From c57aa661c47ad977b75c259f7ca686fc1d2f573b Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 10:43:51 +0530 Subject: [PATCH 1/8] add function to return list of supported Iac Types --- pkg/iac-providers/providers.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/iac-providers/providers.go b/pkg/iac-providers/providers.go index ef7e0fb20..42609b65f 100644 --- a/pkg/iac-providers/providers.go +++ b/pkg/iac-providers/providers.go @@ -50,3 +50,12 @@ func IsIacSupported(iacType, iacVersion string) bool { } return true } + +// SupportedIacProviders returns list of Iac Providers supported in terrascan +func SupportedIacProviders() []string { + var iacTypes []string + for k, _ := range supportedIacProviders { + iacTypes = append(iacTypes, string(k)) + } + return iacTypes +} From a15af4113bcd708ecc807020040c5ffca6ce45a0 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 10:44:21 +0530 Subject: [PATCH 2/8] add function to return list of supported policy types --- pkg/policy/cloud-providers.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/policy/cloud-providers.go b/pkg/policy/cloud-providers.go index a6b7a9fc5..8d3ee3e26 100644 --- a/pkg/policy/cloud-providers.go +++ b/pkg/policy/cloud-providers.go @@ -70,3 +70,12 @@ func GetDefaultIacType(cloudType string) string { func GetDefaultIacVersion(cloudType string) string { return string(defaultIacVersion[supportedCloudType(cloudType)]) } + +// SupportedPolicyTypes returns the list of policies supported in terrascan +func SupportedPolicyTypes() []string { + var policyTypes []string + for k, _ := range supportedCloudProvider { + policyTypes = append(policyTypes, string(k)) + } + return policyTypes +} From 4f99d24fdf24ecc0f1594d5c0087ffd9808fc5d6 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 10:44:57 +0530 Subject: [PATCH 3/8] pick automatically pick up list of supported types in cli help --- pkg/cli/scan.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go index fd9f731c4..c56783757 100644 --- a/pkg/cli/scan.go +++ b/pkg/cli/scan.go @@ -17,6 +17,11 @@ package cli import ( + "fmt" + "strings" + + iacProvider "github.com/accurics/terrascan/pkg/iac-providers" + "github.com/accurics/terrascan/pkg/policy" "github.com/spf13/cobra" "go.uber.org/zap" ) @@ -57,8 +62,8 @@ func scan(cmd *cobra.Command, args []string) { } func init() { - scanCmd.Flags().StringVarP(&PolicyType, "policy-type", "t", "", " policy type (aws, azure, gcp, k8s)") - scanCmd.Flags().StringVarP(&IacType, "iac-type", "i", "", "iac type (terraform, k8s)") + scanCmd.Flags().StringVarP(&PolicyType, "policy-type", "t", "", fmt.Sprintf(" policy type (%v)", strings.Join(policy.SupportedPolicyTypes(), ", "))) + scanCmd.Flags().StringVarP(&IacType, "iac-type", "i", "", fmt.Sprintf("iac type (%v)", strings.Join(iacProvider.SupportedIacProviders(), ", "))) scanCmd.Flags().StringVarP(&IacVersion, "iac-version", "", "", "iac version terraform:(v12) k8s:(v1)") scanCmd.Flags().StringVarP(&IacFilePath, "iac-file", "f", "", "path to a single IaC file") scanCmd.Flags().StringVarP(&IacDirPath, "iac-dir", "d", ".", "path to a directory containing one or more IaC files") From 392c486e22d21987a01ff5f36161f591be2bcf8d Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 12:13:30 +0530 Subject: [PATCH 4/8] add support to get list of iac types with default versions --- pkg/iac-providers/providers.go | 20 +++++++++++++++++++- pkg/iac-providers/providers_test.go | 13 +++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/pkg/iac-providers/providers.go b/pkg/iac-providers/providers.go index 42609b65f..5e015d8c4 100644 --- a/pkg/iac-providers/providers.go +++ b/pkg/iac-providers/providers.go @@ -19,6 +19,8 @@ package iacprovider import ( "fmt" "reflect" + "sort" + "strings" "go.uber.org/zap" ) @@ -54,8 +56,24 @@ func IsIacSupported(iacType, iacVersion string) bool { // SupportedIacProviders returns list of Iac Providers supported in terrascan func SupportedIacProviders() []string { var iacTypes []string - for k, _ := range supportedIacProviders { + for k := range supportedIacProviders { iacTypes = append(iacTypes, string(k)) } + sort.Strings(iacTypes) return iacTypes } + +// SupportedIacVersions retuns a string of Iac providers and corresponding supported versions +func SupportedIacVersions() []string { + var iacVersions []string + for iac, versions := range supportedIacProviders { + var versionSlice []string + for k := range versions { + versionSlice = append(versionSlice, string(k)) + } + versionString := strings.Join(versionSlice, ", ") + iacVersions = append(iacVersions, fmt.Sprintf("%s: %s", string(iac), versionString)) + } + sort.Strings(iacVersions) + return iacVersions +} diff --git a/pkg/iac-providers/providers_test.go b/pkg/iac-providers/providers_test.go index 191c6d5eb..e152ab7e7 100644 --- a/pkg/iac-providers/providers_test.go +++ b/pkg/iac-providers/providers_test.go @@ -111,3 +111,16 @@ func TestIsIacSupported(t *testing.T) { }) } } + +func TestSupportedIacProviders(t *testing.T) { + t.Run("supported iac providers", func(t *testing.T) { + var want []string + for k := range supportedIacProviders { + want = append(want, string(k)) + } + got := SupportedIacProviders() + if !reflect.DeepEqual(got, want) { + t.Errorf("got: '%v', want: '%v'", got, want) + } + }) +} From 4b8d917fa62975916fa0e1520bf38d28574c6fa3 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 12:14:01 +0530 Subject: [PATCH 5/8] automatically pick supported Iac versions for help display --- pkg/cli/scan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go index c56783757..257fe9afb 100644 --- a/pkg/cli/scan.go +++ b/pkg/cli/scan.go @@ -64,7 +64,7 @@ func scan(cmd *cobra.Command, args []string) { func init() { scanCmd.Flags().StringVarP(&PolicyType, "policy-type", "t", "", fmt.Sprintf(" policy type (%v)", strings.Join(policy.SupportedPolicyTypes(), ", "))) scanCmd.Flags().StringVarP(&IacType, "iac-type", "i", "", fmt.Sprintf("iac type (%v)", strings.Join(iacProvider.SupportedIacProviders(), ", "))) - scanCmd.Flags().StringVarP(&IacVersion, "iac-version", "", "", "iac version terraform:(v12) k8s:(v1)") + scanCmd.Flags().StringVarP(&IacVersion, "iac-version", "", "", fmt.Sprintf("iac version (%v)", strings.Join(iacProvider.SupportedIacVersions(), ", "))) scanCmd.Flags().StringVarP(&IacFilePath, "iac-file", "f", "", "path to a single IaC file") scanCmd.Flags().StringVarP(&IacDirPath, "iac-dir", "d", ".", "path to a directory containing one or more IaC files") scanCmd.Flags().StringVarP(&PolicyPath, "policy-path", "p", "", "policy path directory") From 7c9fa0611f981629911cb7c00f43695c18e74140 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 12:14:34 +0530 Subject: [PATCH 6/8] add unit tests for policy package --- pkg/policy/cloud-providers_test.go | 37 ++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 pkg/policy/cloud-providers_test.go diff --git a/pkg/policy/cloud-providers_test.go b/pkg/policy/cloud-providers_test.go new file mode 100644 index 000000000..e67a9c22d --- /dev/null +++ b/pkg/policy/cloud-providers_test.go @@ -0,0 +1,37 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package policy + +import ( + "reflect" + "sort" + "testing" +) + +func TestSupportedPolicyTypes(t *testing.T) { + t.Run("supported policy types", func(t *testing.T) { + var want []string + for k := range supportedCloudProvider { + want = append(want, string(k)) + } + sort.Strings(want) + got := SupportedPolicyTypes() + if !reflect.DeepEqual(got, want) { + t.Errorf("got: '%v', want: '%v'", got, want) + } + }) +} From d5bde3999c7d70925d196045bb67a68d63a33d72 Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 12:20:53 +0530 Subject: [PATCH 7/8] fix gofmt errors --- pkg/policy/cloud-providers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/policy/cloud-providers.go b/pkg/policy/cloud-providers.go index 8d3ee3e26..777af64e7 100644 --- a/pkg/policy/cloud-providers.go +++ b/pkg/policy/cloud-providers.go @@ -74,7 +74,7 @@ func GetDefaultIacVersion(cloudType string) string { // SupportedPolicyTypes returns the list of policies supported in terrascan func SupportedPolicyTypes() []string { var policyTypes []string - for k, _ := range supportedCloudProvider { + for k := range supportedCloudProvider { policyTypes = append(policyTypes, string(k)) } return policyTypes From 3508fe5d6c0464a7aaba0de55e463bf77438458a Mon Sep 17 00:00:00 2001 From: Yusuf Kanchwala Date: Fri, 18 Sep 2020 13:15:13 +0530 Subject: [PATCH 8/8] sort supportedPolicyTypes output --- pkg/policy/cloud-providers.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/policy/cloud-providers.go b/pkg/policy/cloud-providers.go index 777af64e7..c3f24b926 100644 --- a/pkg/policy/cloud-providers.go +++ b/pkg/policy/cloud-providers.go @@ -17,6 +17,8 @@ package policy import ( + "sort" + "github.com/accurics/terrascan/pkg/config" ) @@ -77,5 +79,6 @@ func SupportedPolicyTypes() []string { for k := range supportedCloudProvider { policyTypes = append(policyTypes, string(k)) } + sort.Strings(policyTypes) return policyTypes }