skip policy download if used -p flag and skip docker login on non mas…

…ter branch (#1210) Co-authored-by: Suvarna Rokade <suvarna.rokade@accurics.com>
tenable · Mar 31, 2022 · a6a6a37 · a6a6a37
1 parent 655761a
commit a6a6a37
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/.github/workflows/gobuild.yml b/.github/workflows/gobuild.yml
@@ -67,6 +67,8 @@ jobs:
       run: make docker-build
 
     - name: Login to docker hub
+    #  login to docker hub only from master 
+      if: ${{ github.ref == 'refs/heads/master' }}
       run: echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u accurics --password-stdin
 
     - name: Push Terrascan latest docker image

diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go
@@ -36,7 +36,8 @@ var scanCmd = &cobra.Command{
 Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
 `,
 	PreRunE: func(cmd *cobra.Command, args []string) error {
-		if scanOptions.configOnly || scanOptions.configWithError {
+		if scanOptions.configOnly || scanOptions.configWithError ||
+			len(scanOptions.policyPath) > 0 {
 			return nil
 		}
 		return initial(cmd, args, true)

diff --git a/test/e2e/scan/scan_test.go b/test/e2e/scan/scan_test.go
@@ -24,6 +24,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/accurics/terrascan/pkg/config"
 	"github.com/accurics/terrascan/pkg/policy"
 	"github.com/accurics/terrascan/pkg/utils"
 	scanUtils "github.com/accurics/terrascan/test/e2e/scan"
@@ -345,4 +346,23 @@ var _ = Describe("Scan", func() {
 			})
 		})
 	})
+	Describe("terrascan scan command run with policy-path", func() {
+		Context("terrascan scan command is run with --p flag", func() {
+			It("should scan and should use provided policies without downloading any from default repo", func() {
+				if path, err := os.Stat(config.GetPolicyRepoPath()); err == nil && path.IsDir() {
+					os.RemoveAll(config.GetPolicyRepoPath())
+				}
+				iacDir, err1 := filepath.Abs(filepath.Join(awsIacRelPath, "aws_ami_violation"))
+				policyDir, err2 := filepath.Abs(policyRootRelPath)
+				Expect(err1).NotTo(HaveOccurred())
+				Expect(err2).NotTo(HaveOccurred())
+				scanArgs := []string{"scan", "-p", policyDir, "-i", "terraform", "-d", iacDir}
+				session := helper.RunCommand(terrascanBinaryPath, outWriter, errWriter, scanArgs...)
+				Eventually(session, 3).Should(gexec.Exit(helper.ExitCodeThree))
+				_, err := os.Stat(config.GetPolicyRepoPath())
+				Expect(err).To(HaveOccurred())
+				Expect(err.Error()).To(ContainSubstring("no such file or directory"))
+			})
+		})
+	})
 })