"skip_final_snapshot":{"default":false},"storage_encrypted":{"default":false}}},"aws_neptune_cluster_instance":{"attributes":{"auto_minor_version_upgrade":{"default":true},"engine":{"default":"neptune"},"neptune_parameter_group_name":{"default":"default.neptune1"},"port":{"default":8182},"promotion_tier":{"default":0},"publicly_accessible":{"default":false}}},"aws_neptune_cluster_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"},"parameter":{"elem":{"attributes":{"apply_method":{"default":"pending-reboot"}}}}}},"aws_neptune_event_subscription":{"attributes":{"enabled":{"default":true}}},"aws_neptune_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"},"parameter":{"elem":{"attributes":{"apply_method":{"default":"pending-reboot"}}}}}},"aws_neptune_subnet_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_network_acl_rule":{"attributes":{"egress":{"default":false}}},"aws_network_interface":{"attributes":{"source_dest_check":{"default":true}}},"aws_networkfirewall_firewall":{"attributes":{"delete_protection":{"default":false}}},"aws_opsworks_application":{"attributes":{"enable_ssl":{"default":false},"environment":{"elem":{"attributes":{"secure":{"default":true}}}}}},"aws_opsworks_custom_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_ganglia_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"Ganglia"},"url":{"default":"/ganglia"},"use_ebs_optimized_instances":{"default":false},"username":{"default":"opsworks"}}},"aws_opsworks_haproxy_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"healthcheck_method":{"default":"OPTIONS"},"healthcheck_url":{"default":"/"},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"HAProxy"},"stats_enabled":{"default":true},"stats_url":{"default":"/haproxy?stats"},"stats_user":{"default":"opsworks"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_instance":{"attributes":{"agent_version":{"default":"INHERIT"},"architecture":{"default":"x86_64"},"delete_ebs":{"default":true},"delete_eip":{"default":true},"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"ebs_optimized":{"default":false},"install_updates_on_boot":{"default":true},"root_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}}}},"aws_opsworks_java_app_layer":{"attributes":{"app_server":{"default":"tomcat"},"app_server_version":{"default":"7"},"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"jvm_options":{"default":""},"jvm_type":{"default":"openjdk"},"jvm_version":{"default":"7"},"name":{"default":"Java App Server"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_memcached_layer":{"attributes":{"allocated_memory":{"default":512},"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"Memcached"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_mysql_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"MySQL"},"root_password_on_all_instances":{"default":true},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_nodejs_app_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"Node.js App Server"},"nodejs_version":{"default":"0.10.38"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_php_app_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"PHP App Server"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_rails_app_layer":{"attributes":{"app_server":{"default":"apache_passenger"},"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"bundler_version":{"default":"1.5.3"},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"manage_bundler":{"default":true},"name":{"default":"Rails App Server"},"passenger_version":{"default":"4.0.46"},"ruby_version":{"default":"2.0.0"},"rubygems_version":{"default":"2.2.2"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_stack":{"attributes":{"berkshelf_version":{"default":"3.2.0"},"configuration_manager_name":{"default":"Chef"},"configuration_manager_version":{"default":"11.10"},"default_os":{"default":"Ubuntu 12.04 LTS"},"default_root_device_type":{"default":"instance-store"},"hostname_theme":{"default":"Layer_Dependent"},"manage_berkshelf":{"default":false},"use_custom_cookbooks":{"default":false},"use_opsworks_security_groups":{"default":true}}},"aws_opsworks_static_web_layer":{"attributes":{"auto_assign_elastic_ips":{"default":false},"auto_assign_public_ips":{"default":false},"auto_healing":{"default":true},"drain_elb_on_shutdown":{"default":true},"ebs_volume":{"elem":{"attributes":{"encrypted":{"default":false},"iops":{"default":0},"raid_level":{"default":""},"type":{"default":"standard"}}}},"install_updates_on_boot":{"default":true},"instance_shutdown_timeout":{"default":120},"name":{"default":"Static Web Server"},"use_ebs_optimized_instances":{"default":false}}},"aws_opsworks_user_profile":{"attributes":{"allow_self_management":{"default":false}}},"aws_organizations_organization":{"attributes":{"feature_set":{"default":"ALL"}}},"aws_organizations_policy":{"attributes":{"type":{"default":"SERVICE_CONTROL_POLICY"}}},"aws_pinpoint_adm_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_apns_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_apns_sandbox_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_apns_voip_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_apns_voip_sandbox_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_baidu_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_email_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_gcm_channel":{"attributes":{"enabled":{"default":true}}},"aws_pinpoint_sms_channel":{"attributes":{"enabled":{"default":true}}},"aws_qldb_ledger":{"attributes":{"deletion_protection":{"default":true}}},"aws_quicksight_group":{"attributes":{"namespace":{"default":"default"}}},"aws_quicksight_user":{"attributes":{"namespace":{"default":"default"}}},"aws_ram_resource_share":{"attributes":{"allow_external_principals":{"default":false}}},"aws_rds_cluster":{"attributes":{"backup_retention_period":{"default":1},"copy_tags_to_snapshot":{"default":false},"enable_http_endpoint":{"default":false},"engine":{"default":"aurora"},"engine_mode":{"default":"provisioned"},"scaling_configuration":{"elem":{"attributes":{"auto_pause":{"default":true},"max_capacity":{"default":16},"min_capacity":{"default":1},"seconds_until_auto_pause":{"default":300},"timeout_action":{"default":"RollbackCapacityChange"}}}},"skip_final_snapshot":{"default":false}}},"aws_rds_cluster_instance":{"attributes":{"auto_minor_version_upgrade":{"default":true},"copy_tags_to_snapshot":{"default":false},"engine":{"default":"aurora"},"monitoring_interval":{"default":0},"promotion_tier":{"default":0},"publicly_accessible":{"default":false}}},"aws_rds_cluster_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"},"parameter":{"elem":{"attributes":{"apply_method":{"default":"immediate"}}}}}},"aws_rds_global_cluster":{"attributes":{"deletion_protection":{"default":false}}},"aws_redshift_cluster":{"attributes":{"allow_version_upgrade":{"default":true},"automated_snapshot_retention_period":{"default":1},"cluster_version":{"default":"1.0"},"encrypted":{"default":false},"number_of_nodes":{"default":1},"port":{"default":5439},"publicly_accessible":{"default":true},"skip_final_snapshot":{"default":false},"snapshot_copy":{"elem":{"attributes":{"retention_period":{"default":7}}}}}},"aws_redshift_event_subscription":{"attributes":{"enabled":{"default":true}}},"aws_redshift_parameter_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_redshift_security_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_redshift_snapshot_schedule":{"attributes":{"force_destroy":{"default":false}}},"aws_redshift_subnet_group":{"attributes":{"description":{"default":"Managed by Terraform"}}},"aws_resourcegroups_group":{"attributes":{"resource_query":{"elem":{"attributes":{"type":{"default":"TAG_FILTERS_1_0"}}}}}},"aws_route53_health_check":{"attributes":{"disabled":{"default":false},"measure_latency":{"default":false}}},"aws_route53_hosted_zone_dnssec":{"attributes":{"signing_status":{"default":"SIGNING"}}},"aws_route53_key_signing_key":{"attributes":{"status":{"default":"ACTIVE"}}},"aws_route53_resolver_rule":{"attributes":{"target_ip":{"elem":{"attributes":{"port":{"default":53}}}}}},"aws_route53_zone":{"attributes":{"comment":{"default":"Managed by Terraform"},"force_destroy":{"default":false}}},"aws_s3_access_point":{"attributes":{"public_access_block_configuration":{"elem":{"attributes":{"block_public_acls":{"default":true},"block_public_policy":{"default":true},"ignore_public_acls":{"default":true},"restrict_public_buckets":{"default":true}}}}}},"aws_s3_account_public_access_block":{"attributes":{"block_public_acls":{"default":false},"block_public_policy":{"default":false},"ignore_public_acls":{"default":false},"restrict_public_buckets":{"default":false}}},"aws_s3_bucket":{"attributes":{"acl":{"default":"private"},"force_destroy":{"default":false},"versioning":{"elem":{"attributes":{"enabled":{"default":false},"mfa_delete":{"default":false}}}}}},"aws_s3_bucket_analytics_configuration":{"attributes":{"storage_class_analysis":{"elem":{"attributes":{"data_export":{"elem":{"attributes":{"destination":{"elem":{"attributes":{"s3_bucket_destination":{"elem":{"attributes":{"format":{"default":"CSV"}}}}}}},"output_schema_version":{"default":"V_1"}}}}}}}}},"aws_s3_bucket_inventory":{"attributes":{"enabled":{"default":true}}},"aws_s3_bucket_object":{"attributes":{"acl":{"default":"private"},"force_destroy":{"default":false}}},"aws_s3_bucket_public_access_block":{"attributes":{"block_public_acls":{"default":false},"block_public_policy":{"default":false},"ignore_public_acls":{"default":false},"restrict_public_buckets":{"default":false}}},"aws_s3_object_copy":{"attributes":{"acl":{"default":"private"},"force_destroy":{"default":false}}},"aws_s3control_bucket_lifecycle_configuration":{"attributes":{"rule":{"elem":{"attributes":{"expiration":{"elem":{"attributes":{"expired_object_delete_marker":{"default":false}}}},"status":{"default":"Enabled"}}}}}},"aws_sagemaker_app_image_config":{"attributes":{"kernel_gateway_image_config":{"elem":{"attributes":{"file_system_config":{"elem":{"attributes":{"default_gid":{"default":100},"default_uid":{"default":1000},"mount_path":{"default":"/home/sagemaker-user"}}}}}}}}},"aws_sagemaker_domain":{"attributes":{"app_network_access_type":{"default":"PublicInternetOnly"},"default_user_settings":{"elem":{"attributes":{"sharing_settings":{"elem":{"attributes":{"notebook_output_option":{"default":"Disabled"}}}}}}}}},"aws_sagemaker_endpoint_configuration":{"attributes":{"production_variants":{"elem":{"attributes":{"initial_variant_weight":{"default":1}}}}}},"aws_sagemaker_feature_group":{"attributes":{"online_store_config":{"elem":{"attributes":{"enable_online_store":{"default":false}}}}}},"aws_sagemaker_model":{"attributes":{"container":{"elem":{"attributes":{"mode":{"default":"SingleModel"}}}},"primary_container":{"elem":{"attributes":{"mode":{"default":"SingleModel"}}}}}},"aws_sagemaker_notebook_instance":{"attributes":{"direct_internet_access":{"default":"Enabled"},"root_access":{"default":"Enabled"},"volume_size":{"default":5}}},"aws_sagemaker_user_profile":{"attributes":{"user_settings":{"elem":{"attributes":{"sharing_settings":{"elem":{"attributes":{"notebook_output_option":{"default":"Disabled"}}}}}}}}},"aws_secretsmanager_secret":{"attributes":{"recovery_window_in_days":{"default":30}}},"aws_security_group":{"attributes":{"description":{"default":"Managed by Terraform"},"egress":{"elem":{"attributes":{"self":{"default":false}}}},"ingress":{"elem":{"attributes":{"self":{"default":false}}}},"revoke_rules_on_delete":{"default":false}}},"aws_security_group_rule":{"attributes":{"self":{"default":false}}},"aws_service_discovery_service":{"attributes":{"dns_config":{"elem":{"attributes":{"routing_policy":{"default":"MULTIVALUE"}}}}}},"aws_ses_configuration_set":{"attributes":{"delivery_options":{"elem":{"attributes":{"tls_policy":{"default":"Optional"}}}}}},"aws_ses_domain_mail_from":{"attributes":{"behavior_on_mx_failure":{"default":"UseDefaultValue"}}},"aws_ses_event_destination":{"attributes":{"enabled":{"default":false}}},"aws_ses_receipt_rule":{"attributes":{"enabled":{"default":false},"scan_enabled":{"default":false}}},"aws_sfn_state_machine":{"attributes":{"type":{"default":"STANDARD"}}},"aws_signer_signing_job":{"attributes":{"ignore_signing_job_failure":{"default":false}}},"aws_sns_topic":{"attributes":{"content_based_deduplication":{"default":false},"fifo_topic":{"default":false}}},"aws_sns_topic_subscription":{"attributes":{"confirmation_timeout_in_minutes":{"default":1},"endpoint_auto_confirms":{"default":false},"raw_message_delivery":{"default":false}}},"aws_spot_fleet_request":{"attributes":{"allocation_strategy":{"default":"lowestPrice"},"excess_capacity_termination_policy":{"default":"Default"},"fleet_type":{"default":"maintain"},"instance_interruption_behaviour":{"default":"terminate"},"instance_pools_to_use_count":{"default":1},"launch_specification":{"elem":{"attributes":{"associate_public_ip_address":{"default":false},"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"ebs_optimized":{"default":false},"monitoring":{"default":false},"root_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}}}}},"replace_unhealthy_instances":{"default":false},"wait_for_fulfillment":{"default":false}}},"aws_spot_instance_request":{"attributes":{"ebs_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"get_password_data":{"default":false},"instance_interruption_behaviour":{"default":"terminate"},"network_interface":{"elem":{"attributes":{"delete_on_termination":{"default":false}}}},"root_block_device":{"elem":{"attributes":{"delete_on_termination":{"default":true}}}},"source_dest_check":{"default":true},"spot_type":{"default":"persistent"},"wait_for_fulfillment":{"default":false}}},"aws_sqs_queue":{"attributes":{"content_based_deduplication":{"default":false},"delay_seconds":{"default":0},"fifo_queue":{"default":false},"max_message_size":{"default":262144},"message_retention_seconds":{"default":345600},"receive_wait_time_seconds":{"default":0},"visibility_timeout_seconds":{"default":30}}},"aws_ssm_association":{"attributes":{"apply_only_at_cron_interval":{"default":false}}},"aws_ssm_document":{"attributes":{"document_format":{"default":"JSON"}}},"aws_ssm_maintenance_window":{"attributes":{"allow_unassociated_targets":{"default":false},"enabled":{"default":true}}},"aws_ssm_parameter":{"attributes":{"tier":{"default":"Standard"}}},"aws_ssm_patch_baseline":{"attributes":{"approval_rule":{"elem":{"attributes":{"compliance_level":{"default":"UNSPECIFIED"},"enable_non_security":{"default":false}}}},"approved_patches_compliance_level":{"default":"UNSPECIFIED"},"operating_system":{"default":"WINDOWS"}}},"aws_ssm_resource_data_sync":{"attributes":{"s3_destination":{"elem":{"attributes":{"sync_format":{"default":"JsonSerDe"}}}}}},"aws_ssoadmin_permission_set":{"attributes":{"session_duration":{"default":"PT1H"}}},"aws_storagegateway_gateway":{"attributes":{"gateway_type":{"default":"STORED"},"smb_active_directory_settings":{"elem":{"attributes":{"timeout_in_seconds":{"default":20}}}}}},"aws_storagegateway_nfs_file_share":{"attributes":{"default_storage_class":{"default":"S3_STANDARD"},"guess_mime_type_enabled":{"default":true},"kms_encrypted":{"default":false},"nfs_file_share_defaults":{"elem":{"attributes":{"directory_mode":{"default":"0777"},"file_mode":{"default":"0666"},"group_id":{"default":"65534"},"owner_id":{"default":"65534"}}}},"notification_policy":{"default":"{}"},"object_acl":{"default":"private"},"read_only":{"default":false},"requester_pays":{"default":false},"squash":{"default":"RootSquash"}}},"aws_storagegateway_smb_file_share":{"attributes":{"access_based_enumeration":{"default":false},"authentication":{"default":"ActiveDirectory"},"case_sensitivity":{"default":"ClientSpecified"},"default_storage_class":{"default":"S3_STANDARD"},"guess_mime_type_enabled":{"default":true},"kms_encrypted":{"default":false},"notification_policy":{"default":"{}"},"object_acl":{"default":"private"},"read_only":{"default":false},"requester_pays":{"default":false}}},"aws_storagegateway_tape_pool":{"attributes":{"retention_lock_time_in_days":{"default":0},"retention_lock_type":{"default":"NONE"}}},"aws_subnet":{"attributes":{"assign_ipv6_address_on_creation":{"default":false},"map_public_ip_on_launch":{"default":false}}},"aws_synthetics_canary":{"attributes":{"failure_retention_period":{"default":31},"run_config":{"elem":{"attributes":{"timeout_in_seconds":{"default":840}}}},"start_canary":{"default":false},"success_retention_period":{"default":31}}},"aws_transfer_server":{"attributes":{"endpoint_type":{"default":"PUBLIC"},"force_destroy":{"default":false},"identity_provider_type":{"default":"SERVICE_MANAGED"}}},"aws_transfer_user":{"attributes":{"home_directory_type":{"default":"PATH"}}},"aws_vpc":{"attributes":{"assign_generated_ipv6_cidr_block":{"default":false},"enable_dns_support":{"default":true},"instance_tenancy":{"default":"default"}}},"aws_vpc_endpoint":{"attributes":{"private_dns_enabled":{"default":false},"vpc_endpoint_type":{"default":"Gateway"}}},"aws_vpc_peering_connection":{"attributes":{"accepter":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}},"requester":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}}}},"aws_vpc_peering_connection_accepter":{"attributes":{"accepter":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}},"requester":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}}}},"aws_vpc_peering_connection_options":{"attributes":{"accepter":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}},"requester":{"elem":{"attributes":{"allow_classic_link_to_remote_vpc":{"default":false},"allow_remote_vpc_dns_resolution":{"default":false},"allow_vpc_to_remote_classic_link":{"default":false}}}}}},"aws_waf_rule_group":{"attributes":{"activated_rule":{"elem":{"attributes":{"type":{"default":"REGULAR"}}}}}},"aws_waf_web_acl":{"attributes":{"rules":{"elem":{"attributes":{"type":{"default":"REGULAR"}}}}}},"aws_wafregional_rule_group":{"attributes":{"activated_rule":{"elem":{"attributes":{"type":{"default":"REGULAR"}}}}}},"aws_wafregional_web_acl":{"attributes":{"rule":{"elem":{"attributes":{"type":{"default":"REGULAR"}}}}}},"aws_wafv2_web_acl":{"attributes":{"rule":{"elem":{"attributes":{"statement":{"elem":{"attributes":{"rate_based_statement":{"elem":{"attributes":{"aggregate_key_type":{"default":"IP"}}}}}}}}}}}},"aws_worklink_fleet":{"attributes":{"optimize_for_end_user_location":{"default":true}}},"aws_workspaces_directory":{"attributes":{"self_service_permissions":{"elem":{"attributes":{"change_compute_type":{"default":false},"increase_volume_size":{"default":false},"rebuild_workspace":{"default":false},"restart_workspace":{"default":true},"switch_running_mode":{"default":false}}}},"workspace_creation_properties":{"elem":{"attributes":{"enable_internet_access":{"default":false},"enable_maintenance_mode":{"default":false},"user_enabled_as_local_administrator":{"default":false}}}}}},"aws_workspaces_workspace":{"attributes":{"root_volume_encryption_enabled":{"default":false},"user_volume_encryption_enabled":{"default":false},"workspace_properties":{"elem":{"attributes":{"compute_type_name":{"default":"VALUE"},"root_volume_size_gib":{"default":80},"running_mode":{"default":"ALWAYS_ON"},"user_volume_size_gib":{"default":10}}}}}},"google_access_context_manager_access_level":{"attributes":{"basic":{"elem":{"attributes":{"combining_function":{"default":"AND"}}}}}},"google_access_context_manager_access_levels":{"attributes":{"access_levels":{"elem":{"attributes":{"basic":{"elem":{"attributes":{"combining_function":{"default":"AND"}}}}}}}}},"google_access_context_manager_service_perimeter":{"attributes":{"perimeter_type":{"default":"PERIMETER_TYPE_REGULAR"}}},"google_access_context_manager_service_perimeters":{"attributes":{"service_perimeters":{"elem":{"attributes":{"perimeter_type":{"default":"PERIMETER_TYPE_REGULAR"}}}}}},"google_active_directory_domain":{"attributes":{"admin":{"default":"setupadmin"}}},"google_apigee_organization":{"attributes":{"runtime_type":{"default":"CLOUD"}}},"google_app_engine_application":{"attributes":{"iap":{"elem":{"attributes":{"enabled":{"default":false}}}}}},"google_app_engine_application_url_dispatch_rules":{"attributes":{"dispatch_rules":{"elem":{"attributes":{"domain":{"default":"*"}}}}}},"google_app_engine_domain_mapping":{"attributes":{"override_strategy":{"default":"STRICT"}}},"google_app_engine_flexible_app_version":{"attributes":{"api_config":{"elem":{"attributes":{"auth_fail_action":{"default":"AUTH_FAIL_ACTION_REDIRECT"},"login":{"default":"LOGIN_OPTIONAL"}}}},"automatic_scaling":{"elem":{"attributes":{"cool_down_period":{"default":"120s"},"max_total_instances":{"default":20},"min_total_instances":{"default":2}}}},"delete_service_on_destroy":{"default":false},"endpoints_api_service":{"elem":{"attributes":{"disable_trace_sampling":{"default":false},"rollout_strategy":{"default":"FIXED"}}}},"handlers":{"elem":{"attributes":{"static_files":{"elem":{"attributes":{"expiration":{"default":"0s"}}}}}}},"liveness_check":{"elem":{"attributes":{"check_interval":{"default":"30s"},"failure_threshold":{"default":4},"initial_delay":{"default":"300s"},"success_threshold":{"default":2},"timeout":{"default":"4s"}}}},"noop_on_destroy":{"default":false},"readiness_check":{"elem":{"attributes":{"app_start_timeout":{"default":"300s"},"check_interval":{"default":"5s"},"failure_threshold":{"default":2},"success_threshold":{"default":2},"timeout":{"default":"4s"}}}},"serving_status":{"default":"SERVING"}}},"google_app_engine_standard_app_version":{"attributes":{"basic_scaling":{"elem":{"attributes":{"idle_timeout":{"default":"900s"}}}},"delete_service_on_destroy":{"default":false},"noop_on_destroy":{"default":false}}},"google_bigquery_data_transfer_config":{"attributes":{"location":{"default":"US"},"service_account_name":{"default":""}}},"google_bigquery_dataset":{"attributes":{"delete_contents_on_destroy":{"default":false},"location":{"default":"US"}}},"google_bigquery_job":{"attributes":{"copy":{"elem":{"attributes":{"create_disposition":{"default":"CREATE_IF_NEEDED"},"write_disposition":{"default":"WRITE_EMPTY"}}}},"extract":{"elem":{"attributes":{"compression":{"default":"NONE"},"print_header":{"default":true}}}},"load":{"elem":{"attributes":{"allow_jagged_rows":{"default":false},"allow_quoted_newlines":{"default":false},"create_disposition":{"default":"CREATE_IF_NEEDED"},"encoding":{"default":"UTF-8"},"ignore_unknown_values":{"default":false},"max_bad_records":{"default":0},"null_marker":{"default":""},"skip_leading_rows":{"default":0},"source_format":{"default":"CSV"},"write_disposition":{"default":"WRITE_EMPTY"}}}},"location":{"default":"US"},"query":{"elem":{"attributes":{"create_disposition":{"default":"CREATE_IF_NEEDED"},"priority":{"default":"INTERACTIVE"},"use_query_cache":{"default":true},"write_disposition":{"default":"WRITE_EMPTY"}}}}}},"google_bigquery_reservation":{"attributes":{"ignore_idle_slots":{"default":false},"location":{"default":"US"}}},"google_bigquery_routine":{"attributes":{"arguments":{"elem":{"attributes":{"argument_kind":{"default":"FIXED_TYPE"}}}}}},"google_bigquery_table":{"attributes":{"deletion_protection":{"default":true},"external_data_configuration":{"elem":{"attributes":{"compression":{"default":"NONE"},"csv_options":{"elem":{"attributes":{"allow_jagged_rows":{"default":false},"allow_quoted_newlines":{"default":false},"encoding":{"default":"UTF-8"},"field_delimiter":{"default":","},"skip_leading_rows":{"default":0}}}}}}},"materialized_view":{"elem":{"attributes":{"enable_refresh":{"default":true},"refresh_interval_ms":{"default":1800000}}}},"view":{"elem":{"attributes":{"use_legacy_sql":{"default":true}}}}}},"google_bigtable_app_profile":{"attributes":{"ignore_warnings":{"default":false}}},"google_bigtable_instance":{"attributes":{"cluster":{"elem":{"attributes":{"storage_type":{"default":"SSD"}}}},"deletion_protection":{"default":true},"instance_type":{"default":"PRODUCTION"}}},"google_billing_budget":{"attributes":{"all_updates_rule":{"elem":{"attributes":{"disable_default_iam_recipients":{"default":false},"schema_version":{"default":"1.0"}}}},"budget_filter":{"elem":{"attributes":{"credit_types_treatment":{"default":"INCLUDE_ALL_CREDITS"}}}},"threshold_rules":{"elem":{"attributes":{"spend_basis":{"default":"CURRENT_SPEND"}}}}}},"google_billing_subaccount":{"attributes":{"deletion_policy":{"default":""}}},"google_cloud_identity_group":{"attributes":{"initial_group_config":{"default":"EMPTY"}}},"google_cloud_run_domain_mapping":{"attributes":{"spec":{"elem":{"attributes":{"certificate_mode":{"default":"AUTOMATIC"}}}}}},"google_cloud_run_service":{"attributes":{"autogenerate_revision_name":{"default":false}}},"google_cloud_scheduler_job":{"attributes":{"attempt_deadline":{"default":"180s"},"time_zone":{"default":"Etc/UTC"}}},"google_cloudbuild_trigger":{"attributes":{"build":{"elem":{"attributes":{"timeout":{"default":"600s"}}}},"trigger_template":{"elem":{"attributes":{"repo_name":{"default":"default"}}}}}},"google_cloudfunctions_function":{"attributes":{"available_memory_mb":{"default":256},"ingress_settings":{"default":"ALLOW_ALL"},"max_instances":{"default":0},"timeout":{"default":60}}},"google_cloudiot_device":{"attributes":{"gateway_config":{"elem":{"attributes":{"gateway_type":{"default":"NON_GATEWAY"}}}}}},"google_cloudiot_registry":{"attributes":{"log_level":{"default":"NONE"}}},"google_composer_environment":{"attributes":{"config":{"elem":{"attributes":{"private_environment_config":{"elem":{"attributes":{"enable_private_endpoint":{"default":true}}}}}}}}},"google_compute_address":{"attributes":{"address_type":{"default":"EXTERNAL"}}},"google_compute_attached_disk":{"attributes":{"mode":{"default":"READ_WRITE"}}},"google_compute_autoscaler":{"attributes":{"autoscaling_policy":{"elem":{"attributes":{"cooldown_period":{"default":60},"mode":{"default":"ON"}}}}}},"google_compute_backend_service":{"attributes":{"backend":{"elem":{"attributes":{"balancing_mode":{"default":"UTILIZATION"},"capacity_scaler":{"default":1},"max_utilization":{"default":0.8}}}},"cdn_policy":{"elem":{"attributes":{"signed_url_cache_max_age_sec":{"default":3600}}}},"circuit_breakers":{"elem":{"attributes":{"max_connections":{"default":1024},"max_pending_requests":{"default":1024},"max_requests":{"default":1024},"max_retries":{"default":3}}}},"connection_draining_timeout_sec":{"default":300},"consistent_hash":{"elem":{"attributes":{"minimum_ring_size":{"default":1024}}}},"load_balancing_scheme":{"default":"EXTERNAL"},"outlier_detection":{"elem":{"attributes":{"consecutive_errors":{"default":5},"consecutive_gateway_failure":{"default":5},"enforcing_consecutive_errors":{"default":100},"enforcing_consecutive_gateway_failure":{"default":0},"enforcing_success_rate":{"default":100},"max_ejection_percent":{"default":10},"success_rate_minimum_hosts":{"default":5},"success_rate_request_volume":{"default":100},"success_rate_stdev_factor":{"default":1900}}}}}},"google_compute_disk":{"attributes":{"type":{"default":"pd-standard"}}},"google_compute_firewall":{"attributes":{"priority":{"default":1000}}},"google_compute_forwarding_rule":{"attributes":{"load_balancing_scheme":{"default":"EXTERNAL"}}},"google_compute_global_address":{"attributes":{"address_type":{"default":"EXTERNAL"}}},"google_compute_global_forwarding_rule":{"attributes":{"load_balancing_scheme":{"default":"EXTERNAL"}}},"google_compute_health_check":{"attributes":{"check_interval_sec":{"default":5},"healthy_threshold":{"default":2},"http2_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"http_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"https_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"ssl_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"}}}},"tcp_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"}}}},"timeout_sec":{"default":5},"unhealthy_threshold":{"default":2}}},"google_compute_http_health_check":{"attributes":{"check_interval_sec":{"default":5},"healthy_threshold":{"default":2},"port":{"default":80},"request_path":{"default":"/"},"timeout_sec":{"default":5},"unhealthy_threshold":{"default":2}}},"google_compute_https_health_check":{"attributes":{"check_interval_sec":{"default":5},"healthy_threshold":{"default":2},"port":{"default":443},"request_path":{"default":"/"},"timeout_sec":{"default":5},"unhealthy_threshold":{"default":2}}},"google_compute_image":{"attributes":{"raw_disk":{"elem":{"attributes":{"container_type":{"default":"TAR"}}}}}},"google_compute_instance":{"attributes":{"attached_disk":{"elem":{"attributes":{"mode":{"default":"READ_WRITE"}}}},"boot_disk":{"elem":{"attributes":{"auto_delete":{"default":true},"mode":{"default":"READ_WRITE"}}}},"can_ip_forward":{"default":false},"deletion_protection":{"default":false},"scheduling":{"elem":{"attributes":{"automatic_restart":{"default":true},"preemptible":{"default":false}}}},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_secure_boot":{"default":false},"enable_vtpm":{"default":true}}}}}},"google_compute_instance_group_manager":{"attributes":{"stateful_disk":{"elem":{"attributes":{"delete_rule":{"default":"NEVER"}}}},"wait_for_instances":{"default":false}}},"google_compute_instance_template":{"attributes":{"can_ip_forward":{"default":false},"disk":{"elem":{"attributes":{"auto_delete":{"default":true}}}},"scheduling":{"elem":{"attributes":{"automatic_restart":{"default":true},"preemptible":{"default":false}}}},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_secure_boot":{"default":false},"enable_vtpm":{"default":true}}}}}},"google_compute_interconnect_attachment":{"attributes":{"admin_enabled":{"default":true}}},"google_compute_managed_ssl_certificate":{"attributes":{"type":{"default":"MANAGED"}}},"google_compute_network":{"attributes":{"auto_create_subnetworks":{"default":true},"delete_default_routes_on_create":{"default":false}}},"google_compute_network_endpoint_group":{"attributes":{"network_endpoint_type":{"default":"GCE_VM_IP_PORT"}}},"google_compute_network_peering":{"attributes":{"export_custom_routes":{"default":false},"export_subnet_routes_with_public_ip":{"default":true},"import_custom_routes":{"default":false}}},"google_compute_node_group":{"attributes":{"maintenance_policy":{"default":"DEFAULT"}}},"google_compute_node_template":{"attributes":{"cpu_overcommit_type":{"default":"NONE"}}},"google_compute_packet_mirroring":{"attributes":{"filter":{"elem":{"attributes":{"direction":{"default":"BOTH"}}}}}},"google_compute_per_instance_config":{"attributes":{"minimal_action":{"default":"NONE"},"most_disruptive_allowed_action":{"default":"REPLACE"},"preserved_state":{"elem":{"attributes":{"disk":{"elem":{"attributes":{"delete_rule":{"default":"NEVER"},"mode":{"default":"READ_WRITE"}}}}}}},"remove_instance_state_on_destroy":{"default":false}}},"google_compute_region_autoscaler":{"attributes":{"autoscaling_policy":{"elem":{"attributes":{"cooldown_period":{"default":60},"mode":{"default":"ON"}}}}}},"google_compute_region_backend_service":{"attributes":{"backend":{"elem":{"attributes":{"balancing_mode":{"default":"CONNECTION"}}}},"cdn_policy":{"elem":{"attributes":{"signed_url_cache_max_age_sec":{"default":3600}}}},"circuit_breakers":{"elem":{"attributes":{"max_connections":{"default":1024},"max_pending_requests":{"default":1024},"max_requests":{"default":1024},"max_retries":{"default":3}}}},"connection_draining_timeout_sec":{"default":0},"consistent_hash":{"elem":{"attributes":{"minimum_ring_size":{"default":1024}}}},"load_balancing_scheme":{"default":"INTERNAL"},"outlier_detection":{"elem":{"attributes":{"consecutive_errors":{"default":5},"consecutive_gateway_failure":{"default":5},"enforcing_consecutive_errors":{"default":100},"enforcing_consecutive_gateway_failure":{"default":0},"enforcing_success_rate":{"default":100},"max_ejection_percent":{"default":10},"success_rate_minimum_hosts":{"default":5},"success_rate_request_volume":{"default":100},"success_rate_stdev_factor":{"default":1900}}}}}},"google_compute_region_disk":{"attributes":{"type":{"default":"pd-standard"}}},"google_compute_region_health_check":{"attributes":{"check_interval_sec":{"default":5},"healthy_threshold":{"default":2},"http2_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"http_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"https_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"},"request_path":{"default":"/"}}}},"ssl_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"}}}},"tcp_health_check":{"elem":{"attributes":{"proxy_header":{"default":"NONE"}}}},"timeout_sec":{"default":5},"unhealthy_threshold":{"default":2}}},"google_compute_region_instance_group_manager":{"attributes":{"stateful_disk":{"elem":{"attributes":{"delete_rule":{"default":"NEVER"}}}},"wait_for_instances":{"default":false}}},"google_compute_region_network_endpoint_group":{"attributes":{"network_endpoint_type":{"default":"SERVERLESS"}}},"google_compute_region_per_instance_config":{"attributes":{"minimal_action":{"default":"NONE"},"most_disruptive_allowed_action":{"default":"REPLACE"},"preserved_state":{"elem":{"attributes":{"disk":{"elem":{"attributes":{"delete_rule":{"default":"NEVER"},"mode":{"default":"READ_WRITE"}}}}}}},"remove_instance_state_on_destroy":{"default":false}}},"google_compute_region_url_map":{"attributes":{"default_url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}},"path_matcher":{"elem":{"attributes":{"default_url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}},"path_rule":{"elem":{"attributes":{"route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false}}}}}}},"url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}}}}},"route_rules":{"elem":{"attributes":{"match_rules":{"elem":{"attributes":{"header_matches":{"elem":{"attributes":{"invert_match":{"default":false}}}},"ignore_case":{"default":false}}}},"route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false},"disabled":{"default":false}}}}}}},"url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false},"strip_query":{"default":false}}}}}}}}}}}},"google_compute_reservation":{"attributes":{"specific_reservation":{"elem":{"attributes":{"instance_properties":{"elem":{"attributes":{"local_ssds":{"elem":{"attributes":{"interface":{"default":"SCSI"}}}}}}}}}},"specific_reservation_required":{"default":false}}},"google_compute_resource_policy":{"attributes":{"snapshot_schedule_policy":{"elem":{"attributes":{"retention_policy":{"elem":{"attributes":{"on_source_disk_delete":{"default":"KEEP_AUTO_SNAPSHOTS"}}}}}}}}},"google_compute_route":{"attributes":{"priority":{"default":1000}}},"google_compute_router":{"attributes":{"bgp":{"elem":{"attributes":{"advertise_mode":{"default":"DEFAULT"}}}}}},"google_compute_router_nat":{"attributes":{"enable_endpoint_independent_mapping":{"default":true},"icmp_idle_timeout_sec":{"default":30},"tcp_established_idle_timeout_sec":{"default":1200},"tcp_transitory_idle_timeout_sec":{"default":30},"udp_idle_timeout_sec":{"default":30}}},"google_compute_router_peer":{"attributes":{"advertise_mode":{"default":"DEFAULT"}}},"google_compute_ssl_policy":{"attributes":{"min_tls_version":{"default":"TLS_1_0"},"profile":{"default":"COMPATIBLE"}}},"google_compute_subnetwork":{"attributes":{"log_config":{"elem":{"attributes":{"aggregation_interval":{"default":"INTERVAL_5_SEC"},"filter_expr":{"default":"true"},"flow_sampling":{"default":0.5},"metadata":{"default":"INCLUDE_ALL_METADATA"}}}}}},"google_compute_target_https_proxy":{"attributes":{"quic_override":{"default":"NONE"}}},"google_compute_target_instance":{"attributes":{"nat_policy":{"default":"NO_NAT"}}},"google_compute_target_pool":{"attributes":{"session_affinity":{"default":"NONE"}}},"google_compute_target_ssl_proxy":{"attributes":{"proxy_header":{"default":"NONE"}}},"google_compute_target_tcp_proxy":{"attributes":{"proxy_header":{"default":"NONE"}}},"google_compute_url_map":{"attributes":{"default_route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false},"disabled":{"default":false}}}},"retry_policy":{"elem":{"attributes":{"num_retries":{"default":1}}}},"weighted_backend_services":{"elem":{"attributes":{"header_action":{"elem":{"attributes":{"request_headers_to_add":{"elem":{"attributes":{"replace":{"default":false}}}},"response_headers_to_add":{"elem":{"attributes":{"replace":{"default":false}}}}}}}}}}}}},"default_url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}},"path_matcher":{"elem":{"attributes":{"default_route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false},"disabled":{"default":false}}}},"retry_policy":{"elem":{"attributes":{"num_retries":{"default":1}}}},"weighted_backend_services":{"elem":{"attributes":{"header_action":{"elem":{"attributes":{"request_headers_to_add":{"elem":{"attributes":{"replace":{"default":false}}}},"response_headers_to_add":{"elem":{"attributes":{"replace":{"default":false}}}}}}}}}}}}},"default_url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}},"path_rule":{"elem":{"attributes":{"route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false}}}}}}},"url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false}}}}}}},"route_rules":{"elem":{"attributes":{"match_rules":{"elem":{"attributes":{"header_matches":{"elem":{"attributes":{"invert_match":{"default":false}}}},"ignore_case":{"default":false}}}},"route_action":{"elem":{"attributes":{"cors_policy":{"elem":{"attributes":{"allow_credentials":{"default":false},"disabled":{"default":false}}}}}}},"url_redirect":{"elem":{"attributes":{"https_redirect":{"default":false},"strip_query":{"default":false}}}}}}}}}}}},"google_compute_vpn_tunnel":{"attributes":{"ike_version":{"default":2}}},"google_container_cluster":{"attributes":{"cluster_autoscaling":{"elem":{"attributes":{"auto_provisioning_defaults":{"elem":{"attributes":{"service_account":{"default":"default"}}}}}}},"enable_binary_authorization":{"default":false},"enable_kubernetes_alpha":{"default":false},"enable_legacy_abac":{"default":false},"network":{"default":"default"},"network_policy":{"elem":{"attributes":{"provider":{"default":"PROVIDER_UNSPECIFIED"}}}},"node_config":{"elem":{"attributes":{"preemptible":{"default":false},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_secure_boot":{"default":false}}}}}}},"node_pool":{"elem":{"attributes":{"management":{"elem":{"attributes":{"auto_repair":{"default":false},"auto_upgrade":{"default":false}}}},"node_config":{"elem":{"attributes":{"preemptible":{"default":false},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_secure_boot":{"default":false}}}}}}}}}},"resource_usage_export_config":{"elem":{"attributes":{"enable_network_egress_metering":{"default":false},"enable_resource_consumption_metering":{"default":true}}}}}},"google_container_node_pool":{"attributes":{"management":{"elem":{"attributes":{"auto_repair":{"default":false},"auto_upgrade":{"default":false}}}},"node_config":{"elem":{"attributes":{"preemptible":{"default":false},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_secure_boot":{"default":false}}}}}}}}},"google_data_catalog_tag_template":{"attributes":{"force_delete":{"default":false}}},"google_data_loss_prevention_inspect_template":{"attributes":{"inspect_config":{"elem":{"attributes":{"custom_info_types":{"elem":{"attributes":{"likelihood":{"default":"VERY_LIKELY"}}}},"min_likelihood":{"default":"POSSIBLE"}}}}}},"google_data_loss_prevention_job_trigger":{"attributes":{"status":{"default":"HEALTHY"}}},"google_dataflow_job":{"attributes":{"on_delete":{"default":"drain"}}},"google_dataproc_autoscaling_policy":{"attributes":{"basic_algorithm":{"elem":{"attributes":{"cooldown_period":{"default":"120s"},"yarn_config":{"elem":{"attributes":{"scale_down_min_worker_fraction":{"default":0},"scale_up_min_worker_fraction":{"default":0}}}}}}},"location":{"default":"global"},"secondary_worker_config":{"elem":{"attributes":{"max_instances":{"default":0},"min_instances":{"default":0},"weight":{"default":1}}}},"worker_config":{"elem":{"attributes":{"min_instances":{"default":2},"weight":{"default":1}}}}}},"google_dataproc_cluster":{"attributes":{"cluster_config":{"elem":{"attributes":{"gce_cluster_config":{"elem":{"attributes":{"internal_ip_only":{"default":false},"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":false},"enable_secure_boot":{"default":false},"enable_vtpm":{"default":false}}}}}}},"initialization_action":{"elem":{"attributes":{"timeout_sec":{"default":300}}}},"master_config":{"elem":{"attributes":{"disk_config":{"elem":{"attributes":{"boot_disk_type":{"default":"pd-standard"}}}}}}},"preemptible_worker_config":{"elem":{"attributes":{"disk_config":{"elem":{"attributes":{"boot_disk_type":{"default":"pd-standard"}}}}}}},"worker_config":{"elem":{"attributes":{"disk_config":{"elem":{"attributes":{"boot_disk_type":{"default":"pd-standard"}}}}}}}}}},"graceful_decommission_timeout":{"default":"0s"},"region":{"default":"global"}}},"google_dataproc_job":{"attributes":{"force_delete":{"default":false},"region":{"default":"global"}}},"google_datastore_index":{"attributes":{"ancestor":{"default":"NONE"}}},"google_deployment_manager_deployment":{"attributes":{"create_policy":{"default":"CREATE_OR_ACQUIRE"},"delete_policy":{"default":"DELETE"},"preview":{"default":false}}},"google_dns_managed_zone":{"attributes":{"description":{"default":"Managed