Skip to content

Commit

Permalink
[FEATURE] - Ignore Local Directories on Module Policy Verification (#871
Browse files Browse the repository at this point in the history
)

Ignoring the verification if the module spec has a local directory
  • Loading branch information
gambol99 committed Aug 25, 2023
1 parent 6ffb7b4 commit 2fd5fc6
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 4 deletions.
10 changes: 7 additions & 3 deletions pkg/cmd/tnctl/verify/revision.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ func (o *RevisionCommand) Run(ctx context.Context) error {
return err
}
// @step: check if the cloudresource is permitted by the policy
if err := o.checkPermittedPolicy(revision); err != nil {
if err := o.checkModuleSecurityPolicy(revision); err != nil {
return err
}
// @step: check if the resource has a provider
Expand Down Expand Up @@ -710,16 +710,20 @@ func (o *RevisionCommand) checkProvider(revision *terraformv1alpha1.Revision) er
})
}

// checkPermittedPolicy is responsible for checking if the cloudresource is permitted by the policy
func (o *RevisionCommand) checkPermittedPolicy(revision *terraformv1alpha1.Revision) error {
// checkModuleSecurityPolicy is responsible for checking if the cloudresource is permitted by the policy
func (o *RevisionCommand) checkModuleSecurityPolicy(revision *terraformv1alpha1.Revision) error {
return o.Verify.Check("Validating Module Policy permits Revision", func(c CheckInterface) error {
switch {
case o.Policies == nil:
fallthrough

case len(o.Policies.Items) == 0:
c.Warning("No module constraint policies found, the Revision will be permitted")

return nil

case utils.ContainsPrefix(revision.Spec.Configuration.Module, []string{"/", "."}):
c.Warning("Revision is using a local directory, skipping policy check")
}

policies := policies.FindModuleConstraints(o.Policies)
Expand Down
16 changes: 15 additions & 1 deletion pkg/utils/slices.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@

package utils

import "sort"
import (
"sort"
"strings"
)

// MaxChars returns the maximum character length of a list of strings
func MaxChars(slice string, max int) string {
Expand All @@ -31,6 +34,17 @@ func MaxChars(slice string, max int) string {
return slice[:max]
}

// ContainsPrefix checks a list has a value with the prefixes
func ContainsPrefix(v string, l []string) bool {
for _, x := range l {
if strings.HasPrefix(v, x) {
return true
}
}

return false
}

// Contains checks a list has a value in it
func Contains(v string, l []string) bool {
for _, x := range l {
Expand Down
6 changes: 6 additions & 0 deletions pkg/utils/slices_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ func TestMaxChars(t *testing.T) {
assert.Equal(t, "hel", v)
}

func TestContainsPrefix(t *testing.T) {
assert.True(t, ContainsPrefix("/tmp/revision", []string{"/", "."}))
assert.True(t, ContainsPrefix(".", []string{"/", "."}))
assert.False(t, ContainsPrefix("abc", []string{"def"}))
}

func TestContainsOK(t *testing.T) {
list := []string{"a", "b", "c"}

Expand Down

0 comments on commit 2fd5fc6

Please sign in to comment.