Migrating from v1alpha to v1 and removing the iac_version (#22)

1. Migrated from v1alpha endpoints to v1 endpoints for the GA release 2. Removed the iac_version as that is not in use 3. Fixed typos --------- Co-authored-by: Kishore Garg <kkgarg@google.com>
google-github-actions · Mar 15, 2024 · 5b1c5aa · 5b1c5aa
1 parent 4c2834c
commit 5b1c5aa
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 25 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -94,7 +94,6 @@ jobs:
           # plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
           scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           failure_criteria: 'CRITICAL:2, Operator:OR'
           ignore_violations: 'false'
           fail_silently: 'false'
@@ -117,7 +116,6 @@ jobs:
           organization_id: '${{ env.ORGANIZATION_ID }}'
           scan_file_ref: 'tests/resources/no-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           failure_criteria: 'CRITICAL:2, Operator:OR'
       - name: 'Check scan result and report not generated.'
         run: |
@@ -136,7 +134,6 @@ jobs:
           # plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
           scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           failure_criteria: 'HIGH:1, Operator:OR'
         continue-on-error: true
       - name: 'Check scan result and action build status'
@@ -156,7 +153,6 @@ jobs:
           # plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
           scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           ignore_violations: 'true'
           failure_criteria: 'HIGH:1, Operator:OR'
       - name: 'Check scan result'
@@ -173,7 +169,6 @@ jobs:
           organization_id: 'invalid-id'
           scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
         continue-on-error: true
       - name: 'Check scan result and build status'
         run: |
@@ -191,7 +186,6 @@ jobs:
           organization_id: 'invalid-id'
           scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           fail_silently: 'true'
       - name: Check scan result 
         run: |

diff --git a/README.md b/README.md
@@ -64,7 +64,6 @@ jobs:
           organization_id: '123456789'
           scan_file_ref: './tf_plan.json'
           iac_type: 'terraform'
-          iac_version: '1.0.0'
           scan_timeout: '1m'
           ignore_violations: false
           failure_criteria: 'High:1,Medium:1,Low:1,Operator:or'
@@ -93,9 +92,6 @@ jobs:
 * `iac_type`: (Required) The IaC template type. Currently only Terraform is supported.
 
 
-* `iac_version`: (Required) The IaC template version. For example: '1.6.6',  or '1.6.5'.
-
-
 * `scan_time_out`: (Optional) The maximum time before the action stops. The time must be between '1m' and '10m'. The default is `1m`.
 
 

diff --git a/action.yml b/action.yml
@@ -32,10 +32,6 @@ inputs:
     description: |-
       The IaC template type. Currently only Terraform is supported.
     required: true
-  iac_version:
-    description: |-
-      The IaC template version. For example: '1.6.6', or '1.6.5'.
-    required: true
   scan_timeout:
     description: |-
       The maximum time before the action stops. The time must be between '1m' and '10m'. 

diff --git a/src/commons/constants.ts b/src/commons/constants.ts
@@ -31,8 +31,7 @@ export const SARIF_REPORT_FILE_NAME = 'iac-scan-sarif.json';
 export const ORGANIZATION_ID_CONFIG_KEY = 'organization_id';
 export const SCAN_FILE_REF_CONFIG_KEY = 'scan_file_ref';
 export const IAC_TYPE_CONFIG_KEY = 'iac_type';
-export const IAC_VERSION_CONFIG_KEY = 'iac_version';
-export const IGONRE_VIOLATIONS_CONFIG_KEY = 'ignore_violations';
+export const IGNORE_VIOLATIONS_CONFIG_KEY = 'ignore_violations';
 export const FAILURE_CRITERIA_CONFIG_KEY = 'failure_criteria';
 export const FAIL_SILENTLY_CONFIG_KEY = 'fail_silently';
 export const SCAN_TIMEOUT_CONFIG_KEY = 'scan_timeout';

diff --git a/src/commons/http_config.ts b/src/commons/http_config.ts
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-export const VALIDATE_ENDPOINT_DOMAIN = 'https://securityposture.googleapis.com/v1alpha';
+export const VALIDATE_ENDPOINT_DOMAIN = 'https://securityposture.googleapis.com/v1';
 export const VALIDATE_ENDPOINT_PATH = (orgId: string) =>
   `/organizations/${orgId}/locations/global/reports:createIaCValidationReport`;
 export const RETRIABLE_ERROR_CODES = [408, 429, 500, 502, 503, 504];
diff --git a/src/main.ts b/src/main.ts
@@ -43,8 +43,7 @@ import {
   IAC_SCAN_RESULT,
   IAC_SCAN_RESULT_OUTPUT_KEY,
   IAC_TYPE_CONFIG_KEY,
-  IAC_VERSION_CONFIG_KEY,
-  IGONRE_VIOLATIONS_CONFIG_KEY,
+  IGNORE_VIOLATIONS_CONFIG_KEY,
   MAX_SCAN_TIMEOUT,
   MIN_SCAN_TIMEOUT,
   ORGANIZATION_ID_CONFIG_KEY,
@@ -64,7 +63,6 @@ async function run(): Promise<void> {
     const organizationID = getInput(ORGANIZATION_ID_CONFIG_KEY, { required: true });
     const scanFileRef = getInput(SCAN_FILE_REF_CONFIG_KEY, { required: true });
     const iacType = getInput(IAC_TYPE_CONFIG_KEY, { required: true });
-    const iacVersion = getInput(IAC_VERSION_CONFIG_KEY, { required: true });
     const scanTimeoutInput = getInput(SCAN_TIMEOUT_CONFIG_KEY);
     const scanTimeoutMs = parseDuration(scanTimeoutInput) * 1000 || DEFAULT_SCAN_TIMEOUT;
     if (
@@ -76,7 +74,7 @@ async function run(): Promise<void> {
       );
     }
     const ignoreViolations = parseBoolean(
-      getInput(IGONRE_VIOLATIONS_CONFIG_KEY),
+      getInput(IGNORE_VIOLATIONS_CONFIG_KEY),
       DEFAULT_IGNORE_VIOLATIONS,
     );
     const failureCriteria = validateAndParseFailureCriteria(getInput(FAILURE_CRITERIA_CONFIG_KEY));
@@ -85,9 +83,7 @@ async function run(): Promise<void> {
       throw new Error(`IAC type: ${iacType} not supported`);
     }
     const planFile: string = await fs.readFile(scanFileRef, 'utf-8');
-    logInfo(
-      `Successfullly read IaC file from: ${scanFileRef}, IaC type: ${iacType}, IaC version: ${iacVersion}`,
-    );
+    logInfo(`Successfully read IaC file from: ${scanFileRef}, IaC type: ${iacType}`);
 
     const scanStartTime = new Date().getTime();
     const accessor = new IACAccessor(
@@ -99,7 +95,7 @@ async function run(): Promise<void> {
     );
     logInfo(`Fetching violations for IaC file`);
     const violations: Violation[] = await accessor.scan(planFile);
-    logDebug(`Violations fetched from IaC scan API's`);
+    logDebug(`Violations fetched from IaC scan APIs`);
 
     const sarifReportGenerator: SarifReportGenerator = new SarifReportGenerator(version);
     logInfo('Processing report generation for violations fetched');