by Terraform"},"dnssec_config":{"elem":{"attributes":{"default_key_specs":{"elem":{"attributes":{"kind":{"default":"dns#dnsKeySpec"}}}},"kind":{"default":"dns#managedZoneDnsSecConfig"}}}},"force_destroy":{"default":false},"visibility":{"default":"public"}}},"google_dns_policy":{"attributes":{"description":{"default":"Managed by Terraform"}}},"google_firestore_document":{"attributes":{"database":{"default":"(default)"}}},"google_firestore_index":{"attributes":{"database":{"default":"(default)"},"query_scope":{"default":"COLLECTION"}}},"google_folder_access_approval_settings":{"attributes":{"enrolled_services":{"elem":{"attributes":{"enrollment_level":{"default":"BLOCK_ALL"}}}}}},"google_folder_organization_policy":{"attributes":{"list_policy":{"elem":{"attributes":{"allow":{"elem":{"attributes":{"all":{"default":false}}}},"deny":{"elem":{"attributes":{"all":{"default":false}}}}}}}}},"google_game_services_game_server_cluster":{"attributes":{"location":{"default":"global"}}},"google_game_services_game_server_config":{"attributes":{"location":{"default":"global"}}},"google_game_services_game_server_deployment":{"attributes":{"location":{"default":"global"}}},"google_game_services_realm":{"attributes":{"location":{"default":"global"}}},"google_healthcare_fhir_store":{"attributes":{"stream_configs":{"elem":{"attributes":{"bigquery_destination":{"elem":{"attributes":{"schema_config":{"elem":{"attributes":{"schema_type":{"default":"ANALYTICS"}}}}}}}}}}}},"google_kms_crypto_key":{"attributes":{"purpose":{"default":"ENCRYPT_DECRYPT"},"version_template":{"elem":{"attributes":{"protection_level":{"default":"SOFTWARE"}}}}}},"google_logging_billing_account_bucket_config":{"attributes":{"retention_days":{"default":30}}},"google_logging_billing_account_sink":{"attributes":{"exclusions":{"elem":{"attributes":{"disabled":{"default":false}}}}}},"google_logging_folder_bucket_config":{"attributes":{"retention_days":{"default":30}}},"google_logging_folder_sink":{"attributes":{"exclusions":{"elem":{"attributes":{"disabled":{"default":false}}}},"include_children":{"default":false}}},"google_logging_metric":{"attributes":{"metric_descriptor":{"elem":{"attributes":{"labels":{"elem":{"attributes":{"value_type":{"default":"STRING"}}}},"unit":{"default":"1"}}}}}},"google_logging_organization_bucket_config":{"attributes":{"retention_days":{"default":30}}},"google_logging_organization_sink":{"attributes":{"exclusions":{"elem":{"attributes":{"disabled":{"default":false}}}},"include_children":{"default":false}}},"google_logging_project_bucket_config":{"attributes":{"retention_days":{"default":30}}},"google_logging_project_sink":{"attributes":{"exclusions":{"elem":{"attributes":{"disabled":{"default":false}}}},"unique_writer_identity":{"default":false}}},"google_memcache_instance":{"attributes":{"memcache_version":{"default":"MEMCACHE_1_5"}}},"google_monitoring_alert_policy":{"attributes":{"documentation":{"elem":{"attributes":{"mime_type":{"default":"text/markdown"}}}},"enabled":{"default":true}}},"google_monitoring_metric_descriptor":{"attributes":{"labels":{"elem":{"attributes":{"value_type":{"default":"STRING"}}}}}},"google_monitoring_notification_channel":{"attributes":{"enabled":{"default":true}}},"google_monitoring_slo":{"attributes":{"basic_sli":{"elem":{"attributes":{"availability":{"elem":{"attributes":{"enabled":{"default":true}}}}}}},"windows_based_sli":{"elem":{"attributes":{"good_total_ratio_threshold":{"elem":{"attributes":{"basic_sli_performance":{"elem":{"attributes":{"availability":{"elem":{"attributes":{"enabled":{"default":true}}}}}}}}}}}}}}},"google_monitoring_uptime_check_config":{"attributes":{"content_matchers":{"elem":{"attributes":{"matcher":{"default":"CONTAINS_STRING"}}}},"http_check":{"elem":{"attributes":{"path":{"default":"/"},"request_method":{"default":"GET"}}}},"period":{"default":"300s"}}},"google_network_management_connectivity_test":{"attributes":{"protocol":{"default":"TCP"}}},"google_notebooks_instance":{"attributes":{"shielded_instance_config":{"elem":{"attributes":{"enable_integrity_monitoring":{"default":true},"enable_vtpm":{"default":true}}}}}},"google_organization_access_approval_settings":{"attributes":{"enrolled_services":{"elem":{"attributes":{"enrollment_level":{"default":"BLOCK_ALL"}}}}}},"google_organization_iam_custom_role":{"attributes":{"stage":{"default":"GA"}}},"google_organization_policy":{"attributes":{"list_policy":{"elem":{"attributes":{"allow":{"elem":{"attributes":{"all":{"default":false}}}},"deny":{"elem":{"attributes":{"all":{"default":false}}}}}}}}},"google_project":{"attributes":{"auto_create_network":{"default":true}}},"google_project_access_approval_settings":{"attributes":{"enrolled_services":{"elem":{"attributes":{"enrollment_level":{"default":"BLOCK_ALL"}}}}}},"google_project_default_service_accounts":{"attributes":{"restore_policy":{"default":"REVERT"}}},"google_project_iam_custom_role":{"attributes":{"stage":{"default":"GA"}}},"google_project_organization_policy":{"attributes":{"list_policy":{"elem":{"attributes":{"allow":{"elem":{"attributes":{"all":{"default":false}}}},"deny":{"elem":{"attributes":{"all":{"default":false}}}}}}}}},"google_project_service":{"attributes":{"disable_on_destroy":{"default":true}}},"google_pubsub_subscription":{"attributes":{"message_retention_duration":{"default":"604800s"}}},"google_redis_instance":{"attributes":{"auth_enabled":{"default":false},"connect_mode":{"default":"DIRECT_PEERING"},"tier":{"default":"BASIC"}}},"google_secret_manager_secret_version":{"attributes":{"enabled":{"default":true}}},"google_service_account_key":{"attributes":{"key_algorithm":{"default":"KEY_ALG_RSA_2048"},"private_key_type":{"default":"TYPE_GOOGLE_CREDENTIALS_FILE"},"public_key_type":{"default":"TYPE_X509_PEM_FILE"}}},"google_spanner_database":{"attributes":{"deletion_protection":{"default":true}}},"google_spanner_instance":{"attributes":{"num_nodes":{"default":1}}},"google_sql_database_instance":{"attributes":{"database_version":{"default":"MYSQL_5_6"},"deletion_protection":{"default":true},"settings":{"elem":{"attributes":{"backup_configuration":{"elem":{"attributes":{"backup_retention_settings":{"elem":{"attributes":{"retention_unit":{"default":"COUNT"}}}}}}},"disk_autoresize":{"default":true},"insights_config":{"elem":{"attributes":{"query_string_length":{"default":1024}}}},"ip_configuration":{"elem":{"attributes":{"ipv4_enabled":{"default":true}}}},"pricing_plan":{"default":"PER_USE"}}}}}},"google_sql_source_representation_instance":{"attributes":{"port":{"default":3306}}},"google_storage_bucket":{"attributes":{"force_destroy":{"default":false},"location":{"default":"US"},"retention_policy":{"elem":{"attributes":{"is_locked":{"default":false}}}},"storage_class":{"default":"STANDARD"}}},"google_storage_bucket_object":{"attributes":{"detect_md5hash":{"default":"different hash"}}},"google_storage_hmac_key":{"attributes":{"state":{"default":"ACTIVE"}}},"google_storage_transfer_job":{"attributes":{"status":{"default":"ENABLED"}}},"google_tpu_node":{"attributes":{"use_service_networking":{"default":false}}},"google_vpc_access_connector":{"attributes":{"max_throughput":{"default":1000},"min_throughput":{"default":200}}}} \ No newline at end of file diff --git a/pkg/tf_resource_schemas/types.go b/pkg/tf_resource_schemas/types.go new file mode 100644 index 00000000..147af3c8 --- /dev/null +++ b/pkg/tf_resource_schemas/types.go @@ -0,0 +1,42 @@ +package tf_resource_schemas + +type ResourceSchemas map[string]*Schema + +type Schema struct { + Attributes map[string]*Schema `json:"attributes,omitempty"` + Elem *Schema `json:"elem,omitempty"` + Default interface{} `json:"default,omitempty"` +} + +func GetAttribute(schema *Schema, key string) *Schema { + if schema == nil || schema.Attributes == nil { + return nil + } + + if attr, ok := schema.Attributes[key]; ok { + return attr + } + + return nil +} + +func GetElem(schema *Schema) *Schema { + if schema == nil { + return nil + } + return schema.Elem +} + +func SetDefaultAttributes(schema *Schema, properties map[string]interface{}) { + if schema == nil || schema.Attributes == nil { + return + } + + for key, attr := range schema.Attributes { + if _, ok := properties[key]; !ok { + if attr.Default != nil { + properties[key] = attr.Default + } + } + } +} diff --git a/pkg/version/version.go b/pkg/version/version.go new file mode 100644 index 00000000..925b856d --- /dev/null +++ b/pkg/version/version.go @@ -0,0 +1,29 @@ +// Copyright 2021 Fugue, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package version + +import ( + "github.com/open-policy-agent/opa/version" +) + +// Default build-time variables. +// These values are overridden via ldflags +var ( + Version = "unknown-version" + GitCommit = "unknown-commit" +) + +// OPAVersion is the canonical version of OPA that is embedded in Regula +var OPAVersion = version.Version diff --git a/providers/terraform-provider-aws b/providers/terraform-provider-aws new file mode 160000 index 00000000..9a609f33 --- /dev/null +++ b/providers/terraform-provider-aws @@ -0,0 +1 @@ +Subproject commit 9a609f3305378574b57e5f1fbf695a38d66bf4b2 diff --git a/providers/terraform-provider-google b/providers/terraform-provider-google new file mode 160000 index 00000000..fb5f35b2 --- /dev/null +++ b/providers/terraform-provider-google @@ -0,0 +1 @@ +Subproject commit fb5f35b29250ca8976ae3d237d28a55b8f823299 diff --git a/conftest/regula.rego b/rego/conftest/regula.rego similarity index 100% rename from conftest/regula.rego rename to rego/conftest/regula.rego diff --git a/examples/aws/ec2_t2_only.rego b/rego/examples/aws/ec2_t2_only.rego similarity index 100% rename from examples/aws/ec2_t2_only.rego rename to rego/examples/aws/ec2_t2_only.rego diff --git a/examples/aws/iam_password_length.rego b/rego/examples/aws/iam_password_length.rego similarity index 100% rename from examples/aws/iam_password_length.rego rename to rego/examples/aws/iam_password_length.rego diff --git a/examples/aws/tag_all_resources.rego b/rego/examples/aws/tag_all_resources.rego similarity index 100% rename from examples/aws/tag_all_resources.rego rename to rego/examples/aws/tag_all_resources.rego diff --git a/examples/aws/useast1_only.rego b/rego/examples/aws/useast1_only.rego similarity index 100% rename from examples/aws/useast1_only.rego rename to rego/examples/aws/useast1_only.rego diff --git a/lib/aws/security_group.rego b/rego/lib/aws/security_group.rego similarity index 100% rename from lib/aws/security_group.rego rename to rego/lib/aws/security_group.rego diff --git a/lib/azure/network_security_group.rego b/rego/lib/azure/network_security_group.rego similarity index 100% rename from lib/azure/network_security_group.rego rename to rego/lib/azure/network_security_group.rego diff --git a/lib/cfn/cloudtrail.rego b/rego/lib/cfn/cloudtrail.rego similarity index 100% rename from lib/cfn/cloudtrail.rego rename to rego/lib/cfn/cloudtrail.rego diff --git a/lib/cfn/lambda_library.rego b/rego/lib/cfn/lambda_library.rego similarity index 100% rename from lib/cfn/lambda_library.rego rename to rego/lib/cfn/lambda_library.rego diff --git a/lib/cfn/nacl_library.rego b/rego/lib/cfn/nacl_library.rego similarity index 100% rename from lib/cfn/nacl_library.rego rename to rego/lib/cfn/nacl_library.rego diff --git a/lib/cfn/s3.rego b/rego/lib/cfn/s3.rego similarity index 100% rename from lib/cfn/s3.rego rename to rego/lib/cfn/s3.rego diff --git a/lib/cfn/security_group_library.rego b/rego/lib/cfn/security_group_library.rego similarity index 100% rename from lib/cfn/security_group_library.rego rename to rego/lib/cfn/security_group_library.rego diff --git a/lib/fugue.rego b/rego/lib/fugue.rego similarity index 100% rename from lib/fugue.rego rename to rego/lib/fugue.rego diff --git a/lib/fugue/check_report.rego b/rego/lib/fugue/check_report.rego similarity index 100% rename from lib/fugue/check_report.rego rename to rego/lib/fugue/check_report.rego diff --git a/lib/fugue/input_type.rego b/rego/lib/fugue/input_type.rego similarity index 96% rename from lib/fugue/input_type.rego rename to rego/lib/fugue/input_type.rego index 026985e8..ef76d1d6 100644 --- a/lib/fugue/input_type.rego +++ b/rego/lib/fugue/input_type.rego @@ -22,6 +22,8 @@ input_type = "terraform" { } terraform_input_type { + _ = input.hcl_resource_view_version +} { _ = input.terraform_version } { _ = input.resource_changes diff --git a/lib/fugue/regula.rego b/rego/lib/fugue/regula.rego similarity index 100% rename from lib/fugue/regula.rego rename to rego/lib/fugue/regula.rego diff --git a/lib/fugue/regula/config.rego b/rego/lib/fugue/regula/config.rego similarity index 100% rename from lib/fugue/regula/config.rego rename to rego/lib/fugue/regula/config.rego diff --git a/rego/lib/fugue/regula/tests.rego b/rego/lib/fugue/regula/tests.rego new file mode 100644 index 00000000..c88c23f3 --- /dev/null +++ b/rego/lib/fugue/regula/tests.rego @@ -0,0 +1,10 @@ +package fugue.regula.tests + +import data.fugue.resource_view.resource_view_input + +mock_input(iac_configs) = ret { + is_array(iac_configs) + count(iac_configs) > 0 + iac_config = iac_configs[0] + ret = resource_view_input with input as iac_config.content +} diff --git a/lib/fugue/resource_view.rego b/rego/lib/fugue/resource_view.rego similarity index 84% rename from lib/fugue/resource_view.rego rename to rego/lib/fugue/resource_view.rego index f3d1a783..0763969c 100644 --- a/lib/fugue/resource_view.rego +++ b/rego/lib/fugue/resource_view.rego @@ -21,18 +21,25 @@ import data.fugue.input_type import data.fugue.resource_view.cloudformation import data.fugue.resource_view.terraform -resource_view_input = ret { +resource_view = ret { + # If we are already given a resource view, just pass it through. + _ = input.hcl_resource_view_version + ret = input.resources +} else = ret { input_type.terraform_input_type - ret = {"resources": resource_view, "_plan": input} + ret = terraform.resource_view } else = ret { input_type.cloudformation_input_type - ret = {"resources": resource_view, "_template": input} + ret = cloudformation.resource_view } -resource_view = ret { +resource_view_input = ret { + _ = input.hcl_resource_view_version + ret = {"resources": resource_view} +} else = ret { input_type.terraform_input_type - ret = terraform.resource_view + ret = {"resources": resource_view, "_plan": input} } else = ret { input_type.cloudformation_input_type - ret = cloudformation.resource_view + ret = {"resources": resource_view, "_template": input} } diff --git a/lib/fugue/resource_view/cloudformation.rego b/rego/lib/fugue/resource_view/cloudformation.rego similarity index 100% rename from lib/fugue/resource_view/cloudformation.rego rename to rego/lib/fugue/resource_view/cloudformation.rego diff --git a/lib/fugue/resource_view/terraform.rego b/rego/lib/fugue/resource_view/terraform.rego similarity index 100% rename from lib/fugue/resource_view/terraform.rego rename to rego/lib/fugue/resource_view/terraform.rego diff --git a/lib/gcp/compute_firewall.rego b/rego/lib/gcp/compute_firewall.rego similarity index 100% rename from lib/gcp/compute_firewall.rego rename to rego/lib/gcp/compute_firewall.rego diff --git a/lib/util/resolve.rego b/rego/lib/util/resolve.rego similarity index 100% rename from lib/util/resolve.rego rename to rego/lib/util/resolve.rego diff --git a/rules/cfn/api_gateway/classic_custom_domain_name.rego b/rego/rules/cfn/api_gateway/classic_custom_domain_name.rego similarity index 100% rename from rules/cfn/api_gateway/classic_custom_domain_name.rego rename to rego/rules/cfn/api_gateway/classic_custom_domain_name.rego diff --git a/rules/cfn/api_gateway/v2_custom_domain_name.rego b/rego/rules/cfn/api_gateway/v2_custom_domain_name.rego similarity index 100% rename from rules/cfn/api_gateway/v2_custom_domain_name.rego rename to rego/rules/cfn/api_gateway/v2_custom_domain_name.rego diff --git a/rules/cfn/cloudtrail/cloudwatch.rego b/rego/rules/cfn/cloudtrail/cloudwatch.rego similarity index 100% rename from rules/cfn/cloudtrail/cloudwatch.rego rename to rego/rules/cfn/cloudtrail/cloudwatch.rego diff --git a/rules/cfn/cloudtrail/encryption.rego b/rego/rules/cfn/cloudtrail/encryption.rego similarity index 100% rename from rules/cfn/cloudtrail/encryption.rego rename to rego/rules/cfn/cloudtrail/encryption.rego diff --git a/rules/cfn/cloudtrail/log_validation.rego b/rego/rules/cfn/cloudtrail/log_validation.rego similarity index 100% rename from rules/cfn/cloudtrail/log_validation.rego rename to rego/rules/cfn/cloudtrail/log_validation.rego diff --git a/rules/cfn/cloudtrail/s3_access_logging.rego b/rego/rules/cfn/cloudtrail/s3_access_logging.rego similarity index 100% rename from rules/cfn/cloudtrail/s3_access_logging.rego rename to rego/rules/cfn/cloudtrail/s3_access_logging.rego diff --git a/rules/cfn/cloudtrail/target.rego b/rego/rules/cfn/cloudtrail/target.rego similarity index 100% rename from rules/cfn/cloudtrail/target.rego rename to rego/rules/cfn/cloudtrail/target.rego diff --git a/rules/cfn/ebs/volume_encryption.rego b/rego/rules/cfn/ebs/volume_encryption.rego similarity index 100% rename from rules/cfn/ebs/volume_encryption.rego rename to rego/rules/cfn/ebs/volume_encryption.rego diff --git a/rules/cfn/iam/admin_policy.rego b/rego/rules/cfn/iam/admin_policy.rego similarity index 100% rename from rules/cfn/iam/admin_policy.rego rename to rego/rules/cfn/iam/admin_policy.rego diff --git a/rules/cfn/iam/policy.rego b/rego/rules/cfn/iam/policy.rego similarity index 100% rename from rules/cfn/iam/policy.rego rename to rego/rules/cfn/iam/policy.rego diff --git a/rules/cfn/kms/key_rotation.rego b/rego/rules/cfn/kms/key_rotation.rego similarity index 100% rename from rules/cfn/kms/key_rotation.rego rename to rego/rules/cfn/kms/key_rotation.rego diff --git a/rules/cfn/lambda/function_not_public.rego b/rego/rules/cfn/lambda/function_not_public.rego similarity index 100% rename from rules/cfn/lambda/function_not_public.rego rename to rego/rules/cfn/lambda/function_not_public.rego diff --git a/rules/cfn/s3/block_public_access.rego b/rego/rules/cfn/s3/block_public_access.rego similarity index 100% rename from rules/cfn/s3/block_public_access.rego rename to rego/rules/cfn/s3/block_public_access.rego diff --git a/rules/cfn/s3/cloudtrail_s3_data_logging_read.rego b/rego/rules/cfn/s3/cloudtrail_s3_data_logging_read.rego similarity index 100% rename from rules/cfn/s3/cloudtrail_s3_data_logging_read.rego rename to rego/rules/cfn/s3/cloudtrail_s3_data_logging_read.rego diff --git a/rules/cfn/s3/cloudtrail_s3_data_logging_write.rego b/rego/rules/cfn/s3/cloudtrail_s3_data_logging_write.rego similarity index 100% rename from rules/cfn/s3/cloudtrail_s3_data_logging_write.rego rename to rego/rules/cfn/s3/cloudtrail_s3_data_logging_write.rego diff --git a/rules/cfn/s3/encryption.rego b/rego/rules/cfn/s3/encryption.rego similarity index 100% rename from rules/cfn/s3/encryption.rego rename to rego/rules/cfn/s3/encryption.rego diff --git a/rules/cfn/s3/https_access.rego b/rego/rules/cfn/s3/https_access.rego similarity index 100% rename from rules/cfn/s3/https_access.rego rename to rego/rules/cfn/s3/https_access.rego diff --git a/rules/cfn/vpc/default_security_group.rego b/rego/rules/cfn/vpc/default_security_group.rego similarity index 100% rename from rules/cfn/vpc/default_security_group.rego rename to rego/rules/cfn/vpc/default_security_group.rego diff --git a/rules/cfn/vpc/flow_logging_enabled.rego b/rego/rules/cfn/vpc/flow_logging_enabled.rego similarity index 100% rename from rules/cfn/vpc/flow_logging_enabled.rego rename to rego/rules/cfn/vpc/flow_logging_enabled.rego diff --git a/rules/cfn/vpc/ingress_22.rego b/rego/rules/cfn/vpc/ingress_22.rego similarity index 100% rename from rules/cfn/vpc/ingress_22.rego rename to rego/rules/cfn/vpc/ingress_22.rego diff --git a/rules/cfn/vpc/ingress_3389.rego b/rego/rules/cfn/vpc/ingress_3389.rego similarity index 100% rename from rules/cfn/vpc/ingress_3389.rego rename to rego/rules/cfn/vpc/ingress_3389.rego diff --git a/rules/cfn/vpc/nacl_ingress_22.rego b/rego/rules/cfn/vpc/nacl_ingress_22.rego similarity index 100% rename from rules/cfn/vpc/nacl_ingress_22.rego rename to rego/rules/cfn/vpc/nacl_ingress_22.rego diff --git a/rules/cfn/vpc/nacl_ingress_3389.rego b/rego/rules/cfn/vpc/nacl_ingress_3389.rego similarity index 100% rename from rules/cfn/vpc/nacl_ingress_3389.rego rename to rego/rules/cfn/vpc/nacl_ingress_3389.rego diff --git a/rules/tf/aws/cloudfront/distribution_https.rego b/rego/rules/tf/aws/cloudfront/distribution_https.rego similarity index 100% rename from rules/tf/aws/cloudfront/distribution_https.rego rename to rego/rules/tf/aws/cloudfront/distribution_https.rego diff --git a/rules/tf/aws/cloudtrail/log_file_validation.rego b/rego/rules/tf/aws/cloudtrail/log_file_validation.rego similarity index 100% rename from rules/tf/aws/cloudtrail/log_file_validation.rego rename to rego/rules/tf/aws/cloudtrail/log_file_validation.rego diff --git a/rules/tf/aws/ebs/volume_encrypted.rego b/rego/rules/tf/aws/ebs/volume_encrypted.rego similarity index 100% rename from rules/tf/aws/ebs/volume_encrypted.rego rename to rego/rules/tf/aws/ebs/volume_encrypted.rego diff --git a/rules/tf/aws/iam/admin_policy.rego b/rego/rules/tf/aws/iam/admin_policy.rego similarity index 100% rename from rules/tf/aws/iam/admin_policy.rego rename to rego/rules/tf/aws/iam/admin_policy.rego diff --git a/rules/tf/aws/iam/user_attached_policy.rego b/rego/rules/tf/aws/iam/user_attached_policy.rego similarity index 97% rename from rules/tf/aws/iam/user_attached_policy.rego rename to rego/rules/tf/aws/iam/user_attached_policy.rego index dcb40cd4..c5b9a8a3 100644 --- a/rules/tf/aws/iam/user_attached_policy.rego +++ b/rego/rules/tf/aws/iam/user_attached_policy.rego @@ -52,8 +52,8 @@ is_invalid(resource) { resource = user_policy_attachments[name] } { resource = policy_attachments[name] - resource.users != null - resource.users != [""] + user = resource.users[_] + user != "" } policy[p] { diff --git a/rules/tf/aws/kms/key_rotation.rego b/rego/rules/tf/aws/kms/key_rotation.rego similarity index 100% rename from rules/tf/aws/kms/key_rotation.rego rename to rego/rules/tf/aws/kms/key_rotation.rego diff --git a/rules/tf/aws/s3/bucket_sse.rego b/rego/rules/tf/aws/s3/bucket_sse.rego similarity index 100% rename from rules/tf/aws/s3/bucket_sse.rego rename to rego/rules/tf/aws/s3/bucket_sse.rego diff --git a/rules/tf/aws/security_group/ingress_anywhere.rego b/rego/rules/tf/aws/security_group/ingress_anywhere.rego similarity index 100% rename from rules/tf/aws/security_group/ingress_anywhere.rego rename to rego/rules/tf/aws/security_group/ingress_anywhere.rego diff --git a/rules/tf/aws/security_group/ingress_anywhere_rdp.rego b/rego/rules/tf/aws/security_group/ingress_anywhere_rdp.rego similarity index 100% rename from rules/tf/aws/security_group/ingress_anywhere_rdp.rego rename to rego/rules/tf/aws/security_group/ingress_anywhere_rdp.rego diff --git a/rules/tf/aws/security_group/ingress_anywhere_ssh.rego b/rego/rules/tf/aws/security_group/ingress_anywhere_ssh.rego similarity index 100% rename from rules/tf/aws/security_group/ingress_anywhere_ssh.rego rename to rego/rules/tf/aws/security_group/ingress_anywhere_ssh.rego diff --git a/rules/tf/aws/vpc/flow_log.rego b/rego/rules/tf/aws/vpc/flow_log.rego similarity index 100% rename from rules/tf/aws/vpc/flow_log.rego rename to rego/rules/tf/aws/vpc/flow_log.rego diff --git a/rules/tf/azurerm/network/security_group_no_inbound_22.rego b/rego/rules/tf/azurerm/network/security_group_no_inbound_22.rego similarity index 100% rename from rules/tf/azurerm/network/security_group_no_inbound_22.rego rename to rego/rules/tf/azurerm/network/security_group_no_inbound_22.rego diff --git a/rules/tf/azurerm/network/security_group_no_inbound_3389.rego b/rego/rules/tf/azurerm/network/security_group_no_inbound_3389.rego similarity index 100% rename from rules/tf/azurerm/network/security_group_no_inbound_3389.rego rename to rego/rules/tf/azurerm/network/security_group_no_inbound_3389.rego diff --git a/rules/tf/azurerm/sql/firewall_no_inbound_all.rego b/rego/rules/tf/azurerm/sql/firewall_no_inbound_all.rego similarity index 100% rename from rules/tf/azurerm/sql/firewall_no_inbound_all.rego rename to rego/rules/tf/azurerm/sql/firewall_no_inbound_all.rego diff --git a/rules/tf/azurerm/storage/account_deny_access.rego b/rego/rules/tf/azurerm/storage/account_deny_access.rego similarity index 100% rename from rules/tf/azurerm/storage/account_deny_access.rego rename to rego/rules/tf/azurerm/storage/account_deny_access.rego diff --git a/rules/tf/azurerm/storage/account_microsoft_services.rego b/rego/rules/tf/azurerm/storage/account_microsoft_services.rego similarity index 100% rename from rules/tf/azurerm/storage/account_microsoft_services.rego rename to rego/rules/tf/azurerm/storage/account_microsoft_services.rego diff --git a/rules/tf/azurerm/storage/account_secure_transfer.rego b/rego/rules/tf/azurerm/storage/account_secure_transfer.rego similarity index 100% rename from rules/tf/azurerm/storage/account_secure_transfer.rego rename to rego/rules/tf/azurerm/storage/account_secure_transfer.rego diff --git a/rules/tf/azurerm/storage/container_private_access.rego b/rego/rules/tf/azurerm/storage/container_private_access.rego similarity index 100% rename from rules/tf/azurerm/storage/container_private_access.rego rename to rego/rules/tf/azurerm/storage/container_private_access.rego diff --git a/rules/tf/google/compute/firewall_no_ingress_22.rego b/rego/rules/tf/google/compute/firewall_no_ingress_22.rego similarity index 100% rename from rules/tf/google/compute/firewall_no_ingress_22.rego rename to rego/rules/tf/google/compute/firewall_no_ingress_22.rego diff --git a/rules/tf/google/compute/firewall_no_ingress_3389.rego b/rego/rules/tf/google/compute/firewall_no_ingress_3389.rego similarity index 100% rename from rules/tf/google/compute/firewall_no_ingress_3389.rego rename to rego/rules/tf/google/compute/firewall_no_ingress_3389.rego diff --git a/rules/tf/google/compute/subnet_flow_log_enabled.rego b/rego/rules/tf/google/compute/subnet_flow_log_enabled.rego similarity index 94% rename from rules/tf/google/compute/subnet_flow_log_enabled.rego rename to rego/rules/tf/google/compute/subnet_flow_log_enabled.rego index 62dc1501..1c56d95e 100644 --- a/rules/tf/google/compute/subnet_flow_log_enabled.rego +++ b/rego/rules/tf/google/compute/subnet_flow_log_enabled.rego @@ -30,8 +30,8 @@ __rego__metadoc__ := { resource_type = "google_compute_subnetwork" -default deny = false +default allow = false -deny { - count(input.log_config) == 0 +allow { + _ = input.log_config[_] } diff --git a/rules/tf/google/compute/subnet_private_google_access.rego b/rego/rules/tf/google/compute/subnet_private_google_access.rego similarity index 100% rename from rules/tf/google/compute/subnet_private_google_access.rego rename to rego/rules/tf/google/compute/subnet_private_google_access.rego diff --git a/rules/tf/google/kms/cryptokey_rotate.rego b/rego/rules/tf/google/kms/cryptokey_rotate.rego similarity index 100% rename from rules/tf/google/kms/cryptokey_rotate.rego rename to rego/rules/tf/google/kms/cryptokey_rotate.rego diff --git a/scripts/check-naming.sh b/rego/scripts/check-naming.sh similarity index 100% rename from scripts/check-naming.sh rename to rego/scripts/check-naming.sh diff --git a/rego/scripts/generate-test-inputs.sh b/rego/scripts/generate-test-inputs.sh new file mode 100755 index 00000000..799e7820 --- /dev/null +++ b/rego/scripts/generate-test-inputs.sh @@ -0,0 +1,150 @@ +#!/usr/bin/env bash +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +set -o nounset -o errexit -o pipefail + +# Allow overriding terraform version. +TERRAFORM="${TERRAFORM:-terraform}" + +function output_rego_file { + local infra_file="$1" + local rego_file="$2" + cat < "${rego_file}" +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# ${infra_file} +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +EOF + cat - >> "${rego_file}" +} + +# the .rego files generated by generate_tf_input and generate_cfn_input look pretty +# similar right now, but we'll want to change the .rego file for tf inputs after we've +# added HCL support. +function generate_tf_input { + local infra_file="$1" + local rego_file="$2" + local rego_dir=$(dirname "${rego_file}") + local rego_basename=$(basename "${rego_file}" .rego) + local plan_json_basename="${rego_basename}.tfplan" + local plan_json="${rego_dir}/${plan_json_basename}" + local workdir="$(mktemp -d)" + trap "rm -rf "$workdir"" return + + cp "${infra_file}" "${workdir}" + + (cd "${workdir}" && + ${TERRAFORM} init && + ${TERRAFORM} plan -refresh=false -out="plan.tfplan" && + ${TERRAFORM} show -json "plan.tfplan" | jq > "${plan_json_basename}") + + cp "${workdir}/${plan_json_basename}" "${plan_json}" + + local package="$(echo "${rego_dir}.${rego_basename}" | tr '/' '.')" + cat <&2 echo "Usage: $0 INFRA_FILE REGO_FILE" + exit 1 + fi + + local infra_file="$1" + local rego_file="$2" + local extension="${infra_file##*.}" + if [[ "${extension}" == "tf" ]]; then + generate_tf_input "${infra_file}" "${rego_file}" + elif [[ "${extension}" == "cfn" ]]; then + generate_cfn_input "${infra_file}" "${rego_file}" + else + 1>&2 echo "Unknown extension: $extension" + exit 1 + fi + + 1>&2 echo "Generated ${rego_file}" +} + +if [[ $# -eq 0 ]]; then + for infra_file in $(find tests -name '*_infra\.*'); do + rego_file="$(echo "$infra_file" | sed 's/\.[^.]*$/.rego/')" + if [[ ! -f "$rego_file" ]] || [[ "$infra_file" -nt "$rego_file" ]]; then + 1>&2 echo "$infra_file-> $rego_file" + generate_test_input "$infra_file" "$rego_file" + else + 1>&2 echo "$rego_file is up to date. Remove it to force re-generating." + fi + done +elif [[ "$1" == "-h" || $# -gt 1 ]]; then + 1>&2 echo "Usage:" + 1>&2 echo " $0 # Regenerates all test outputs" + 1>&2 echo " $0 INFRA_FILE # Regenerates a specific test output" + exit 1 +else + infra_file="$1" + rego_file="$(echo "$infra_file" | sed 's/\.[^.]*$/.rego/')" + 1>&2 echo "$infra_file-> $rego_file" + generate_test_input "$infra_file" "$rego_file" +fi diff --git a/tests/examples/aws/ec2_t2_only_test.rego b/rego/tests/examples/aws/ec2_t2_only_test.rego similarity index 100% rename from tests/examples/aws/ec2_t2_only_test.rego rename to rego/tests/examples/aws/ec2_t2_only_test.rego diff --git a/tests/examples/aws/iam_password_length_test.rego b/rego/tests/examples/aws/iam_password_length_test.rego similarity index 100% rename from tests/examples/aws/iam_password_length_test.rego rename to rego/tests/examples/aws/iam_password_length_test.rego diff --git a/rego/tests/examples/aws/inputs/ec2_t2_only_infra.rego b/rego/tests/examples/aws/inputs/ec2_t2_only_infra.rego new file mode 100644 index 00000000..982ad563 --- /dev/null +++ b/rego/tests/examples/aws/inputs/ec2_t2_only_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/examples/aws/inputs/ec2_t2_only_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.examples.aws.inputs.ec2_t2_only_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ec2_t2_only_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/examples/aws/inputs/ec2_t2_only_infra.tf b/rego/tests/examples/aws/inputs/ec2_t2_only_infra.tf similarity index 100% rename from tests/examples/aws/inputs/ec2_t2_only_infra.tf rename to rego/tests/examples/aws/inputs/ec2_t2_only_infra.tf diff --git a/tests/examples/aws/inputs/ec2_t2_only_infra.rego b/rego/tests/examples/aws/inputs/ec2_t2_only_infra.tfplan similarity index 74% rename from tests/examples/aws/inputs/ec2_t2_only_infra.rego rename to rego/tests/examples/aws/inputs/ec2_t2_only_infra.tfplan index f04bd433..3ec1550b 100644 --- a/tests/examples/aws/inputs/ec2_t2_only_infra.rego +++ b/rego/tests/examples/aws/inputs/ec2_t2_only_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/examples/aws/inputs/ec2_t2_only_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.examples.aws.inputs.ec2_t2_only_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,23 +9,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.nano", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -64,23 +34,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_2xlarge", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.2xlarge", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -88,23 +59,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_large", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.large", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -112,23 +84,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_medium", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.medium", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -136,23 +109,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_micro", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.micro", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -160,23 +134,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_small", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.small", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -184,23 +159,24 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_xlarge", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.xlarge", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null } }, { @@ -208,9 +184,42 @@ mock_plan_input = { "mode": "data", "type": "aws_ami", "name": "ubuntu", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { + "architecture": "x86_64", + "arn": "arn:aws:ec2:us-west-2::image/ami-0bac6fc47ad07c5f5", + "block_device_mappings": [ + { + "device_name": "/dev/sda1", + "ebs": { + "delete_on_termination": "true", + "encrypted": "false", + "iops": "0", + "snapshot_id": "snap-013fb4433bd2108c7", + "throughput": "0", + "volume_size": "8", + "volume_type": "gp2" + }, + "no_device": "", + "virtual_name": "" + }, + { + "device_name": "/dev/sdb", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral0" + }, + { + "device_name": "/dev/sdc", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral1" + } + ], + "creation_date": "2019-11-11T13:13:47.000Z", + "description": "Canonical, Ubuntu, 14.04 LTS, amd64 trusty image build on 2019-11-07", + "ena_support": true, "executable_users": null, "filter": [ { @@ -226,11 +235,37 @@ mock_plan_input = { ] } ], + "hypervisor": "xen", + "id": "ami-0bac6fc47ad07c5f5", + "image_id": "ami-0bac6fc47ad07c5f5", + "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20191107", + "image_owner_alias": null, + "image_type": "machine", + "kernel_id": null, "most_recent": true, + "name": "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20191107", "name_regex": null, + "owner_id": "099720109477", "owners": [ "099720109477" - ] + ], + "platform": null, + "platform_details": "Linux/UNIX", + "product_codes": [], + "public": true, + "ramdisk_id": null, + "root_device_name": "/dev/sda1", + "root_device_type": "ebs", + "root_snapshot_id": "snap-013fb4433bd2108c7", + "sriov_net_support": "simple", + "state": "available", + "state_reason": { + "code": "UNSET", + "message": "UNSET" + }, + "tags": {}, + "usage_operation": "RunInstances", + "virtualization_type": "hvm" } } ] @@ -242,30 +277,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.nano", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -273,9 +308,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -294,8 +331,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -305,30 +342,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_2xlarge", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.2xlarge", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -336,9 +373,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -357,8 +396,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -368,30 +407,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_large", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.large", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -399,9 +438,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -420,8 +461,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -431,30 +472,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_medium", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.medium", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -462,9 +503,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -483,8 +526,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -494,30 +537,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_micro", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.micro", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -525,9 +568,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -546,8 +591,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -557,30 +602,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_small", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.small", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -588,9 +633,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -609,8 +656,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -620,30 +667,30 @@ mock_plan_input = { "mode": "managed", "type": "aws_instance", "name": "valid_xlarge", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" ], "before": null, "after": { + "ami": "ami-0bac6fc47ad07c5f5", "credit_specification": [], "disable_api_termination": null, "ebs_optimized": null, "get_password_data": false, "hibernation": null, "iam_instance_profile": null, - "instance_initiated_shutdown_behavior": null, "instance_type": "t2.xlarge", "monitoring": null, "source_dest_check": true, "tags": null, "timeouts": null, "user_data": null, - "user_data_base64": null + "user_data_base64": null, + "volume_tags": null }, "after_unknown": { - "ami": true, "arn": true, "associate_public_ip_address": true, "availability_zone": true, @@ -651,9 +698,11 @@ mock_plan_input = { "cpu_threads_per_core": true, "credit_specification": [], "ebs_block_device": true, + "enclave_options": true, "ephemeral_block_device": true, "host_id": true, "id": true, + "instance_initiated_shutdown_behavior": true, "instance_state": true, "ipv6_address_count": true, "ipv6_addresses": true, @@ -672,8 +721,8 @@ mock_plan_input = { "secondary_private_ips": true, "security_groups": true, "subnet_id": true, + "tags_all": true, "tenancy": true, - "volume_tags": true, "vpc_security_group_ids": true } } @@ -683,13 +732,46 @@ mock_plan_input = { "mode": "data", "type": "aws_ami", "name": "ubuntu", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "read" ], "before": null, "after": { + "architecture": "x86_64", + "arn": "arn:aws:ec2:us-west-2::image/ami-0bac6fc47ad07c5f5", + "block_device_mappings": [ + { + "device_name": "/dev/sda1", + "ebs": { + "delete_on_termination": "true", + "encrypted": "false", + "iops": "0", + "snapshot_id": "snap-013fb4433bd2108c7", + "throughput": "0", + "volume_size": "8", + "volume_type": "gp2" + }, + "no_device": "", + "virtual_name": "" + }, + { + "device_name": "/dev/sdb", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral0" + }, + { + "device_name": "/dev/sdc", + "ebs": {}, + "no_device": "", + "virtual_name": "ephemeral1" + } + ], + "creation_date": "2019-11-11T13:13:47.000Z", + "description": "Canonical, Ubuntu, 14.04 LTS, amd64 trusty image build on 2019-11-07", + "ena_support": true, "executable_users": null, "filter": [ { @@ -705,55 +787,39 @@ mock_plan_input = { ] } ], + "hypervisor": "xen", + "id": "ami-0bac6fc47ad07c5f5", + "image_id": "ami-0bac6fc47ad07c5f5", + "image_location": "099720109477/ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20191107", + "image_owner_alias": null, + "image_type": "machine", + "kernel_id": null, "most_recent": true, + "name": "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20191107", "name_regex": null, + "owner_id": "099720109477", "owners": [ "099720109477" - ] - }, - "after_unknown": { - "architecture": true, - "arn": true, - "block_device_mappings": true, - "creation_date": true, - "description": true, - "filter": [ - { - "values": [ - false - ] - }, - { - "values": [ - false - ] - } ], - "hypervisor": true, - "id": true, - "image_id": true, - "image_location": true, - "image_owner_alias": true, - "image_type": true, - "kernel_id": true, - "name": true, - "owner_id": true, - "owners": [ - false - ], - "platform": true, - "product_codes": true, + "platform": null, + "platform_details": "Linux/UNIX", + "product_codes": [], "public": true, - "ramdisk_id": true, - "root_device_name": true, - "root_device_type": true, - "root_snapshot_id": true, - "sriov_net_support": true, - "state": true, - "state_reason": true, - "tags": true, - "virtualization_type": true - } + "ramdisk_id": null, + "root_device_name": "/dev/sda1", + "root_device_type": "ebs", + "root_snapshot_id": "snap-013fb4433bd2108c7", + "sriov_net_support": "simple", + "state": "available", + "state_reason": { + "code": "UNSET", + "message": "UNSET" + }, + "tags": {}, + "usage_operation": "RunInstances", + "virtualization_type": "hvm" + }, + "after_unknown": {} } } ], diff --git a/rego/tests/examples/aws/inputs/iam_password_length_infra.rego b/rego/tests/examples/aws/inputs/iam_password_length_infra.rego new file mode 100644 index 00000000..9471094a --- /dev/null +++ b/rego/tests/examples/aws/inputs/iam_password_length_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/examples/aws/inputs/iam_password_length_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.examples.aws.inputs.iam_password_length_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("iam_password_length_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/examples/aws/inputs/iam_password_length_infra.tf b/rego/tests/examples/aws/inputs/iam_password_length_infra.tf similarity index 100% rename from tests/examples/aws/inputs/iam_password_length_infra.tf rename to rego/tests/examples/aws/inputs/iam_password_length_infra.tf diff --git a/tests/examples/aws/inputs/iam_password_length_infra.rego b/rego/tests/examples/aws/inputs/iam_password_length_infra.tfplan similarity index 76% rename from tests/examples/aws/inputs/iam_password_length_infra.rego rename to rego/tests/examples/aws/inputs/iam_password_length_infra.tfplan index 98797c0a..a56b0d76 100644 --- a/tests/examples/aws/inputs/iam_password_length_infra.rego +++ b/rego/tests/examples/aws/inputs/iam_password_length_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/examples/aws/inputs/iam_password_length_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.examples.aws.inputs.iam_password_length_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "invalid_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "allow_users_to_change_password": true, @@ -52,7 +21,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "invalid_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "allow_users_to_change_password": true, @@ -64,7 +33,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "allow_users_to_change_password": true, @@ -80,7 +49,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "invalid_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -108,7 +77,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "invalid_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -136,7 +105,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_account_password_policy", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" diff --git a/rego/tests/examples/aws/inputs/tag_all_resources_infra.rego b/rego/tests/examples/aws/inputs/tag_all_resources_infra.rego new file mode 100644 index 00000000..c13c2902 --- /dev/null +++ b/rego/tests/examples/aws/inputs/tag_all_resources_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/examples/aws/inputs/tag_all_resources_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.examples.aws.inputs.tag_all_resources_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("tag_all_resources_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/examples/aws/inputs/tag_all_resources_infra.tf b/rego/tests/examples/aws/inputs/tag_all_resources_infra.tf similarity index 100% rename from tests/examples/aws/inputs/tag_all_resources_infra.tf rename to rego/tests/examples/aws/inputs/tag_all_resources_infra.tf diff --git a/tests/examples/aws/inputs/tag_all_resources_infra.rego b/rego/tests/examples/aws/inputs/tag_all_resources_infra.tfplan similarity index 84% rename from tests/examples/aws/inputs/tag_all_resources_infra.rego rename to rego/tests/examples/aws/inputs/tag_all_resources_infra.tfplan index 3d0d2e1a..5d76cf13 100644 --- a/tests/examples/aws/inputs/tag_all_resources_infra.rego +++ b/rego/tests/examples/aws/inputs/tag_all_resources_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/examples/aws/inputs/tag_all_resources_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.examples.aws.inputs.tag_all_resources_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -59,6 +28,10 @@ mock_plan_input = { "Environment": "Dev", "Name": "My bucket" }, + "tags_all": { + "Environment": "Dev", + "Name": "My bucket" + }, "website": [] } }, @@ -67,7 +40,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "assign_generated_ipv6_cidr_block": false, @@ -76,6 +49,9 @@ mock_plan_input = { "instance_tenancy": "default", "tags": { "Name": "12345" + }, + "tags_all": { + "Name": "12345" } } }, @@ -84,7 +60,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "untagged", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "assign_generated_ipv6_cidr_block": false, @@ -99,7 +75,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "assign_generated_ipv6_cidr_block": false, @@ -108,6 +84,9 @@ mock_plan_input = { "instance_tenancy": "default", "tags": { "Name": "123456" + }, + "tags_all": { + "Name": "123456" } } } @@ -120,7 +99,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -143,6 +122,10 @@ mock_plan_input = { "Environment": "Dev", "Name": "My bucket" }, + "tags_all": { + "Environment": "Dev", + "Name": "My bucket" + }, "website": [] }, "after_unknown": { @@ -162,6 +145,7 @@ mock_plan_input = { "request_payer": true, "server_side_encryption_configuration": [], "tags": {}, + "tags_all": {}, "versioning": true, "website": [], "website_domain": true, @@ -174,7 +158,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -187,6 +171,9 @@ mock_plan_input = { "instance_tenancy": "default", "tags": { "Name": "12345" + }, + "tags_all": { + "Name": "12345" } }, "after_unknown": { @@ -203,7 +190,8 @@ mock_plan_input = { "ipv6_cidr_block": true, "main_route_table_id": true, "owner_id": true, - "tags": {} + "tags": {}, + "tags_all": {} } } }, @@ -212,7 +200,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "untagged", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -238,7 +226,8 @@ mock_plan_input = { "ipv6_association_id": true, "ipv6_cidr_block": true, "main_route_table_id": true, - "owner_id": true + "owner_id": true, + "tags_all": true } } }, @@ -247,7 +236,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -260,6 +249,9 @@ mock_plan_input = { "instance_tenancy": "default", "tags": { "Name": "123456" + }, + "tags_all": { + "Name": "123456" } }, "after_unknown": { @@ -276,7 +268,8 @@ mock_plan_input = { "ipv6_cidr_block": true, "main_route_table_id": true, "owner_id": true, - "tags": {} + "tags": {}, + "tags_all": {} } } } diff --git a/rego/tests/examples/aws/inputs/useast1_only_infra.rego b/rego/tests/examples/aws/inputs/useast1_only_infra.rego new file mode 100644 index 00000000..aed4c2ff --- /dev/null +++ b/rego/tests/examples/aws/inputs/useast1_only_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/examples/aws/inputs/useast1_only_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.examples.aws.inputs.useast1_only_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("useast1_only_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/examples/aws/inputs/useast1_only_infra.tf b/rego/tests/examples/aws/inputs/useast1_only_infra.tf similarity index 100% rename from tests/examples/aws/inputs/useast1_only_infra.tf rename to rego/tests/examples/aws/inputs/useast1_only_infra.tf diff --git a/rego/tests/examples/aws/inputs/useast1_only_infra.tfplan b/rego/tests/examples/aws/inputs/useast1_only_infra.tfplan new file mode 100644 index 00000000..52581492 --- /dev/null +++ b/rego/tests/examples/aws/inputs/useast1_only_infra.tfplan @@ -0,0 +1,20 @@ +{ + "format_version": "0.1", + "terraform_version": "0.13.5", + "planned_values": { + "root_module": {} + }, + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": {} + } +} diff --git a/tests/examples/aws/tag_all_resources_test.rego b/rego/tests/examples/aws/tag_all_resources_test.rego similarity index 100% rename from tests/examples/aws/tag_all_resources_test.rego rename to rego/tests/examples/aws/tag_all_resources_test.rego diff --git a/tests/examples/aws/useast1_only_test.rego b/rego/tests/examples/aws/useast1_only_test.rego similarity index 100% rename from tests/examples/aws/useast1_only_test.rego rename to rego/tests/examples/aws/useast1_only_test.rego diff --git a/tests/lib/cfn/cloudtrail_test.rego b/rego/tests/lib/cfn/cloudtrail_test.rego similarity index 100% rename from tests/lib/cfn/cloudtrail_test.rego rename to rego/tests/lib/cfn/cloudtrail_test.rego diff --git a/tests/lib/fugue_regula_report_01_test.rego b/rego/tests/lib/fugue_regula_report_01_test.rego similarity index 95% rename from tests/lib/fugue_regula_report_01_test.rego rename to rego/tests/lib/fugue_regula_report_01_test.rego index 23715ca1..b93e2827 100644 --- a/tests/lib/fugue_regula_report_01_test.rego +++ b/rego/tests/lib/fugue_regula_report_01_test.rego @@ -17,10 +17,10 @@ package fugue.regula_report_01_test import data.fugue.regula -import data.tests.rules.tf.aws.ebs.inputs.volume_encrypted_infra +import data.tests.lib.inputs.volume_encrypted_infra # We reuse the mock input from another test case. -mock_plan_input = volume_encrypted_infra.mock_plan_input +mock_config = volume_encrypted_infra.mock_config[0].content # We construct some mock rules as well. mock_rules = { @@ -47,7 +47,7 @@ mock_rules = { # Produce a report. report = ret { - ret = regula.report with input as mock_plan_input with data.rules as mock_rules + ret = regula.report with input as mock_config with data.rules as mock_rules } contains_result(arr, result) { diff --git a/tests/lib/fugue_regula_report_02_test.rego b/rego/tests/lib/fugue_regula_report_02_test.rego similarity index 88% rename from tests/lib/fugue_regula_report_02_test.rego rename to rego/tests/lib/fugue_regula_report_02_test.rego index d9f24622..396a982e 100644 --- a/tests/lib/fugue_regula_report_02_test.rego +++ b/rego/tests/lib/fugue_regula_report_02_test.rego @@ -16,17 +16,17 @@ package fugue.regula_report_02_test import data.fugue.regula -import data.tests.rules.cfn.cloudtrail.inputs.invalid_encryption_infra as input1 -import data.tests.rules.cfn.s3.inputs.valid_encryption_infra as input2 +import data.tests.lib.inputs.invalid_encryption_infra as input1 +import data.tests.lib.inputs.valid_encryption_infra as input2 mock_input := [ { "filepath": "template1.yaml", - "content": input1.mock_plan_input + "content": input1.mock_config[0].content }, { "filepath": "template2.yaml", - "content": input2.mock_plan_input + "content": input2.mock_config[0].content } ] diff --git a/tests/lib/fugue_regula_report_03_test.rego b/rego/tests/lib/fugue_regula_report_03_test.rego similarity index 88% rename from tests/lib/fugue_regula_report_03_test.rego rename to rego/tests/lib/fugue_regula_report_03_test.rego index 2d49b624..a22933d9 100644 --- a/tests/lib/fugue_regula_report_03_test.rego +++ b/rego/tests/lib/fugue_regula_report_03_test.rego @@ -16,17 +16,17 @@ package fugue.regula_report_03_test import data.fugue.regula -import data.tests.rules.cfn.cloudtrail.inputs.invalid_encryption_infra as input1 -import data.tests.rules.cfn.s3.inputs.valid_encryption_infra as input2 +import data.tests.lib.inputs.invalid_encryption_infra as input1 +import data.tests.lib.inputs.valid_encryption_infra as input2 mock_input := [ { "filepath": "template1.yaml", - "content": input1.mock_plan_input + "content": input1.mock_config[0].content }, { "filepath": "template2.yaml", - "content": input2.mock_plan_input + "content": input2.mock_config[0].content } ] diff --git a/tests/lib/fugue_regula_report_04_test.rego b/rego/tests/lib/fugue_regula_report_04_test.rego similarity index 92% rename from tests/lib/fugue_regula_report_04_test.rego rename to rego/tests/lib/fugue_regula_report_04_test.rego index c20ea581..0166132f 100644 --- a/tests/lib/fugue_regula_report_04_test.rego +++ b/rego/tests/lib/fugue_regula_report_04_test.rego @@ -16,17 +16,17 @@ package fugue.regula_report_04_test import data.fugue.regula -import data.tests.rules.cfn.cloudtrail.inputs.invalid_encryption_infra as input1 -import data.tests.rules.cfn.s3.inputs.valid_encryption_infra as input2 +import data.tests.lib.inputs.invalid_encryption_infra as input1 +import data.tests.lib.inputs.valid_encryption_infra as input2 mock_input := [ { "filepath": "template1.yaml", - "content": input1.mock_plan_input + "content": input1.mock_config[0].content }, { "filepath": "template2.yaml", - "content": input2.mock_plan_input + "content": input2.mock_config[0].content } ] diff --git a/tests/lib/fugue_regula_test.rego b/rego/tests/lib/fugue_regula_test.rego similarity index 100% rename from tests/lib/fugue_regula_test.rego rename to rego/tests/lib/fugue_regula_test.rego diff --git a/tests/lib/fugue_resource_view_01_test.rego b/rego/tests/lib/fugue_resource_view_01_test.rego similarity index 100% rename from tests/lib/fugue_resource_view_01_test.rego rename to rego/tests/lib/fugue_resource_view_01_test.rego diff --git a/tests/lib/fugue_resource_view_02_test.rego b/rego/tests/lib/fugue_resource_view_02_test.rego similarity index 92% rename from tests/lib/fugue_resource_view_02_test.rego rename to rego/tests/lib/fugue_resource_view_02_test.rego index 00614b11..26493b28 100644 --- a/tests/lib/fugue_resource_view_02_test.rego +++ b/rego/tests/lib/fugue_resource_view_02_test.rego @@ -18,59 +18,60 @@ import data.tests.lib.inputs.resource_view_02_infra test_resource_view_02 { resource_view_02_infra.mock_resources == { "aws_s3_bucket.example": { - "id": "aws_s3_bucket.example", + "_provider": "aws", + "_type": "aws_s3_bucket", "acl": "private", - "website": [], - "replication_configuration": [], - "cors_rule": [], - "tags": null, "bucket_prefix": "example", - "policy": null, - "server_side_encryption_configuration": [], + "cors_rule": [], + "force_destroy": false, "grant": [], - "object_lock_configuration": [], - "logging": [], + "id": "aws_s3_bucket.example", "lifecycle_rule": [], - "_type": "aws_s3_bucket", - "_provider": "aws", - "force_destroy": false + "logging": [], + "object_lock_configuration": [], + "policy": null, + "replication_configuration": [], + "server_side_encryption_configuration": [], + "tags": null, + "website": [], }, "data.aws_iam_policy_document.example": { + "_provider": "aws", + "_type": "aws_iam_policy_document", "id": "data.aws_iam_policy_document.example", + "override_json": null, + "override_policy_documents": null, + "policy_id": null, + "source_json": null, + "source_policy_documents": null, "statement": [{ "actions": ["s3:*"], - "sid": null, - "not_resources": null, - "resources": [ - "arn:aws:s3:::some-example-bucket/*", - "aws_s3_bucket.example" - ], - "effect": "Allow", "condition": [], + "effect": "Allow", + "not_actions": null, "not_principals": [], + "not_resources": null, "principals": [{ "type": "*", - "identifiers": ["*"] + "identifiers": ["*"], }], - "not_actions": null + "resources": [ + "arn:aws:s3:::some-example-bucket/*", + "aws_s3_bucket.example", + ], + "sid": null, }], - "override_json": null, - "override_policy_documents": null, - "source_policy_documents": null, - "source_json": null, "version": null, - "policy_id": null, - "_type": "aws_iam_policy_document", - "_provider": "aws", }, "aws_iam_policy.example": { - "id": "aws_iam_policy.example", + "_provider": "aws", + "_type": "aws_iam_policy", "description": null, - "policy": "data.aws_iam_policy_document.example", + "id": "aws_iam_policy.example", + "name_prefix": null, "path": "/", - "_type": "aws_iam_policy", - "_provider": "aws", - "name_prefix": null + "policy": "data.aws_iam_policy_document.example", + "tags": null, } } } diff --git a/tests/lib/fugue_resource_view_03_test.rego b/rego/tests/lib/fugue_resource_view_03_test.rego similarity index 98% rename from tests/lib/fugue_resource_view_03_test.rego rename to rego/tests/lib/fugue_resource_view_03_test.rego index 6841db41..618342ad 100644 --- a/tests/lib/fugue_resource_view_03_test.rego +++ b/rego/tests/lib/fugue_resource_view_03_test.rego @@ -64,6 +64,7 @@ test_resource_view_03 { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "main", + "nfsv3_enabled": false, "resource_group_name": "main", "static_website": [], "tags": null, diff --git a/tests/lib/fugue_resource_view_04_test.rego b/rego/tests/lib/fugue_resource_view_04_test.rego similarity index 100% rename from tests/lib/fugue_resource_view_04_test.rego rename to rego/tests/lib/fugue_resource_view_04_test.rego diff --git a/tests/lib/fugue_resource_view_cloudformation_test.rego b/rego/tests/lib/fugue_resource_view_cloudformation_test.rego similarity index 100% rename from tests/lib/fugue_resource_view_cloudformation_test.rego rename to rego/tests/lib/fugue_resource_view_cloudformation_test.rego diff --git a/tests/lib/fugue_resource_view_modules_test.rego b/rego/tests/lib/fugue_resource_view_modules_test.rego similarity index 99% rename from tests/lib/fugue_resource_view_modules_test.rego rename to rego/tests/lib/fugue_resource_view_modules_test.rego index d035f7a5..58aa3f6e 100644 --- a/tests/lib/fugue_resource_view_modules_test.rego +++ b/rego/tests/lib/fugue_resource_view_modules_test.rego @@ -24,10 +24,10 @@ test_mock_resource_view { } mock_resource_view = ret { - ret = resource_view.resource_view with input as mock_plan_input + ret = resource_view.resource_view with input as mock_config } -mock_plan_input = { +mock_config = { "format_version": "0.1", "terraform_version": "0.12.18", "variables": { diff --git a/tests/lib/fugue_resource_view_test.rego b/rego/tests/lib/fugue_resource_view_test.rego similarity index 99% rename from tests/lib/fugue_resource_view_test.rego rename to rego/tests/lib/fugue_resource_view_test.rego index f3a22539..9617f74c 100644 --- a/tests/lib/fugue_resource_view_test.rego +++ b/rego/tests/lib/fugue_resource_view_test.rego @@ -60,10 +60,10 @@ test_mock_resource_view { } mock_resource_view = ret { - ret = resource_view with input as mock_plan_input + ret = resource_view with input as mock_config } -mock_plan_input = { +mock_config = { "format_version":"0.1", "terraform_version":"0.12.18", "planned_values":{ diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn b/rego/tests/lib/inputs/invalid_encryption_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn rename to rego/tests/lib/inputs/invalid_encryption_infra.cfn diff --git a/rego/tests/lib/inputs/invalid_encryption_infra.rego b/rego/tests/lib/inputs/invalid_encryption_infra.rego new file mode 100644 index 00000000..d3f8399d --- /dev/null +++ b/rego/tests/lib/inputs/invalid_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/invalid_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.invalid_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/lib/inputs/resource_view_01_infra.rego b/rego/tests/lib/inputs/resource_view_01_infra.rego new file mode 100644 index 00000000..a5a3c96d --- /dev/null +++ b/rego/tests/lib/inputs/resource_view_01_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/resource_view_01_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.resource_view_01_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("resource_view_01_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/lib/inputs/resource_view_01_infra.tf b/rego/tests/lib/inputs/resource_view_01_infra.tf similarity index 100% rename from tests/lib/inputs/resource_view_01_infra.tf rename to rego/tests/lib/inputs/resource_view_01_infra.tf diff --git a/tests/lib/inputs/resource_view_01_infra.rego b/rego/tests/lib/inputs/resource_view_01_infra.tfplan similarity index 83% rename from tests/lib/inputs/resource_view_01_infra.rego rename to rego/tests/lib/inputs/resource_view_01_infra.tfplan index 14626f76..42d040bd 100644 --- a/tests/lib/inputs/resource_view_01_infra.rego +++ b/rego/tests/lib/inputs/resource_view_01_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/lib/inputs/resource_view_01_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.lib.inputs.resource_view_01_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.29", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -63,7 +32,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0 }, { @@ -71,7 +40,7 @@ mock_plan_input = { "mode": "data", "type": "aws_iam_policy_document", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "override_json": null, @@ -113,7 +82,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -151,6 +120,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, @@ -163,7 +133,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -182,7 +152,7 @@ mock_plan_input = { "mode": "data", "type": "aws_iam_policy_document", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "read" diff --git a/rego/tests/lib/inputs/resource_view_02_infra.rego b/rego/tests/lib/inputs/resource_view_02_infra.rego new file mode 100644 index 00000000..b4583549 --- /dev/null +++ b/rego/tests/lib/inputs/resource_view_02_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/resource_view_02_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.resource_view_02_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("resource_view_02_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/lib/inputs/resource_view_02_infra.tf b/rego/tests/lib/inputs/resource_view_02_infra.tf similarity index 100% rename from tests/lib/inputs/resource_view_02_infra.tf rename to rego/tests/lib/inputs/resource_view_02_infra.tf diff --git a/tests/lib/inputs/resource_view_02_infra.rego b/rego/tests/lib/inputs/resource_view_02_infra.tfplan similarity index 83% rename from tests/lib/inputs/resource_view_02_infra.rego rename to rego/tests/lib/inputs/resource_view_02_infra.tfplan index 4c8f5049..d6bff0ef 100644 --- a/tests/lib/inputs/resource_view_02_infra.rego +++ b/rego/tests/lib/inputs/resource_view_02_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/lib/inputs/resource_view_02_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.lib.inputs.resource_view_02_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.29", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,12 +9,13 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": null, "name_prefix": null, - "path": "/" + "path": "/", + "tags": null } }, { @@ -53,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -76,7 +46,7 @@ mock_plan_input = { "mode": "data", "type": "aws_iam_policy_document", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "override_json": null, @@ -120,7 +90,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -129,13 +99,16 @@ mock_plan_input = { "after": { "description": null, "name_prefix": null, - "path": "/" + "path": "/", + "tags": null }, "after_unknown": { "arn": true, "id": true, "name": true, - "policy": true + "policy": true, + "policy_id": true, + "tags_all": true } } }, @@ -144,7 +117,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -182,6 +155,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, @@ -194,7 +168,7 @@ mock_plan_input = { "mode": "data", "type": "aws_iam_policy_document", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "read" diff --git a/rego/tests/lib/inputs/resource_view_03_infra.rego b/rego/tests/lib/inputs/resource_view_03_infra.rego new file mode 100644 index 00000000..13f8a9a6 --- /dev/null +++ b/rego/tests/lib/inputs/resource_view_03_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/resource_view_03_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.resource_view_03_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("resource_view_03_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/lib/inputs/resource_view_03_infra.tf b/rego/tests/lib/inputs/resource_view_03_infra.tf similarity index 100% rename from tests/lib/inputs/resource_view_03_infra.tf rename to rego/tests/lib/inputs/resource_view_03_infra.tf diff --git a/tests/lib/inputs/resource_view_03_infra.rego b/rego/tests/lib/inputs/resource_view_03_infra.tfplan similarity index 84% rename from tests/lib/inputs/resource_view_03_infra.rego rename to rego/tests/lib/inputs/resource_view_03_infra.tfplan index 3bea205f..b3336605 100644 --- a/tests/lib/inputs/resource_view_03_infra.rego +++ b/rego/tests/lib/inputs/resource_view_03_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/lib/inputs/resource_view_03_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.lib.inputs.resource_view_03_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.29", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_monitor_log_profile", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "categories": [ @@ -68,7 +37,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westeurope", @@ -82,7 +51,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -95,6 +64,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "main", + "nfsv3_enabled": false, "resource_group_name": "main", "static_website": [], "tags": null, @@ -110,7 +80,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_monitor_log_profile", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -159,7 +129,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -181,7 +151,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "main", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -198,6 +168,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "main", + "nfsv3_enabled": false, "resource_group_name": "main", "static_website": [], "tags": null, diff --git a/rego/tests/lib/inputs/resource_view_04_infra.rego b/rego/tests/lib/inputs/resource_view_04_infra.rego new file mode 100644 index 00000000..154696ee --- /dev/null +++ b/rego/tests/lib/inputs/resource_view_04_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/resource_view_04_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.resource_view_04_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("resource_view_04_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/lib/inputs/resource_view_04_infra.tf b/rego/tests/lib/inputs/resource_view_04_infra.tf similarity index 100% rename from tests/lib/inputs/resource_view_04_infra.tf rename to rego/tests/lib/inputs/resource_view_04_infra.tf diff --git a/tests/lib/inputs/resource_view_04_infra.rego b/rego/tests/lib/inputs/resource_view_04_infra.tfplan similarity index 70% rename from tests/lib/inputs/resource_view_04_infra.rego rename to rego/tests/lib/inputs/resource_view_04_infra.tfplan index 94d30313..9629ada8 100644 --- a/tests/lib/inputs/resource_view_04_infra.rego +++ b/rego/tests/lib/inputs/resource_view_04_infra.tfplan @@ -1,35 +1,4 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/lib/inputs/resource_view_04_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.lib.inputs.resource_view_04_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", "terraform_version": "0.13.5", "planned_values": { @@ -105,6 +74,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, diff --git a/tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn b/rego/tests/lib/inputs/valid_encryption_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn rename to rego/tests/lib/inputs/valid_encryption_infra.cfn diff --git a/rego/tests/lib/inputs/valid_encryption_infra.rego b/rego/tests/lib/inputs/valid_encryption_infra.rego new file mode 100644 index 00000000..b3cfbd3a --- /dev/null +++ b/rego/tests/lib/inputs/valid_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/valid_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.valid_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/lib/inputs/volume_encrypted_infra.rego b/rego/tests/lib/inputs/volume_encrypted_infra.rego new file mode 100644 index 00000000..5283d5c0 --- /dev/null +++ b/rego/tests/lib/inputs/volume_encrypted_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/lib/inputs/volume_encrypted_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.lib.inputs.volume_encrypted_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("volume_encrypted_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf b/rego/tests/lib/inputs/volume_encrypted_infra.tf similarity index 100% rename from tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf rename to rego/tests/lib/inputs/volume_encrypted_infra.tf diff --git a/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego b/rego/tests/lib/inputs/volume_encrypted_infra.tfplan similarity index 77% rename from tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego rename to rego/tests/lib/inputs/volume_encrypted_infra.tfplan index 710dc21e..f58fa542 100644 --- a/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego +++ b/rego/tests/lib/inputs/volume_encrypted_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.ebs.inputs.volume_encrypted_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "bad", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "availability_zone": "us-west-2a", @@ -56,7 +25,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "good", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "availability_zone": "us-west-2a", @@ -72,7 +41,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "missing", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "availability_zone": "us-west-2a", @@ -91,7 +60,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "bad", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -111,6 +80,8 @@ mock_plan_input = { "iops": true, "kms_key_id": true, "snapshot_id": true, + "tags_all": true, + "throughput": true, "type": true } } @@ -120,7 +91,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "good", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -140,6 +111,8 @@ mock_plan_input = { "iops": true, "kms_key_id": true, "snapshot_id": true, + "tags_all": true, + "throughput": true, "type": true } } @@ -149,7 +122,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_ebs_volume", "name": "missing", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -169,6 +142,8 @@ mock_plan_input = { "iops": true, "kms_key_id": true, "snapshot_id": true, + "tags_all": true, + "throughput": true, "type": true } } diff --git a/tests/lib/util/resolve_test.rego b/rego/tests/lib/util/resolve_test.rego similarity index 100% rename from tests/lib/util/resolve_test.rego rename to rego/tests/lib/util/resolve_test.rego diff --git a/tests/rules/cfn/api_gateway/classic_custom_domain_name_test.rego b/rego/tests/rules/cfn/api_gateway/classic_custom_domain_name_test.rego similarity index 100% rename from tests/rules/cfn/api_gateway/classic_custom_domain_name_test.rego rename to rego/tests/rules/cfn/api_gateway/classic_custom_domain_name_test.rego diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego new file mode 100644 index 00000000..8262f53e --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.invalid_classic_custom_domain_name_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_classic_custom_domain_name_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego new file mode 100644 index 00000000..558e9a46 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.invalid_classic_custom_domain_name_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_classic_custom_domain_name_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego new file mode 100644 index 00000000..35b52e17 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.invalid_v2_custom_domain_name_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_v2_custom_domain_name_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego new file mode 100644 index 00000000..d32c1fc6 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.invalid_v2_custom_domain_name_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_v2_custom_domain_name_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.cfn diff --git a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego similarity index 56% rename from tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego rename to rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego index 1ce3ae9b..fbe5a629 100644 --- a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego +++ b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.rego @@ -16,30 +16,17 @@ # # tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.api_gateway.inputs.valid_classic_custom_domain_name_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid classic custom domain name configuration", - "Resources": { - "CustomDomainName": { - "Type": "AWS::ApiGateway::DomainName", - "Properties": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_2", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3" - } - } - } -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_classic_custom_domain_name_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego new file mode 100644 index 00000000..c56dcb72 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.valid_classic_custom_domain_name_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_classic_custom_domain_name_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego new file mode 100644 index 00000000..94e2cef7 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.valid_v2_custom_domain_name_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_v2_custom_domain_name_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn rename to rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn diff --git a/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego new file mode 100644 index 00000000..edaecdd9 --- /dev/null +++ b/rego/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.api_gateway.inputs.valid_v2_custom_domain_name_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_v2_custom_domain_name_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/api_gateway/v2_custom_domain_name_test.rego b/rego/tests/rules/cfn/api_gateway/v2_custom_domain_name_test.rego similarity index 100% rename from tests/rules/cfn/api_gateway/v2_custom_domain_name_test.rego rename to rego/tests/rules/cfn/api_gateway/v2_custom_domain_name_test.rego diff --git a/tests/rules/cfn/cloudtrail/cloudwatch_test.rego b/rego/tests/rules/cfn/cloudtrail/cloudwatch_test.rego similarity index 100% rename from tests/rules/cfn/cloudtrail/cloudwatch_test.rego rename to rego/tests/rules/cfn/cloudtrail/cloudwatch_test.rego diff --git a/tests/rules/cfn/cloudtrail/encryption_test.rego b/rego/tests/rules/cfn/cloudtrail/encryption_test.rego similarity index 100% rename from tests/rules/cfn/cloudtrail/encryption_test.rego rename to rego/tests/rules/cfn/cloudtrail/encryption_test.rego diff --git a/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/empty_template_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.cfn diff --git a/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego similarity index 68% rename from tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego rename to rego/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego index c5434817..ab74a97e 100644 --- a/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego +++ b/rego/tests/rules/cfn/cloudtrail/inputs/empty_template_infra.rego @@ -16,21 +16,17 @@ # # tests/rules/cfn/cloudtrail/inputs/empty_template_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.cloudtrail.inputs.empty_template_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Empty template for testing", - "Resources": {} -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("empty_template_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego new file mode 100644 index 00000000..6f83b7ce --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_cloudwatch_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudwatch_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego new file mode 100644 index 00000000..43fbe73e --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_cloudwatch_with_valid_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudwatch_with_valid_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn new file mode 100644 index 00000000..3d5da4c2 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn @@ -0,0 +1,49 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +AWSTemplateFormatVersion: "2010-09-09" +Description: Invalid CloudTrail encryption configuration +Resources: + CloudTrailLogging: + Type: AWS::CloudTrail::Trail + Properties: + IncludeGlobalServiceEvents: false + IsLogging: true + S3BucketName: !Ref LoggingBucket + S3KeyPrefix: prefix + TrailName: cf-fuguetest-trail + LoggingBucket: + Type: AWS::S3::Bucket + LoggingBucketPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Ref LoggingBucket + PolicyDocument: + Statement: + - Sid: AWSCloudTrailAclCheck + Effect: Allow + Principal: + Service: cloudtrail.amazonaws.com + Action: s3:GetBucketAcl + Resource: + - !GetAtt LoggingBucket.Arn + - Sid: AWSCloudTrailWrite + Effect: Allow + Principal: + Service: cloudtrail.amazonaws.com + Action: s3:PutObject + Resource: + - !Sub "${LoggingBucket.Arn}/*" + Condition: + StringEquals: + "s3:x-amz-acl": "bucket-owner-full-control" diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego new file mode 100644 index 00000000..b51394b5 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego new file mode 100644 index 00000000..3e672368 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_log_validation_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_log_validation_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego new file mode 100644 index 00000000..88f37748 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_log_validation_with_valid_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_log_validation_with_valid_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego new file mode 100644 index 00000000..09e2ef38 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_s3_access_logging_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_s3_access_logging_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego new file mode 100644 index 00000000..dd211ea2 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_target_public_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_target_public_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego new file mode 100644 index 00000000..4d60ce26 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.invalid_target_public_write_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_target_public_write_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego new file mode 100644 index 00000000..66d3ef4c --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_cloudwatch_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudwatch_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego new file mode 100644 index 00000000..b7a624e9 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego new file mode 100644 index 00000000..5d643cc3 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_log_validation_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_log_validation_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego new file mode 100644 index 00000000..319af530 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_s3_access_logging_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_s3_access_logging_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego new file mode 100644 index 00000000..2ab94f6f --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_target_full_check_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_target_full_check_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn similarity index 100% rename from tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn rename to rego/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn diff --git a/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego new file mode 100644 index 00000000..12393640 --- /dev/null +++ b/rego/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.cloudtrail.inputs.valid_target_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_target_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/cloudtrail/log_validation_test.rego b/rego/tests/rules/cfn/cloudtrail/log_validation_test.rego similarity index 100% rename from tests/rules/cfn/cloudtrail/log_validation_test.rego rename to rego/tests/rules/cfn/cloudtrail/log_validation_test.rego diff --git a/tests/rules/cfn/cloudtrail/s3_access_logging_test.rego b/rego/tests/rules/cfn/cloudtrail/s3_access_logging_test.rego similarity index 100% rename from tests/rules/cfn/cloudtrail/s3_access_logging_test.rego rename to rego/tests/rules/cfn/cloudtrail/s3_access_logging_test.rego diff --git a/tests/rules/cfn/cloudtrail/target_test.rego b/rego/tests/rules/cfn/cloudtrail/target_test.rego similarity index 100% rename from tests/rules/cfn/cloudtrail/target_test.rego rename to rego/tests/rules/cfn/cloudtrail/target_test.rego diff --git a/tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn b/rego/tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn similarity index 100% rename from tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn rename to rego/tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn diff --git a/rego/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego b/rego/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego new file mode 100644 index 00000000..cb5bfb88 --- /dev/null +++ b/rego/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.ebs.inputs.volume_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("volume_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/ebs/volume_encryption_test.rego b/rego/tests/rules/cfn/ebs/volume_encryption_test.rego similarity index 100% rename from tests/rules/cfn/ebs/volume_encryption_test.rego rename to rego/tests/rules/cfn/ebs/volume_encryption_test.rego diff --git a/tests/rules/cfn/iam/admin_policy_test.rego b/rego/tests/rules/cfn/iam/admin_policy_test.rego similarity index 100% rename from tests/rules/cfn/iam/admin_policy_test.rego rename to rego/tests/rules/cfn/iam/admin_policy_test.rego diff --git a/tests/rules/cfn/iam/inputs/admin_policy_infra.cfn b/rego/tests/rules/cfn/iam/inputs/admin_policy_infra.cfn similarity index 100% rename from tests/rules/cfn/iam/inputs/admin_policy_infra.cfn rename to rego/tests/rules/cfn/iam/inputs/admin_policy_infra.cfn diff --git a/rego/tests/rules/cfn/iam/inputs/admin_policy_infra.rego b/rego/tests/rules/cfn/iam/inputs/admin_policy_infra.rego new file mode 100644 index 00000000..afc201d9 --- /dev/null +++ b/rego/tests/rules/cfn/iam/inputs/admin_policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/iam/inputs/admin_policy_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.iam.inputs.admin_policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("admin_policy_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/iam/inputs/policy_infra.cfn b/rego/tests/rules/cfn/iam/inputs/policy_infra.cfn similarity index 100% rename from tests/rules/cfn/iam/inputs/policy_infra.cfn rename to rego/tests/rules/cfn/iam/inputs/policy_infra.cfn diff --git a/rego/tests/rules/cfn/iam/inputs/policy_infra.rego b/rego/tests/rules/cfn/iam/inputs/policy_infra.rego new file mode 100644 index 00000000..c9e55b8c --- /dev/null +++ b/rego/tests/rules/cfn/iam/inputs/policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/iam/inputs/policy_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.iam.inputs.policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("policy_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/iam/policy_test.rego b/rego/tests/rules/cfn/iam/policy_test.rego similarity index 100% rename from tests/rules/cfn/iam/policy_test.rego rename to rego/tests/rules/cfn/iam/policy_test.rego diff --git a/tests/rules/cfn/kms/inputs/key_rotation_infra.cfn b/rego/tests/rules/cfn/kms/inputs/key_rotation_infra.cfn similarity index 100% rename from tests/rules/cfn/kms/inputs/key_rotation_infra.cfn rename to rego/tests/rules/cfn/kms/inputs/key_rotation_infra.cfn diff --git a/rego/tests/rules/cfn/kms/inputs/key_rotation_infra.rego b/rego/tests/rules/cfn/kms/inputs/key_rotation_infra.rego new file mode 100644 index 00000000..58faba1f --- /dev/null +++ b/rego/tests/rules/cfn/kms/inputs/key_rotation_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/kms/inputs/key_rotation_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.kms.inputs.key_rotation_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("key_rotation_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/kms/key_rotation_test.rego b/rego/tests/rules/cfn/kms/key_rotation_test.rego similarity index 100% rename from tests/rules/cfn/kms/key_rotation_test.rego rename to rego/tests/rules/cfn/kms/key_rotation_test.rego diff --git a/tests/rules/cfn/lambda/function_not_public_test.rego b/rego/tests/rules/cfn/lambda/function_not_public_test.rego similarity index 100% rename from tests/rules/cfn/lambda/function_not_public_test.rego rename to rego/tests/rules/cfn/lambda/function_not_public_test.rego diff --git a/tests/rules/cfn/lambda/inputs/empty_template_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/empty_template_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/empty_template_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/empty_template_infra.cfn diff --git a/tests/rules/cfn/lambda/inputs/empty_template_infra.rego b/rego/tests/rules/cfn/lambda/inputs/empty_template_infra.rego similarity index 68% rename from tests/rules/cfn/lambda/inputs/empty_template_infra.rego rename to rego/tests/rules/cfn/lambda/inputs/empty_template_infra.rego index 4eeee762..cf86c35b 100644 --- a/tests/rules/cfn/lambda/inputs/empty_template_infra.rego +++ b/rego/tests/rules/cfn/lambda/inputs/empty_template_infra.rego @@ -16,21 +16,17 @@ # # tests/rules/cfn/lambda/inputs/empty_template_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.lambda.inputs.empty_template_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Empty template for testing", - "Resources": {} -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("empty_template_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn new file mode 100644 index 00000000..fdb24620 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn @@ -0,0 +1,162 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +AWSTemplateFormatVersion: "2010-09-09" +Description: Invalid public function configuration +Resources: + FunctionRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + Path: / + + # These don't represent every possible way of specifying FunctionName + # on permissions, but it should be sufficient to test that our method of + # associating functions and permissions is working + + # Associating permissions by ARN + Function: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByArn: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !GetAtt Function.Arn + Action: lambda:InvokeFunction + Principal: "*" + + # Associating permissions by Ref + Function2: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByRef: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !Ref Function2 + Action: lambda:InvokeFunction + Principal: "*" + + # Associating permissions by Partial ARN with sub + Function3: + Type: AWS::Lambda::Function + Properties: + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByPartialArn: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !Sub "${AWS::AccountId}:${Function3}" + Action: lambda:InvokeFunction + Principal: "*" + + # Associating permissions by hardcoded name + Function4: + Type: AWS::Lambda::Function + Properties: + FunctionName: function4 + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByHardcodedName: + Type: AWS::Lambda::Permission + Properties: + FunctionName: function4 + Action: lambda:InvokeFunction + Principal: "*" + + # Associating permissions by hardcoded name and alias + Function5Alias: + Type: AWS::Lambda::Alias + Properties: + FunctionName: !Ref Function5 + FunctionVersion: $LATEST + Name: v1 + Function5: + Type: AWS::Lambda::Function + Properties: + FunctionName: function5 + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByHardcodedNameAndAlias: + Type: AWS::Lambda::Permission + Properties: + FunctionName: function5:v1 + Action: lambda:InvokeFunction + Principal: "*" + + # Associating permissions by hardcoded name and alias, using functions + Function6Alias: + Type: AWS::Lambda::Alias + Properties: + FunctionName: !Ref Function5 + FunctionVersion: $LATEST + Name: v1 + Function6: + Type: AWS::Lambda::Function + Properties: + FunctionName: !Sub "function-${AWS::Region}" + Code: + ZipFile: | + exports.handler = (event, context) => { + console.log(JSON.stringify(event)) + } + Handler: index.handler + Role: !GetAtt FunctionRole.Arn + Runtime: nodejs12.x + FunctionPermissionByNameAndAliasUsingFunctions: + Type: AWS::Lambda::Permission + Properties: + FunctionName: !Join [":", [!Sub "function-${AWS::Region}", "v2"]] + Action: lambda:InvokeFunction + Principal: "*" diff --git a/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego new file mode 100644 index 00000000..84743268 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.invalid_function_not_public_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_function_not_public_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego new file mode 100644 index 00000000..941a1e26 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.invalid_function_not_public_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_function_not_public_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego new file mode 100644 index 00000000..56f29b1d --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.invalid_function_not_public_with_valid_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_function_not_public_with_valid_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego new file mode 100644 index 00000000..2f02a0c1 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_account_permission_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_account_permission_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego new file mode 100644 index 00000000..1b7c200f --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_account_permission_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_account_permission_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego new file mode 100644 index 00000000..70897503 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego new file mode 100644 index 00000000..1e743128 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego new file mode 100644 index 00000000..e270a6ba --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_service_permission_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_service_permission_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn similarity index 100% rename from tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn rename to rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn diff --git a/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego new file mode 100644 index 00000000..6041ff95 --- /dev/null +++ b/rego/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.lambda.inputs.valid_function_not_public_service_permission_sam_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_function_not_public_service_permission_sam_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/block_public_access_test.rego b/rego/tests/rules/cfn/s3/block_public_access_test.rego similarity index 100% rename from tests/rules/cfn/s3/block_public_access_test.rego rename to rego/tests/rules/cfn/s3/block_public_access_test.rego diff --git a/tests/rules/cfn/s3/cloudtrail_s3_data_logging_read_test.rego b/rego/tests/rules/cfn/s3/cloudtrail_s3_data_logging_read_test.rego similarity index 100% rename from tests/rules/cfn/s3/cloudtrail_s3_data_logging_read_test.rego rename to rego/tests/rules/cfn/s3/cloudtrail_s3_data_logging_read_test.rego diff --git a/tests/rules/cfn/s3/cloudtrail_s3_data_logging_write_test.rego b/rego/tests/rules/cfn/s3/cloudtrail_s3_data_logging_write_test.rego similarity index 100% rename from tests/rules/cfn/s3/cloudtrail_s3_data_logging_write_test.rego rename to rego/tests/rules/cfn/s3/cloudtrail_s3_data_logging_write_test.rego diff --git a/tests/rules/cfn/s3/encryption_test.rego b/rego/tests/rules/cfn/s3/encryption_test.rego similarity index 100% rename from tests/rules/cfn/s3/encryption_test.rego rename to rego/tests/rules/cfn/s3/encryption_test.rego diff --git a/tests/rules/cfn/s3/https_access_test.rego b/rego/tests/rules/cfn/s3/https_access_test.rego similarity index 100% rename from tests/rules/cfn/s3/https_access_test.rego rename to rego/tests/rules/cfn/s3/https_access_test.rego diff --git a/tests/rules/cfn/s3/inputs/empty_template_infra.cfn b/rego/tests/rules/cfn/s3/inputs/empty_template_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/empty_template_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/empty_template_infra.cfn diff --git a/tests/rules/cfn/s3/inputs/empty_template_infra.rego b/rego/tests/rules/cfn/s3/inputs/empty_template_infra.rego similarity index 68% rename from tests/rules/cfn/s3/inputs/empty_template_infra.rego rename to rego/tests/rules/cfn/s3/inputs/empty_template_infra.rego index 45db5563..bdb9ad74 100644 --- a/tests/rules/cfn/s3/inputs/empty_template_infra.rego +++ b/rego/tests/rules/cfn/s3/inputs/empty_template_infra.rego @@ -16,21 +16,17 @@ # # tests/rules/cfn/s3/inputs/empty_template_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.s3.inputs.empty_template_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Empty template for testing", - "Resources": {} -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("empty_template_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/lib/inputs/resource_view_01.tf b/rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn similarity index 52% rename from tests/lib/inputs/resource_view_01.tf rename to rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn index 131a3e9f..9bd689ff 100644 --- a/tests/lib/inputs/resource_view_01.tf +++ b/rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn @@ -11,31 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -provider "aws" { - region = "us-west-2" -} - -resource "aws_s3_bucket" "example" { - bucket_prefix = "example" -} - -data "aws_iam_policy_document" "example" { - statement { - effect = "Allow" - actions = ["s3:*"] - - principals { - type = "*" - identifiers = ["*"] - } - - resources = [ - "arn:aws:s3:::${aws_s3_bucket.example.id}/*", - ] - } -} - -resource "aws_s3_bucket_policy" "example" { - bucket = "${aws_s3_bucket.example.id}" - policy = "${data.aws_iam_policy_document.example.json}" -} +AWSTemplateFormatVersion: "2010-09-09" +Description: Invalid S3 block public access configuration +Resources: + Bucket1: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + Bucket2: + Type: AWS::S3::Bucket + Properties: + AccessControl: Private + PublicAccessBlockConfiguration: + BlockPublicAcls: true + IgnorePublicAcls: true + RestrictPublicBuckets: true diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego new file mode 100644 index 00000000..ea20053b --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_block_public_access_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_block_public_access_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego new file mode 100644 index 00000000..67be9a41 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_all_one_bucket_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego similarity index 61% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego index 28153bce..778b7662 100644 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.rego @@ -16,31 +16,17 @@ # # tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_no_trails_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging with no CloudTrail", - "Resources": { - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_no_trails_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego new file mode 100644 index 00000000..02c41fa7 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_read_one_bucket_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego new file mode 100644 index 00000000..6de6356d --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego new file mode 100644 index 00000000..508a1ba2 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_trail_no_selector_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego new file mode 100644 index 00000000..893f458d --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_write_one_bucket_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego new file mode 100644 index 00000000..7cd61727 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.cfn diff --git a/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego similarity index 65% rename from tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego rename to rego/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego index a704780b..e7ee6534 100644 --- a/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego +++ b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.rego @@ -16,25 +16,17 @@ # # tests/rules/cfn/s3/inputs/invalid_encryption_missing_infra.cfn # -# using `generate_test_inputs.sh` and should not be modified +# using 'generate_test_inputs.sh' and should not be modified # directly. # # It provides three inputs for testing: # - mock_input: The resource view input as passed to advanced rules # - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform +# - mock_config: The raw config input as its parsed by regula package tests.rules.cfn.s3.inputs.invalid_encryption_missing_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid S3 encryption configuration", - "Resources": { - "Bucket": { - "Type": "AWS::S3::Bucket" - } - } -} + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_encryption_missing_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego new file mode 100644 index 00000000..1c6ba5c4 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_encryption_with_valid_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_encryption_with_valid_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego new file mode 100644 index 00000000..c6874978 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_https_access_bucket_policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_https_access_bucket_policy_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn b/rego/tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego b/rego/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego new file mode 100644 index 00000000..cfe367dc --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.invalid_missing_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("invalid_missing_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego new file mode 100644 index 00000000..30b717e5 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_block_public_access_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_block_public_access_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego new file mode 100644 index 00000000..ca9cf63b --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_all_all_buckets_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego new file mode 100644 index 00000000..bc9ce557 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_all_two_buckets_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego new file mode 100644 index 00000000..750c7113 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_read_all_buckets_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego new file mode 100644 index 00000000..7af7d4f2 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_write_all_buckets_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego new file mode 100644 index 00000000..b46fad73 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn new file mode 100644 index 00000000..1c68351b --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn @@ -0,0 +1,39 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +AWSTemplateFormatVersion: "2010-09-09" +Description: Valid S3 encryption configuration +Resources: + KMSKey: + Type: AWS::KMS::Key + Properties: + Description: This key is used to encrypt bucket objects + KeyPolicy: + Version: "2012-10-17" + Id: "default-key-policy" + Statement: + - Sid: Enable IAM User Permissions + Effect: Allow + Principal: + AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root" + Action: "kms:*" + Resource: "*" + PendingWindowInDays: 10 + Bucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + KMSMasterKeyID: !Ref KMSKey + SSEAlgorithm: aws:kms diff --git a/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego new file mode 100644 index 00000000..4873a0a8 --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_encryption_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_encryption_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn b/rego/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn similarity index 100% rename from tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn rename to rego/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn diff --git a/rego/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego b/rego/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego new file mode 100644 index 00000000..76d0ab6b --- /dev/null +++ b/rego/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.s3.inputs.valid_https_access_bucket_policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("valid_https_access_bucket_policy_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/default_security_group_test.rego b/rego/tests/rules/cfn/vpc/default_security_group_test.rego similarity index 100% rename from tests/rules/cfn/vpc/default_security_group_test.rego rename to rego/tests/rules/cfn/vpc/default_security_group_test.rego diff --git a/tests/rules/cfn/vpc/flow_logging_enabled_test.rego b/rego/tests/rules/cfn/vpc/flow_logging_enabled_test.rego similarity index 100% rename from tests/rules/cfn/vpc/flow_logging_enabled_test.rego rename to rego/tests/rules/cfn/vpc/flow_logging_enabled_test.rego diff --git a/tests/rules/cfn/vpc/ingress_22_test.rego b/rego/tests/rules/cfn/vpc/ingress_22_test.rego similarity index 100% rename from tests/rules/cfn/vpc/ingress_22_test.rego rename to rego/tests/rules/cfn/vpc/ingress_22_test.rego diff --git a/tests/rules/cfn/vpc/ingress_3389_test.rego b/rego/tests/rules/cfn/vpc/ingress_3389_test.rego similarity index 100% rename from tests/rules/cfn/vpc/ingress_3389_test.rego rename to rego/tests/rules/cfn/vpc/ingress_3389_test.rego diff --git a/tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego b/rego/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego new file mode 100644 index 00000000..44729fd6 --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.default_security_group_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("default_security_group_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego b/rego/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego new file mode 100644 index 00000000..a71e82bb --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.flow_logging_enabled_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("flow_logging_enabled_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego b/rego/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego new file mode 100644 index 00000000..78d7dcdc --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.ingress_22_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ingress_22_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego b/rego/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego new file mode 100644 index 00000000..03b0f52a --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.ingress_3389_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ingress_3389_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego new file mode 100644 index 00000000..cb133f45 --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.nacl_ingress_22_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("nacl_ingress_22_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn similarity index 100% rename from tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn rename to rego/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn diff --git a/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego new file mode 100644 index 00000000..9e7a8270 --- /dev/null +++ b/rego/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.cfn.vpc.inputs.nacl_ingress_3389_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("nacl_ingress_3389_infra.cfn", "cfn") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/cfn/vpc/nacl_ingress_22_test.rego b/rego/tests/rules/cfn/vpc/nacl_ingress_22_test.rego similarity index 100% rename from tests/rules/cfn/vpc/nacl_ingress_22_test.rego rename to rego/tests/rules/cfn/vpc/nacl_ingress_22_test.rego diff --git a/tests/rules/cfn/vpc/nacl_ingress_3389_test.rego b/rego/tests/rules/cfn/vpc/nacl_ingress_3389_test.rego similarity index 100% rename from tests/rules/cfn/vpc/nacl_ingress_3389_test.rego rename to rego/tests/rules/cfn/vpc/nacl_ingress_3389_test.rego diff --git a/tests/rules/tf/aws/cloudfront/distribution_https_test.rego b/rego/tests/rules/tf/aws/cloudfront/distribution_https_test.rego similarity index 100% rename from tests/rules/tf/aws/cloudfront/distribution_https_test.rego rename to rego/tests/rules/tf/aws/cloudfront/distribution_https_test.rego diff --git a/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego b/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego new file mode 100644 index 00000000..b4d99ba4 --- /dev/null +++ b/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.cloudfront.inputs.distribution_https_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("distribution_https_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf b/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf similarity index 100% rename from tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf rename to rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf diff --git a/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego b/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tfplan similarity index 87% rename from tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego rename to rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tfplan index 145fc757..591624dd 100644 --- a/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.rego +++ b/rego/tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/cloudfront/inputs/distribution_https_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.cloudfront.inputs.distribution_https_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "allow_all", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "aliases": null, @@ -52,31 +21,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "allow-all" } ], @@ -102,7 +68,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -128,7 +93,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "https_only", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "aliases": null, @@ -140,31 +105,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "https-only" } ], @@ -190,7 +152,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -216,7 +177,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "redirect_to_https", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "aliases": null, @@ -228,31 +189,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "redirect-to-https" } ], @@ -278,7 +236,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -304,7 +261,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_origin_access_identity", "name": "origin_access_identity", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "comment": null @@ -315,7 +272,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "bucket", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -342,7 +299,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "allow_all", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -358,31 +315,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "allow-all" } ], @@ -408,7 +362,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -442,15 +395,23 @@ mock_plan_input = { false, false ], + "default_ttl": true, "forwarded_values": [ { "cookies": [ - {} - ] + { + "whitelisted_names": true + } + ], + "headers": true, + "query_string_cache_keys": true } ], "lambda_function_association": [], - "target_origin_id": true + "max_ttl": true, + "target_origin_id": true, + "trusted_key_groups": true, + "trusted_signers": true } ], "domain_name": true, @@ -478,11 +439,15 @@ mock_plan_input = { "restrictions": [ { "geo_restriction": [ - {} + { + "locations": true + } ] } ], "status": true, + "tags_all": true, + "trusted_key_groups": true, "trusted_signers": true, "viewer_certificate": [ {} @@ -495,7 +460,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "https_only", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -511,31 +476,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "https-only" } ], @@ -561,7 +523,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -595,15 +556,23 @@ mock_plan_input = { false, false ], + "default_ttl": true, "forwarded_values": [ { "cookies": [ - {} - ] + { + "whitelisted_names": true + } + ], + "headers": true, + "query_string_cache_keys": true } ], "lambda_function_association": [], - "target_origin_id": true + "max_ttl": true, + "target_origin_id": true, + "trusted_key_groups": true, + "trusted_signers": true } ], "domain_name": true, @@ -631,11 +600,15 @@ mock_plan_input = { "restrictions": [ { "geo_restriction": [ - {} + { + "locations": true + } ] } ], "status": true, + "tags_all": true, + "trusted_key_groups": true, "trusted_signers": true, "viewer_certificate": [ {} @@ -648,7 +621,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_distribution", "name": "redirect_to_https", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -664,31 +637,28 @@ mock_plan_input = { "GET", "HEAD" ], + "cache_policy_id": null, "cached_methods": [ "GET", "HEAD" ], "compress": false, - "default_ttl": 86400, "field_level_encryption_id": null, "forwarded_values": [ { "cookies": [ { - "forward": "none", - "whitelisted_names": null + "forward": "none" } ], - "headers": null, - "query_string": false, - "query_string_cache_keys": null + "query_string": false } ], "lambda_function_association": [], - "max_ttl": 31536000, "min_ttl": 0, + "origin_request_policy_id": null, + "realtime_log_config_arn": null, "smooth_streaming": null, - "trusted_signers": null, "viewer_protocol_policy": "redirect-to-https" } ], @@ -714,7 +684,6 @@ mock_plan_input = { { "geo_restriction": [ { - "locations": null, "restriction_type": "none" } ] @@ -748,15 +717,23 @@ mock_plan_input = { false, false ], + "default_ttl": true, "forwarded_values": [ { "cookies": [ - {} - ] + { + "whitelisted_names": true + } + ], + "headers": true, + "query_string_cache_keys": true } ], "lambda_function_association": [], - "target_origin_id": true + "max_ttl": true, + "target_origin_id": true, + "trusted_key_groups": true, + "trusted_signers": true } ], "domain_name": true, @@ -784,11 +761,15 @@ mock_plan_input = { "restrictions": [ { "geo_restriction": [ - {} + { + "locations": true + } ] } ], "status": true, + "tags_all": true, + "trusted_key_groups": true, "trusted_signers": true, "viewer_certificate": [ {} @@ -801,7 +782,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudfront_origin_access_identity", "name": "origin_access_identity", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -825,7 +806,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "bucket", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -863,6 +844,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, diff --git a/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego b/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego new file mode 100644 index 00000000..2795aace --- /dev/null +++ b/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.cloudtrail.inputs.log_file_validation_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("log_file_validation_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf b/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf similarity index 100% rename from tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf rename to rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf diff --git a/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego b/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tfplan similarity index 83% rename from tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego rename to rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tfplan index 98048018..efa36db1 100644 --- a/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.rego +++ b/rego/tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/cloudtrail/inputs/log_file_validation_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.cloudtrail.inputs.log_file_validation_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudtrail", "name": "invalid_trail", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "cloud_watch_logs_group_arn": null, @@ -64,7 +33,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudtrail", "name": "valid_trail", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "cloud_watch_logs_group_arn": null, @@ -88,7 +57,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "trail_bucket", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -111,7 +80,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket_policy", "name": "policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0 }, { @@ -119,8 +88,14 @@ mock_plan_input = { "mode": "data", "type": "aws_caller_identity", "name": "current", - "provider_name": "aws", - "schema_version": 0 + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "account_id": "819995596046", + "arn": "arn:aws:iam::819995596046:user/jason", + "id": "819995596046", + "user_id": "AIDA3524L2UHGTZ7STQ2Y" + } } ] } @@ -131,7 +106,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudtrail", "name": "invalid_trail", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -159,7 +134,8 @@ mock_plan_input = { "home_region": true, "id": true, "insight_selector": [], - "s3_bucket_name": true + "s3_bucket_name": true, + "tags_all": true } } }, @@ -168,7 +144,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudtrail", "name": "valid_trail", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -196,7 +172,8 @@ mock_plan_input = { "home_region": true, "id": true, "insight_selector": [], - "s3_bucket_name": true + "s3_bucket_name": true, + "tags_all": true } } }, @@ -205,7 +182,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "trail_bucket", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -243,6 +220,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, @@ -255,7 +233,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket_policy", "name": "policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -274,19 +252,19 @@ mock_plan_input = { "mode": "data", "type": "aws_caller_identity", "name": "current", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "read" ], "before": null, - "after": {}, - "after_unknown": { - "account_id": true, - "arn": true, - "id": true, - "user_id": true - } + "after": { + "account_id": "819995596046", + "arn": "arn:aws:iam::819995596046:user/jason", + "id": "819995596046", + "user_id": "AIDA3524L2UHGTZ7STQ2Y" + }, + "after_unknown": {} } } ], diff --git a/tests/rules/tf/aws/cloudtrail/log_file_validation_test.rego b/rego/tests/rules/tf/aws/cloudtrail/log_file_validation_test.rego similarity index 100% rename from tests/rules/tf/aws/cloudtrail/log_file_validation_test.rego rename to rego/tests/rules/tf/aws/cloudtrail/log_file_validation_test.rego diff --git a/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego new file mode 100644 index 00000000..2eac2bf0 --- /dev/null +++ b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.ebs.inputs.volume_encrypted_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("volume_encrypted_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf new file mode 100644 index 00000000..5b248d54 --- /dev/null +++ b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tf @@ -0,0 +1,33 @@ +# Copyright 2020 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +provider "aws" { + region = "us-east-2" +} + +resource "aws_ebs_volume" "good" { + availability_zone = "us-west-2a" + size = 40 + encrypted = true +} + +resource "aws_ebs_volume" "missing" { + availability_zone = "us-west-2a" + size = 40 +} + +resource "aws_ebs_volume" "bad" { + availability_zone = "us-west-2a" + size = 40 + encrypted = false +} diff --git a/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tfplan b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tfplan new file mode 100644 index 00000000..f58fa542 --- /dev/null +++ b/rego/tests/rules/tf/aws/ebs/inputs/volume_encrypted_infra.tfplan @@ -0,0 +1,222 @@ +{ + "format_version": "0.1", + "terraform_version": "0.13.5", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_ebs_volume.bad", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "bad", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "availability_zone": "us-west-2a", + "encrypted": false, + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + } + }, + { + "address": "aws_ebs_volume.good", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "good", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "availability_zone": "us-west-2a", + "encrypted": true, + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + } + }, + { + "address": "aws_ebs_volume.missing", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "missing", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 0, + "values": { + "availability_zone": "us-west-2a", + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_ebs_volume.bad", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "bad", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "availability_zone": "us-west-2a", + "encrypted": false, + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + }, + "after_unknown": { + "arn": true, + "id": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "tags_all": true, + "throughput": true, + "type": true + } + } + }, + { + "address": "aws_ebs_volume.good", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "good", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "availability_zone": "us-west-2a", + "encrypted": true, + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + }, + "after_unknown": { + "arn": true, + "id": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "tags_all": true, + "throughput": true, + "type": true + } + } + }, + { + "address": "aws_ebs_volume.missing", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "missing", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "availability_zone": "us-west-2a", + "multi_attach_enabled": null, + "outpost_arn": null, + "size": 40, + "tags": null + }, + "after_unknown": { + "arn": true, + "encrypted": true, + "id": true, + "iops": true, + "kms_key_id": true, + "snapshot_id": true, + "tags_all": true, + "throughput": true, + "type": true + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-2" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_ebs_volume.bad", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "bad", + "provider_config_key": "aws", + "expressions": { + "availability_zone": { + "constant_value": "us-west-2a" + }, + "encrypted": { + "constant_value": false + }, + "size": { + "constant_value": 40 + } + }, + "schema_version": 0 + }, + { + "address": "aws_ebs_volume.good", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "good", + "provider_config_key": "aws", + "expressions": { + "availability_zone": { + "constant_value": "us-west-2a" + }, + "encrypted": { + "constant_value": true + }, + "size": { + "constant_value": 40 + } + }, + "schema_version": 0 + }, + { + "address": "aws_ebs_volume.missing", + "mode": "managed", + "type": "aws_ebs_volume", + "name": "missing", + "provider_config_key": "aws", + "expressions": { + "availability_zone": { + "constant_value": "us-west-2a" + }, + "size": { + "constant_value": 40 + } + }, + "schema_version": 0 + } + ] + } + } +} diff --git a/tests/rules/tf/aws/ebs/volume_encrypted_test.rego b/rego/tests/rules/tf/aws/ebs/volume_encrypted_test.rego similarity index 100% rename from tests/rules/tf/aws/ebs/volume_encrypted_test.rego rename to rego/tests/rules/tf/aws/ebs/volume_encrypted_test.rego diff --git a/tests/rules/tf/aws/iam/admin_policy_test.rego b/rego/tests/rules/tf/aws/iam/admin_policy_test.rego similarity index 100% rename from tests/rules/tf/aws/iam/admin_policy_test.rego rename to rego/tests/rules/tf/aws/iam/admin_policy_test.rego diff --git a/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego b/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego new file mode 100644 index 00000000..32cacdd6 --- /dev/null +++ b/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.iam.inputs.admin_policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("admin_policy_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf b/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf similarity index 100% rename from tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf rename to rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf diff --git a/tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego b/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tfplan similarity index 91% rename from tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego rename to rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tfplan index b88173ec..a8668ccc 100644 --- a/tests/rules/tf/aws/iam/inputs/admin_policy_infra.rego +++ b/rego/tests/rules/tf/aws/iam/inputs/admin_policy_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/iam/inputs/admin_policy_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.iam.inputs.admin_policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "my_group", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "my_group", @@ -52,7 +21,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_policy", "name": "invalid_group_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "invalid_group_policy", @@ -65,7 +34,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_policy", "name": "valid_group_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_group_policy", @@ -78,7 +47,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Invalid policy", @@ -93,7 +62,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_deny_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Valid deny policy", @@ -108,7 +77,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "my_test_role", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "assume_role_policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n", @@ -127,7 +96,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "invalid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "invalid_role_policy", @@ -140,7 +109,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "valid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_role_policy", @@ -153,7 +122,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "my_test_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -168,7 +137,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "invalid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "invalid_user_policy", @@ -182,7 +151,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "valid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_user_policy", @@ -200,7 +169,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "my_group", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -222,7 +191,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_policy", "name": "invalid_group_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -244,7 +213,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_policy", "name": "valid_group_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -266,7 +235,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -290,7 +259,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_deny_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -314,7 +283,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "my_test_role", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -344,7 +313,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "invalid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -366,7 +335,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "valid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -388,7 +357,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "my_test_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -413,7 +382,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "invalid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -435,7 +404,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "valid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" diff --git a/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego b/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego new file mode 100644 index 00000000..0ed6e8c7 --- /dev/null +++ b/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.iam.inputs.user_attached_policy_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("user_attached_policy_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf b/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf similarity index 100% rename from tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf rename to rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf diff --git a/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego b/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tfplan similarity index 91% rename from tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego rename to rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tfplan index f5c56a55..7a251a62 100644 --- a/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.rego +++ b/rego/tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/iam/inputs/user_attached_policy_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.iam.inputs.user_attached_policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_blank_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_group_blank_users", @@ -52,7 +21,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_empty_list_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_group_empty_list_users", @@ -64,7 +33,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_missing_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "valid_group_missing_users", @@ -76,7 +45,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_blank_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "group": "valid_group_blank_users", @@ -91,7 +60,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_empty_list_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "group": "valid_group_empty_list_users", @@ -106,7 +75,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_missing_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "group": "valid_group_missing_users", @@ -121,14 +90,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_normal_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Invalid normal policy attached to user", "name": "invalid_normal_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -136,14 +106,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_user_policy_attachment_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Invalid user policy attachment policy", "name": "invalid_user_policy_attachment_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -151,14 +122,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_blank_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Valid group blank users policy", "name": "valid_group_blank_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -166,14 +138,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_empty_list_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Valid group empty list users policy", "name": "valid_group_empty_list_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -181,14 +154,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_missing_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Valid group missing users policy", "name": "valid_group_missing_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -196,14 +170,15 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "description": "Valid role policy", "name": "valid_role_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null } }, { @@ -211,7 +186,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "invalid_normal_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "groups": null, @@ -227,7 +202,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_blank_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "groups": [ @@ -245,7 +220,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_empty_list_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "groups": [ @@ -261,7 +236,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_missing_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "groups": [ @@ -277,7 +252,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_role_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "groups": null, @@ -293,7 +268,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "valid_role", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "assume_role_policy": "{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n", @@ -312,7 +287,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_normal_policy_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -327,7 +302,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_user_policy_attachment_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -342,7 +317,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_user_policy_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -357,7 +332,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_blank_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -372,7 +347,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_empty_list_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -387,7 +362,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_missing_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "force_destroy": false, @@ -402,7 +377,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "invalid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "invalid_user_policy", @@ -416,7 +391,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy_attachment", "name": "invalid_user_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "user": "invalid_user_policy_attachment_user" @@ -431,7 +406,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_blank_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -453,7 +428,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_empty_list_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -475,7 +450,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group", "name": "valid_group_missing_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -497,7 +472,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_blank_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -523,7 +498,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_empty_list_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -549,7 +524,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_group_membership", "name": "valid_group_missing_users_membership", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -575,7 +550,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_normal_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -586,11 +561,14 @@ mock_plan_input = { "name": "invalid_normal_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -599,7 +577,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "invalid_user_policy_attachment_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -610,11 +588,14 @@ mock_plan_input = { "name": "invalid_user_policy_attachment_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -623,7 +604,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_blank_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -634,11 +615,14 @@ mock_plan_input = { "name": "valid_group_blank_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -647,7 +631,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_empty_list_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -658,11 +642,14 @@ mock_plan_input = { "name": "valid_group_empty_list_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -671,7 +658,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_group_missing_users_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -682,11 +669,14 @@ mock_plan_input = { "name": "valid_group_missing_users_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Deny\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -695,7 +685,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy", "name": "valid_role_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -706,11 +696,14 @@ mock_plan_input = { "name": "valid_role_policy", "name_prefix": null, "path": "/", - "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n" + "policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n", + "tags": null }, "after_unknown": { "arn": true, - "id": true + "id": true, + "policy_id": true, + "tags_all": true } } }, @@ -719,7 +712,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "invalid_normal_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -747,7 +740,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_blank_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -780,7 +773,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_empty_list_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -808,7 +801,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_group_policy_attachment_missing_users", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -836,7 +829,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_policy_attachment", "name": "valid_role_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -864,7 +857,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "valid_role", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -885,6 +878,9 @@ mock_plan_input = { "arn": true, "create_date": true, "id": true, + "inline_policy": true, + "managed_policy_arns": true, + "tags_all": true, "unique_id": true } } @@ -894,7 +890,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_normal_policy_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -910,6 +906,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -919,7 +916,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_user_policy_attachment_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -935,6 +932,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -944,7 +942,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "invalid_user_policy_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -960,6 +958,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -969,7 +968,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_blank_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -985,6 +984,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -994,7 +994,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_empty_list_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -1010,6 +1010,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -1019,7 +1020,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user", "name": "valid_group_missing_user", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -1035,6 +1036,7 @@ mock_plan_input = { "after_unknown": { "arn": true, "id": true, + "tags_all": true, "unique_id": true } } @@ -1044,7 +1046,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy", "name": "invalid_user_policy", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -1066,7 +1068,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_user_policy_attachment", "name": "invalid_user_policy_attachment", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" diff --git a/tests/rules/tf/aws/iam/user_attached_policy_test.rego b/rego/tests/rules/tf/aws/iam/user_attached_policy_test.rego similarity index 100% rename from tests/rules/tf/aws/iam/user_attached_policy_test.rego rename to rego/tests/rules/tf/aws/iam/user_attached_policy_test.rego diff --git a/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego b/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego new file mode 100644 index 00000000..8eb69e20 --- /dev/null +++ b/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.kms.inputs.key_rotation_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("key_rotation_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf b/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf similarity index 100% rename from tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf rename to rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf diff --git a/tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego b/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tfplan similarity index 77% rename from tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego rename to rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tfplan index 452ae71a..90f33c0d 100644 --- a/tests/rules/tf/aws/kms/inputs/key_rotation_infra.rego +++ b/rego/tests/rules/tf/aws/kms/inputs/key_rotation_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/kms/inputs/key_rotation_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.kms.inputs.key_rotation_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "blank-invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", @@ -57,7 +26,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", @@ -74,7 +43,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", @@ -95,7 +64,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "blank-invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -123,7 +92,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "invalid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -151,7 +120,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "valid", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" diff --git a/tests/rules/tf/aws/kms/key_rotation_test.rego b/rego/tests/rules/tf/aws/kms/key_rotation_test.rego similarity index 100% rename from tests/rules/tf/aws/kms/key_rotation_test.rego rename to rego/tests/rules/tf/aws/kms/key_rotation_test.rego diff --git a/tests/rules/tf/aws/s3/bucket_sse_test.rego b/rego/tests/rules/tf/aws/s3/bucket_sse_test.rego similarity index 100% rename from tests/rules/tf/aws/s3/bucket_sse_test.rego rename to rego/tests/rules/tf/aws/s3/bucket_sse_test.rego diff --git a/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego b/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego new file mode 100644 index 00000000..df60e402 --- /dev/null +++ b/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.s3.inputs.bucket_sse_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("bucket_sse_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf b/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf similarity index 100% rename from tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf rename to rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf diff --git a/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego b/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tfplan similarity index 87% rename from tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego rename to rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tfplan index 4e018e96..89bd4638 100644 --- a/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.rego +++ b/rego/tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/s3/inputs/bucket_sse_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.s3.inputs.bucket_sse_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "key", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "customer_master_key_spec": "SYMMETRIC_DEFAULT", @@ -56,7 +25,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "aes_encrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -78,7 +47,8 @@ mock_plan_input = { "kms_master_key_id": null, "sse_algorithm": "AES256" } - ] + ], + "bucket_key_enabled": null } ] } @@ -92,7 +62,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "kms_encrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -113,7 +83,8 @@ mock_plan_input = { { "sse_algorithm": "aws:kms" } - ] + ], + "bucket_key_enabled": null } ] } @@ -127,7 +98,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "unencrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "acl": "private", @@ -154,7 +125,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_kms_key", "name": "key", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -173,7 +144,8 @@ mock_plan_input = { "description": true, "id": true, "key_id": true, - "policy": true + "policy": true, + "tags_all": true } } }, @@ -182,7 +154,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "aes_encrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -208,7 +180,8 @@ mock_plan_input = { "kms_master_key_id": null, "sse_algorithm": "AES256" } - ] + ], + "bucket_key_enabled": null } ] } @@ -243,6 +216,7 @@ mock_plan_input = { ] } ], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, @@ -255,7 +229,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "kms_encrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -280,7 +254,8 @@ mock_plan_input = { { "sse_algorithm": "aws:kms" } - ] + ], + "bucket_key_enabled": null } ] } @@ -317,6 +292,7 @@ mock_plan_input = { ] } ], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, @@ -329,7 +305,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_s3_bucket", "name": "unencrypted", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -367,6 +343,7 @@ mock_plan_input = { "replication_configuration": [], "request_payer": true, "server_side_encryption_configuration": [], + "tags_all": true, "versioning": true, "website": [], "website_domain": true, diff --git a/tests/rules/tf/aws/security_group/ingress_anywhere_rdp_test.rego b/rego/tests/rules/tf/aws/security_group/ingress_anywhere_rdp_test.rego similarity index 100% rename from tests/rules/tf/aws/security_group/ingress_anywhere_rdp_test.rego rename to rego/tests/rules/tf/aws/security_group/ingress_anywhere_rdp_test.rego diff --git a/tests/rules/tf/aws/security_group/ingress_anywhere_ssh_test.rego b/rego/tests/rules/tf/aws/security_group/ingress_anywhere_ssh_test.rego similarity index 100% rename from tests/rules/tf/aws/security_group/ingress_anywhere_ssh_test.rego rename to rego/tests/rules/tf/aws/security_group/ingress_anywhere_ssh_test.rego diff --git a/tests/rules/tf/aws/security_group/ingress_anywhere_test.rego b/rego/tests/rules/tf/aws/security_group/ingress_anywhere_test.rego similarity index 100% rename from tests/rules/tf/aws/security_group/ingress_anywhere_test.rego rename to rego/tests/rules/tf/aws/security_group/ingress_anywhere_test.rego diff --git a/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego new file mode 100644 index 00000000..bfe0690c --- /dev/null +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ingress_anywhere_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf similarity index 100% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf rename to rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tfplan similarity index 87% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego rename to rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tfplan index b4cb6e36..92ef7ac0 100644 --- a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.rego +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_allow_all", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -60,7 +29,6 @@ mock_plan_input = { } ], "name": "invalid_allow_all", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -71,7 +39,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_include_443", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -91,7 +59,6 @@ mock_plan_input = { } ], "name": "invalid_include_valid_443", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -102,7 +69,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_include_80", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -122,7 +89,6 @@ mock_plan_input = { } ], "name": "invalid_include_valid_80", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -133,7 +99,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_exact_443", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -153,7 +119,6 @@ mock_plan_input = { } ], "name": "valid_exact_443", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -164,7 +129,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_exact_80", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -184,7 +149,6 @@ mock_plan_input = { } ], "name": "valid_exact_80", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -199,7 +163,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_allow_all", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -223,7 +187,6 @@ mock_plan_input = { } ], "name": "invalid_allow_all", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -242,7 +205,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -252,7 +217,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_include_443", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -276,7 +241,6 @@ mock_plan_input = { } ], "name": "invalid_include_valid_443", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -295,7 +259,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -305,7 +271,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_include_80", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -329,7 +295,6 @@ mock_plan_input = { } ], "name": "invalid_include_valid_80", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -348,7 +313,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -358,7 +325,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_exact_443", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -382,7 +349,6 @@ mock_plan_input = { } ], "name": "valid_exact_443", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -401,7 +367,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -411,7 +379,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_exact_80", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -435,7 +403,6 @@ mock_plan_input = { } ], "name": "valid_exact_80", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -454,7 +421,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } diff --git a/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego new file mode 100644 index 00000000..7d78b934 --- /dev/null +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_rdp_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ingress_anywhere_rdp_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf