checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

feat(teraform): add tencentcloud cbs checks (CKV_TENCENT_1) to ensure disk is encrypted

Open hellertang opened this issue 1 year ago • 2 comments

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Custom Policy ID : CKV_TENCENT_1 Custom Policy Name : DiskIsEncrypted Custom Policy IaC type : Terraform Custom Policy type: Encryption Provider : tencentcloud IaC configuration documentation: https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/cbs_storage#encrypt

Checklist:

  • [x] My code follows the style guidelines of this project
  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation
  • [x] I have added tests that prove my feature, policy, or fix is effective and works
  • [x] New and existing tests pass locally with my changes
  • [x] Any dependent changes have been merged and published in downstream modules

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Introduce a new Terraform check CKV_TENCENT_1 to ensure that tencentcloud_cbs_storage resources have the encrypt field set to true. This check, implemented in the DiskIsEncrypted class, is categorized under encryption checks. The check logic is encapsulated in the scan_resource_conf method, which evaluates the configuration of the resource to determine if it passes, fails, or is unknown. Additionally, the pull request includes test cases in test_DiskIsEncrypted.py to validate the functionality of the new check, ensuring that resources are correctly identified as passing or failing based on their encryption settings.

TopicDetails
Encryption Check Implement the DiskIsEncrypted check to ensure tencentcloud_cbs_storage resources have encryption enabled.
Modified files (2)
  • checkov/terraform/checks/resource/tencentcloud/DiskIsEncrypted.py
  • checkov/terraform/checks/resource/tencentcloud/__init__.py
Latest Contributors(1)
EmailCommitDate
[email protected]feat-terraform-add-14-...July 23, 2024
Test Cases Add test cases to verify the DiskIsEncrypted check functionality.
Modified files (2)
  • tests/terraform/checks/resource/tencentcloud/example_DiskIsEncrypted/DiskIsEncrypted.tf
  • tests/terraform/checks/resource/tencentcloud/test_DiskIsEncrypted.py
Latest Contributors(0)
EmailCommitDate
This pull request is reviewed by Baz. Join @hellertang and the rest of your team on (Baz).

hellertang avatar Feb 26 '24 13:02 hellertang

Please help review the PR. Thanks.

hellertang avatar Feb 26 '24 13:02 hellertang

Hey @hellertang, Thanks for the contribution ;)
Can you please resolve the conflicts?

pazbechor avatar Jul 30 '24 14:07 pazbechor