Skip to content

Commit

Permalink
feat(query): Added Oss Bucket Versioning Disabled for Terraform. Chec…
Browse files Browse the repository at this point in the history 
…kmarx#4919
  • Loading branch information
@cxAndreFelicidade
cxAndreFelicidade authored Mar 7, 2022
1 parent ec72f3f commit 167a8e1
Show file tree
Hide file tree
Showing 6 changed files with 80 additions and 0 deletions.
11 changes: 11 additions & 0 deletions assets/queries/terraform/alicloud/oss_bucket_versioning_disabled/metadata.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"id": "70919c0b-2548-4e6b-8d7a-3d84ab6dabba",
"queryName": "OSS Bucket Versioning Disabled",
"severity": "MEDIUM",
"category": "Backup",
"descriptionText": "OSS Bucket should have versioning enabled",
"descriptionUrl": "https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/oss_bucket#versioning",
"platform": "Terraform",
"descriptionID": "749f1287",
"cloudProvider": "alicloud"
}
35 changes: 35 additions & 0 deletions assets/queries/terraform/alicloud/oss_bucket_versioning_disabled/query.rego
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package Cx

import data.generic.common as common_lib

CxPolicy[result] {
some i
resource := input.document[i].resource.alicloud_oss_bucket[name]

resource.versioning.status == "Suspended"

result := {
"documentId": input.document[i].id,
"searchKey": sprintf("alicloud_oss_bucket[%s].versioning.status", [name]),
"issueType": "IncorrectValue",
"keyExpectedValue": "'versioning.status' is enabled",
"keyActualValue": "'versioning.status' is suspended",
"searchLine": common_lib.build_search_line(["resource", "alicloud_oss_bucket", name, "versioning", "status"], []),
}
}

CxPolicy[result] {
some i
resource := input.document[i].resource.alicloud_oss_bucket[name]

not common_lib.valid_key(resource, "versioning")

result := {
"documentId": input.document[i].id,
"searchKey": sprintf("alicloud_oss_bucket[%s]", [name]),
"issueType": "MissingAttribute",
"keyExpectedValue": "'versioning.status' is defined and set to enabled",
"keyActualValue": "'versioning' is missing",
"searchLine": common_lib.build_search_line(["resource", "alicloud_oss_bucket", name], []),
}
}
8 changes: 8 additions & 0 deletions assets/queries/terraform/alicloud/oss_bucket_versioning_disabled/test/negative1.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource "alicloud_oss_bucket" "bucket-versioning1" {
bucket = "bucket-170309-versioning"
acl = "private"

versioning {
status = "Enabled"
}
}
8 changes: 8 additions & 0 deletions assets/queries/terraform/alicloud/oss_bucket_versioning_disabled/test/positive1.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource "alicloud_oss_bucket" "bucket-versioning2" {
bucket = "bucket-170309-versioning"
acl = "private"

versioning {
status = "Suspended"
}
}
4 changes: 4 additions & 0 deletions assets/queries/terraform/alicloud/oss_bucket_versioning_disabled/test/positive2.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resource "alicloud_oss_bucket" "bucket-versioning3" {
bucket = "bucket-170309-versioning"
acl = "private"
}
14 changes: 14 additions & 0 deletions ...ries/terraform/alicloud/oss_bucket_versioning_disabled/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
[
{
"queryName": "OSS Bucket Versioning Disabled",
"severity": "MEDIUM",
"line": 6,
"fileName": "positive1.tf"
},
{
"queryName": "OSS Bucket Versioning Disabled",
"severity": "MEDIUM",
"line": 1,
"fileName": "positive2.tf"
}
]

0 comments on commit 167a8e1

Please sign in to comment.