similarity index 100% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf rename to rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tfplan similarity index 85% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego rename to rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tfplan index 28ec962c..6bdab634 100644 --- a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.rego +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_rdp_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_rdp_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_sg_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -60,7 +29,6 @@ mock_plan_input = { } ], "name": "invalid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -71,7 +39,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_sg_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -91,7 +59,6 @@ mock_plan_input = { } ], "name": "invalid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -102,7 +69,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_sg_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -122,7 +89,6 @@ mock_plan_input = { } ], "name": "valid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -133,7 +99,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_sg_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "description": "Managed by Terraform", @@ -153,7 +119,6 @@ mock_plan_input = { } ], "name": "valid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -168,7 +133,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_sg_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -192,7 +157,6 @@ mock_plan_input = { } ], "name": "invalid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -211,7 +175,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -221,7 +187,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "invalid_sg_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -245,7 +211,6 @@ mock_plan_input = { } ], "name": "invalid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -264,7 +229,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -274,7 +241,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_sg_1", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -298,7 +265,6 @@ mock_plan_input = { } ], "name": "valid_sg_1", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -317,7 +283,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } @@ -327,7 +295,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_security_group", "name": "valid_sg_2", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -351,7 +319,6 @@ mock_plan_input = { } ], "name": "valid_sg_2", - "name_prefix": null, "revoke_rules_on_delete": false, "tags": null, "timeouts": null @@ -370,7 +337,9 @@ mock_plan_input = { "security_groups": [] } ], + "name_prefix": true, "owner_id": true, + "tags_all": true, "vpc_id": true } } diff --git a/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego new file mode 100644 index 00000000..35100b66 --- /dev/null +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.security_group.inputs.ingress_anywhere_ssh_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("ingress_anywhere_ssh_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf similarity index 100% rename from tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf rename to rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tf diff --git a/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tfplan b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tfplan new file mode 100644 index 00000000..3a7759bb --- /dev/null +++ b/rego/tests/rules/tf/aws/security_group/inputs/ingress_anywhere_ssh_infra.tfplan @@ -0,0 +1,416 @@ +{ + "format_version": "0.1", + "terraform_version": "0.13.5", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 1, + "values": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "invalid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 20, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 25 + } + ], + "name": "invalid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + } + ], + "name": "valid_sg_1", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": "Managed by Terraform", + "ingress": [ + { + "cidr_blocks": [ + "10.10.0.0/16" + ], + "description": "", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + } + ], + "name": "valid_sg_2", + "revoke_rules_on_delete": false, + "tags": null, + "timeouts": null + }, + "after_unknown": { + "arn": true, + "egress": true, + "id": true, + "ingress": [ + { + "cidr_blocks": [ + false + ], + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "security_groups": [] + } + ], + "name_prefix": true, + "owner_id": true, + "tags_all": true, + "vpc_id": true + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_security_group.invalid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.invalid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "invalid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "invalid_sg_2" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_1", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_1", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_1" + } + }, + "schema_version": 1 + }, + { + "address": "aws_security_group.valid_sg_2", + "mode": "managed", + "type": "aws_security_group", + "name": "valid_sg_2", + "provider_config_key": "aws", + "expressions": { + "name": { + "constant_value": "valid_sg_2" + } + }, + "schema_version": 1 + } + ] + } + } +} diff --git a/tests/rules/tf/aws/vpc/flow_log_test.rego b/rego/tests/rules/tf/aws/vpc/flow_log_test.rego similarity index 100% rename from tests/rules/tf/aws/vpc/flow_log_test.rego rename to rego/tests/rules/tf/aws/vpc/flow_log_test.rego diff --git a/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego b/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego new file mode 100644 index 00000000..5fce77c0 --- /dev/null +++ b/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.aws.vpc.inputs.flow_log_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("flow_log_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf b/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf similarity index 100% rename from tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf rename to rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf diff --git a/tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego b/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tfplan similarity index 87% rename from tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego rename to rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tfplan index 7f08034b..76b600ed 100644 --- a/tests/rules/tf/aws/vpc/inputs/flow_log_infra.rego +++ b/rego/tests/rules/tf/aws/vpc/inputs/flow_log_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/aws/vpc/inputs/flow_log_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.aws.vpc.inputs.flow_log_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudwatch_log_group", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "kms_key_id": null, @@ -55,7 +24,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_flow_log", "name": "valid_vpc_flow_log", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "eni_id": null, @@ -71,7 +40,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "assume_role_policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"vpc-flow-logs.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n", @@ -90,7 +59,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 0, "values": { "name": "example", @@ -103,7 +72,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "invalid_vpc", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "assign_generated_ipv6_cidr_block": false, @@ -118,7 +87,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "valid_vpc", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "schema_version": 1, "values": { "assign_generated_ipv6_cidr_block": false, @@ -137,7 +106,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_cloudwatch_log_group", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -152,7 +121,8 @@ mock_plan_input = { }, "after_unknown": { "arn": true, - "id": true + "id": true, + "tags_all": true } } }, @@ -161,7 +131,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_flow_log", "name": "valid_vpc_flow_log", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -182,6 +152,7 @@ mock_plan_input = { "log_destination": true, "log_format": true, "log_group_name": true, + "tags_all": true, "vpc_id": true } } @@ -191,7 +162,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -212,6 +183,9 @@ mock_plan_input = { "arn": true, "create_date": true, "id": true, + "inline_policy": true, + "managed_policy_arns": true, + "tags_all": true, "unique_id": true } } @@ -221,7 +195,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_iam_role_policy", "name": "example", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -243,7 +217,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "invalid_vpc", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -269,7 +243,8 @@ mock_plan_input = { "ipv6_association_id": true, "ipv6_cidr_block": true, "main_route_table_id": true, - "owner_id": true + "owner_id": true, + "tags_all": true } } }, @@ -278,7 +253,7 @@ mock_plan_input = { "mode": "managed", "type": "aws_vpc", "name": "valid_vpc", - "provider_name": "aws", + "provider_name": "registry.terraform.io/hashicorp/aws", "change": { "actions": [ "create" @@ -304,7 +279,8 @@ mock_plan_input = { "ipv6_association_id": true, "ipv6_cidr_block": true, "main_route_table_id": true, - "owner_id": true + "owner_id": true, + "tags_all": true } } } diff --git a/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego new file mode 100644 index 00000000..8da7634a --- /dev/null +++ b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.network.inputs.security_group_no_inbound_22_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("security_group_no_inbound_22_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf rename to rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf diff --git a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tfplan similarity index 96% rename from tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego rename to rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tfplan index 78cf172d..a185498c 100644 --- a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.rego +++ b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_22_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.network.inputs.security_group_no_inbound_22_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.13.4", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ diff --git a/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego new file mode 100644 index 00000000..e0f0d0c9 --- /dev/null +++ b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.network.inputs.security_group_no_inbound_3389_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("security_group_no_inbound_3389_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf rename to rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf diff --git a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tfplan similarity index 96% rename from tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego rename to rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tfplan index 2fdcd03b..8faaa3d3 100644 --- a/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.rego +++ b/rego/tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/network/inputs/security_group_no_inbound_3389_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.network.inputs.security_group_no_inbound_3389_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.13.4", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ diff --git a/tests/rules/tf/azurerm/network/security_group_no_inbound_22_test.rego b/rego/tests/rules/tf/azurerm/network/security_group_no_inbound_22_test.rego similarity index 100% rename from tests/rules/tf/azurerm/network/security_group_no_inbound_22_test.rego rename to rego/tests/rules/tf/azurerm/network/security_group_no_inbound_22_test.rego diff --git a/tests/rules/tf/azurerm/network/security_group_no_inbound_3389_test.rego b/rego/tests/rules/tf/azurerm/network/security_group_no_inbound_3389_test.rego similarity index 100% rename from tests/rules/tf/azurerm/network/security_group_no_inbound_3389_test.rego rename to rego/tests/rules/tf/azurerm/network/security_group_no_inbound_3389_test.rego diff --git a/tests/rules/tf/azurerm/sql/firewall_no_inbound_all_test.rego b/rego/tests/rules/tf/azurerm/sql/firewall_no_inbound_all_test.rego similarity index 100% rename from tests/rules/tf/azurerm/sql/firewall_no_inbound_all_test.rego rename to rego/tests/rules/tf/azurerm/sql/firewall_no_inbound_all_test.rego diff --git a/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego b/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego new file mode 100644 index 00000000..438eedd8 --- /dev/null +++ b/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.sql.inputs.firewall_no_inbound_all_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("firewall_no_inbound_all_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf b/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf rename to rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf diff --git a/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego b/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tfplan similarity index 88% rename from tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego rename to rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tfplan index e7c75a2d..83a26630 100644 --- a/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.rego +++ b/rego/tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/sql/inputs/firewall_no_inbound_all_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.sql.inputs.firewall_no_inbound_all_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westus", @@ -54,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "end_ip_address": "10.0.17.62", @@ -70,7 +39,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "end_ip_address": "0.0.0.0", @@ -86,7 +55,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule3", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "end_ip_address": "255.255.255.255", @@ -102,7 +71,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule4", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "end_ip_address": "255.255.255.255", @@ -118,7 +87,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "validrule1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "end_ip_address": "10.0.17.62", @@ -134,7 +103,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_server", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "administrator_login": "4dm1n157r470r", @@ -158,7 +127,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -180,7 +149,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -204,7 +173,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -228,7 +197,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule3", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -252,7 +221,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "invalidrule4", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -276,7 +245,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_firewall_rule", "name": "validrule1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -300,7 +269,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_sql_server", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" diff --git a/tests/rules/tf/azurerm/storage/account_deny_access_test.rego b/rego/tests/rules/tf/azurerm/storage/account_deny_access_test.rego similarity index 100% rename from tests/rules/tf/azurerm/storage/account_deny_access_test.rego rename to rego/tests/rules/tf/azurerm/storage/account_deny_access_test.rego diff --git a/tests/rules/tf/azurerm/storage/account_microsoft_services_test.rego b/rego/tests/rules/tf/azurerm/storage/account_microsoft_services_test.rego similarity index 100% rename from tests/rules/tf/azurerm/storage/account_microsoft_services_test.rego rename to rego/tests/rules/tf/azurerm/storage/account_microsoft_services_test.rego diff --git a/tests/rules/tf/azurerm/storage/account_secure_transfer_test.rego b/rego/tests/rules/tf/azurerm/storage/account_secure_transfer_test.rego similarity index 100% rename from tests/rules/tf/azurerm/storage/account_secure_transfer_test.rego rename to rego/tests/rules/tf/azurerm/storage/account_secure_transfer_test.rego diff --git a/tests/rules/tf/azurerm/storage/container_private_access_test.rego b/rego/tests/rules/tf/azurerm/storage/container_private_access_test.rego similarity index 92% rename from tests/rules/tf/azurerm/storage/container_private_access_test.rego rename to rego/tests/rules/tf/azurerm/storage/container_private_access_test.rego index 02ade237..aa05096c 100644 --- a/tests/rules/tf/azurerm/storage/container_private_access_test.rego +++ b/rego/tests/rules/tf/azurerm/storage/container_private_access_test.rego @@ -18,6 +18,5 @@ import data.tests.rules.tf.azurerm.storage.inputs.container_private_access_infra test_storage_container_private_access { resources = container_private_access_infra.mock_resources allow with input as resources["azurerm_storage_container.validcontainer1"] - allow with input as resources["azurerm_storage_container.validcontainer2"] not allow with input as resources["azurerm_storage_container.invalidcontainer1"] } diff --git a/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego new file mode 100644 index 00000000..0b4f3acb --- /dev/null +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.storage.inputs.account_deny_access_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("account_deny_access_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf b/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf rename to rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf diff --git a/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tfplan similarity index 93% rename from tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego rename to rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tfplan index 4965f333..27717ba4 100644 --- a/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.rego +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/storage/inputs/account_deny_access_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.storage.inputs.account_deny_access_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westeurope", @@ -54,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -72,6 +41,7 @@ mock_plan_input = { "default_action": "Allow" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -83,7 +53,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -96,6 +66,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount2", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -107,7 +78,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -128,6 +99,7 @@ mock_plan_input = { ] } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -139,7 +111,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -157,6 +129,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -168,7 +141,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_subnet", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "address_prefix": "10.0.2.0/24", @@ -177,6 +150,7 @@ mock_plan_input = { "enforce_private_link_service_network_policies": false, "name": "subnetname", "resource_group_name": "example-resources", + "service_endpoint_policy_ids": null, "service_endpoints": [ "Microsoft.Sql", "Microsoft.Storage" @@ -190,19 +164,21 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_virtual_network", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "address_space": [ "10.0.0.0/16" ], + "bgp_community": null, "ddos_protection_plan": [], "dns_servers": null, "location": "westeurope", "name": "virtnetname", "resource_group_name": "example-resources", "tags": null, - "timeouts": null + "timeouts": null, + "vm_protection_enabled": false } } ] @@ -214,7 +190,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -236,7 +212,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -258,6 +234,7 @@ mock_plan_input = { "default_action": "Allow" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -319,7 +296,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -336,6 +313,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount2", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -391,7 +369,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -416,6 +394,7 @@ mock_plan_input = { ] } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -479,7 +458,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -501,6 +480,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -562,7 +542,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_subnet", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -575,6 +555,7 @@ mock_plan_input = { "enforce_private_link_service_network_policies": false, "name": "subnetname", "resource_group_name": "example-resources", + "service_endpoint_policy_ids": null, "service_endpoints": [ "Microsoft.Sql", "Microsoft.Storage" @@ -598,7 +579,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_virtual_network", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -608,13 +589,15 @@ mock_plan_input = { "address_space": [ "10.0.0.0/16" ], + "bgp_community": null, "ddos_protection_plan": [], "dns_servers": null, "location": "westeurope", "name": "virtnetname", "resource_group_name": "example-resources", "tags": null, - "timeouts": null + "timeouts": null, + "vm_protection_enabled": false }, "after_unknown": { "address_space": [ diff --git a/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego new file mode 100644 index 00000000..3587a544 --- /dev/null +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.storage.inputs.account_microsoft_services_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("account_microsoft_services_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf b/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf rename to rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf diff --git a/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tfplan similarity index 93% rename from tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego rename to rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tfplan index f87b0acc..b9e92655 100644 --- a/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.rego +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/storage/inputs/account_microsoft_services_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.storage.inputs.account_microsoft_services_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westeurope", @@ -54,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -72,6 +41,7 @@ mock_plan_input = { "default_action": "Allow" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -83,7 +53,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -105,6 +75,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -116,7 +87,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -140,6 +111,7 @@ mock_plan_input = { ] } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -151,7 +123,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -174,6 +146,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -185,7 +158,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_subnet", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "address_prefix": "10.0.2.0/24", @@ -194,6 +167,7 @@ mock_plan_input = { "enforce_private_link_service_network_policies": false, "name": "subnetname", "resource_group_name": "example-resources", + "service_endpoint_policy_ids": null, "service_endpoints": [ "Microsoft.Sql", "Microsoft.Storage" @@ -207,19 +181,21 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_virtual_network", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "address_space": [ "10.0.0.0/16" ], + "bgp_community": null, "ddos_protection_plan": [], "dns_servers": null, "location": "westeurope", "name": "virtnetname", "resource_group_name": "example-resources", "tags": null, - "timeouts": null + "timeouts": null, + "vm_protection_enabled": false } } ] @@ -231,7 +207,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -253,7 +229,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -275,6 +251,7 @@ mock_plan_input = { "default_action": "Allow" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -336,7 +313,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -362,6 +339,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -426,7 +404,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -454,6 +432,7 @@ mock_plan_input = { ] } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -519,7 +498,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -546,6 +525,7 @@ mock_plan_input = { "default_action": "Deny" } ], + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": null, @@ -611,7 +591,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_subnet", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -624,6 +604,7 @@ mock_plan_input = { "enforce_private_link_service_network_policies": false, "name": "subnetname", "resource_group_name": "example-resources", + "service_endpoint_policy_ids": null, "service_endpoints": [ "Microsoft.Sql", "Microsoft.Storage" @@ -647,7 +628,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_virtual_network", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -657,13 +638,15 @@ mock_plan_input = { "address_space": [ "10.0.0.0/16" ], + "bgp_community": null, "ddos_protection_plan": [], "dns_servers": null, "location": "westeurope", "name": "virtnetname", "resource_group_name": "example-resources", "tags": null, - "timeouts": null + "timeouts": null, + "vm_protection_enabled": false }, "after_unknown": { "address_space": [ diff --git a/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego new file mode 100644 index 00000000..73654574 --- /dev/null +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.storage.inputs.account_secure_transfer_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("account_secure_transfer_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf b/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf similarity index 100% rename from tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf rename to rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf diff --git a/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tfplan similarity index 90% rename from tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego rename to rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tfplan index c1b75f24..2f0a83fe 100644 --- a/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.rego +++ b/rego/tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/storage/inputs/account_secure_transfer_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.storage.inputs.account_secure_transfer_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westeurope", @@ -54,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -67,6 +36,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount1", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -80,7 +50,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -93,6 +63,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount2", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -106,7 +77,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -119,6 +90,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "validstorageaccount1", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -136,7 +108,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -158,7 +130,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -175,6 +147,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount1", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -233,7 +206,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "invalidstorageaccount2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -250,6 +223,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "invalidstorageaccount2", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -308,7 +282,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "validstorageaccount1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -325,6 +299,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "validstorageaccount1", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { diff --git a/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego new file mode 100644 index 00000000..0c847b33 --- /dev/null +++ b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.azurerm.storage.inputs.container_private_access_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("container_private_access_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf similarity index 89% rename from tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf rename to rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf index 8e243a89..eeafb493 100644 --- a/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf +++ b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf @@ -39,11 +39,6 @@ resource "azurerm_storage_container" "validcontainer1" { container_access_type = "private" } -resource "azurerm_storage_container" "validcontainer2" { - name = "validcontainer2" - storage_account_name = azurerm_storage_account.example.name -} - resource "azurerm_storage_container" "invalidcontainer1" { name = "invalidcontainer1" storage_account_name = azurerm_storage_account.example.name diff --git a/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tfplan similarity index 86% rename from tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego rename to rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tfplan index 02242ca5..48852ae8 100644 --- a/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.rego +++ b/rego/tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/azurerm/storage/inputs/container_private_access_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.azurerm.storage.inputs.container_private_access_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 0, "values": { "location": "westeurope", @@ -54,7 +23,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 2, "values": { "account_kind": "StorageV2", @@ -67,6 +36,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "examplestoraccount", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -80,7 +50,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "invalidcontainer1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 1, "values": { "container_access_type": "container", @@ -94,7 +64,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "validcontainer1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 1, "values": { "container_access_type": "private", @@ -108,7 +78,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "validcontainer2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "schema_version": 1, "values": { "container_access_type": "private", @@ -126,7 +96,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_resource_group", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -148,7 +118,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_account", "name": "example", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -165,6 +135,7 @@ mock_plan_input = { "location": "westeurope", "min_tls_version": "TLS1_0", "name": "examplestoraccount", + "nfsv3_enabled": false, "resource_group_name": "example-resources", "static_website": [], "tags": { @@ -223,7 +194,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "invalidcontainer1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -249,7 +220,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "validcontainer1", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" @@ -275,7 +246,7 @@ mock_plan_input = { "mode": "managed", "type": "azurerm_storage_container", "name": "validcontainer2", - "provider_name": "azurerm", + "provider_name": "registry.terraform.io/hashicorp/azurerm", "change": { "actions": [ "create" diff --git a/tests/rules/tf/google/compute/firewall_no_ingress_22_test.rego b/rego/tests/rules/tf/google/compute/firewall_no_ingress_22_test.rego similarity index 100% rename from tests/rules/tf/google/compute/firewall_no_ingress_22_test.rego rename to rego/tests/rules/tf/google/compute/firewall_no_ingress_22_test.rego diff --git a/tests/rules/tf/google/compute/firewall_no_ingress_3389_test.rego b/rego/tests/rules/tf/google/compute/firewall_no_ingress_3389_test.rego similarity index 100% rename from tests/rules/tf/google/compute/firewall_no_ingress_3389_test.rego rename to rego/tests/rules/tf/google/compute/firewall_no_ingress_3389_test.rego diff --git a/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego new file mode 100644 index 00000000..cb2b46d6 --- /dev/null +++ b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.google.compute.inputs.firewall_no_ingress_22_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("firewall_no_ingress_22_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf similarity index 100% rename from tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf rename to rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf diff --git a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tfplan similarity index 90% rename from tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego rename to rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tfplan index 474838dc..5f845638 100644 --- a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.rego +++ b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/google/compute/inputs/firewall_no_ingress_22_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.google.compute.inputs.firewall_no_ingress_22_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -79,7 +48,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -116,7 +85,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -157,7 +126,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -191,7 +160,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "default", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "auto_create_subnetworks": true, @@ -210,7 +179,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -280,7 +249,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -346,7 +315,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -421,7 +390,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -482,7 +451,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "default", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -498,6 +467,7 @@ mock_plan_input = { "after_unknown": { "gateway_ipv4": true, "id": true, + "mtu": true, "project": true, "routing_mode": true, "self_link": true diff --git a/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego new file mode 100644 index 00000000..32fd21e2 --- /dev/null +++ b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.google.compute.inputs.firewall_no_ingress_3389_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("firewall_no_ingress_3389_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf similarity index 100% rename from tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf rename to rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf diff --git a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tfplan similarity index 90% rename from tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego rename to rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tfplan index 1c9a19ca..7ee6831c 100644 --- a/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.rego +++ b/rego/tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/google/compute/inputs/firewall_no_ingress_3389_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.google.compute.inputs.firewall_no_ingress_3389_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -79,7 +48,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -117,7 +86,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -158,7 +127,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "allow": [ @@ -188,7 +157,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "default", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "auto_create_subnetworks": true, @@ -207,7 +176,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -277,7 +246,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "invalid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -345,7 +314,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -420,7 +389,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_firewall", "name": "valid-rule-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -474,7 +443,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "default", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -490,6 +459,7 @@ mock_plan_input = { "after_unknown": { "gateway_ipv4": true, "id": true, + "mtu": true, "project": true, "routing_mode": true, "self_link": true diff --git a/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego b/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego new file mode 100644 index 00000000..d44d78e8 --- /dev/null +++ b/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.google.compute.inputs.subnet_flow_log_enabled_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("subnet_flow_log_enabled_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf b/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf similarity index 100% rename from tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf rename to rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf diff --git a/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego b/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tfplan similarity index 86% rename from tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego