-
Notifications
You must be signed in to change notification settings - Fork 496
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Microsoft Azure ARM as an IaC Provider #736
Add Microsoft Azure ARM as an IaC Provider #736
Conversation
f9cdb1d
to
c78d031
Compare
7594d9f
to
b01edba
Compare
b909941
to
4f6adf2
Compare
c099d11
to
af92d33
Compare
Codecov Report
@@ Coverage Diff @@
## master #736 +/- ##
==========================================
+ Coverage 78.41% 79.08% +0.67%
==========================================
Files 168 211 +43
Lines 4470 5117 +647
==========================================
+ Hits 3505 4047 +542
- Misses 741 826 +85
- Partials 224 244 +20
|
bda2654
to
fd339ad
Compare
pkg/iac-providers/arm/v1/load-dir.go
Outdated
for fileDir, files := range fileMap { | ||
for i := range files { | ||
// continue if file is a *.parameters.json or metadata.json | ||
if isParametersFile(*files[i]) || isMetadataFile(*files[i]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to have a nil pointer check before accessing *files[i]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be okay as long as range is generating it
pkg/iac-providers/arm/v1/load-dir.go
Outdated
|
||
func (a *ARMV1) hasValidParametersFile(i int, fileDir string, files []*string) bool { | ||
f := strings.TrimSuffix(*files[i], filepath.Ext(*files[i])) | ||
for n := range files { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we get rid of this loop here. If we know the file name f+".parameters.json"
, why loop over all the files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been fixed
pkg/iac-providers/arm/v1/load-dir.go
Outdated
|
||
const errFileLoad = "error while loading iac files" | ||
|
||
func (a *ARMV1) hasValidParametersFile(i int, fileDir string, files []*string) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there not be a need to pass i
. Can we try passing the filename directly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
pkg/iac-providers/arm/v1/load-dir.go
Outdated
return false | ||
} | ||
|
||
func extractParameterValues(params map[string]interface{}) (map[string]interface{}, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we associate this function with ARMV1
struct? Seems specific to ARM feature
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
pkg/iac-providers/arm/v1/load-dir.go
Outdated
continue | ||
} | ||
|
||
if strings.EqualFold(*files[n], f+".parameters.json") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we convert ".parameters.json"
into a const, similar to JSONExtension?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
} | ||
|
||
func (*ARMV1) getFileType(file string) string { | ||
if strings.HasSuffix(file, JSONExtension) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering if filepath.Ext()
would be a better way of checking file extensions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
zap.S().Debug("failed to load file", zap.String("file", absFilePath)) | ||
return allResourcesConfig, err | ||
} | ||
doc := iacDocuments[0] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think, it would be better to check the len(iacDocuments) > 0
? There is a possibility of a panic if iacDocuments
is empty?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
typeOnly bool | ||
want output.AllResourceConfigs | ||
wantErr error | ||
}{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we please add some unit test cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
wantErr: fmt.Errorf("no directories found for path ./testdata/testfile"), | ||
}, | ||
{ | ||
name: "load invalid config dir", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wondering, should the wantErr=nil
? From the test case name it seems that we are testing invalid config dir
fd339ad
to
a37976e
Compare
pkg/mapper/mapper_test.go
Outdated
if err != nil { | ||
t.Error(err) | ||
} | ||
_, err = m.Map(doc, params) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apart from asserting on the error, we should also verify that the output we get from Map
method is expected. It may happen that the test file gets modified or Map is modified which may result in a different output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
}{ | ||
{ | ||
name: "empty config", | ||
dirPath: "./testdata/testfile", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should use filepath.Join()
here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
name: "empty config", | ||
dirPath: "./testdata/testfile", | ||
armv1: ARMV1{}, | ||
wantErr: fmt.Errorf("no directories found for path ./testdata/testfile"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should use filepath.Join()
here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
}, | ||
{ | ||
name: "key-vault", | ||
dirPath: "./testdata/key-vault", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should use filepath.Join()
here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
name: "invalid dirPath", | ||
dirPath: "not-there", | ||
armv1: ARMV1{}, | ||
wantErr: &os.PathError{Err: syscall.ENOENT, Op: "lstat", Path: "not-there"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this error check would fail on windows platform.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
} | ||
|
||
var tmp Template | ||
err = json.Unmarshal(data, &tmp) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if possible, we should also verify the unmarshalled fields.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do the changed similar to cft, in upcoming PR, because ti will also need changes in KaiMonkey
|
||
// ARMV1 struct implements the IacProvider interface | ||
type ARMV1 struct { | ||
templateParameters map[string]interface{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Associate a multierror
with the struct. Its job would be collecting all the file loading related errors. Please refer to other iac provider implementations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed
11a3873
to
d8a6831
Compare
b83d49c
to
5800881
Compare
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
c35a4b1
to
3f4287f
Compare
3f4287f
to
49499d0
Compare
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
* Add Microsoft Azure ARM as an IaC Provider (#736) * Add support for linked templates
The PR adds Microsoft Azure ARM as an IaC Provider for terrascan. Here is a quick run:
This allows terrascan users to validate their ARM templates against the existing policies for Azure. For example: