How to use the checkov.terraform.models.enums.CheckResult.PASSED function in checkov
To help you get started, we’ve selected a few checkov examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
bridgecrewio / checkov / tests / terraform / checks / resource / aws / test_KMSRotation.py View on Github 
def test_success(self):
resource_conf = {
"description": "KMS key 1",
"deletion_window_in_days": 10,
"enable_key_rotation": True
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {
"minimum_password_length": [8],
"require_lowercase_characters": [True],
"require_numbers": [True],
"require_uppercase_characters": [True],
"require_symbols": [True],
"allow_users_to_change_password": [True],
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'cluster': [''], 'management': [{'auto_upgrade': [True]}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'name': ['nonprod-ssl-policy'], 'profile': ['MODERN'], 'min_tls_version': ['TLS_1_2']}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)resource_conf = {"region": ["us-west-2"],
"bucket": ["my_bucket"],
"acl": ["public-read"],
"force_destroy": [True],
"tags": [{"Name": "my-bucket"}],
"logging": [{"target_bucket": "logging-bucket",
"target_prefix": "log/"
}],
"server_side_encryption_configuration": [
{"rule": [{"apply_server_side_encryption_by_default": [{
"kms_master_key_id": "foo",
"sse_algorithm": "aws:kms"
}]}]}]
}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def test_success(self):
resource_conf = {'name': ['my-gke-cluster'], 'location': ['us-central1'], 'remove_default_node_pool': [True],
'initial_node_count': [1], 'master_auth': [
{'username': [''], 'password': [''],
'client_certificate_config': [{'issue_client_certificate': [False]}]}]}
scan_result = check.scan_resource_conf(conf=resource_conf)
self.assertEqual(CheckResult.PASSED, scan_result)def scan_resource_conf(self, conf):
"""
Looks for password configuration at google_compute_firewall:
https://www.terraform.io/docs/providers/google/r/compute_firewall.html
:param conf: azure_instance configuration
:return:
"""
if PORT in conf['allow'][0]['ports'][0]:
if 'source_ranges' in conf.keys():
source_ranges = conf['source_ranges'][0]
if "0.0.0.0/0" in source_ranges:
return CheckResult.FAILED
return CheckResult.PASSEDdef scan_resource_conf(self, conf):
"""
Looks for monitoring configuration on google_container_cluster:
https://www.terraform.io/docs/providers/google/r/container_cluster.html
:param conf: google_container_cluster configuration
:return:
"""
if 'monitoring_service' in conf:
if conf['monitoring_service'][0] == "none":
return CheckResult.FAILED
return CheckResult.PASSEDdef scan_resource_conf(self, conf):
"""
Looks for encryption configuration at aws_sns_topic:
https://www.terraform.io/docs/providers/aws/r/sns_topic.html
:param conf: aws_s3_bucket configuration
:return:
"""
if 'kms_master_key_id' in conf.keys():
if conf['kms_master_key_id']:
return CheckResult.PASSED
return CheckResult.FAILED
Popular checkov functions
- checkov.terraform.checks.resource.aws.ALBListenerHTTPS.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.ElasticsearchNodeToNodeEncryption.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.KMSRotation.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.LaunchConfigurationEBSEncryption.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyExpiration.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyLength.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyLowercaseLetter.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyNumber.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyReuse.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicySymbol.check.scan_resource_conf
- checkov.terraform.checks.resource.aws.PasswordPolicyUppercaseLetter.check.scan_resource_conf
- checkov.terraform.checks.resource.base_check.BaseResourceCheck
- checkov.terraform.checks.resource.registry.resource_registry
- checkov.terraform.models.enums.CheckCategories
- checkov.terraform.models.enums.CheckCategories.ENCRYPTION
- checkov.terraform.models.enums.CheckCategories.IAM
- checkov.terraform.models.enums.CheckCategories.NETWORKING
- checkov.terraform.models.enums.CheckResult
- checkov.terraform.models.enums.CheckResult.FAILED
- checkov.terraform.models.enums.CheckResult.PASSED