Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn on unmanaged security group rules #261

Merged
merged 2 commits into from
Feb 15, 2021
Merged

Warn on unmanaged security group rules #261

merged 2 commits into from
Feb 15, 2021

Conversation

wbeuil
Copy link
Contributor

@wbeuil wbeuil commented Feb 15, 2021

Q A
πŸ› Bug fix? no
πŸš€ New feature? yes
⚠ Deprecations? no
❌ BC Break no
πŸ”— Related issues #8
❓ Documentation yes

Description

Unmanaged security group rules can be falsely displayed as unmanaged in driftctl scan output. Simply because it's impossible, by only reading the state, to be sure that those rules were created by terraform. Indeed terraform re-writes on apply/refresh the state with all the rules a security group has in AWS if you don't use the egress/ingress in-line blocks. We decided to warn our users if we found rules that were not created with the aws_security_group_rule resource.

image

@wbeuil wbeuil requested a review from a team as a code owner February 15, 2021 14:57
@codecov
Copy link

codecov bot commented Feb 15, 2021

Codecov Report

Merging #261 (490c23d) into main (4f2f271) will increase coverage by 0.04%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #261      +/-   ##
==========================================
+ Coverage   69.96%   70.01%   +0.04%     
==========================================
  Files         222      222              
  Lines        4934     4942       +8     
==========================================
+ Hits         3452     3460       +8     
  Misses       1207     1207              
  Partials      275      275
Impacted Files Coverage Ξ”
pkg/analyser/analyzer.go 96.00% <100.00%> (+0.47%) ⬆️

@eliecharra eliecharra merged commit 4bb6e74 into main Feb 15, 2021
@eliecharra eliecharra deleted the alert/sg-inline-rules branch February 15, 2021 15:42
@eliecharra eliecharra linked an issue Feb 15, 2021 that may be closed by this pull request
Inline Security Group Rules should trigger alert to user #8
Closed
@eliecharra eliecharra added the kind/enhancement New feature or improvement label Feb 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eliecharra eliecharra eliecharra approved these changes

Assignees
No one assigned
Labels
kind/enhancement New feature or improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inline Security Group Rules should trigger alert to user
2 participants
@wbeuil @eliecharra