Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use the default provider #9

Merged
merged 1 commit into from
Sep 22, 2022
Merged

Conversation

davidkelliott
Copy link
Contributor

This causes issues when running a local plan as the local user does not have access to the current provider given. By passing in the default provider to the S3 bucket module we solve this. This provider is not needed as the S3 bucket does not use replication, but because of the way that providers work it's not possible to just to have a default.

@davidkelliott davidkelliott requested a review from a team as a code owner September 22, 2022 09:40
ep-93
ep-93 previously approved these changes Sep 22, 2022
@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

Result #1 HIGH Application load balancer is not set to drop invalid headers. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:125-146
────────────────────────────────────────────────────────────────────────────────
  125resource "aws_lb" "loadbalancer" {
  126name                       = "${var.application_name}-lb"
  127internal                   = false
  128load_balancer_type         = "application"
  129security_groups            = [aws_security_group.lb.id]
  130subnets                    = [var.public_subnets[0], var.public_subnets[1], var.public_subnets[2]]
  131enable_deletion_protection = var.enable_deletion_protection
  132idle_timeout               = var.idle_timeout
  133...  
────────────────────────────────────────────────────────────────────────────────
          ID aws-elb-drop-invalid-headers
      Impact Invalid headers being passed through to the target of the load balance may exploit vulnerabilities
  Resolution Set drop_invalid_header_fields to true

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/elb/drop-invalid-headers/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb#drop_invalid_header_fields
────────────────────────────────────────────────────────────────────────────────


Result #2 HIGH Load balancer is exposed publicly. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:127
────────────────────────────────────────────────────────────────────────────────
  125    resource "aws_lb" "loadbalancer" {
  ...  
  127  [   internal                   = false (false)
  ...  
  146    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-elb-alb-not-public
      Impact The load balancer is exposed on the internet
  Resolution Switch to an internal load balancer or add a tfsec ignore

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/elb/alb-not-public/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
────────────────────────────────────────────────────────────────────────────────


Result #3 HIGH Database does not have encryption configured. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:188-191
────────────────────────────────────────────────────────────────────────────────
  188    resource "aws_athena_database" "lb-access-logs" {
  189      name   = "loadbalancer_access_logs"
  190      bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
  191    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-athena-enable-at-rest-encryption
      Impact Data can be read if the Athena Database is compromised
  Resolution Enable encryption at rest for Athena databases and workgroup configurations

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/athena/enable-at-rest-encryption/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup#encryption_configuration
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             246.616µs
  parsing              1.225273535s
  adaptation           303.818µs
  checks               160.452324ms
  total                1.386276293s

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     66
  files read           8

  results
  ──────────────────────────────────────────
  passed               8
  ignored              4
  critical             0
  high                 3
  medium               0
  low                  0

  8 passed, 4 ignored, 3 potential problem(s) detected.

tfsec_exitcode=1

Checkov Scan Failed

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2022-09-22 09:43:37,518 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v6.2.0:None (for external modules, the --download-external-modules flag is required)
Process ForkProcess-11:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 37, in func_wrapper
    result = original_func(item)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/runners/runner_registry.py", line 89, in _parallel_run
    collect_skip_comments=collect_skip_comments,
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 34, in run
    self.prepare_data()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 43, in prepare_data
    self.github.persist_all_confs()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 137, in persist_all_confs
    self.persist_branch_protection_rules()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 69, in persist_branch_protection_rules
    BaseVCSDAL.persist(path=self.github_branch_protection_rules_file_path, conf=data)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 113, in persist
    BaseVCSDAL.ensure_dir(path)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 123, in ensure_dir
    os.makedirs(directory_path)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
FileNotFoundError: [Errno 2] No such file or directory: ''
terraform scan results:

Passed checks: 38, Failed checks: 5, Skipped checks: 0

Check: CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
	FAILED for resource: aws_iam_policy_document.default-policy
	File: /test/unit-test/role.tf:27-39
	Guide: https://docs.bridgecrew.io/docs/ensure-iam-policies-do-not-allow-write-access-without-constraint

		27 | data "aws_iam_policy_document" "default-policy" {
		28 |   version = "2012-10-17"
		29 |   statement {
		30 |     effect = "Allow"
		31 |     actions = [
		32 |       "s3:GetObjectVersion",
		33 |       "s3:GetObjectVersionAcl",
		34 |       "s3:ReplicateObject",
		35 |       "s3:ReplicateDelete"
		36 |     ]
		37 |     resources = ["*"]
		38 |   }
		39 | }

