Add Microsoft Azure ARM as an IaC Provider #736
Conversation
gauravgahlot
force-pushed
the
iac-provider-arm
branch
from
f9cdb1d
to
c78d031
Compare
gauravgahlot
force-pushed
the
iac-provider-arm
branch
5 times, most recently
from
7594d9f
to
b01edba
Compare
sigmabaryon
force-pushed
the
iac-provider-arm
branch
2 times, most recently
from
b909941
to
4f6adf2
Compare
gauravgahlot
force-pushed
the
iac-provider-arm
branch
5 times, most recently
from
c099d11
to
af92d33
Compare
Codecov Report
@@ Coverage Diff @@
## master #736 +/- ##
==========================================
+ Coverage 78.41% 79.08% +0.67%
==========================================
Files 168 211 +43
Lines 4470 5117 +647
==========================================
+ Hits 3505 4047 +542
- Misses 741 826 +85
- Partials 224 244 +20
|
gauravgahlot
force-pushed
the
iac-provider-arm
branch
3 times, most recently
from
bda2654
to
fd339ad
Compare
pkg/iac-providers/arm/v1/load-dir.go
Outdated
| for fileDir, files := range fileMap { | ||
| for i := range files { | ||
| // continue if file is a *.parameters.json or metadata.json | ||
| if isParametersFile(*files[i]) || isMetadataFile(*files[i]) { |
There was a problem hiding this comment.
Would it make sense to have a nil pointer check before accessing *files[i]?
There was a problem hiding this comment.
This should be okay as long as range is generating it
pkg/iac-providers/arm/v1/load-dir.go
Outdated
|
|
||
| func (a *ARMV1) hasValidParametersFile(i int, fileDir string, files []*string) bool { | ||
| f := strings.TrimSuffix(*files[i], filepath.Ext(*files[i])) | ||
| for n := range files { |
There was a problem hiding this comment.
Can we get rid of this loop here. If we know the file name f+".parameters.json", why loop over all the files?
pkg/iac-providers/arm/v1/load-dir.go
Outdated
|
|
||
| const errFileLoad = "error while loading iac files" | ||
|
|
||
| func (a *ARMV1) hasValidParametersFile(i int, fileDir string, files []*string) bool { |
There was a problem hiding this comment.
Is there not be a need to pass i. Can we try passing the filename directly?
pkg/iac-providers/arm/v1/load-dir.go
Outdated
| return false | ||
| } | ||
|
|
||
| func extractParameterValues(params map[string]interface{}) (map[string]interface{}, error) { |
There was a problem hiding this comment.
Can we associate this function with ARMV1 struct? Seems specific to ARM feature
pkg/iac-providers/arm/v1/load-dir.go
Outdated
| continue | ||
| } | ||
|
|
||
| if strings.EqualFold(*files[n], f+".parameters.json") { |
There was a problem hiding this comment.
Can we convert ".parameters.json" into a const, similar to JSONExtension?
| } | ||
|
|
||
| func (*ARMV1) getFileType(file string) string { | ||
| if strings.HasSuffix(file, JSONExtension) { |
There was a problem hiding this comment.
Wondering if filepath.Ext() would be a better way of checking file extensions?
| zap.S().Debug("failed to load file", zap.String("file", absFilePath)) | ||
| return allResourcesConfig, err | ||
| } | ||
| doc := iacDocuments[0] |
There was a problem hiding this comment.
Do you think, it would be better to check the len(iacDocuments) > 0? There is a possibility of a panic if iacDocuments is empty?
| typeOnly bool | ||
| want output.AllResourceConfigs | ||
| wantErr error | ||
| }{} |
There was a problem hiding this comment.
Can we please add some unit test cases?
| wantErr: fmt.Errorf("no directories found for path ./testdata/testfile"), | ||
| }, | ||
| { | ||
| name: "load invalid config dir", |
There was a problem hiding this comment.
Wondering, should the wantErr=nil? From the test case name it seems that we are testing invalid config dir
gauravgahlot
force-pushed
the
iac-provider-arm
branch
from
fd339ad
to
a37976e
Compare
pkg/mapper/mapper_test.go
Outdated
| if err != nil { | ||
| t.Error(err) | ||
| } | ||
| _, err = m.Map(doc, params) |
There was a problem hiding this comment.
apart from asserting on the error, we should also verify that the output we get from Map method is expected. It may happen that the test file gets modified or Map is modified which may result in a different output.
| }{ | ||
| { | ||
| name: "empty config", | ||
| dirPath: "./testdata/testfile", |
There was a problem hiding this comment.
we should use filepath.Join() here
| name: "empty config", | ||
| dirPath: "./testdata/testfile", | ||
| armv1: ARMV1{}, | ||
| wantErr: fmt.Errorf("no directories found for path ./testdata/testfile"), |
There was a problem hiding this comment.
we should use filepath.Join() here
| }, | ||
| { | ||
| name: "key-vault", | ||
| dirPath: "./testdata/key-vault", |
There was a problem hiding this comment.
we should use filepath.Join() here
| name: "invalid dirPath", | ||
| dirPath: "not-there", | ||
| armv1: ARMV1{}, | ||
| wantErr: &os.PathError{Err: syscall.ENOENT, Op: "lstat", Path: "not-there"}, |
There was a problem hiding this comment.
this error check would fail on windows platform.
| } | ||
|
|
||
| var tmp Template | ||
| err = json.Unmarshal(data, &tmp) |
There was a problem hiding this comment.
if possible, we should also verify the unmarshalled fields.
There was a problem hiding this comment.
Will do the changed similar to cft, in upcoming PR, because ti will also need changes in KaiMonkey
|
|
||
| // ARMV1 struct implements the IacProvider interface | ||
| type ARMV1 struct { | ||
| templateParameters map[string]interface{} |
There was a problem hiding this comment.
Associate a multierror with the struct. Its job would be collecting all the file loading related errors. Please refer to other iac provider implementations.
gauravgahlot
force-pushed
the
iac-provider-arm
branch
from
11a3873
to
d8a6831
Compare
sigmabaryon
force-pushed
the
iac-provider-arm
branch
3 times, most recently
from
b83d49c
to
5800881
Compare
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
sigmabaryon
force-pushed
the
iac-provider-arm
branch
5 times, most recently
from
c35a4b1
to
3f4287f
Compare
sigmabaryon
force-pushed
the
iac-provider-arm
branch
from
3f4287f
to
49499d0
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
* Add Microsoft Azure ARM as an IaC Provider (#736) * Add support for linked templates
The PR adds Microsoft Azure ARM as an IaC Provider for terrascan. Here is a quick run:
This allows terrascan users to validate their ARM templates against the existing policies for Azure. For example: