checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

fix(terraform): CKV_GCP_32 (GoogleComputeBlockProjectSSH) Add other common enabling values

Open jbrule opened this issue 6 months ago • 1 comments

User description

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

  • CKV_GCP_32

Description

We have a well established doctrine for this setting and that was to use the following hcl. Unfortunately policy CKV_GCP_32 will fail this (in terraform mode, it detects properly in terraform_json) even though the result is Google enables the setting upon apply.

  metadata = {
    block-project-ssh-keys = "True"
  }

Checklist:

  • [X] I have performed a self-review of my own code
  • [X] I have commented my code, particularly in hard-to-understand areas
  • [X] I have made corresponding changes to the documentation (no relevant entries)
  • [X] I have added tests that prove my feature, policy, or fix is effective and works
  • [X] New and existing tests pass locally with my changes

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Enhance the GoogleComputeBlockProjectSSH class to correctly handle various truthy values for the block-project-ssh-keys metadata key in Google Compute resources. This change ensures that the policy CKV_GCP_32 does not fail when these values are used in Terraform configurations. The get_expected_values method now returns a list of acceptable truthy values, including True, "true", "True", and "TRUE". Additionally, the test suite for this policy has been refactored to consolidate test cases and improve coverage, ensuring that both passing and failing scenarios are accurately captured.

TopicDetails
Test Suite Refactor Refactor and expand the test suite for GoogleComputeBlockProjectSSH to ensure comprehensive coverage of both passing and failing scenarios.
Modified files (4)
  • tests/terraform/checks/resource/gcp/test_GoogleComputeBlockProjectSSH/google_compute_instance_template.tf
  • tests/terraform/checks/resource/gcp/test_GoogleComputeBlockProjectSSH/google_compute_instance.tf
  • tests/terraform/checks/resource/gcp/test_GoogleComputeBlockProjectSSH.py
  • tests/terraform/checks/resource/gcp/test_GoogleComputeBlockProjectSSH/google_compute_instance_from_template.tf
Latest Contributors(2)
EmailCommitDate
[email protected]Add-instance_template-...December 16, 2021
[email protected]Fix-UTSeptember 19, 2021
Policy Enhancement Enhance the GoogleComputeBlockProjectSSH class to handle multiple truthy values for the block-project-ssh-keys metadata key.
Modified files (1)
  • checkov/terraform/checks/resource/gcp/GoogleComputeBlockProjectSSH.py
Latest Contributors(2)
EmailCommitDate
[email protected]...Google-compute-instanc...July 12, 2022
[email protected]Add-instance_template-...December 16, 2021
This pull request is reviewed by Baz. Join @jbrule and the rest of your team on (Baz).

jbrule avatar Aug 16 '24 22:08 jbrule