Check: CKV_AWS_150: "Ensure that Load Balancer has deletion protection enabled"
	FAILED for resource: module.lb_access_logs_enabled.aws_lb.loadbalancer
	File: /main.tf:125-146
	Calling File: /test/unit-test/main.tf:59-77
	Guide: https://docs.bridgecrew.io/docs/bc_aws_networking_62

		125 | resource "aws_lb" "loadbalancer" {
		126 |   name                       = "${var.application_name}-lb"
		127 |   internal                   = false
		128 |   load_balancer_type         = "application"
		129 |   security_groups            = [aws_security_group.lb.id]
		130 |   subnets                    = [var.public_subnets[0], var.public_subnets[1], var.public_subnets[2]]
		131 |   enable_deletion_protection = var.enable_deletion_protection
		132 |   idle_timeout               = var.idle_timeout
		133 | 
		134 |   access_logs {
		135 |     bucket  = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
		136 |     prefix  = var.application_name
		137 |     enabled = true
		138 |   }
		139 | 
		140 |   tags = merge(
		141 |     var.tags,
		142 |     {
		143 |       Name = "lb-${var.application_name}"
		144 |     },
		145 |   )
		146 | }

Check: CKV_AWS_131: "Ensure that ALB drops HTTP headers"
	FAILED for resource: module.lb_access_logs_enabled.aws_lb.loadbalancer
	File: /main.tf:125-146
	Calling File: /test/unit-test/main.tf:59-77
	Guide: https://docs.bridgecrew.io/docs/ensure-that-alb-drops-http-headers

		125 | resource "aws_lb" "loadbalancer" {
		126 |   name                       = "${var.application_name}-lb"
		127 |   internal                   = false
		128 |   load_balancer_type         = "application"
		129 |   security_groups            = [aws_security_group.lb.id]
		130 |   subnets                    = [var.public_subnets[0], var.public_subnets[1], var.public_subnets[2]]
		131 |   enable_deletion_protection = var.enable_deletion_protection
		132 |   idle_timeout               = var.idle_timeout
		133 | 
		134 |   access_logs {
		135 |     bucket  = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
		136 |     prefix  = var.application_name
		137 |     enabled = true
		138 |   }
		139 | 
		140 |   tags = merge(
		141 |     var.tags,
		142 |     {
		143 |       Name = "lb-${var.application_name}"
		144 |     },
		145 |   )
		146 | }

Check: CKV_AWS_77: "Ensure Athena Database is encrypted at rest (default is unencrypted)"
	FAILED for resource: module.lb_access_logs_enabled.aws_athena_database.lb-access-logs
	File: /main.tf:188-191
	Calling File: /test/unit-test/main.tf:59-77
	Guide: https://docs.bridgecrew.io/docs/bc_aws_general_29

		188 | resource "aws_athena_database" "lb-access-logs" {
		189 |   name   = "loadbalancer_access_logs"
		190 |   bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
		191 | }

Check: CKV2_AWS_28: "Ensure public facing ALB are protected by WAF"
	FAILED for resource: aws_lb.loadbalancer
	File: /main.tf:125-146
	Guide: https://docs.bridgecrew.io/docs/ensure-public-facing-alb-are-protected-by-waf

		125 | resource "aws_lb" "loadbalancer" {
		126 |   name                       = "${var.application_name}-lb"
		127 |   internal                   = false
		128 |   load_balancer_type         = "application"
		129 |   security_groups            = [aws_security_group.lb.id]
		130 |   subnets                    = [var.public_subnets[0], var.public_subnets[1], var.public_subnets[2]]
		131 |   enable_deletion_protection = var.enable_deletion_protection
		132 |   idle_timeout               = var.idle_timeout
		133 | 
		134 |   access_logs {
		135 |     bucket  = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"
		136 |     prefix  = var.application_name
		137 |     enabled = true
		138 |   }
		139 | 
		140 |   tags = merge(
		141 |     var.tags,
		142 |     {
		143 |       Name = "lb-${var.application_name}"
		144 |     },
		145 |   )
		146 | }

github_actions scan results:

Passed checks: 104, Failed checks: 0, Skipped checks: 0


checkov_exitcode=1

CTFLint Scan Failed

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.17.0)
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.1.0)
tflint will check the following folders:
.

*****************************

Running tflint in .
6 issue(s) found:

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 114:
 114:       var.existing_bucket_name != "" ? "arn:aws:s3:::${var.existing_bucket_name}" : "${module.s3-bucket[0].bucket.arn}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

Warning: data "aws_region" "current" is declared but not used (terraform_unused_declarations)

  on /github/workspace/main.tf line 123:
 123: data "aws_region" "current" {}

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_unused_declarations.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 135:
 135:     bucket  = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

Warning: Missing version constraint for provider "template" in "required_providers" (terraform_required_providers)

  on /github/workspace/main.tf line 178:
 178: data "template_file" "lb-access-logs" {

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_required_providers.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 182:
 182:     bucket     = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 190:
 190:   bucket = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

Result #1 HIGH Load balancer is exposed publicly. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:126
────────────────────────────────────────────────────────────────────────────────
  122    resource "aws_lb" "loadbalancer" {
  ...  
  126  [   internal                   = false (false)
  ...  
  146    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-elb-alb-not-public
      Impact The load balancer is exposed on the internet
  Resolution Switch to an internal load balancer or add a tfsec ignore

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/elb/alb-not-public/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             178.401µs
  parsing              322.887843ms
  adaptation           343.902µs
  checks               135.540905ms
  total                458.951051ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     64
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              4
  critical             0
  high                 1
  medium               0
  low                  0

  10 passed, 4 ignored, 1 potential problem(s) detected.

tfsec_exitcode=1

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2022-09-22 11:02:19,882 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v6.2.0:None (for external modules, the --download-external-modules flag is required)
Process ForkProcess-11:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 37, in func_wrapper
    result = original_func(item)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/runners/runner_registry.py", line 89, in _parallel_run
    collect_skip_comments=collect_skip_comments,
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 34, in run
    self.prepare_data()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 43, in prepare_data
    self.github.persist_all_confs()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 137, in persist_all_confs
    self.persist_branch_protection_rules()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 69, in persist_branch_protection_rules
    BaseVCSDAL.persist(path=self.github_branch_protection_rules_file_path, conf=data)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 113, in persist
    BaseVCSDAL.ensure_dir(path)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 123, in ensure_dir
    os.makedirs(directory_path)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
FileNotFoundError: [Errno 2] No such file or directory: ''
terraform scan results:

Passed checks: 23, Failed checks: 0, Skipped checks: 2

github_actions scan results:

Passed checks: 104, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Failed

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.17.0)
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.1.0)
tflint will check the following folders:
.

*****************************

Running tflint in .
1 issue(s) found:

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 193:
 193:       bucket     = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

tflint_exitcode=2

@github-actions
Copy link
Contributor

TFSEC Scan Failed

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018

Result #1 HIGH Load balancer is exposed publicly. 
────────────────────────────────────────────────────────────────────────────────
  main.tf:126
────────────────────────────────────────────────────────────────────────────────
  122    resource "aws_lb" "loadbalancer" {
  ...  
  126  [   internal                   = false (false)
  ...  
  146    }
────────────────────────────────────────────────────────────────────────────────
          ID aws-elb-alb-not-public
      Impact The load balancer is exposed on the internet
  Resolution Switch to an internal load balancer or add a tfsec ignore

  More Information
  - https://aquasecurity.github.io/tfsec/latest/checks/aws/elb/alb-not-public/
  - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
────────────────────────────────────────────────────────────────────────────────


  timings
  ──────────────────────────────────────────
  disk i/o             232.197µs
  parsing              1.116195489s
  adaptation           349.396µs
  checks               172.698417ms
  total                1.289475499s

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     64
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              4
  critical             0
  high                 1
  medium               0
  low                  0

  10 passed, 4 ignored, 1 potential problem(s) detected.

tfsec_exitcode=1

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2022-09-22 11:04:03,838 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v6.2.0:None (for external modules, the --download-external-modules flag is required)
Process ForkProcess-11:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 37, in func_wrapper
    result = original_func(item)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/runners/runner_registry.py", line 89, in _parallel_run
    collect_skip_comments=collect_skip_comments,
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 34, in run
    self.prepare_data()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 43, in prepare_data
    self.github.persist_all_confs()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 137, in persist_all_confs
    self.persist_branch_protection_rules()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 69, in persist_branch_protection_rules
    BaseVCSDAL.persist(path=self.github_branch_protection_rules_file_path, conf=data)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 113, in persist
    BaseVCSDAL.ensure_dir(path)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 123, in ensure_dir
    os.makedirs(directory_path)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
FileNotFoundError: [Errno 2] No such file or directory: ''
terraform scan results:

Passed checks: 23, Failed checks: 0, Skipped checks: 2

github_actions scan results:

Passed checks: 104, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Failed

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.17.0)
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.1.0)
tflint will check the following folders:
.

*****************************

Running tflint in .
1 issue(s) found:

Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)

  on /github/workspace/main.tf line 193:
 193:       bucket     = var.existing_bucket_name != "" ? var.existing_bucket_name : "${module.s3-bucket[0].bucket.id}"

Reference: https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.0/docs/rules/terraform_deprecated_interpolation.md

tflint_exitcode=2

This causes issues when running a local plan as the local user does not
have access to the current provider given.  By passing in the default provider to the S3
bucket module we solve this.  This provider is not needed as the S3
bucket does not use replication, but because of the way that providers
work it's not possible to just to have a default.

Add encryption to database, move to template function and sort
interpolation warnings.
@davidkelliott davidkelliott force-pushed the feature/remove-embedded-provider branch from 5f0bb7b to 0e93c54 Compare September 22, 2022 11:38
@github-actions
Copy link
Contributor

TFSEC Scan Success

Show Output
*****************************

TFSEC will check the following folders:
.

*****************************

Running TFSEC in .
Excluding the following checks: AWS089, AWS099, AWS009, AWS097, AWS018
  timings
  ──────────────────────────────────────────
  disk i/o             169.6µs
  parsing              368.939849ms
  adaptation           242.899µs
  checks               132.045967ms
  total                501.398315ms

  counts
  ──────────────────────────────────────────
  modules downloaded   1
  modules processed    2
  blocks processed     64
  files read           8

  results
  ──────────────────────────────────────────
  passed               10
  ignored              5
  critical             0
  high                 0
  medium               0
  low                  0


No problems detected!

tfsec_exitcode=0

Checkov Scan Success

Show Output
*****************************

Checkov will check the following folders:
.

*****************************

Running Checkov in .
Excluding the following checks: CKV_GIT_1
2022-09-22 11:40:55,129 [MainThread  ] [WARNI]  Failed to download module github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v6.2.0:None (for external modules, the --download-external-modules flag is required)
Process ForkProcess-11:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 37, in func_wrapper
    result = original_func(item)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/runners/runner_registry.py", line 89, in _parallel_run
    collect_skip_comments=collect_skip_comments,
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 34, in run
    self.prepare_data()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/runner.py", line 43, in prepare_data
    self.github.persist_all_confs()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 137, in persist_all_confs
    self.persist_branch_protection_rules()
  File "/usr/local/lib/python3.7/dist-packages/checkov/github/dal.py", line 69, in persist_branch_protection_rules
    BaseVCSDAL.persist(path=self.github_branch_protection_rules_file_path, conf=data)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 113, in persist
    BaseVCSDAL.ensure_dir(path)
  File "/usr/local/lib/python3.7/dist-packages/checkov/common/vcs/base_vcs_dal.py", line 123, in ensure_dir
    os.makedirs(directory_path)
  File "/usr/lib/python3.7/os.py", line 221, in makedirs
    mkdir(name, mode)
FileNotFoundError: [Errno 2] No such file or directory: ''
terraform scan results:

Passed checks: 23, Failed checks: 0, Skipped checks: 2

github_actions scan results:

Passed checks: 104, Failed checks: 0, Skipped checks: 0


checkov_exitcode=0

CTFLint Scan Success

Show Output
*****************************

Setting default tflint config...
Running tflint --init...
Installing `terraform` plugin...
Installed `terraform` (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.1.0)
Installing `aws` plugin...
Installed `aws` (source: github.com/terraform-linters/tflint-ruleset-aws, version: 0.17.0)
tflint will check the following folders:
.

*****************************

Running tflint in .
tflint_exitcode=0

@davidkelliott davidkelliott merged commit 9f5f69e into main Sep 22, 2022
@davidkelliott davidkelliott deleted the feature/remove-embedded-provider branch September 22, 2022 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants