Skip to content

Commit

Permalink
added workaround for #154 with mocking arn for resource
Browse files Browse the repository at this point in the history
  • Loading branch information
milldr committed Mar 5, 2020
1 parent e4b0ac6 commit 076ee43
Show file tree
Hide file tree
Showing 9 changed files with 28 additions and 23 deletions.
14 changes: 5 additions & 9 deletions cli/terraform12_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (

// Run built in rules against Terraform v0.12 parser
func TestTerraform12BuiltInRules(t *testing.T) {

// Define file to load rules from
// This file is located under cli/assets/
ruleSet := loadRules(t, "terraform.yml")
Expand Down Expand Up @@ -106,14 +105,11 @@ func TestTerraform12BuiltInRules(t *testing.T) {
{"aws/sns_topic_policy/policy_statement_principal_wildcard-copy.tf", "SNS_TOPIC_POLICY_WILDCARD_PRINCIPAL", 0, 1},
{"aws/sns_topic_policy/policy_version.tf", "POLICY_VERSION", 0, 1},
{"aws/sqs_queue/encryption.tf", "SQS_QUEUE_ENCRYPTION", 0, 1},

// the resources have been copied already. commented tests need their rules updated to work for tf12
//
// {"aws/sqs_queue_policy/policy_statement_action_wildcard.tf", "SQS_QUEUE_POLICY_WILDCARD_ACTION", 0, 1},
// {"aws/sqs_queue_policy/policy_statement_notaction.tf", "SQS_QUEUE_POLICY_NOT_ACTION", 1, 0},
// {"aws/sqs_queue_policy/policy_statement_notprincipal.tf", "SQS_QUEUE_POLICY_NOT_PRINCIPAL", 1, 0},
// {"aws/sqs_queue_policy/policy_statement_principal_wildcard.tf", "SQS_QUEUE_POLICY_WILDCARD_PRINCIPAL", 0, 1},
// {"aws/sqs_queue_policy/policy_version.tf", "POLICY_VERSION", 0, 1},
{"aws/sqs_queue_policy/policy_statement_action_wildcard.tf", "SQS_QUEUE_POLICY_WILDCARD_ACTION", 0, 1},
{"aws/sqs_queue_policy/policy_statement_notaction.tf", "SQS_QUEUE_POLICY_NOT_ACTION", 1, 0},
{"aws/sqs_queue_policy/policy_statement_notprincipal.tf", "SQS_QUEUE_POLICY_NOT_PRINCIPAL", 1, 0},
{"aws/sqs_queue_policy/policy_statement_principal_wildcard.tf", "SQS_QUEUE_POLICY_WILDCARD_PRINCIPAL", 0, 1},
{"aws/sqs_queue_policy/policy_version.tf", "POLICY_VERSION", 0, 1},
{"aws/subnet/map_public_ip_on_launch.tf", "EC2_SUBNET_MAP_PUBLIC", 1, 0},
{"aws/waf_web_acl/default_action_type.tf", "WAF_WEB_ACL", 0, 1},
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,14 @@ resource "aws_sqs_queue" "test_queue" {
name = "test_queue"
kms_master_key_id = "alias/foo/bar"
kms_data_key_reuse_period_seconds = 60
arn = "mockedarn"
}

# Pass
resource "aws_sqs_queue_policy" "policy_statement_allow_action_without_wildcard" {
queue_url = aws_sqs_queue.test_queue.id

policy = <<EOF
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
Expand All @@ -20,14 +21,14 @@ resource "aws_sqs_queue_policy" "policy_statement_allow_action_without_wildcard"
}
]
}
EOF
POLICY
}

# Pass
resource "aws_sqs_queue_policy" "policy_statement_deny_action_without_wildcard" {
queue_url = aws_sqs_queue.test_queue.id

policy = <<EOF
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
Expand All @@ -38,14 +39,14 @@ resource "aws_sqs_queue_policy" "policy_statement_deny_action_without_wildcard"
}
]
}
EOF
POLICY
}

# Pass
resource "aws_sqs_queue_policy" "policy_statement_deny_action_with_wildcard" {
queue_url = aws_sqs_queue.test_queue.id

policy = <<EOF
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
Expand All @@ -56,14 +57,14 @@ resource "aws_sqs_queue_policy" "policy_statement_deny_action_with_wildcard" {
}
]
}
EOF
POLICY
}

# Fail
resource "aws_sqs_queue_policy" "policy_statement_allow_action_with_wildcard" {
queue_url = aws_sqs_queue.test_queue.id

policy = <<EOF
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
Expand All @@ -74,5 +75,5 @@ resource "aws_sqs_queue_policy" "policy_statement_allow_action_with_wildcard" {
}
]
}
EOF
POLICY
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ resource "aws_sqs_queue" "test_queue" {
name = "test_queue"
kms_master_key_id = "alias/foo/bar"
kms_data_key_reuse_period_seconds = 60
arn = "mocked_arn"
}

# Pass
Expand All @@ -16,7 +17,7 @@ resource "aws_sqs_queue_policy" "policy_statement_without_notaction" {
{
"Effect": "Allow",
"Action": "sqs:SendMessage",
"Resource": ${aws_sqs_queue.test_queue.arn}
"Resource": "${aws_sqs_queue.test_queue.arn}"
}
]
}
Expand All @@ -34,7 +35,7 @@ resource "aws_sqs_queue_policy" "policy_statement_with_notaction" {
{
"Effect": "Allow",
"NotAction": "sqs:SendMessage",
"Resource": ${aws_sqs_queue.test_queue.arn}
"Resource": "${aws_sqs_queue.test_queue.arn}"
}
]
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ resource "aws_sqs_queue" "test_queue" {
name = "test_queue"
kms_master_key_id = "alias/foo/bar"
kms_data_key_reuse_period_seconds = 60
arn = "mocked_arn"
}

# Pass
Expand All @@ -21,7 +22,7 @@ resource "aws_sqs_queue_policy" "policy_statement_without_notprincipal" {
"arn:aws:iam::1234567890:user/foo"
]
},
"Resource": ${aws_sqs_queue.test_queue.arn}
"Resource": "${aws_sqs_queue.test_queue.arn}"
}
]
}
Expand All @@ -44,7 +45,7 @@ resource "aws_sqs_queue_policy" "policy_statement_with_notprincipal" {
"arn:aws:iam::1234567890:user/foo"
]
},
"Resource": ${aws_sqs_queue.test_queue.arn}
"Resource": "${aws_sqs_queue.test_queue.arn}"
}
]
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ resource "aws_sqs_queue" "test_queue" {
name = "test_queue"
kms_master_key_id = "alias/foo/bar"
kms_data_key_reuse_period_seconds = 60
arn = "mocked_arn"
}

# Pass
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
## Setup Helper
resource "aws_sqs_queue" "test_queue" {
name = "examplequeue"
arn = "mocked_arn"
}

# Pass
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ require (
golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6 // indirect
golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
golang.org/x/sys v0.0.0-20200217220822-9197077df867 // indirect
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb // indirect
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b // indirect
)
4 changes: 4 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -528,6 +528,10 @@ golang.org/x/tools v0.0.0-20200304143113-d6a4d55695f2 h1:fRkP4IAibCxA/Xm3eihEsPr
golang.org/x/tools v0.0.0-20200304143113-d6a4d55695f2/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M=
golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200305140159-d7d444866696 h1:uuiLBSsR+ZDddgZ/2k23Y7FrUNl29gq4sEFcO170R5k=
golang.org/x/tools v0.0.0-20200305140159-d7d444866696/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b h1:kWwtroURwYKTlrhKtLws/aJ3iuNdVB417e2FCSutkIs=
golang.org/x/tools v0.0.0-20200305185322-6a641547f55b/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
Expand Down
2 changes: 1 addition & 1 deletion linter/terraform.go
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,7 @@ func parseJSONDocuments(resource interface{}) (interface{}, error) {
if policyAttribute, hasPolicyString := properties[attribute]; hasPolicyString {
if policyString, isString := policyAttribute.(string); isString {
var policy interface{}
if policyString != "" {
if policyString != "" && policyString != "UNDEFINED" {
err := json.Unmarshal([]byte(policyString), &policy)
if err != nil {
assertion.Debugf("Unable to parse '%s' as JSON\n", policyString)
Expand Down

0 comments on commit 076ee43

Please sign in to comment.