Documentation ¶
Index ¶
- Variables
- func Load(customCheckDir string) error
- func NewCustomContext(module *terraform.Module) *customContext
- func NewCustomContextWithVariables(module *terraform.Module, variables customCheckVariables) *customContext
- func NewEmptyCustomContext() *customContext
- func ProcessFoundChecks(checks ChecksFile)
- func Validate(checkFilePath string) error
- type Check
- type CheckAction
- type ChecksFile
- type MatchSpec
- type MatchType
Constants ¶
This section is empty.
Variables ¶
var AttrMatchFunctions = map[CheckAction]func(*terraform.Attribute, *MatchSpec, *customContext) bool{ IsPresent: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { return a.Contains(spec.Name) || spec.IgnoreUndefined }, NotPresent: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { return !a.Contains(spec.Name) }, StartsWith: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.String) { return false } return strings.HasPrefix(attributeValue.AsString(), fmt.Sprintf("%v", processMatchValueVariables(spec.MatchValue, customCtx.variables))) } return spec.IgnoreUndefined }, EndsWith: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.String) { return false } return strings.HasSuffix(attributeValue.AsString(), fmt.Sprintf("%v", processMatchValueVariables(spec.MatchValue, customCtx.variables))) } return spec.IgnoreUndefined }, Equals: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.String) { return false } return attributeValue.AsString() == processMatchValueVariables(spec.MatchValue, customCtx.variables) } return spec.IgnoreUndefined }, NotEqual: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.String) { return false } return attributeValue.AsString() != processMatchValueVariables(spec.MatchValue, customCtx.variables) } return spec.IgnoreUndefined }, LessThan: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.Number) { return false } if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil { return false } else { return attributeValue.LessThan(matchValue).True() } } return spec.IgnoreUndefined }, LessThanOrEqualTo: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.Number) { return false } if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil { return false } else { return attributeValue.LessThanOrEqualTo(matchValue).True() } } return spec.IgnoreUndefined }, GreaterThan: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.Number) { return false } if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil { return false } else { return attributeValue.GreaterThan(matchValue).True() } } return spec.IgnoreUndefined }, GreaterThanOrEqualTo: func(a *terraform.Attribute, spec *MatchSpec, customCtx *customContext) bool { if attributeValue := a.MapValue(spec.Name); !attributeValue.IsNull() { if !attributeValue.Type().Equals(cty.Number) { return false } if matchValue, err := gocty.ToCtyValue(spec.MatchValue, cty.Number); err != nil { return false } else { return attributeValue.GreaterThanOrEqualTo(matchValue).True() } } return spec.IgnoreUndefined }, }
var ValidCheckActions = []CheckAction{ InModule, IsPresent, NotPresent, IsEmpty, StartsWith, EndsWith, Contains, NotContains, OnlyContains, Equals, NotEqual, LessThan, LessThanOrEqualTo, GreaterThan, GreaterThanOrEqualTo, RegexMatches, RequiresPresence, IsAny, IsNone, HasTag, OfType, And, Or, Not, }
Functions ¶
func NewCustomContext ¶
func NewEmptyCustomContext ¶
func NewEmptyCustomContext() *customContext
func ProcessFoundChecks ¶
func ProcessFoundChecks(checks ChecksFile)
Types ¶
type Check ¶
type Check struct { Code string `json:"code" yaml:"code"` Provider string `json:"provider,omitempty" yaml:"provider,omitempty"` Service string `json:"service,omitempty" yaml:"service,omitempty"` Description string `json:"description" yaml:"description"` RequiredTypes []string `json:"requiredTypes" yaml:"requiredTypes"` RequiredLabels []string `json:"requiredLabels" yaml:"requiredLabels"` RequiredSources []string `json:"requiredSources" yaml:"requiredSources,omitempty"` Severity severity.Severity `json:"severity" yaml:"severity"` ErrorMessage string `json:"errorMessage,omitempty" yaml:"errorMessage,omitempty"` MatchSpec *MatchSpec `json:"matchSpec" yaml:"matchSpec"` RelatedLinks []string `json:"relatedLinks,omitempty" yaml:"relatedLinks,omitempty"` Impact string `json:"impact,omitempty" yaml:"impact,omitempty"` Resolution string `json:"resolution,omitempty" yaml:"resolution,omitempty"` }
