custom

package
v1.28.18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2024 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AttrMatchFunctions = map[CheckAction]func(*terraform.Attribute, *MatchSpec, *customContext) bool{
	IsPresent: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		return a.Contains(spec.Name) || spec.IgnoreUndefined
	},
	NotPresent: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		return !a.Contains(spec.Name)
	},
	StartsWith: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.String) {
				return false
			}
			return strings.HasPrefix(attributeValue.AsString(), fmt.Sprintf("%v", processMatchValueVariables(spec.MatchValue, customCtx.variables)))
		}
		return spec.IgnoreUndefined
	},
	EndsWith: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.String) {
				return false
			}
			return strings.HasSuffix(attributeValue.AsString(), fmt.Sprintf("%v", processMatchValueVariables(spec.MatchValue, customCtx.variables)))
		}
		return spec.IgnoreUndefined
	},
	Equals: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.String) {
				return false
			}
			return attributeValue.AsString() == processMatchValueVariables(spec.MatchValue, customCtx.variables)
		}
		return spec.IgnoreUndefined
	},
	NotEqual: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.String) {
				return false
			}
			return attributeValue.AsString() != processMatchValueVariables(spec.MatchValue, customCtx.variables)
		}
		return spec.IgnoreUndefined
	},
	LessThan: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.Number) {
				return false
			}
			if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil {
				return false
			} else {
				return attributeValue.LessThan(matchValue).True()
			}
		}
		return spec.IgnoreUndefined
	},
	LessThanOrEqualTo: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.Number) {
				return false
			}
			if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil {
				return false
			} else {
				return attributeValue.LessThanOrEqualTo(matchValue).True()
			}
		}
		return spec.IgnoreUndefined
	},
	GreaterThan: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.Number) {
				return false
			}
			if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil {
				return false
			} else {
				return attributeValue.GreaterThan(matchValue).True()
			}
		}
		return spec.IgnoreUndefined
	},
	GreaterThanOrEqualTo: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool {
		if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() {
			if !attributeValue.Type().Equals(cty.Number) {
				return false
			}
			if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil {
				return false
			} else {
				return attributeValue.GreaterThanOrEqualTo(matchValue).True()
			}
		}
		return spec.IgnoreUndefined
	},
}

Functions

func Load

func Load(customCheckDir string) error

func NewCustomContext

func NewCustomContext(module *terraform.Module) *customContext

func NewCustomContextWithVariables

func NewCustomContextWithVariables(module *terraform.Module, variables customCheckVariables) *customContext

func NewEmptyCustomContext

func NewEmptyCustomContext() *customContext

func ProcessFoundChecks

func ProcessFoundChecks(checks ChecksFile)

func Validate

func Validate(checkFilePath string) error

Types

type Check

type Check struct {
	Code            string            `json:"code" yaml:"code"`
	Provider        string            `json:"provider,omitempty" yaml:"provider,omitempty"`
	Service         string            `json:"service,omitempty" yaml:"service,omitempty"`
	Description     string            `json:"description" yaml:"description"`
	RequiredTypes   []string          `json:"requiredTypes" yaml:"requiredTypes"`
	RequiredLabels  []string          `json:"requiredLabels" yaml:"requiredLabels"`
	RequiredSources []string          `json:"requiredSources" yaml:"requiredSources,omitempty"`
	Severity        severity.Severity `json:"severity" yaml:"severity"`
	ErrorMessage    string            `json:"errorMessage,omitempty" yaml:"errorMessage,omitempty"`
	MatchSpec       *MatchSpec        `json:"matchSpec" yaml:"matchSpec"`
	RelatedLinks    []string          `json:"relatedLinks,omitempty" yaml:"relatedLinks,omitempty"`
	Impact          string            `json:"impact,omitempty" yaml:"impact,omitempty"`
	Resolution      string            `json:"resolution,omitempty" yaml:"resolution,omitempty"`
}

Check specifies the check definition represented in json/yaml

type CheckAction

type CheckAction string
const And CheckAction = "and"

