inspec-iggy icon indicating copy to clipboard operation
inspec-iggy copied to clipboard

Published 20 hours ago verified publisher icon mattray

Azurerm skipped

Open ghost opened this issue 6 years ago • 5 comments

Hi

Im trying to generate a profile from Azure tfstate file. It seems to SKIP azure resources.

$ inspec version 3.0.61

$ inspec terraform generate -n testprofile2 --debug [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_tfstate file = terraform.tfstate [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_resource_group SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_container SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_template_deployment SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_client_config SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_secret SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_account SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_account SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_account_sas SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_account_sas SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = external SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = external SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = external SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = terraform_remote_state SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = null_resource SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = random_string SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_resource_group SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_client_config SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_key_vault_access_policy SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_resource_group SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_client_config SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_resource_group SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_storage_account SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate tf_res_type = azurerm_template_deployment SKIP [2018-12-03T21:57:11+11:00] DEBUG: Iggy::Terraform.parse_generate generated_controls = []

control file turn up empty,

cat testprofile2/controls/controls.rb title "InSpec Profile: generated by Iggy v0.4.0"

ghost avatar Dec 03 '18 11:12 ghost

I'm adding preliminary Azure support in the upcoming 0.5.0 release and testing with the current InSpec 3.7. There's not a lot there because there are only the following InSpec resources: "azure_generic_resource", "azure_resource_group", "azure_virtual_machine", "azure_virtual_machine_data_disk",

I believe InSpec 4.0 is going to upgrade the Azure SDK, which will change any mappings we do but also greatly expand coverage.

mattray avatar Mar 30 '19 19:03 mattray

Hey @mattray,

Have you seen the Azure resource pack? - https://github.com/inspec/inspec-azure There's quite a few more resources in there.

Are you planning on supporting resources from there too?

josh-barker avatar Apr 02 '19 00:04 josh-barker

@josh-barker I'm going to push supporting resource packs to the next release. I'll need to figure a way to reference them in advance, so Iggy can load the resources to make the mappings. 0.5.0 will have support for the azurerm_resource_group and azurerm_virtual_machine as I look to sort out resource packs.

mattray avatar Apr 08 '19 07:04 mattray

The 0.6.0 branch has working resource pack loading. This is under development the next 2 weeks

mattray avatar Jun 05 '19 02:06 mattray

Any updates here ? On inspec-iggy-0.8.0 it seems generating empty profile on having just on azure resourcegroup resource :

src$ inspec terraform generate  --tfstate terraform.tfstate -n demo_azure_profile --platform azure --resourcepath ~/inspec-azure-1.14.2 --debug
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::FileHelper.parse_json file = terraform.tfstate
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::Terraform::Generate.parse_resources resource_type = azurerm_resource_group azure_resource_group TRANSLATED
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = azure_resource_group SKIPPED
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::Terraform.Generate.parse_generate resource_type = random_uuid SKIPPED
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::Terraform::Generate.parse_generate controls = []
[2020-06-03T11:47:08+02:00] DEBUG: Iggy::Terraform::Generate.parse_generate generated_controls = []

inspec 4.19.0

aheumaier avatar Jun 03 '20 09:06 aheumaier