Mondoo Inc
Terraform resource query matching an argument and a block #540
-
|
I need help creating a query for the following Terraform resource. The query should fail if any element in the array contains I tried writing the query like this, but I don't think this is quite right: |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Awesome question, let's pick it apart: First, you have the part where you are looking for the firewall statement, which you already wrote down: terraform.resources
.where( nameLabel == "google_compute_firewall" )Next comes another filter, because you only care about elements that have the source_ranges set: terraform.resources
.where( nameLabel == "google_compute_firewall" )
.where( arguments['source_ranges'].contains("0.0.0.0/0") )(you could even check for specific subranges and more ;) ) Finally, we want to say that none of these resources have terraform.resources
.where( nameLabel == "google_compute_firewall" )
.where( arguments['source_ranges'].contains("0.0.0.0/0") )
.none( blocks.contains( type == "allow" ))This will return any resource that is a compute firewall whose source ranges contain |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @arlimus! that solution worked for me! |
Beta Was this translation helpful? Give feedback.
Awesome question, let's pick it apart:
First, you have the part where you are looking for the firewall statement, which you already wrote down:
Next comes another filter, because you only care about elements that have the source_ranges set:
(you could even check for specific subranges and more ;) )
Finally, we want to say that none of these resources have
allow-blocks configured