And checks that at both of the given predicateMatchSpec's evaluates to True

const Contains CheckAction = "contains"

Contains checks that the named child attribute has a value in the map, list or attribute

const EndsWith CheckAction = "endsWith"

EndsWith checks that the named child attribute has a value that ends with the check value

const Equals CheckAction = "equals"

Equals checks that the named child attribute has a value equal to the check value

const GreaterThan CheckAction = "greaterThan"

GreaterThan checks that the named attribute value is greater than the check value

const GreaterThanOrEqualTo CheckAction = "greaterThanOrEqualTo"

GreaterThanOrEqualTo checks that the named attribute value is greater than or equal to the check value

const HasTag CheckAction = "hasTag"

HasTag checks if there is an expected check for the resource, taking into account provider default checks

const InModule CheckAction = "inModule"

InModule checks that the block is part of a module

const IsAny CheckAction = "isAny"

IsAny checks that the named attribute value can be found in the provided slice

const IsEmpty CheckAction = "isEmpty"

IsEmpty checks that the named attribute value is empty

const IsNone CheckAction = "isNone"

IsNone checks that the named attribute value cannot be found in the provided slice

const IsPresent CheckAction = "isPresent"

IsPresent checks that the named child is present in the block

const LessThan CheckAction = "lessThan"

LessThan checks that the named attribute value is less than the check value

const LessThanOrEqualTo CheckAction = "lessThanOrEqualTo"

LessThanOrEqualTo checks that the named attribute value is less than or equal to the check value

const Not CheckAction = "not"

Not checks that the given predicateMatchSpec evaluates to False

const NotContains CheckAction = "notContains"

NotContains checks that the named child attribute does not have a value in the map, list or attribute

const NotEqual CheckAction = "notEqual"

NotEqual checks that the named child attribute does not have a value equal to the check value

const NotPresent CheckAction = "notPresent"

NotPresent checks that the named child is absent in the block

const OfType CheckAction = "ofType"

OfType checks that each resource block is of a defined type

const OnlyContains CheckAction = "onlyContains"

OnlyContains checks that the slice only contains the values in the check value

const Or CheckAction = "or"

Or checks that at least one of the given predicateMatchSpec's evaluates to True

const RegexMatches CheckAction = "regexMatches"

RegexMatches checks that the named attribute has a value that matches the regex

const RequiresPresence CheckAction = "requiresPresence"

RequiresPresence checks that a second resource is present

const StartsWith CheckAction = "startsWith"

StartsWith checks that the named child attribute has a value that starts with the check value

type ChecksFile

type ChecksFile struct {
	Checks []*Check `json:"checks" yaml:"checks"`
}

func LoadCheckFile

func LoadCheckFile(checkFilePath string) (ChecksFile, error)

type MatchSpec

type MatchSpec struct {
	Name               string      `json:"name,omitempty" yaml:"name,omitempty"`
	MatchValue         interface{} `json:"value,omitempty" yaml:"value,omitempty"`
	Action             CheckAction `json:"action,omitempty" yaml:"action,omitempty"`
	PreConditions      []MatchSpec `json:"preConditions,omitempty" yaml:"preConditions,omitempty"`
	PredicateMatchSpec []MatchSpec `json:"predicateMatchSpec,omitempty" yaml:"predicateMatchSpec,omitempty"`
	SubMatch           *MatchSpec  `json:"subMatch,omitempty" yaml:"subMatch,omitempty"`
	SubMatchOne        *MatchSpec  `json:"subMatchOne,omitempty" yaml:"subMatchOne,omitempty"`
	IgnoreUndefined    bool        `json:"ignoreUndefined,omitempty" yaml:"ignoreUndefined,omitempty"`
	IgnoreUnmatched    bool        `json:"ignoreUnmatched,omitempty" yaml:"ignoreUnmatched,omitempty"`
	AssignVariable     string      `json:"assignVariable,omitempty" yaml:"assignVariable,omitempty"`
}

MatchSpec specifies the checks that should be performed

type MatchType

type MatchType string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL