Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrating from v1alpha to v1 and removing the iac_version #21

Closed
wants to merge 3 commits into from
Closed

Migrating from v1alpha to v1 and removing the iac_version #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
91656bb
Migrating from v1alpha to v1 and removing the iac_version
Mar 14, 2024
43a5e85
Migrating from v1alpha to v1 and removing the iac_version
Mar 15, 2024
033f030
Fixed the linting issue
Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,6 @@ jobs:
# plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
failure_criteria: 'CRITICAL:2, Operator:OR'
ignore_violations: 'false'
fail_silently: 'false'
Expand All @@ -117,7 +116,6 @@ jobs:
organization_id: '${{ env.ORGANIZATION_ID }}'
scan_file_ref: 'tests/resources/no-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
failure_criteria: 'CRITICAL:2, Operator:OR'
- name: 'Check scan result and report not generated.'
run: |
Expand All @@ -136,7 +134,6 @@ jobs:
# plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
failure_criteria: 'HIGH:1, Operator:OR'
continue-on-error: true
- name: 'Check scan result and action build status'
Expand All @@ -156,7 +153,6 @@ jobs:
# plan file has 1 UNSPECIFIED, 1 HIGH severity vulnerabilites
scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
ignore_violations: 'true'
failure_criteria: 'HIGH:1, Operator:OR'
- name: 'Check scan result'
Expand All @@ -173,7 +169,6 @@ jobs:
organization_id: 'invalid-id'
scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
continue-on-error: true
- name: 'Check scan result and build status'
run: |
Expand All @@ -191,7 +186,6 @@ jobs:
organization_id: 'invalid-id'
scan_file_ref: 'tests/resources/with-violations-tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
fail_silently: 'true'
- name: Check scan result
run: |
Expand Down
4 changes: 0 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,6 @@ jobs:
organization_id: '123456789'
scan_file_ref: './tf_plan.json'
iac_type: 'terraform'
iac_version: '1.0.0'
scan_timeout: '1m'
ignore_violations: false
failure_criteria: 'High:1,Medium:1,Low:1,Operator:or'
Expand Down Expand Up @@ -93,9 +92,6 @@ jobs:
* `iac_type`: (Required) The IaC template type. Currently only Terraform is supported.


* `iac_version`: (Required) The IaC template version. For example: '1.6.6', or '1.6.5'.


* `scan_time_out`: (Optional) The maximum time before the action stops. The time must be between '1m' and '10m'. The default is `1m`.


Expand Down
4 changes: 0 additions & 4 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,6 @@ inputs:
description: |-
The IaC template type. Currently only Terraform is supported.
required: true
iac_version:
description: |-
The IaC template version. For example: '1.6.6', or '1.6.5'.
required: true
scan_timeout:
description: |-
The maximum time before the action stops. The time must be between '1m' and '10m'.
Expand Down
3 changes: 1 addition & 2 deletions src/commons/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@ export const SARIF_REPORT_FILE_NAME = 'iac-scan-sarif.json';
export const ORGANIZATION_ID_CONFIG_KEY = 'organization_id';
export const SCAN_FILE_REF_CONFIG_KEY = 'scan_file_ref';
export const IAC_TYPE_CONFIG_KEY = 'iac_type';
export const IAC_VERSION_CONFIG_KEY = 'iac_version';
export const IGONRE_VIOLATIONS_CONFIG_KEY = 'ignore_violations';
export const IGNORE_VIOLATIONS_CONFIG_KEY = 'ignore_violations';
export const FAILURE_CRITERIA_CONFIG_KEY = 'failure_criteria';
export const FAIL_SILENTLY_CONFIG_KEY = 'fail_silently';
export const SCAN_TIMEOUT_CONFIG_KEY = 'scan_timeout';
Expand Down
2 changes: 1 addition & 1 deletion src/commons/http_config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
* limitations under the License.
*/

export const VALIDATE_ENDPOINT_DOMAIN = 'https://securityposture.googleapis.com/v1alpha';
export const VALIDATE_ENDPOINT_DOMAIN = 'https://securityposture.googleapis.com/v1';
export const VALIDATE_ENDPOINT_PATH = (orgId: string) =>
`/organizations/${orgId}/locations/global/reports:createIaCValidationReport`;
export const RETRIABLE_ERROR_CODES = [408, 429, 500, 502, 503, 504];
12 changes: 4 additions & 8 deletions src/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,7 @@ import {
IAC_SCAN_RESULT,
IAC_SCAN_RESULT_OUTPUT_KEY,
IAC_TYPE_CONFIG_KEY,
IAC_VERSION_CONFIG_KEY,
IGONRE_VIOLATIONS_CONFIG_KEY,
IGNORE_VIOLATIONS_CONFIG_KEY,
MAX_SCAN_TIMEOUT,
MIN_SCAN_TIMEOUT,
ORGANIZATION_ID_CONFIG_KEY,
Expand All @@ -64,7 +63,6 @@ async function run(): Promise<void> {
const organizationID = getInput(ORGANIZATION_ID_CONFIG_KEY, { required: true });
const scanFileRef = getInput(SCAN_FILE_REF_CONFIG_KEY, { required: true });
const iacType = getInput(IAC_TYPE_CONFIG_KEY, { required: true });
const iacVersion = getInput(IAC_VERSION_CONFIG_KEY, { required: true });
const scanTimeoutInput = getInput(SCAN_TIMEOUT_CONFIG_KEY);
const scanTimeoutMs = parseDuration(scanTimeoutInput) * 1000 || DEFAULT_SCAN_TIMEOUT;
if (
Expand All @@ -76,7 +74,7 @@ async function run(): Promise<void> {
);
}
const ignoreViolations = parseBoolean(
getInput(IGONRE_VIOLATIONS_CONFIG_KEY),
getInput(IGNORE_VIOLATIONS_CONFIG_KEY),
DEFAULT_IGNORE_VIOLATIONS,
);
const failureCriteria = validateAndParseFailureCriteria(getInput(FAILURE_CRITERIA_CONFIG_KEY));
Expand All @@ -85,9 +83,7 @@ async function run(): Promise<void> {
throw new Error(`IAC type: ${iacType} not supported`);
}
const planFile: string = await fs.readFile(scanFileRef, 'utf-8');
logInfo(
`Successfullly read IaC file from: ${scanFileRef}, IaC type: ${iacType}, IaC version: ${iacVersion}`,
);
logInfo(`Successfully read IaC file from: ${scanFileRef}, IaC type: ${iacType}`);

const scanStartTime = new Date().getTime();
const accessor = new IACAccessor(
Expand All @@ -99,7 +95,7 @@ async function run(): Promise<void> {
);
logInfo(`Fetching violations for IaC file`);
const violations: Violation[] = await accessor.scan(planFile);
logDebug(`Violations fetched from IaC scan API's`);
logDebug(`Violations fetched from IaC scan APIs`);

const sarifReportGenerator: SarifReportGenerator = new SarifReportGenerator(version);
logInfo('Processing report generation for violations fetched');
Expand Down
Loading