Skip to content

Getting Started Contributing

Jump to bottom
Rami McCarthy edited this page Nov 18, 2019 · 2 revisions

Here is some basic documentation of the architecture of sadcloud

  1. Every provider is a folder inside /modules
  2. Every service is a folder inside /modules/providers
  3. New services must be configured in /sadcloud/main.tf, and require an all_SERVICE_findings variable added to /sadcloud/variables.tf
  4. New findings should each map to one variable a. The variable should default to false if the finding is not set b. The variable should be set in the module block in /sadcloud/main.tf i. The variable should be set via a boolean that ORs ("||") with all_SERVICE_findings as well as all_findings c. The variable should be defined under /modules/PROVIDER/SERVICE/variables.tf
  5. Where possible, new services - whether directly used for a finding or needed to configure a service to generate a finding, should not be created when not necessary for configured findings. This can be done via: a. resource blocks can be programmatically enabled/disabled using the count parameter b. arguments should be nullable, using expressions (for_each) based on the finding variable c. All services are commented out of /sadcloud/main.tf by default
  6. NOTE: For AWS services that require a VPC, use the network module, to share a VPC across sadcloud. To use the network module, ensure: a. In sadcloud/main.tf, the necessary variables are set in the service module, from module.network.VARIABLE b. In /modules/PROVIDER/SERVICE/variables.tf, the network variables from (6a) are defined c. In sadcloud/main.tf, the needs_network variable in the network module block considers all_SERVICE_findings d. The shared network module can then be used in /modules/PROVIDER/SERVICE/main.tf

Based on the above, the following are the basic steps to add a new finding:

If new provider

  1. Add a folder for the provider under /modules/

If new service

  1. Create a scaffold folder under /modules/PROVIDER/ a. create a main.tf, an outputs.tf, and a variables.tf
  2. Setup a basic template for the service within the folder

For each vulnerability

  1. Add a variable per finding, with a name describing the vulnerability a. Make sure to add the variable to /modules/PROVIDER/SERIVCE/variables.tf b. Make sure to set the variable in the respective module block in /sadcloud/main.tf c. Make sure the variable defaults to false (designating a secure state)
  2. Use the variable where necessary to make the finding configurable and programmatically nullable
Clone this wiki locally