Check specifies the check definition represented in json/yaml
type CheckAction ¶
type CheckAction string
const And CheckAction = "and"
And checks that at both of the given predicateMatchSpec's evaluates to True
const Contains CheckAction = "contains"
Contains checks that the named child attribute has a value in the map, list or attribute
const EndsWith CheckAction = "endsWith"
EndsWith checks that the named child attribute has a value that ends with the check value
const Equals CheckAction = "equals"
Equals checks that the named child attribute has a value equal to the check value
const GreaterThan CheckAction = "greaterThan"
GreaterThan checks that the named attribute value is greater than the check value
const GreaterThanOrEqualTo CheckAction = "greaterThanOrEqualTo"
GreaterThanOrEqualTo checks that the named attribute value is greater than or equal to the check value
const HasTag CheckAction = "hasTag"
HasTag checks if there is an expected check for the resource, taking into account provider default checks
const InModule CheckAction = "inModule"
InModule checks that the block is part of a module
const IsAny CheckAction = "isAny"
IsAny checks that the named attribute value can be found in the provided slice
const IsEmpty CheckAction = "isEmpty"
IsEmpty checks that the named attribute value is empty
const IsNone CheckAction = "isNone"
IsNone checks that the named attribute value cannot be found in the provided slice
const IsPresent CheckAction = "isPresent"
IsPresent checks that the named child is present in the block
const LessThan CheckAction = "lessThan"
LessThan checks that the named attribute value is less than the check value
const LessThanOrEqualTo CheckAction = "lessThanOrEqualTo"
LessThanOrEqualTo checks that the named attribute value is less than or equal to the check value
const Not CheckAction = "not"
Not checks that the given predicateMatchSpec evaluates to False
const NotContains CheckAction = "notContains"
NotContains checks that the named child attribute does not have a value in the map, list or attribute
const NotEqual CheckAction = "notEqual"
NotEqual checks that the named child attribute does not have a value equal to the check value
const NotPresent CheckAction = "notPresent"
NotPresent checks that the named child is absent in the block
const OfType CheckAction = "ofType"
OfType checks that each resource block is of a defined type
const OnlyContains CheckAction = "onlyContains"
OnlyContains checks that the slice only contains the values in the check value
const Or CheckAction = "or"
Or checks that at least one of the given predicateMatchSpec's evaluates to True
const RegexMatches CheckAction = "regexMatches"
RegexMatches checks that the named attribute has a value that matches the regex
const RequiresPresence CheckAction = "requiresPresence"
RequiresPresence checks that a second resource is present
const StartsWith CheckAction = "startsWith"
StartsWith checks that the named child attribute has a value that starts with the check value
type ChecksFile ¶
type ChecksFile struct {
Checks []*Check `json:"checks" yaml:"checks"`
}
func LoadCheckFile ¶
func LoadCheckFile(checkFilePath string) (ChecksFile, error)
type MatchSpec ¶
type MatchSpec struct { Name string `json:"name,omitempty" yaml:"name,omitempty"` MatchValue interface{} `json:"value,omitempty" yaml:"value,omitempty"` Action CheckAction `json:"action,omitempty" yaml:"action,omitempty"` PreConditions []MatchSpec `json:"preConditions,omitempty" yaml:"preConditions,omitempty"` PredicateMatchSpec []MatchSpec `json:"predicateMatchSpec,omitempty" yaml:"predicateMatchSpec,omitempty"` SubMatch *MatchSpec `json:"subMatch,omitempty" yaml:"subMatch,omitempty"` SubMatchOne *MatchSpec `json:"subMatchOne,omitempty" yaml:"subMatchOne,omitempty"` IgnoreUndefined bool `json:"ignoreUndefined,omitempty" yaml:"ignoreUndefined,omitempty"` IgnoreUnmatched bool `json:"ignoreUnmatched,omitempty" yaml:"ignoreUnmatched,omitempty"` AssignVariable string `json:"assignVariable,omitempty" yaml:"assignVariable,omitempty"` }
MatchSpec specifies the checks that should be performed