modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Cleanup our repositories from the obsolete tfsec_exclude configuration

Open gfou-al opened this issue 2 years ago • 0 comments

User Story

As reported here https://github.com/ministryofjustice/github-actions/issues/107 tfsec_exclude does not seem to be taking effect.

Instead, we are adding the exclusions as comments, for example

#tfsec:ignore:aws-iam-no-policy-wildcards
resource "aws_iam_role" "image_builder_role" {

However, there seem to be leftover tfsec_exclude configuration in some of our repositories, for example:

https://github.com/ministryofjustice/modernisation-platform/blob/62e237c18893563972fcb2b4eb219fcc7d775925/.github/workflows/terraform-static-analysis.yml#L31

And also, tfsec_exclude appears to be documented as one of the supported inputs here https://github.com/ministryofjustice/github-actions/blob/main/terraform-static-analysis/action.yml but does not seem to be taking effect when configured.

This can mislead someone who hasn't worked in this area of code to copy the configuration into another repository, expecting for it to take effect.

I think we need to verify it is not taking effect and clean up our repositories from it if the configuration is obsolete, as it appears to be.

User Type(s)

Value

Questions / Assumptions / Hypothesis

Definition of done

  • [ ] readme has been updated
  • [ ] user docs have been updated
  • [ ] another team member has reviewed
  • [ ] tests are green
  • [ ] UR test OR added to continual research plan

Reference

How to write good user stories

gfou-al avatar May 25 '22 15:05 gfou-al