Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): add CKV NCP check about NKS(kubernetes) logging #3855

Merged
merged 41 commits into from
Nov 24, 2022
Merged

feat(terraform): add CKV NCP check about NKS(kubernetes) logging #3855

merged 41 commits into from
Nov 24, 2022

Conversation

pj991207
Copy link
Contributor

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Add terraform scan rules about provider Naver Cloud Platform.
CKV_NCP_21 is associated with "NKS control plane logging enabled for all log types"

Description

https://registry.terraform.io/providers/NaverCloudPlatform/ncloud/latest/docs/resources/nks_cluster

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

pj991207 and others added 30 commits October 27, 2022 18:12
@pj991207
[22.10.27][add]LBListenerUsesSecureProtocols
6b5d88a
@pj991207
Merge branch 'bridgecrewio:master' into ncp/rule-19
289c407
@pj991207
[22.11.01][add]NksPublicAccess
9f50708
@pj991207
Merge remote-tracking branch 'origin/ncp/rule-19' into ncp/rule-19
6777cd8
@pj991207
[22.11.01][delete]ncp-13 rule
2bb569a
@pj991207
[22.11.01][fix]NksPublicAccess Description fix
4430de8
@pj991207
[22.11.01][fix] test_NksPublicAccess.py
dabdaf8
@Floodnut
Merge branch 'bridgecrewio:master' into master
bc86ad9
@pj991207
Merge branch 'bridgecrewio:master' into master
1a03f18
@pj991207
[22.11.05][add]NCP_LBTargetGroupUsingHTTPS
77b362b
@pj991207
[22.11.05][delete]ncp_13_rule
5952dd8
@pj991207
Merge branch 'bridgecrewio:master' into master
7ad9795
@pj991207
[22.11.06][addNCP_LBNetworkPrivate
e7ffe7d
@pj991207
[22.11.08][add]CKV_NCP_18
e0ab5ee
@pj991207
[22.11.08][add]NCP_CKV_39
643d5ff
@pj991207
Merge branch 'bridgecrewio:master' into ncp/rule-19
cb07031
@pj991207
[22.11.08][fix]CKV_NCP_21
107b2bc
@pj991207
[22.11.08][delete]CKVP_NCP_15
218ebab
@pj991207
[22.11.08]CKV_NCP_32
c3aa017
@pj991207
Revert "[22.11.08]CKV_NCP_32"
f9be912 
This reverts commit c3aa017.
@pj991207
[22.11.08][add]CKV_NCP_32
b7341f7
@pj991207
Revert "[22.11.08][add]CKV_NCP_32"
b92c23b 
This reverts commit b7341f7.
@Floodnut
Merge branch 'bridgecrewio:master' into master
e840d67
@pj991207
Merge branch 'master' of https://github.com/init-cloud/checkov
54e6d81
@Floodnut
Merge branch 'bridgecrewio:master' into master
51e7f0c
@pj991207
Merge branch 'bridgecrewio:master' into master
a8d41e3
@pj991207
Merge branch 'master' of https://github.com/init-cloud/checkov
d250948
@pj991207
Merge branch 'bridgecrewio:master' into ncp/rule-21
92d9569
@pj991207
Merge branch 'ncp/rule-39' of https://github.com/init-cloud/checkov i…
141dda2 
…nto ncp/rule-39
@pj991207
[22.11.12][fix]CKV_NCP_27
64c121c
gruebel
gruebel reviewed Nov 19, 2022
View reviewed changes
checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py Outdated
from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceCheck


class NKSControlPlaneLogging(BaseResourceCheck):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would be great if you can change it to a BaseResourceValueCheck, makes it much easier 🙂

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank your advice. I fixed my code.

gruebel
gruebel reviewed Nov 21, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, thanks for the change, one more improvement suggested

checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py Outdated Show resolved Hide resolved
@gruebel gruebel changed the title feat(terraform): add CKV NCP rules about NKS(kubernetes) logging feat(terraform): add CKV NCP check about NKS(kubernetes) logging Nov 22, 2022
@gruebel
Copy link
Contributor

gruebel commented Nov 22, 2022

hey @pj991207 can you commit something in and out again, somehow the workflow was not triggered.

gruebel
gruebel approved these changes Nov 24, 2022
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍻

@gruebel gruebel merged commit 05eeaa0 into bridgecrewio:master Nov 24, 2022
mayblo pushed a commit to cider-rnd/checkov that referenced this pull request Nov 24, 2022
@pj991207 @Floodnut
@gruebel @actions-user
feat(terraform): add CKV NCP check about NKS(kubernetes) logging (bri…
94f42c5 
…dgecrewio#3855)

* [22.10.27][add]LBListenerUsesSecureProtocols

* [22.11.01][add]NksPublicAccess

* [22.11.01][delete]ncp-13 rule

* [22.11.01][fix]NksPublicAccess Description fix

* [22.11.01][fix] test_NksPublicAccess.py

* [22.11.05][add]NCP_LBTargetGroupUsingHTTPS

* [22.11.05][delete]ncp_13_rule

* [22.11.06][addNCP_LBNetworkPrivate

* [22.11.08][add]CKV_NCP_18

* [22.11.08][add]NCP_CKV_39

* [22.11.08][fix]CKV_NCP_21

* [22.11.08][delete]CKVP_NCP_15

* [22.11.08]CKV_NCP_32

* Revert "[22.11.08]CKV_NCP_32"

This reverts commit c3aa017.

