From 6cc91ea898786a6f7d1f145187773dbd5ee294ef Mon Sep 17 00:00:00 2001 From: Kaan Katircioglu Date: Sat, 31 Oct 2020 01:12:28 -0400 Subject: [PATCH 1/2] fix its_key_is_value ignoreing None values --- terraform_compliance/steps/when/its_key_is_value.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform_compliance/steps/when/its_key_is_value.py b/terraform_compliance/steps/when/its_key_is_value.py index fe144eb1..fbf716f8 100644 --- a/terraform_compliance/steps/when/its_key_is_value.py +++ b/terraform_compliance/steps/when/its_key_is_value.py @@ -58,6 +58,9 @@ def its_key_is_value(_step_obj, key, value, dict_value=None, address=Null): ): found_list.append(obj) + elif object_key is None and match.equals('None', value): + found_list.append(obj) + if found_list != []: _step_obj.context.stash = found_list _step_obj.context.addresses = get_resource_address_list_from_stash(found_list) @@ -119,6 +122,9 @@ def its_key_is_not_value(_step_obj, key, value, dict_value=None, address=Null): if not match.contains(object_key, value) or (dict_value is not None and not match.equals(str(match.get(object_key, value)), dict_value)): found_list.append(obj) + elif object_key is None and not match.equals('None', value): + found_list.append(obj) + if found_list != []: _step_obj.context.stash = found_list _step_obj.context.addresses = get_resource_address_list_from_stash(found_list) From 4c4f4d083d5ca6aec3dc9d95a43e137814e61ec3 Mon Sep 17 00:00:00 2001 From: Kaan Katircioglu Date: Sat, 31 Oct 2020 01:15:37 -0400 Subject: [PATCH 2/2] Changelog and tests --- CHANGELOG.md | 1 + tests/functional/test_issue_401/.expected | 2 ++ tests/functional/test_issue_401/.failure | 0 tests/functional/test_issue_401/main.tf | 12 ++++++++++++ tests/functional/test_issue_401/plan.out.json | 1 + tests/functional/test_issue_401/test.feature | 13 +++++++++++++ 6 files changed, 29 insertions(+) create mode 100644 tests/functional/test_issue_401/.expected create mode 100644 tests/functional/test_issue_401/.failure create mode 100644 tests/functional/test_issue_401/main.tf create mode 100644 tests/functional/test_issue_401/plan.out.json create mode 100644 tests/functional/test_issue_401/test.feature diff --git a/CHANGELOG.md b/CHANGELOG.md index a4bb59a4..5c4202a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # CHANGELOG ## Unreleased +* Fixed a problem where [When its property has something](https://terraform-compliance.com/pages/bdd-references/when.html#when-its-property-has-something) ignored `None` values. ([#401](https://github.com/eerkunt/terraform-compliance/issues/401)) ## 1.3.5 (2020-10-14) * Fixed a problem where using terraform-compliance with hashicorp/setup-terraform github action was causing problems due to the terraform wrapper. ([#334](https://github.com/eerkunt/terraform-compliance/issues/334) [#336](https://github.com/eerkunt/terraform-compliance/issues/366)) diff --git a/tests/functional/test_issue_401/.expected b/tests/functional/test_issue_401/.expected new file mode 100644 index 00000000..8b0aa8db --- /dev/null +++ b/tests/functional/test_issue_401/.expected @@ -0,0 +1,2 @@ +Failure: storage_encrypted property in aws_db_instance.default resource does not match with \^true\$ case insensitive regex. It is set to None. +Failure: Forcefully failing the scenario on aws_db_instance \(aws_db_instance.default\) resource \ No newline at end of file diff --git a/tests/functional/test_issue_401/.failure b/tests/functional/test_issue_401/.failure new file mode 100644 index 00000000..e69de29b diff --git a/tests/functional/test_issue_401/main.tf b/tests/functional/test_issue_401/main.tf new file mode 100644 index 00000000..5aa1ed34 --- /dev/null +++ b/tests/functional/test_issue_401/main.tf @@ -0,0 +1,12 @@ +resource "aws_db_instance" "default" { + allocated_storage = 20 + storage_type = "gp2" + engine = "mysql" + engine_version = "5.7" + instance_class = "db.t2.micro" + name = "mydb" + username = "foo" + password = "foobarbaz" + parameter_group_name = "default.mysql5.7" + publicly_accessible = true +} \ No newline at end of file diff --git a/tests/functional/test_issue_401/plan.out.json b/tests/functional/test_issue_401/plan.out.json new file mode 100644 index 00000000..eafd482e --- /dev/null +++ b/tests/functional/test_issue_401/plan.out.json @@ -0,0 +1 @@ +{"format_version":"0.1","terraform_version":"0.12.25","planned_values":{"root_module":{"resources":[{"address":"aws_db_instance.default","mode":"managed","type":"aws_db_instance","name":"default","provider_name":"aws","schema_version":1,"values":{"allocated_storage":20,"allow_major_version_upgrade":null,"auto_minor_version_upgrade":true,"copy_tags_to_snapshot":false,"delete_automated_backups":true,"deletion_protection":null,"domain":null,"domain_iam_role_name":null,"enabled_cloudwatch_logs_exports":null,"engine":"mysql","engine_version":"5.7","final_snapshot_identifier":null,"iam_database_authentication_enabled":null,"instance_class":"db.t2.micro","iops":null,"max_allocated_storage":null,"monitoring_interval":0,"name":"mydb","parameter_group_name":"default.mysql5.7","password":"foobarbaz","performance_insights_enabled":false,"publicly_accessible":true,"replicate_source_db":null,"s3_import":[],"security_group_names":null,"skip_final_snapshot":false,"snapshot_identifier":null,"storage_encrypted":null,"storage_type":"gp2","tags":null,"timeouts":null,"username":"foo"}}]}},"resource_changes":[{"address":"aws_db_instance.default","mode":"managed","type":"aws_db_instance","name":"default","provider_name":"aws","change":{"actions":["create"],"before":null,"after":{"allocated_storage":20,"allow_major_version_upgrade":null,"auto_minor_version_upgrade":true,"copy_tags_to_snapshot":false,"delete_automated_backups":true,"deletion_protection":null,"domain":null,"domain_iam_role_name":null,"enabled_cloudwatch_logs_exports":null,"engine":"mysql","engine_version":"5.7","final_snapshot_identifier":null,"iam_database_authentication_enabled":null,"instance_class":"db.t2.micro","iops":null,"max_allocated_storage":null,"monitoring_interval":0,"name":"mydb","parameter_group_name":"default.mysql5.7","password":"foobarbaz","performance_insights_enabled":false,"publicly_accessible":true,"replicate_source_db":null,"s3_import":[],"security_group_names":null,"skip_final_snapshot":false,"snapshot_identifier":null,"storage_encrypted":null,"storage_type":"gp2","tags":null,"timeouts":null,"username":"foo"},"after_unknown":{"address":true,"apply_immediately":true,"arn":true,"availability_zone":true,"backup_retention_period":true,"backup_window":true,"ca_cert_identifier":true,"character_set_name":true,"db_subnet_group_name":true,"endpoint":true,"hosted_zone_id":true,"id":true,"identifier":true,"identifier_prefix":true,"kms_key_id":true,"license_model":true,"maintenance_window":true,"monitoring_role_arn":true,"multi_az":true,"option_group_name":true,"performance_insights_kms_key_id":true,"performance_insights_retention_period":true,"port":true,"replicas":true,"resource_id":true,"s3_import":[],"status":true,"timezone":true,"vpc_security_group_ids":true}}}],"configuration":{"root_module":{"resources":[{"address":"aws_db_instance.default","mode":"managed","type":"aws_db_instance","name":"default","provider_config_key":"aws","expressions":{"allocated_storage":{"constant_value":20},"engine":{"constant_value":"mysql"},"engine_version":{"constant_value":"5.7"},"instance_class":{"constant_value":"db.t2.micro"},"name":{"constant_value":"mydb"},"parameter_group_name":{"constant_value":"default.mysql5.7"},"password":{"constant_value":"foobarbaz"},"publicly_accessible":{"constant_value":true},"storage_type":{"constant_value":"gp2"},"username":{"constant_value":"foo"}},"schema_version":1}]}}} diff --git a/tests/functional/test_issue_401/test.feature b/tests/functional/test_issue_401/test.feature new file mode 100644 index 00000000..efd8a2d8 --- /dev/null +++ b/tests/functional/test_issue_401/test.feature @@ -0,0 +1,13 @@ +Feature: Feature for testing its_key_is_value + + Scenario: Ensure all data stored in the RDS is securely encrypted at rest + Given I have aws_db_instance defined + When its replicate_source_db is None + Then it must have storage_encrypted + And its value must be true + + + Scenario: Ensure all data stored in the RDS is securely encrypted at rest (not) + Given I have aws_db_instance defined + When its replicate_source_db is not notNone + Then it must fail \ No newline at end of file