rename to rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tfplan index 03080f32..f4031a25 100644 --- a/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.rego +++ b/rego/tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/google/compute/inputs/subnet_flow_log_enabled_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.google.compute.inputs.subnet_flow_log_enabled_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "custom-test", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "auto_create_subnetworks": false, @@ -55,7 +24,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -72,7 +41,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -97,7 +66,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -126,7 +95,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "custom-test", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -142,6 +111,7 @@ mock_plan_input = { "after_unknown": { "gateway_ipv4": true, "id": true, + "mtu": true, "project": true, "routing_mode": true, "self_link": true @@ -153,7 +123,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -175,6 +145,7 @@ mock_plan_input = { "id": true, "log_config": [], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true @@ -186,7 +157,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -218,6 +189,7 @@ mock_plan_input = { {} ], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true @@ -229,7 +201,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -261,6 +233,7 @@ mock_plan_input = { {} ], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true diff --git a/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego b/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego new file mode 100644 index 00000000..f948a70c --- /dev/null +++ b/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.google.compute.inputs.subnet_private_google_access_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("subnet_private_google_access_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf b/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf similarity index 100% rename from tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf rename to rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf diff --git a/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego b/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tfplan similarity index 83% rename from tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego rename to rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tfplan index a92e053a..5851e51e 100644 --- a/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.rego +++ b/rego/tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/google/compute/inputs/subnet_private_google_access_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.google.compute.inputs.subnet_private_google_access_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,7 +9,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "custom-test", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "auto_create_subnetworks": false, @@ -55,7 +24,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -72,7 +41,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -89,7 +58,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "description": null, @@ -110,7 +79,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_network", "name": "custom-test", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -126,6 +95,7 @@ mock_plan_input = { "after_unknown": { "gateway_ipv4": true, "id": true, + "mtu": true, "project": true, "routing_mode": true, "self_link": true @@ -137,7 +107,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -159,6 +129,7 @@ mock_plan_input = { "id": true, "log_config": [], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true @@ -170,7 +141,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "invalid-subnet-2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -192,6 +163,7 @@ mock_plan_input = { "id": true, "log_config": [], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true @@ -203,7 +175,7 @@ mock_plan_input = { "mode": "managed", "type": "google_compute_subnetwork", "name": "valid-subnet-1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -225,6 +197,7 @@ mock_plan_input = { "id": true, "log_config": [], "network": true, + "private_ipv6_google_access": true, "project": true, "secondary_ip_range": true, "self_link": true diff --git a/tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego b/rego/tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego similarity index 77% rename from tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego rename to rego/tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego index 7b1cde9a..07211414 100644 --- a/tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego +++ b/rego/tests/rules/tf/google/compute/subnet_flow_log_enabled_test.rego @@ -17,7 +17,7 @@ import data.tests.rules.tf.google.compute.inputs.subnet_flow_log_enabled_infra test_gcp_compute_subnet_flow_log_enabled { resources = subnet_flow_log_enabled_infra.mock_resources - not deny with input as resources["google_compute_subnetwork.valid-subnet-1"] - not deny with input as resources["google_compute_subnetwork.valid-subnet-2"] - deny with input as resources["google_compute_subnetwork.invalid-subnet-1"] + allow with input as resources["google_compute_subnetwork.valid-subnet-1"] + allow with input as resources["google_compute_subnetwork.valid-subnet-2"] + not allow with input as resources["google_compute_subnetwork.invalid-subnet-1"] } diff --git a/tests/rules/tf/google/compute/subnet_private_google_access_test.rego b/rego/tests/rules/tf/google/compute/subnet_private_google_access_test.rego similarity index 100% rename from tests/rules/tf/google/compute/subnet_private_google_access_test.rego rename to rego/tests/rules/tf/google/compute/subnet_private_google_access_test.rego diff --git a/tests/rules/tf/google/kms/cryptokey_rotate_test.rego b/rego/tests/rules/tf/google/kms/cryptokey_rotate_test.rego similarity index 100% rename from tests/rules/tf/google/kms/cryptokey_rotate_test.rego rename to rego/tests/rules/tf/google/kms/cryptokey_rotate_test.rego diff --git a/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego b/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego new file mode 100644 index 00000000..52f21944 --- /dev/null +++ b/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego @@ -0,0 +1,32 @@ +# Copyright 2020-2021 Fugue, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This package was automatically generated from: +# +# tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf +# +# using 'generate_test_inputs.sh' and should not be modified +# directly. +# +# It provides three inputs for testing: +# - mock_input: The resource view input as passed to advanced rules +# - mock_resources: The resources present as a convenience for tests +# - mock_config: The raw config input as its parsed by regula +package tests.rules.tf.google.kms.inputs.cryptokey_rotate_infra + +import data.fugue.regula.tests + +mock_config := regula_load_type("cryptokey_rotate_infra.tfplan", "tf-plan") +mock_input := tests.mock_input(mock_config) +mock_resources := mock_input.resources diff --git a/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf b/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf similarity index 100% rename from tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf rename to rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf diff --git a/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego b/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tfplan similarity index 80% rename from tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego rename to rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tfplan index 04b1cb3c..6b4d0b19 100644 --- a/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.rego +++ b/rego/tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tfplan @@ -1,37 +1,6 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/tf/google/kms/inputs/cryptokey_rotate_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.tf.google.kms.inputs.cryptokey_rotate_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { +{ "format_version": "0.1", - "terraform_version": "0.12.18", + "terraform_version": "0.13.5", "planned_values": { "root_module": { "resources": [ @@ -40,13 +9,14 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "invalid_key_1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "labels": null, "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": null, + "skip_initial_version_creation": false, "timeouts": null } }, @@ -55,13 +25,14 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "invalid_key_2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "labels": null, "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": "31536002s", + "skip_initial_version_creation": false, "timeouts": null } }, @@ -70,13 +41,14 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "valid_key_1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 1, "values": { "labels": null, "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": "31536000s", + "skip_initial_version_creation": false, "timeouts": null } }, @@ -85,7 +57,7 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_key_ring", "name": "keyring", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "schema_version": 0, "values": { "location": "global", @@ -102,7 +74,7 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "invalid_key_1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -113,6 +85,7 @@ mock_plan_input = { "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": null, + "skip_initial_version_creation": false, "timeouts": null }, "after_unknown": { @@ -128,7 +101,7 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "invalid_key_2", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -139,6 +112,7 @@ mock_plan_input = { "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": "31536002s", + "skip_initial_version_creation": false, "timeouts": null }, "after_unknown": { @@ -154,7 +128,7 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_crypto_key", "name": "valid_key_1", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" @@ -165,6 +139,7 @@ mock_plan_input = { "name": "crypto-key-example", "purpose": "ENCRYPT_DECRYPT", "rotation_period": "31536000s", + "skip_initial_version_creation": false, "timeouts": null }, "after_unknown": { @@ -180,7 +155,7 @@ mock_plan_input = { "mode": "managed", "type": "google_kms_key_ring", "name": "keyring", - "provider_name": "google", + "provider_name": "registry.terraform.io/hashicorp/google", "change": { "actions": [ "create" diff --git a/regula.png b/regula.png deleted file mode 100644 index 9488f3a6..00000000 Binary files a/regula.png and /dev/null differ diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index c4ff8e66..00000000 --- a/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -cfn-flip==1.2.3 diff --git a/scripts/docs/.gitignore b/scripts/docs/.gitignore new file mode 100644 index 00000000..48040050 --- /dev/null +++ b/scripts/docs/.gitignore @@ -0,0 +1,3 @@ +metadata.json +rules.md +venv diff --git a/scripts/docs/Makefile b/scripts/docs/Makefile new file mode 100644 index 00000000..40e4243b --- /dev/null +++ b/scripts/docs/Makefile @@ -0,0 +1,12 @@ + +.PHONY: build +build: metadata.json + python -m venv venv + . venv/bin/activate && pip install -q -r requirements.txt + . venv/bin/activate && python rules_tables.py > rules.md + +metadata.json: + opa eval --format=pretty \ + -d ../../rego/rules \ + -d ../../rego/lib \ + data.rules > metadata.json diff --git a/scripts/docs/requirements.txt b/scripts/docs/requirements.txt new file mode 100644 index 00000000..bf9b7b37 --- /dev/null +++ b/scripts/docs/requirements.txt @@ -0,0 +1 @@ +pytablewriter==0.60.0 diff --git a/scripts/docs/rules_tables.py b/scripts/docs/rules_tables.py new file mode 100644 index 00000000..83fc6e5f --- /dev/null +++ b/scripts/docs/rules_tables.py @@ -0,0 +1,129 @@ +import argparse +from dataclasses import dataclass +import json +import os +from typing import Dict, List, Optional, Tuple +from pytablewriter import MarkdownTableWriter + + +parser = argparse.ArgumentParser( + description="Generate Regula Rules Documentation", + formatter_class=argparse.ArgumentDefaultsHelpFormatter, +) +parser.add_argument( + "--metadata", + default="metadata.json", + help="Rule metadata path", +) + + +@dataclass +class RuleMeta: + """ + Metadata for a single rule + """ + + controls: Optional[Dict[str, Dict[str, List[str]]]] + severity: str + description: str + id: str + title: str + service: Optional[str] + resource_types: List[str] + provider: Optional[str] + input_type: Optional[str] + + +def detect_provider(name: str) -> Tuple[Optional[str], Optional[str]]: + parts = name.split("_", 2) + if len(parts) < 3: + return (None, None) + if parts[0] == "cfn": + return ("aws", "cloudformation") + elif parts[0] == "tf": + return (parts[1], "terraform") + return (None, None) + + +def read_metadata(path: str) -> List[RuleMeta]: + with open(path) as f: + metadata = json.load(f) + rules: List[RuleMeta] = [] + for rule_key, rule in metadata.items(): + metadoc = rule["__rego__metadoc__"] + custom_meta = metadoc.get("custom", {}) + controls = custom_meta.get("controls", {}) + provider, input_type = detect_provider(rule_key) + controls = [ + control_id + for control_ids in controls.values() + for control_id in control_ids + ] + resource_type = rule.get("resource_type") + rules.append( + RuleMeta( + controls=sorted(set(controls)), + severity=custom_meta.get("severity"), + description=metadoc["description"], + id=metadoc["id"], + title=metadoc["title"], + input_type=metadoc.get("input_type") or input_type, + resource_types=[resource_type] if resource_type else [], + service=None, + provider=provider, + ) + ) + return rules + + +def group_rules(rules: List[RuleMeta]) -> Dict[str, List[RuleMeta]]: + by_provider: Dict[str, List[RuleMeta]] = {} + for rule in rules: + provider_rules = by_provider.setdefault(rule.provider, []) + provider_rules.append(rule) + for provider, provider_rules in by_provider.items(): + provider_rules.sort(key=lambda r: r.id) + return by_provider + + +def write_rules_table(header: str, rules: List[RuleMeta]): + writer = MarkdownTableWriter( + table_name=header, + headers=[ + "Summary", + "Resource Types", + "Severity", + "Rule ID", + ], + value_matrix=[ + [ + rule.title, + ", ".join(rule.resource_types) if rule.resource_types else "", + rule.severity, + rule.id, + ] + for rule in rules + ], + ) + writer.write_table() + + +provider_name_map: Dict[str, str] = { + "aws": "AWS", + "google": "Google", + "azurerm": "Azure", +} + + +def main(): + args = parser.parse_args() + rule_metadata = read_metadata(args.metadata) + grouped_rules = group_rules(rule_metadata) + + for provider, provider_rules in grouped_rules.items(): + write_rules_table(provider_name_map[provider], provider_rules) + print() + + +if __name__ == "__main__": + main() diff --git a/scripts/generate-test-inputs.sh b/scripts/generate-test-inputs.sh deleted file mode 100755 index 7498e1ce..00000000 --- a/scripts/generate-test-inputs.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env bash -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -set -o nounset -o errexit -o pipefail - -# Allow overriding terraform version. -TERRAFORM="${TERRAFORM:-terraform}" - -function generate_test_input { - if [[ $# -ne 2 ]]; then - 1>&2 echo "Usage: $0 INFRA_FILE REGO_FILE" - exit 1 - fi - - local workdir="$(mktemp -d)" - trap "rm -rf "$workdir"" return - cp "$1" "$workdir" - - # Switch based on extension. The inner branches must generate - # `$workdir/infra.json` which will be spliced into the rego file. - local extension="${1##*.}" - if [[ "$extension" == "tf" ]]; then - # For some reason running this from the current directory sometimes fails; we - # create a subshell and `cd` to where we copied the terraform configuration. - (cd "$workdir" && - $TERRAFORM init && - $TERRAFORM plan -refresh=false -out="plan.tfplan" && - $TERRAFORM show -json "plan.tfplan" >"infra.json") - elif [[ "$extension" == "cfn" ]]; then - # Convert to standard JSON format using `cfn-flip`. - cfn-flip -j "$1" >"$workdir/infra.json" - else - 1>&2 echo "Unknown extension: $extension" - exit 1 - fi - - local package="$(echo "$(dirname "$2")"/"$(basename "$2" .rego)" | tr '/' '.')" - echo '# Copyright 2020-2021 Fugue, Inc.' >"$2" - echo '#' >>"$2" - echo '# Licensed under the Apache License, Version 2.0 (the "License");' >>"$2" - echo '# you may not use this file except in compliance with the License.' >>"$2" - echo '# You may obtain a copy of the License at' >>"$2" - echo '#' >>"$2" - echo '# http://www.apache.org/licenses/LICENSE-2.0' >>"$2" - echo '#' >>"$2" - echo '# Unless required by applicable law or agreed to in writing, software' >>"$2" - echo '# distributed under the License is distributed on an "AS IS" BASIS,' >>"$2" - echo '# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.' >>"$2" - echo '# See the License for the specific language governing permissions and' >>"$2" - echo '# limitations under the License.' >>"$2" - echo '' >>"$2" - echo '# This package was automatically generated from:' >>"$2" - echo '#' >>"$2" - echo "# $1" >>"$2" - echo '#' >>"$2" - echo '# using `generate_test_inputs.sh` and should not be modified' >>"$2" - echo '# directly.' >>"$2" - echo '#' >>"$2" - echo '# It provides three inputs for testing:' >>"$2" - echo '# - mock_input: The resource view input as passed to advanced rules' >>"$2" - echo '# - mock_resources: The resources present as a convenience for tests' >>"$2" - echo '# - mock_plan_input: The original plan input as generated by terraform' >>"$2" - echo "package $package" >>"$2" - echo "import data.fugue.resource_view.resource_view_input" >>"$2" - echo "mock_input = ret {" >>"$2" - echo " ret = resource_view_input with input as mock_plan_input" >>"$2" - echo "}" >>"$2" - echo "mock_resources = mock_input.resources" >>"$2" - echo "mock_plan_input = $(jq '.' <"$workdir/infra.json")" >>"$2" - - 1>&2 echo "Generated $2" -} - -if [[ $# -eq 0 ]]; then - for infra_file in $(find tests -name '*_infra\.*'); do - rego_file="$(echo "$infra_file" | sed 's/\.[^.]*$/.rego/')" - if [[ ! -f "$rego_file" ]] || [[ "$infra_file" -nt "$rego_file" ]]; then - 1>&2 echo "$infra_file-> $rego_file" - generate_test_input "$infra_file" "$rego_file" - else - 1>&2 echo "$rego_file is up to date. Remove it to force re-generating." - fi - done -elif [[ "$1" == "-h" || $# -gt 1 ]]; then - 1>&2 echo "Usage:" - 1>&2 echo " $0 # Regenerates all test outputs" - 1>&2 echo " $0 INFRA_FILE # Regenerates a specific test output" - exit 1 -else - infra_file="$1" - rego_file="$(echo "$infra_file" | sed 's/\.[^.]*$/.rego/')" - 1>&2 echo "$infra_file-> $rego_file" - generate_test_input "$infra_file" "$rego_file" -fi diff --git a/tests/examples/aws/inputs/useast1_only_infra.rego b/tests/examples/aws/inputs/useast1_only_infra.rego deleted file mode 100644 index bb19f5d9..00000000 --- a/tests/examples/aws/inputs/useast1_only_infra.rego +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2020 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/examples/aws/inputs/useast1_only_infra.tf -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.examples.aws.inputs.useast1_only_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "format_version": "0.1", - "terraform_version": "0.12.18", - "planned_values": { - "root_module": {} - }, - "configuration": { - "provider_config": { - "aws": { - "name": "aws", - "expressions": { - "region": { - "constant_value": "us-east-1" - } - } - } - }, - "root_module": {} - } -} diff --git a/tests/lib/inputs/resource_view_03.tf b/tests/lib/inputs/resource_view_03.tf deleted file mode 100644 index 92286caf..00000000 --- a/tests/lib/inputs/resource_view_03.tf +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -provider "azurerm" { - features { - } -} - -resource "azurerm_resource_group" "main" { - name = "main" - location = "West Europe" -} - -resource "azurerm_storage_account" "main" { - name = "main" - resource_group_name = "${azurerm_resource_group.main.name}" - location = "${azurerm_resource_group.main.location}" - account_tier = "Standard" - account_replication_type = "GRS" -} - -resource "azurerm_monitor_log_profile" "main" { - name = "main" - categories = ["Action", "Delete", "Write"] - locations = ["global", "${azurerm_resource_group.main.location}"] - storage_account_id = "${azurerm_storage_account.main.id}" - - retention_policy { - enabled = false - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego b/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego deleted file mode 100644 index f5405028..00000000 --- a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.rego +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.invalid_classic_custom_domain_name_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid classic custom domain name configurations", - "Resources": { - "CustomDomainName": { - "Type": "AWS::ApiGateway::DomainName", - "Properties": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_0", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - }, - "CustomDomainName2": { - "Type": "AWS::ApiGateway::DomainName", - "Properties": { - "DomainName": "api-2.example.com", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/cf9e8763-2af9-490f-84ea-c91c0f668755" - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego b/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego deleted file mode 100644 index 2bf9659b..00000000 --- a/tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.rego +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/invalid_classic_custom_domain_name_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.invalid_classic_custom_domain_name_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Invalid classic custom domain name configurations", - "Resources": { - "ServerlessAPI": { - "Type": "AWS::Serverless::Api", - "Properties": { - "StageName": "Prod", - "Domain": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_0", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - } - }, - "ServerlessAPI2": { - "Type": "AWS::Serverless::Api", - "Properties": { - "StageName": "Prod", - "Domain": { - "DomainName": "api-2.example.com", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/cf9e8763-2af9-490f-84ea-c91c0f668755" - } - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego b/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego deleted file mode 100644 index aa4d3c2c..00000000 --- a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.rego +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.invalid_v2_custom_domain_name_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid V2 custom domain name configurations", - "Resources": { - "CustomDomainName": { - "Type": "AWS::ApiGatewayV2::DomainName", - "Properties": { - "DomainName": "api.example.com", - "DomainNameConfigurations": [ - { - "SecurityPolicy": "TLS_1_0", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - ] - } - }, - "CustomDomainName2": { - "Type": "AWS::ApiGatewayV2::DomainName", - "Properties": { - "DomainName": "api-2.example.com", - "DomainNameConfigurations": [ - { - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/cf9e8763-2af9-490f-84ea-c91c0f668755" - } - ] - } - }, - "CustomDomainName3": { - "Type": "AWS::ApiGatewayV2::DomainName", - "Properties": { - "DomainName": "api-2.example.com", - "DomainNameConfigurations": [] - } - }, - "CustomDomainName4": { - "Type": "AWS::ApiGatewayV2::DomainName", - "Properties": { - "DomainName": "api-2.example.com" - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego b/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego deleted file mode 100644 index 4ebf436d..00000000 --- a/tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.rego +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/invalid_v2_custom_domain_name_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.invalid_v2_custom_domain_name_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Invalid V2 custom domain name configurations", - "Resources": { - "ServerlessAPI": { - "Type": "AWS::Serverless::HttpApi", - "Properties": { - "Domain": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_0", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - } - }, - "ServerlessAPI2": { - "Type": "AWS::Serverless::HttpApi", - "Properties": { - "Domain": { - "DomainName": "api-2.example.com", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/cf9e8763-2af9-490f-84ea-c91c0f668755" - } - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego b/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego deleted file mode 100644 index 8cd52d46..00000000 --- a/tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.rego +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/valid_classic_custom_domain_name_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.valid_classic_custom_domain_name_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Valid classic custom domain name configuration", - "Resources": { - "ServerlessAPI": { - "Type": "AWS::Serverless::Api", - "Properties": { - "StageName": "Prod", - "Domain": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_2", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - } - }, - "ServerlessAPI2": { - "Type": "AWS::Serverless::Api", - "Properties": { - "StageName": "Prod" - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego b/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego deleted file mode 100644 index 3a182f97..00000000 --- a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.rego +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.valid_v2_custom_domain_name_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid V2 custom domain name configuration", - "Resources": { - "CustomDomainName": { - "Type": "AWS::ApiGatewayV2::DomainName", - "Properties": { - "DomainName": "api.example.com", - "DomainNameConfigurations": [ - { - "SecurityPolicy": "TLS_1_2", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3" - } - ] - } - } - } -} diff --git a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego b/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego deleted file mode 100644 index 078d37eb..00000000 --- a/tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.rego +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/api_gateway/inputs/valid_v2_custom_domain_name_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.api_gateway.inputs.valid_v2_custom_domain_name_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Valid V2 custom domain name configuration", - "Resources": { - "ServerlessAPI": { - "Type": "AWS::Serverless::HttpApi", - "Properties": { - "Domain": { - "DomainName": "api.example.com", - "SecurityPolicy": "TLS_1_2", - "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/9bb7fd90-00cf-4326-ae14-7dc62c92dfe5" - } - } - }, - "ServerlessAPI2": { - "Type": "AWS::Serverless::HttpApi" - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego deleted file mode 100644 index 5a80cff8..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.rego +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_cloudwatch_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail cloudwatch integration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego deleted file mode 100644 index 16ead695..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.rego +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_cloudwatch_with_valid_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_cloudwatch_with_valid_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid and invalid CloudTrail cloudwatch integration", - "Resources": { - "ValidCloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "valid-ct-prefix", - "TrailName": "cf-valid-trail", - "CloudWatchLogsLogGroupArn": { - "Fn::GetAtt": [ - "CloudTrailLogGroup", - "Arn" - ] - }, - "CloudWatchLogsRoleArn": { - "Fn::GetAtt": [ - "CloudTrailCloudWatchRole", - "Arn" - ] - } - } - }, - "InvalidCloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "invalid-ct-prefix", - "TrailName": "cf-invalid-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "CloudTrailLogGroup": { - "Type": "AWS::Logs::LogGroup" - }, - "CloudTrailCloudWatchRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "cloudtrail.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - }, - "Path": "/", - "Policies": [ - { - "PolicyName": "watch-policy", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "logs:CreateLogStream", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "logs:PutLogEvents", - "Resource": "*" - } - ] - } - } - ] - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego deleted file mode 100644 index 900f39f0..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.rego +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_encryption_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_encryption_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail encryption configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": false, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego deleted file mode 100644 index 557da652..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.rego +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_log_validation_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail log file validation", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego deleted file mode 100644 index 642794ac..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.rego +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_log_validation_with_valid_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_log_validation_with_valid_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid and invalid CloudTrail log file validation", - "Resources": { - "InvalidCloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "invalid-ct-prefix", - "TrailName": "cf-invalid-trail" - } - }, - "ValidCloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "valid-ct-prefix", - "TrailName": "cf-valid-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego deleted file mode 100644 index 4201749d..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.rego +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_s3_access_logging_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_s3_access_logging_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 access logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego deleted file mode 100644 index 162ccf75..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.rego +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_target_public_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_target_public_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail target configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "PublicRead", - "BucketName": "cf-fuguetest-bucket" - } - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego b/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego deleted file mode 100644 index 6e6d825c..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.rego +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/invalid_target_public_write_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.invalid_target_public_write_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail target configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "PublicReadWrite", - "BucketName": "cf-fuguetest-bucket" - } - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego deleted file mode 100644 index 4390682f..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.rego +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_cloudwatch_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_cloudwatch_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail cloudwatch integration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail", - "CloudWatchLogsLogGroupArn": { - "Fn::GetAtt": [ - "CloudTrailLogGroup", - "Arn" - ] - }, - "CloudWatchLogsRoleArn": { - "Fn::GetAtt": [ - "CloudTrailCloudWatchRole", - "Arn" - ] - } - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "CloudTrailLogGroup": { - "Type": "AWS::Logs::LogGroup" - }, - "CloudTrailCloudWatchRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "cloudtrail.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - }, - "Path": "/", - "Policies": [ - { - "PolicyName": "watch-policy", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "logs:CreateLogStream", - "Resource": "*" - }, - { - "Effect": "Allow", - "Action": "logs:PutLogEvents", - "Resource": "*" - } - ] - } - } - ] - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego deleted file mode 100644 index 1755a0d6..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.rego +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_encryption_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_encryption_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail encryption configuration", - "Resources": { - "KMSKey": { - "Type": "AWS::KMS::Key", - "Properties": { - "Description": "This key is used to encrypt cloudtrail logs", - "KeyPolicy": { - "Version": "2012-10-17", - "Id": "cloudtrail-key-policy", - "Statement": [ - { - "Sid": "Allow CloudTrail to encrypt logs", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "kms:GenerateDataKey*", - "Resource": "*", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:cloudtrail:arn": [ - { - "Fn::Sub": "arn:aws:cloudtrail:*:${AWS::AccountId}:trail/*" - } - ] - } - } - } - ] - }, - "PendingWindowInDays": 10 - } - }, - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IncludeGlobalServiceEvents": false, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail", - "KMSKeyId": { - "Ref": "KMSKey" - } - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego deleted file mode 100644 index ed19269e..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.rego +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_log_validation_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_log_validation_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail log file validation", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego deleted file mode 100644 index 259813a0..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.rego +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_s3_access_logging_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_s3_access_logging_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 access logging configuration", - "Resources": { - "AccessLogsBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "LogDeliveryWrite" - } - }, - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "LoggingConfiguration": { - "DestinationBucketName": { - "Ref": "AccessLogsBucket" - }, - "LogFilePrefix": "log/" - } - } - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego deleted file mode 100644 index af5e49d9..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.rego +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_target_full_check_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_target_full_check_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail target configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "AuthenticatedRead", - "BucketName": "cf-fuguetest-bucket" - } - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "CloudTrailLogging2": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket2" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail2" - } - }, - "LoggingBucket2": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "BucketOwnerFullControl", - "BucketName": "cf-fuguetest-bucket2" - } - }, - "LoggingBucketPolicy2": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket2" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket2", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket2.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego b/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego deleted file mode 100644 index 773864f3..00000000 --- a/tests/rules/cfn/cloudtrail/inputs/valid_target_infra.rego +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/cloudtrail/inputs/valid_target_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.cloudtrail.inputs.valid_target_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail target configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "EnableLogFileValidation": true, - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "S3KeyPrefix": "prefix", - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketName": "cf-fuguetest-bucket" - } - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego b/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego deleted file mode 100644 index 6b1b04d9..00000000 --- a/tests/rules/cfn/ebs/inputs/volume_encryption_infra.rego +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/ebs/inputs/volume_encryption_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.ebs.inputs.volume_encryption_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Parameters": { - "AvailabilityZone": { - "Type": "String", - "Default": "us-east-1b" - } - }, - "Resources": { - "ValidVolume01": { - "Type": "AWS::EC2::Volume", - "Properties": { - "AvailabilityZone": { - "Ref": "AvailabilityZone" - }, - "Encrypted": true, - "Size": 1 - } - }, - "InvalidVolume01": { - "Type": "AWS::EC2::Volume", - "Properties": { - "AvailabilityZone": { - "Ref": "AvailabilityZone" - }, - "Encrypted": false, - "Size": 1 - } - }, - "InvalidVolume02": { - "Type": "AWS::EC2::Volume", - "Properties": { - "AvailabilityZone": { - "Ref": "AvailabilityZone" - }, - "Size": 1 - } - } - } -} diff --git a/tests/rules/cfn/iam/inputs/admin_policy_infra.rego b/tests/rules/cfn/iam/inputs/admin_policy_infra.rego deleted file mode 100644 index 3274030e..00000000 --- a/tests/rules/cfn/iam/inputs/admin_policy_infra.rego +++ /dev/null @@ -1,281 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/iam/inputs/admin_policy_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.iam.inputs.admin_policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "ValidRole01": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - } - }, - "ValidPolicy01": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "ValidRole01" - } - ], - "PolicyName": "valid_policy_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "ec2:StartInstances" - ], - "Resource": [ - "*" - ] - } - } - } - }, - "ValidPolicy02": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "ValidRole01" - } - ], - "PolicyName": "valid_policy_02", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:StartInstances" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": "*", - "Resource": { - "Fn::GetAtt": [ - "ValidRole01", - "Arn" - ] - } - } - ] - } - } - }, - "ValidPolicy03": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "ValidRole01" - } - ], - "PolicyName": "valid_policy_03", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Deny", - "Action": "*", - "Resource": "*" - } - } - } - }, - "InvalidRole01": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "ec2.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole" - ] - } - ] - }, - "Policies": [ - { - "PolicyName": "invalid_role_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - } - } - ] - } - }, - "InvalidUser01": { - "Type": "AWS::IAM::User", - "Properties": { - "Policies": [ - { - "PolicyName": "invalid_user_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - } - } - ] - } - }, - "InvalidGroup01": { - "Type": "AWS::IAM::Group", - "Properties": { - "Policies": [ - { - "PolicyName": "invalid_group_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - } - } - ] - } - }, - "InvalidPolicy01": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "InvalidRole01" - } - ], - "PolicyName": "invalid_policy_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - } - } - }, - "InvalidPolicy02": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "InvalidRole01" - } - ], - "PolicyName": "invalid_policy_02", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "*", - "elasticache:DescribeCacheClusters" - ], - "Resource": [ - "*" - ] - } - ] - } - } - }, - "InvalidPolicy03": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Roles": [ - { - "Ref": "InvalidRole01" - } - ], - "PolicyName": "invalid_policy_03", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "*", - "elasticache:DescribeCacheClusters" - ], - "Resource": [ - "*" - ] - } - } - } - } - } -} diff --git a/tests/rules/cfn/iam/inputs/policy_infra.rego b/tests/rules/cfn/iam/inputs/policy_infra.rego deleted file mode 100644 index afa5d6a0..00000000 --- a/tests/rules/cfn/iam/inputs/policy_infra.rego +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/iam/inputs/policy_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.iam.inputs.policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "Group01": { - "Type": "AWS::IAM::Group" - }, - "ValidPolicy01": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Groups": [ - { - "Ref": "Group01" - } - ], - "PolicyName": "valid_policy_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Action": [ - "ec2:StartInstances" - ], - "Resource": [ - "*" - ] - } - } - } - }, - "User01": { - "Type": "AWS::IAM::User" - }, - "InvalidPolicy01": { - "Type": "AWS::IAM::Policy", - "Properties": { - "Users": [ - { - "Ref": "InvalidUser01" - } - ], - "PolicyName": "invalid_policy_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:StartInstances" - ], - "Resource": [ - "*" - ] - } - ] - } - } - }, - "InvalidUser01": { - "Type": "AWS::IAM::User", - "Properties": { - "Policies": [ - { - "PolicyName": "invalid_user_01", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "*", - "Resource": "*" - } - ] - } - } - ] - } - } - } -} diff --git a/tests/rules/cfn/kms/inputs/key_rotation_infra.rego b/tests/rules/cfn/kms/inputs/key_rotation_infra.rego deleted file mode 100644 index 4b6e33a0..00000000 --- a/tests/rules/cfn/kms/inputs/key_rotation_infra.rego +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/kms/inputs/key_rotation_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.kms.inputs.key_rotation_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Parameters": { - "KeyManager": { - "Type": "String", - "Default": "user/jasper" - } - }, - "Resources": { - "ValidKey01": { - "Type": "AWS::KMS::Key", - "Properties": { - "EnableKeyRotation": true, - "KeyPolicy": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:${KeyManager}" - } - }, - "Action": "kms:*", - "Resource": "*" - } - } - } - }, - "InvalidKey01": { - "Type": "AWS::KMS::Key", - "Properties": { - "EnableKeyRotation": false, - "KeyPolicy": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:${KeyManager}" - } - }, - "Action": "kms:*", - "Resource": "*" - } - } - } - }, - "InvalidKey02": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Version": "2012-10-17", - "Statement": { - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:${KeyManager}" - } - }, - "Action": "kms:*", - "Resource": "*" - } - } - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego b/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego deleted file mode 100644 index 807d5769..00000000 --- a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.rego +++ /dev/null @@ -1,246 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/invalid_function_not_public_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.invalid_function_not_public_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid public function configuration", - "Resources": { - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Path": "/" - } - }, - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByArn": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - }, - "Function2": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByRef": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Ref": "Function2" - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - }, - "Function3": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByPartialArn": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::Sub": "${AWS::AccountId}:${Function3}" - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - }, - "Function4": { - "Type": "AWS::Lambda::Function", - "Properties": { - "FunctionName": "function4", - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByHardcodedName": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": "function4", - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - }, - "Function5Alias": { - "Type": "AWS::Lambda::Alias", - "Properties": { - "FunctionName": { - "Ref": "Function5" - }, - "FunctionVersion": "$LATEST", - "Name": "v1" - } - }, - "Function5": { - "Type": "AWS::Lambda::Function", - "Properties": { - "FunctionName": "function5", - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByHardcodedNameAndAlias": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": "function5:v1", - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - }, - "Function6Alias": { - "Type": "AWS::Lambda::Alias", - "Properties": { - "FunctionName": { - "Ref": "Function5" - }, - "FunctionVersion": "$LATEST", - "Name": "v1" - } - }, - "Function6": { - "Type": "AWS::Lambda::Function", - "Properties": { - "FunctionName": { - "Fn::Sub": "function-${AWS::Region}" - }, - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermissionByNameAndAliasUsingFunctions": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::Join": [ - ":", - [ - { - "Fn::Sub": "function-${AWS::Region}" - }, - "v2" - ] - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego b/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego deleted file mode 100644 index c81cebd8..00000000 --- a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.rego +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/invalid_function_not_public_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.invalid_function_not_public_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Invalid public function configuration", - "Resources": { - "Function": { - "Type": "AWS::Serverless::Function", - "Properties": { - "InlineCode": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n", - "Handler": "index.handler", - "Runtime": "nodejs12.x" - } - }, - "FunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego b/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego deleted file mode 100644 index c051bd03..00000000 --- a/tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.rego +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/invalid_function_not_public_with_valid_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.invalid_function_not_public_with_valid_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid public function with both valid and invalid permissions", - "Resources": { - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Path": "/" - } - }, - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "ValidFunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com" - } - }, - "InvalidFunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "*" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego deleted file mode 100644 index 503611f5..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.rego +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_account_permission_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid private function configuration with account permission", - "Resources": { - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Path": "/" - } - }, - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" - } - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego deleted file mode 100644 index 96d5c224..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.rego +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_account_permission_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_account_permission_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Valid private function configuration with account permission", - "Resources": { - "Function": { - "Type": "AWS::Serverless::Function", - "Properties": { - "InlineCode": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n", - "Handler": "index.handler", - "Runtime": "nodejs12.x" - } - }, - "FunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" - } - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego deleted file mode 100644 index 00d1f292..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.rego +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid private function configuration", - "Resources": { - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Path": "/" - } - }, - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego deleted file mode 100644 index 23e6c4af..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.rego +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Valid private function configuration", - "Resources": { - "Function": { - "Type": "AWS::Serverless::Function", - "Properties": { - "InlineCode": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n", - "Handler": "index.handler", - "Runtime": "nodejs12.x" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego deleted file mode 100644 index 55383a79..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.rego +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_service_permission_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid private function configuration with service permission", - "Resources": { - "FunctionRole": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "ManagedPolicyArns": [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ], - "Path": "/" - } - }, - "Function": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "ZipFile": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n" - }, - "Handler": "index.handler", - "Role": { - "Fn::GetAtt": [ - "FunctionRole", - "Arn" - ] - }, - "Runtime": "nodejs12.x" - } - }, - "FunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com" - } - } - } -} diff --git a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego b/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego deleted file mode 100644 index 5cc0dd61..00000000 --- a/tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.rego +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/lambda/inputs/valid_function_not_public_service_permission_sam_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.lambda.inputs.valid_function_not_public_service_permission_sam_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Transform": "AWS::Serverless-2016-10-31", - "Description": "Valid private function configuration with service permission", - "Resources": { - "Function": { - "Type": "AWS::Serverless::Function", - "Properties": { - "InlineCode": "exports.handler = (event, context) => {\n console.log(JSON.stringify(event))\n}\n", - "Handler": "index.handler", - "Runtime": "nodejs12.x" - } - }, - "FunctionPermission": { - "Type": "AWS::Lambda::Permission", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "Function", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "apigateway.amazonaws.com" - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego b/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego deleted file mode 100644 index df84d3d6..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.rego +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_block_public_access_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_block_public_access_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid S3 block public access configuration", - "Resources": { - "Bucket1": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "Private" - } - }, - "Bucket2": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "Private", - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego deleted file mode 100644 index 72b91bb0..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.rego +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_all_one_bucket_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_all_one_bucket_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "All", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego deleted file mode 100644 index d1e5516e..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.rego +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_read_one_bucket_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_read_one_bucket_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "ReadOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego deleted file mode 100644 index af761b34..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.rego +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_trail_no_data_events_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration with no data events", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "All" - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego deleted file mode 100644 index c5ac6c8d..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.rego +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_trail_no_selector_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_trail_no_selector_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration with no selector", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail" - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego deleted file mode 100644 index 25327bea..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.rego +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_write_one_bucket_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "WriteOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego b/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego deleted file mode 100644 index a37332bb..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "ReadOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - "arn:aws:s3:::" - ] - } - ] - }, - { - "ReadWriteType": "All", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego b/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego deleted file mode 100644 index 324d1c5c..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.rego +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_encryption_with_valid_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_encryption_with_valid_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid and valid S3 encryption configurations", - "Resources": { - "KMSKey": { - "Type": "AWS::KMS::Key", - "Properties": { - "Description": "This key is used to encrypt bucket objects", - "KeyPolicy": { - "Version": "2012-10-17", - "Id": "default-key-policy", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" - } - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "PendingWindowInDays": 10 - } - }, - "Bucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Ref": "KMSKey" - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - } - } - }, - "InvalidBucket": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego b/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego deleted file mode 100644 index e8aa91bc..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.rego +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_https_access_bucket_policy_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_https_access_bucket_policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid S3 HTTPS access configuration", - "Resources": { - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket1Policy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "Bucket1" - }, - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:Get*", - "Resource": [ - { - "Fn::GetAtt": [ - "Bucket1", - "Arn" - ] - } - ] - }, - { - "Effect": "Allow", - "Principal": "*", - "Action": "*", - "Resource": [ - { - "Fn::GetAtt": [ - "Bucket1", - "Arn" - ] - } - ], - "Condition": { - "Bool": { - "aws:SecureTransport": false - } - } - } - ] - } - } - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2Policy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "Bucket2" - }, - "PolicyDocument": { - "Statement": [ - { - "Effect": "Deny", - "Principal": "*", - "Action": "*", - "Resource": [ - { - "Fn::Sub": "${Bucket2.Arn}/*" - } - ] - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego b/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego deleted file mode 100644 index d3fd0d36..00000000 --- a/tests/rules/cfn/s3/inputs/invalid_missing_infra.rego +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/invalid_missing_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.invalid_missing_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Invalid S3 HTTPS access configuration", - "Resources": { - "Bucket": { - "Type": "AWS::S3::Bucket" - }, - "BucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "Bucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:Get*", - "Resource": [ - { - "Fn::GetAtt": [ - "Bucket", - "Arn" - ] - } - ] - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego b/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego deleted file mode 100644 index 6ad81f35..00000000 --- a/tests/rules/cfn/s3/inputs/valid_block_public_access_infra.rego +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_block_public_access_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_block_public_access_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid S3 block public access configuration", - "Resources": { - "Bucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "Private", - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - } - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego b/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego deleted file mode 100644 index c768f773..00000000 --- a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.rego +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_all_buckets_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_all_all_buckets_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "All", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - "arn:aws:s3:::" - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego b/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego deleted file mode 100644 index 12bf2aa1..00000000 --- a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.rego +++ /dev/null @@ -1,117 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_all_two_buckets_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_all_two_buckets_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "All", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - }, - { - "Fn::Sub": "${Bucket1.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego b/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego deleted file mode 100644 index 56500dc2..00000000 --- a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.rego +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_read_all_buckets_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_read_all_buckets_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "ReadOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - "arn:aws:s3:::" - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego b/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego deleted file mode 100644 index 9c106a5c..00000000 --- a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.rego +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_all_buckets_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_write_all_buckets_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "WriteOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - "arn:aws:s3:::" - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego b/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego deleted file mode 100644 index 63bb7e3e..00000000 --- a/tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.rego +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_cloudtrail_s3_data_logging_write_one_bucket_read_all_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid CloudTrail S3 data logging configuration", - "Resources": { - "CloudTrailLogging": { - "Type": "AWS::CloudTrail::Trail", - "Properties": { - "IsLogging": true, - "S3BucketName": { - "Ref": "LoggingBucket" - }, - "TrailName": "cf-fuguetest-trail", - "EventSelectors": [ - { - "ReadWriteType": "ReadOnly", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - "arn:aws:s3:::" - ] - } - ] - }, - { - "ReadWriteType": "All", - "DataResources": [ - { - "Type": "AWS::S3::Object", - "Values": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/" - } - ] - } - ] - } - ] - } - }, - "LoggingBucket": { - "Type": "AWS::S3::Bucket" - }, - "LoggingBucketPolicy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "LoggingBucket" - }, - "PolicyDocument": { - "Statement": [ - { - "Sid": "AWSCloudTrailAclCheck", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": [ - { - "Fn::GetAtt": [ - "LoggingBucket", - "Arn" - ] - } - ] - }, - { - "Sid": "AWSCloudTrailWrite", - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:PutObject", - "Resource": [ - { - "Fn::Sub": "${LoggingBucket.Arn}/*" - } - ], - "Condition": { - "StringEquals": { - "s3:x-amz-acl": "bucket-owner-full-control" - } - } - } - ] - } - } - }, - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket3": { - "Type": "AWS::S3::Bucket" - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego b/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego deleted file mode 100644 index 59dff344..00000000 --- a/tests/rules/cfn/s3/inputs/valid_encryption_infra.rego +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_encryption_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_encryption_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid S3 encryption configuration", - "Resources": { - "KMSKey": { - "Type": "AWS::KMS::Key", - "Properties": { - "Description": "This key is used to encrypt bucket objects", - "KeyPolicy": { - "Version": "2012-10-17", - "Id": "default-key-policy", - "Statement": [ - { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" - } - }, - "Action": "kms:*", - "Resource": "*" - } - ] - }, - "PendingWindowInDays": 10 - } - }, - "Bucket": { - "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Ref": "KMSKey" - }, - "SSEAlgorithm": "aws:kms" - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego b/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego deleted file mode 100644 index 0341acc2..00000000 --- a/tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.rego +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/s3/inputs/valid_https_access_bucket_policy_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.s3.inputs.valid_https_access_bucket_policy_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Valid S3 HTTPS access configuration", - "Resources": { - "Bucket1": { - "Type": "AWS::S3::Bucket" - }, - "Bucket1Policy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "Bucket1" - }, - "PolicyDocument": { - "Statement": [ - { - "Effect": "Allow", - "Principal": "*", - "Action": "s3:Get*", - "Resource": [ - { - "Fn::GetAtt": [ - "Bucket1", - "Arn" - ] - } - ] - }, - { - "Effect": "Deny", - "Principal": "*", - "Action": "*", - "Resource": [ - { - "Fn::GetAtt": [ - "Bucket1", - "Arn" - ] - } - ], - "Condition": { - "Bool": { - "aws:SecureTransport": false - } - } - } - ] - } - } - }, - "Bucket2": { - "Type": "AWS::S3::Bucket" - }, - "Bucket2Policy": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "Bucket2" - }, - "PolicyDocument": { - "Statement": [ - { - "Effect": "Deny", - "Principal": "*", - "Action": "*", - "Resource": [ - { - "Fn::Sub": "${Bucket2.Arn}/*" - } - ], - "Condition": { - "Bool": { - "aws:SecureTransport": false - } - } - } - ] - } - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego b/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego deleted file mode 100644 index 1a7e85ab..00000000 --- a/tests/rules/cfn/vpc/inputs/default_security_group_infra.rego +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/default_security_group_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.default_security_group_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "Resources": { - "Vpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "Vpc01InvalidIngress": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId": { - "Fn::GetAtt": [ - "Vpc01", - "DefaultSecurityGroup" - ] - }, - "IpProtocol": "tcp", - "FromPort": 22, - "ToPort": 22, - "CidrIp": "0.0.0.0/0" - } - }, - "Vpc01SecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description" - } - }, - "Vpc01ValidIngress": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId": { - "Ref": "Vpc01SecurityGroup" - }, - "IpProtocol": "tcp", - "FromPort": 22, - "ToPort": 22, - "CidrIp": "0.0.0.0/0" - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego b/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego deleted file mode 100644 index a34cc534..00000000 --- a/tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.rego +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/flow_logging_enabled_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.flow_logging_enabled_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "ValidVpc": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpcFlowLog": { - "Type": "AWS::EC2::FlowLog", - "Properties": { - "ResourceId": { - "Ref": "ValidVpc" - }, - "ResourceType": "VPC", - "TrafficType": "REJECT" - } - }, - "InvalidVpc": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego b/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego deleted file mode 100644 index f445f6cb..00000000 --- a/tests/rules/cfn/vpc/inputs/ingress_22_infra.rego +++ /dev/null @@ -1,176 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/ingress_22_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.ingress_22_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "Resources": { - "Vpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidSecurityGroup01": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description" - } - }, - "ValidSecurityGroup02": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "FromPort": 80, - "ToPort": 80, - "IpProtocol": -1 - } - ] - } - }, - "ValidSecurityGroup03": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIpv6": "::/0", - "FromPort": 80, - "ToPort": 80, - "IpProtocol": -1 - } - ] - } - }, - "ValidSecurityGroup04": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description" - } - }, - "ValidSecurityGroup04Ingress01": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId": { - "Ref": "ValidSecurityGroup04" - }, - "CidrIp": "192.168.1.7/32", - "FromPort": 22, - "ToPort": 22, - "IpProtocol": -1 - } - }, - "InvalidSecurityGroup01": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "FromPort": 22, - "ToPort": 22, - "IpProtocol": -1 - } - ] - } - }, - "InvalidSecurityGroup02": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "FromPort": -1, - "IpProtocol": -1 - } - ] - } - }, - "InvalidSecurityGroup03": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIpv6": "::/0", - "FromPort": 20, - "ToPort": 24, - "IpProtocol": -1 - } - ] - } - }, - "InvalidSecurityGroup04": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description" - } - }, - "InvalidSecurityGroup04Ingress01": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "GroupId": { - "Ref": "ValidSecurityGroup04" - }, - "CidrIp": "0.0.0.0/0", - "FromPort": 22, - "ToPort": 22, - "IpProtocol": -1 - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego b/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego deleted file mode 100644 index 2bd98d9d..00000000 --- a/tests/rules/cfn/vpc/inputs/ingress_3389_infra.rego +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/ingress_3389_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.ingress_3389_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "Resources": { - "Vpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidSecurityGroup02": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "FromPort": 80, - "ToPort": 80, - "IpProtocol": -1 - } - ] - } - }, - "InvalidSecurityGroup01": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "Vpc01" - }, - "GroupDescription": "Description", - "SecurityGroupIngress": [ - { - "CidrIp": "0.0.0.0/0", - "FromPort": 3389, - "ToPort": 3389, - "IpProtocol": -1 - } - ] - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego b/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego deleted file mode 100644 index c6d940f3..00000000 --- a/tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.rego +++ /dev/null @@ -1,237 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/nacl_ingress_22_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.nacl_ingress_22_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "ValidVpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc01Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc01" - } - } - }, - "ValidVpc01NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc01Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0" - } - }, - "ValidVpc02": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc02Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc02" - } - } - }, - "ValidVpc02NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc02Nacl" - }, - "RuleNumber": 10, - "RuleAction": "deny", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 22, - "To": 22 - } - } - }, - "ValidVpc02NaclEntry02": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc02Nacl" - }, - "RuleNumber": 20, - "RuleAction": "allow", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 0, - "To": 1000 - } - } - }, - "ValidVpc03": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc03Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc03" - } - } - }, - "ValidVpc03NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc03Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": -1, - "CidrBlock": "0.0.0.0/0", - "Egress": true - } - }, - "InvalidVpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc01Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc01" - } - } - }, - "InvalidVpc01NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc01Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": -1, - "CidrBlock": "0.0.0.0/0" - } - }, - "InvalidVpc02": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc02Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc02" - } - } - }, - "InvalidVpc02NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc02Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 1, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 22, - "To": 22 - } - } - }, - "InvalidVpc03": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc03Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc03" - } - } - }, - "InvalidVpc03NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc03Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 6, - "Ipv6CidrBlock": "::/0", - "PortRange": { - "From": 22, - "To": 22 - } - } - }, - "InvalidVpc03NaclEntry02": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc03Nacl" - }, - "RuleNumber": 20, - "RuleAction": "deny", - "Protocol": 6, - "Ipv6CidrBlock": "::/0", - "PortRange": { - "From": 0, - "To": 1000 - } - } - } - } -} diff --git a/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego b/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego deleted file mode 100644 index 5e5c9027..00000000 --- a/tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.rego +++ /dev/null @@ -1,237 +0,0 @@ -# Copyright 2020-2021 Fugue, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This package was automatically generated from: -# -# tests/rules/cfn/vpc/inputs/nacl_ingress_3389_infra.cfn -# -# using `generate_test_inputs.sh` and should not be modified -# directly. -# -# It provides three inputs for testing: -# - mock_input: The resource view input as passed to advanced rules -# - mock_resources: The resources present as a convenience for tests -# - mock_plan_input: The original plan input as generated by terraform -package tests.rules.cfn.vpc.inputs.nacl_ingress_3389_infra -import data.fugue.resource_view.resource_view_input -mock_input = ret { - ret = resource_view_input with input as mock_plan_input -} -mock_resources = mock_input.resources -mock_plan_input = { - "AWSTemplateFormatVersion": "2010-09-09", - "Resources": { - "ValidVpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc01Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc01" - } - } - }, - "ValidVpc01NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc01Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0" - } - }, - "ValidVpc02": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc02Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc02" - } - } - }, - "ValidVpc02NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc02Nacl" - }, - "RuleNumber": 10, - "RuleAction": "deny", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 3389, - "To": 3389 - } - } - }, - "ValidVpc02NaclEntry02": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc02Nacl" - }, - "RuleNumber": 20, - "RuleAction": "allow", - "Protocol": 6, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 0, - "To": 10000 - } - } - }, - "ValidVpc03": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "ValidVpc03Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "ValidVpc03" - } - } - }, - "ValidVpc03NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "ValidVpc03Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": -1, - "CidrBlock": "0.0.0.0/0", - "Egress": true - } - }, - "InvalidVpc01": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc01Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc01" - } - } - }, - "InvalidVpc01NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc01Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": -1, - "CidrBlock": "0.0.0.0/0" - } - }, - "InvalidVpc02": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc02Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc02" - } - } - }, - "InvalidVpc02NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc02Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 1, - "CidrBlock": "0.0.0.0/0", - "PortRange": { - "From": 3389, - "To": 3389 - } - } - }, - "InvalidVpc03": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16" - } - }, - "InvalidVpc03Nacl": { - "Type": "AWS::EC2::NetworkAcl", - "Properties": { - "VpcId": { - "Ref": "InvalidVpc03" - } - } - }, - "InvalidVpc03NaclEntry01": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc03Nacl" - }, - "RuleNumber": 10, - "RuleAction": "allow", - "Protocol": 6, - "Ipv6CidrBlock": "::/0", - "PortRange": { - "From": 3389, - "To": 3389 - } - } - }, - "InvalidVpc03NaclEntry02": { - "Type": "AWS::EC2::NetworkAclEntry", - "Properties": { - "NetworkAclId": { - "Ref": "InvalidVpc03Nacl" - }, - "RuleNumber": 20, - "RuleAction": "deny", - "Protocol": 6, - "Ipv6CidrBlock": "::/0", - "PortRange": { - "From": 0, - "To": 10000 - } - } - } - } -} diff --git a/tools.go b/tools.go new file mode 100644 index 00000000..eeb9afa7 --- /dev/null +++ b/tools.go @@ -0,0 +1,11 @@ +// +build tools + +package tools + +import ( + // These are dependencies for `go generate`, see + // `pkg/tf_resource_schemas/generate/main.go`. + _ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + _ "github.com/terraform-providers/terraform-provider-aws/aws" + _ "github.com/terraform-providers/terraform-provider-google/google" +)