* [22.11.08][add]CKV_NCP_32

* Revert "[22.11.08][add]CKV_NCP_32"

This reverts commit b7341f7.

* [22.11.12][fix]CKV_NCP_27

* [22.11.12][fix]CKV_NCP_27

* [22.11.14][fix]NCP_CKV_19

* [22.11.16]CKV_NCP_19 BaseResourceNegativeValueCheck

* [22.11.16][delet]CKV_NCP_27

* [22.11.21][fix]CKV_NCP_21

* Update checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py

Co-authored-by: Anton Grübel <[email protected]>

Co-authored-by: Kuemjong Jeong <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
mayblo pushed a commit to cider-rnd/checkov that referenced this pull request Nov 24, 2022
@pj991207 @Floodnut
@gruebel @actions-user
feat(terraform): add CKV NCP check about NKS(kubernetes) logging (bri…
873e144 
…dgecrewio#3855)

* [22.10.27][add]LBListenerUsesSecureProtocols

* [22.11.01][add]NksPublicAccess

* [22.11.01][delete]ncp-13 rule

* [22.11.01][fix]NksPublicAccess Description fix

* [22.11.01][fix] test_NksPublicAccess.py

* [22.11.05][add]NCP_LBTargetGroupUsingHTTPS

* [22.11.05][delete]ncp_13_rule

* [22.11.06][addNCP_LBNetworkPrivate

* [22.11.08][add]CKV_NCP_18

* [22.11.08][add]NCP_CKV_39

* [22.11.08][fix]CKV_NCP_21

* [22.11.08][delete]CKVP_NCP_15

* [22.11.08]CKV_NCP_32

* Revert "[22.11.08]CKV_NCP_32"

This reverts commit c3aa017.

* [22.11.08][add]CKV_NCP_32

* Revert "[22.11.08][add]CKV_NCP_32"

This reverts commit b7341f7.

* [22.11.12][fix]CKV_NCP_27

* [22.11.12][fix]CKV_NCP_27

* [22.11.14][fix]NCP_CKV_19

* [22.11.16]CKV_NCP_19 BaseResourceNegativeValueCheck

* [22.11.16][delet]CKV_NCP_27

* [22.11.21][fix]CKV_NCP_21

* Update checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py

Co-authored-by: Anton Grübel <[email protected]>

Co-authored-by: Kuemjong Jeong <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
mayblo pushed a commit to cider-rnd/checkov that referenced this pull request Nov 24, 2022
@pj991207 @Floodnut
@gruebel @actions-user
feat(terraform): add CKV NCP check about NKS(kubernetes) logging (bri…
098e4b8 
…dgecrewio#3855)

* [22.10.27][add]LBListenerUsesSecureProtocols

* [22.11.01][add]NksPublicAccess

* [22.11.01][delete]ncp-13 rule

* [22.11.01][fix]NksPublicAccess Description fix

* [22.11.01][fix] test_NksPublicAccess.py

* [22.11.05][add]NCP_LBTargetGroupUsingHTTPS

* [22.11.05][delete]ncp_13_rule

* [22.11.06][addNCP_LBNetworkPrivate

* [22.11.08][add]CKV_NCP_18

* [22.11.08][add]NCP_CKV_39

* [22.11.08][fix]CKV_NCP_21

* [22.11.08][delete]CKVP_NCP_15

* [22.11.08]CKV_NCP_32

* Revert "[22.11.08]CKV_NCP_32"

This reverts commit c3aa017.

* [22.11.08][add]CKV_NCP_32

* Revert "[22.11.08][add]CKV_NCP_32"

This reverts commit b7341f7.

* [22.11.12][fix]CKV_NCP_27

* [22.11.12][fix]CKV_NCP_27

* [22.11.14][fix]NCP_CKV_19

* [22.11.16]CKV_NCP_19 BaseResourceNegativeValueCheck

* [22.11.16][delet]CKV_NCP_27

* [22.11.21][fix]CKV_NCP_21

* Update checkov/terraform/checks/resource/ncp/NKSControlPlaneLogging.py

Co-authored-by: Anton Grübel <[email protected]>

Co-authored-by: Kuemjong Jeong <[email protected]>
Co-authored-by: Anton Grübel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChanochShayner ChanochShayner ChanochShayner approved these changes

@gruebel gruebel gruebel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pj991207 @gruebel @Floodnut @ChanochShayner