vadzik/sac_project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working test on mock data

Browse Source
This commit is contained in:
vadzik
2025-05-17 13:40:48 +03:00
parent f4d28d47a9
commit 9b34cd9199
2 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
terraform/policy/policy_test.rego
View File

@@ -105,12 +105,7 @@ test_password_auth {
deny_msgs := {msg | msg := deny[_]} deny_msgs := {msg | msg := deny[_]}
deny_msgs["VM 'insecure_vm' uses password authentication. Use SSH keys only."] deny_msgs["VM 'insecure_vm' uses password authentication. Use SSH keys only."]
} }
# Deny if VM does not have proper tags for identification
deny[msg] {
vm := get_vms[_]
is_empty(vm.values.tags)
msg := sprintf("VM '%s' must have tags for proper identification and management.", [vm.name])
}
# Test qemu agent # Test qemu agent
test_qemu_agent { test_qemu_agent {
input := mock_input_insecure input := mock_input_insecure
@@ -120,11 +115,9 @@ test_qemu_agent {
# Test network bridge # Test network bridge
test_network_bridge {# Deny if VM does not have proper tags for identification test_network_bridge {# Deny if VM does not have proper tags for identification
deny[msg] { input := mock_input_insecure
vm := get_vms[_] deny_msgs := {msg | msg := deny[_]}
is_empty(vm.values.tags) deny_msgs["VM 'insecure_vm' must have tags for proper identification and management."]
msg := sprintf("VM '%s' must have tags for proper identification and management.", [vm.name])
}abled (skip_ipv6 = true)."]
} }
# Test TLS verification # Test TLS verification

14
terraform/scripts/run_security_checks.sh
View File

@@ -81,9 +81,13 @@ else
# We continue execution to run all checks # We continue execution to run all checks
fi fi
echo -e "\n${YELLOW}Generating Terraform plan...${NC}"
terraform plan -var-file="variables.tfvars" -out=tfplan
terraform show -json tfplan | jq > tfplan.json
# Step 3: Run checkov # Step 3: Run checkov
echo -e "\n${YELLOW}Running checkov security scanner...${NC}" echo -e "\n${YELLOW}Running checkov security scanner...${NC}"
checkov -d . checkov -f tfplan.json
CHECKOV_EXIT=$? CHECKOV_EXIT=$?
if [ $CHECKOV_EXIT -eq 0 ]; then if [ $CHECKOV_EXIT -eq 0 ]; then
echo -e "${GREEN}✅ checkov scan passed.${NC}" echo -e "${GREEN}✅ checkov scan passed.${NC}"
@@ -93,13 +97,11 @@ else
fi fi
# Step 4: Generate plan and run OPA policies # Step 4: Generate plan and run OPA policies
echo -e "\n${YELLOW}Generating Terraform plan...${NC}"
terraform plan -var-file="variables.tfvars" -out=tfplan
terraform show -json tfplan > tfplan.json
echo -e "\n${YELLOW}Running OPA policy checks...${NC}" echo -e "\n${YELLOW}Running OPA policy checks...${NC}"
if [ -d "policies" ]; then if [ -d "policy" ]; then
conftest test tfplan.json -p policies/ conftest test tfplan.json -p policy/
CONFTEST_EXIT=$? CONFTEST_EXIT=$?
if [ $CONFTEST_EXIT -eq 0 ]; then if [ $CONFTEST_EXIT -eq 0 ]; then
echo -e "${GREEN}✅ OPA policy checks passed.${NC}" echo -e "${GREEN}✅ OPA policy checks passed.${NC}"