-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require a specific tag if another specific tag is present #243
Comments
Hi @M1ke, For the Scenario you posted above, don't forget that is will I think you can do what you want like this ; For HCL something like below ; resource "aws_s3_bucket" "success" {
bucket = "succeeded-bucket"
tags = {
environment = "live"
service = "some service"
}
}
resource "aws_s3_bucket" "skip" {
bucket = "skipped-bucket"
tags = {
something = "something else"
}
}
resource "aws_s3_bucket" "another_skip" {
bucket = "skipped-bucket-2"
tags = {
environment = "dead"
something = "something else"
}
}
resource "aws_s3_bucket" "failure" {
bucket = "failed-bucket"
tags = {
environment = "live"
some_other_tag = "something"
}
}
resource "aws_s3_bucket" "aonther_failure" {
bucket = "failed-bucket"
tags = {
environment = "live"
service = ""
}
} The scenario can be ; Feature: test
Scenario: Ensure we have service tag for live environments
Given I have resource that supports tags defined
When it contains tags
And its environment is live
Then it must contain service
And its value must not be null Of course you can convert this to |
The result that I have is ; Scenario: Ensure we have service tag for live environments
Given I have resource that supports tags defined
When it contains tags
And its environment is live
Failure: aws_s3_bucket.aonther_failure (resource that supports tags) does not have service property.
Failure: aws_s3_bucket.failure (resource that supports tags) does not have service property.
Then it must contain service
And its value must not be null |
That sounds sensible; unfortunately upon trying it I actually get:
My guess here would be that it looks for a parameter called "environment" (rather than tag of that key) which it doesn't find, yet your implementation seems to work. |
Can you have a try with |
Have updated and I get the same AttributeError |
Oh ? Now this is interesting. May I know your |
Although interestingly
It was installed with |
Very interesting. Tried with 1.1.12. 1.1.13 and 1.1.14 couldn't reproduce your problem. Same terraform version. Quite weird really. Did you try the docker image ? |
May you send me the (Jumping off for today but will check this tomorrow to help work it out if I can) |
Sure, Now I am more curious about your state and really want to fix the problem :) |
@eerkunt found the issue. It's the same issue that causes this problem. I have another statement:
It fails on all my
But instead as:
If I remove the ASGs from my state then your feature definition works to identify other issues. So I presume the quick fix is to catch that |
(a quick fix my side would be if the |
Aha! Great find @M1ke! 🎉 I will introduce a fix for this for a permanent solution, though first I need to have a dig deeper a bit on this. Anyway, focusing on your quickfix, yes we can filter out specific resource types. E.g. ; Scenario: Ensure we have service tag for live environments
Given I have resource that supports tags defined
When its type is not aws_autoscaling_group
And it contains tags
And its environment is live
Failure: aws_s3_bucket.aonther_failure (resource that supports tags) does not have service property.
Failure: aws_s3_bucket.failure (resource that supports tags) does not have service property.
Then it must contain service
And its value must not be null Let me know if this works for you, while I will debug the problem. :) |
This works for my use case; highlighting the |
Just released 1.1.15, should be in PyPi in few minutes. Could you please have a try with Auto-Scaling Groups also. Now it supports it. |
This issue's conversation is now locked. If you want to continue this discussion please open a new issue. |
This is a general usage question
I am using this tool to enforce tag compliance for Cost Explorer. We have a rule where every resource must contain an
environment
tag, which is easy to apply.We have a secondary role which is that for the "live" environment every resource must also have a non-empty tag called "service". I am finding that hard to express in the BDD syntax provided.
I have attempted
However this reports that:
And then a list of every resource. So I presume the pivot from the environment tag being present to work out what it contains doesn't work. Is this mechanism supported, and if not is there a path for me to go about adding it?
The text was updated successfully, but these errors were encountered: