Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_failure(self):
resource_conf = {
"minimum_password_length": [15],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
"max_password_age": [89],
"password_reuse_prevention": [4]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure_on_missing_property(self):
resource_conf = {
"minimum_password_length": [15],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def test_failure_s3_accesslogs(self):
resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"acl": ["public-read"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.FAILED, scan_result)
def scan_resource_conf(self, conf):
"""
validates iam password policy
https://www.terraform.io/docs/providers/aws/r/iam_account_password_policy.html
:param conf: aws_iam_account_password_policy configuration
:return:
"""
key = 'require_lowercase_characters'
if key in conf.keys():
if conf[key][0]:
return CheckResult.PASSED
return CheckResult.FAILED
def scan_resource_conf(self, conf):
"""
Looks for monitoring configuration on google_container_cluster:
https://www.terraform.io/docs/providers/google/r/container_cluster.html
:param conf: google_container_cluster configuration
:return:
"""
if 'monitoring_service' in conf:
if conf['monitoring_service'][0] == "none":
return CheckResult.FAILED
return CheckResult.PASSED
def scan_resource_conf(self, conf):
"""
validates iam password policy
https://www.terraform.io/docs/providers/aws/r/iam_account_password_policy.html
:param conf: aws_iam_account_password_policy configuration
:return:
"""
key = 'require_uppercase_characters'
if key in conf.keys():
if conf[key][0]:
return CheckResult.PASSED
return CheckResult.FAILED
def scan_resource_conf(self, conf):
"""
validates kms rotation
https://www.terraform.io/docs/providers/aws/r/kms_key.html
:param conf: aws_kms_key configuration
:return:
"""
key = 'enable_key_rotation'
if key in conf.keys():
if conf[key]:
return CheckResult.PASSED
return CheckResult.FAILED
:return:
"""
if "cluster_config" in conf.keys():
instance_count = conf["cluster_config"][0]["instance_count"][0]
if isinstance(instance_count,int):
if instance_count > 1:
if "node_to_node_encryption" in conf.keys():
if conf["node_to_node_encryption"][0]["enabled"][0]:
return CheckResult.PASSED
else:
return CheckResult.FAILED
else:
return CheckResult.FAILED
else:
return CheckResult.PASSED
else:
return CheckResult.UNKNOWN
return CheckResult.PASSED