added 0.12 test cases for cloud-agnostic

Author: rberlind

governance/second-generation/README.md

@@ -44,7 +44,11 @@ Also be sure to temporarily set the attributes you are testing to be computed in
 ### Policies that Use the tfconfig or tfstate Imports
 Most of the second-generation policies and functions currently use the `tfplan` import. However, the cloud-agnostic policy [prevent-remote-exec-provisioners-on-null-resources](./cloud-agnostic/prevent-remote-exec-provisioners-on-null-resources.sentinel) policy uses the `tfconfig` import while the Azure policy [restrict-publishers-of-current-vms](./azure/restrict-publishers-of-current-vms.sentinel) policy uses the `tfstate` import.
 
-New policies that use the tfconfig import will require the addition of mock-tfconfig-pass.sentinel and  mock-tfconfig-fail.sentinel files that mock the configuration of relevant resources. Policies that use the tfstate import will require the addition of mock-tfstate-pass.sentinel and mock-tfstate-fail.sentinel files that mock the state of relevant resources. The pass.json and fail.json files would have to be modified to refer to these additional mock files. You can look at the test cases of the two policies mentioned to see how these files should be configured. Note that unlike the `tfplan` and `tfstate` imports, the `tfconfig` import does not have a `terraform_version` key, so there is no need to create 0.11 and 0.12 mocks for policies that use the `tfconfig` import.
+New policies that use the tfconfig import will require the addition of pass-0.11.json, pass-0.12.json, fail-0.11.json, fail-0.12.json, mock-tfconfig-pass-0.11.sentinel, mock-tfconfig-pass-0.12.sentinel, mock-tfconfig-fail-0.11.sentinel and mock-tfconfig-fail0.12.sentinel files that mock the configuration of relevant resources.
+
+Policies that use the tfstate import will require the addition of pass-0.11.json, pass-0.12.json, fail-0.11.json, fail-0.12.json, mock-tfstate-pass-0.11.sentinel, mock-tfstate-pass-0.12.sentinel, mock-tfstate-fail-0.11.sentinel and mock-tfstate-fail0.12.sentinel files that mock the state of relevant resources.
+
+You can look at the test cases of the two policies mentioned to see how these files should be configured. Note that unlike the `tfplan` and `tfstate` imports, the `tfconfig` import does not have a `terraform_version` key; however, you should still generate 0.11 and 0.12 test cases and mocks since the mocks generated from Terraform 0.12 plans will differ from those generated from 0.11 plans.
 
 ## Terraform Support
-Most of these policies have been tested with Terraform 0.11.14 and 0.12.3.
+Most of these policies have been tested with Terraform 0.11.13 or 0.11.14 and 0.12.3.

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/fail.json renamed to governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/fail-0.11.json

@@ -1,6 +1,6 @@
 {
   "mock": {
-    "tfconfig": "mock-tfconfig-fail.sentinel"
+    "tfconfig": "mock-tfconfig-fail-0.11.sentinel"
   },
   "test": {
     "main": false

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/fail-0.12.json

@@ -0,0 +1,8 @@
+{
+  "mock": {
+    "tfconfig": "mock-tfconfig-fail-0.12.sentinel"
+  },
+  "test": {
+    "main": false
+  }
+}

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-fail.sentinel renamed to governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-fail-0.11.sentinel

@@ -30,12 +30,11 @@ _modules = {
 						"associate_public_ip_address": "true",
 						"availability_zone":           "${var.aws_region}b",
 						"instance_type":               "${var.instance_type}",
-						"key_name":                    "${var.key_name}",
 						"tags": [
 							{
 								"Name":  "${var.name}",
 								"owner": "[email protected]",
-								"ttl":   "24",
+								"ttl":   "48",
 							},
 						],
 					},
@@ -49,7 +48,7 @@ _modules = {
 						{
 							"config": {
 								"inline": [
-									"ls",
+									"${var.command}",
 								],
 							},
 							"type": "remote-exec",
@@ -67,22 +66,18 @@ _modules = {
 				"default":     "us-east-1",
 				"description": "AWS region",
 			},
+			"command": {
+				"default":     "ls",
+				"description": "",
+			},
 			"instance_type": {
 				"default":     "t2.micro",
 				"description": "type of EC2 instance to provision.",
 			},
-			"key_name": {
-				"default":     null,
-				"description": "name of private key",
-			},
 			"name": {
 				"default":     "Provisioned by Terraform",
 				"description": "name to pass to Name tag",
 			},
-			"private_key_data": {
-				"default":     null,
-				"description": "private key data",
-			},
 		},
 	},
 }

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-fail-0.12.sentinel

@@ -0,0 +1,125 @@
+import "strings"
+import "types"
+
+_modules = {
+	"root": {
+		"data":    {},
+		"modules": {},
+		"outputs": {
+			"public_dns": {
+				"depends_on":  [],
+				"description": "",
+				"references": [
+					"aws_instance.ubuntu",
+				],
+				"sensitive": false,
+				"value":     undefined,
+			},
+		},
+		"providers": {
+			"aws": {
+				"alias":  {},
+				"config": {},
+				"references": {
+					"region": [
+						"var.aws_region",
+					],
+				},
+				"version": "",
+			},
+		},
+		"resources": {
+			"aws_instance": {
+				"ubuntu": {
+					"config": {
+						"associate_public_ip_address": "true",
+					},
+					"provisioners": null,
+					"references": {
+						"ami": [
+							"var.ami_id",
+						],
+						"associate_public_ip_address": [],
+						"availability_zone": [
+							"var.aws_region",
+						],
+						"instance_type": [
+							"var.instance_type",
+						],
+						"tags": [
+							"var.name",
+						],
+					},
+				},
+			},
+			"null_resource": {
+				"post_install": {
+					"config": {},
+					"provisioners": [
+						{
+							"config": {},
+							"references": {
+								"inline": [
+									"var.command",
+								],
+							},
+							"type": "remote-exec",
+						},
+					],
+					"references": {},
+				},
+			},
+		},
+		"variables": {
+			"ami_id": {
+				"default":     "ami-2e1ef954",
+				"description": "ID of the AMI to provision. Default is Ubuntu 14.04 Base Image",
+			},
+			"aws_region": {
+				"default":     "us-east-1",
+				"description": "AWS region",
+			},
+			"command": {
+				"default":     "ls",
+				"description": "",
+			},
+			"instance_type": {
+				"default":     "t2.micro",
+				"description": "type of EC2 instance to provision.",
+			},
+			"name": {
+				"default":     "Provisioned by Terraform",
+				"description": "name to pass to Name tag",
+			},
+		},
+	},
+}
+
+module_paths = [
+	[],
+]
+
+module = func(path) {
+	if types.type_of(path) is not "list" {
+		error("expected list, got", types.type_of(path))
+	}
+
+	if length(path) < 1 {
+		return _modules.root
+	}
+
+	addr = []
+	for path as p {
+		append(addr, "module")
+		append(addr, p)
+	}
+
+	return _modules[strings.join(addr, ".")]
+}
+
+data = _modules.root.data
+modules = _modules.root.modules
+providers = _modules.root.providers
+resources = _modules.root.resources
+variables = _modules.root.variables
+outputs = _modules.root.outputs

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-pass.sentinel renamed to governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-pass-0.11.sentinel

@@ -30,12 +30,11 @@ _modules = {
 						"associate_public_ip_address": "true",
 						"availability_zone":           "${var.aws_region}b",
 						"instance_type":               "${var.instance_type}",
-						"key_name":                    "${var.key_name}",
 						"tags": [
 							{
 								"Name":  "${var.name}",
 								"owner": "[email protected]",
-								"ttl":   "24",
+								"ttl":   "48",
 							},
 						],
 					},
@@ -48,7 +47,9 @@ _modules = {
 					"provisioners": [
 						{
 							"config": {
-								"command": "ls",
+								"command": [
+									"${var.command}",
+								],
 							},
 							"type": "local-exec",
 						},
@@ -65,22 +66,18 @@ _modules = {
 				"default":     "us-east-1",
 				"description": "AWS region",
 			},
+			"command": {
+				"default":     "ls",
+				"description": "",
+			},
 			"instance_type": {
 				"default":     "t2.micro",
 				"description": "type of EC2 instance to provision.",
 			},
-			"key_name": {
-				"default":     null,
-				"description": "name of private key",
-			},
 			"name": {
 				"default":     "Provisioned by Terraform",
 				"description": "name to pass to Name tag",
 			},
-			"private_key_data": {
-				"default":     null,
-				"description": "private key data",
-			},
 		},
 	},
 }

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/mock-tfconfig-pass-0.12.sentinel

@@ -0,0 +1,125 @@
+import "strings"
+import "types"
+
+_modules = {
+	"root": {
+		"data":    {},
+		"modules": {},
+		"outputs": {
+			"public_dns": {
+				"depends_on":  [],
+				"description": "",
+				"references": [
+					"aws_instance.ubuntu",
+				],
+				"sensitive": false,
+				"value":     undefined,
+			},
+		},
+		"providers": {
+			"aws": {
+				"alias":  {},
+				"config": {},
+				"references": {
+					"region": [
+						"var.aws_region",
+					],
+				},
+				"version": "",
+			},
+		},
+		"resources": {
+			"aws_instance": {
+				"ubuntu": {
+					"config": {
+						"associate_public_ip_address": "true",
+					},
+					"provisioners": null,
+					"references": {
+						"ami": [
+							"var.ami_id",
+						],
+						"associate_public_ip_address": [],
+						"availability_zone": [
+							"var.aws_region",
+						],
+						"instance_type": [
+							"var.instance_type",
+						],
+						"tags": [
+							"var.name",
+						],
+					},
+				},
+			},
+			"null_resource": {
+				"post_install": {
+					"config": {},
+					"provisioners": [
+						{
+							"config": {},
+							"references": {
+								"command": [
+									"var.command",
+								],
+							},
+							"type": "local-exec",
+						},
+					],
+					"references": {},
+				},
+			},
+		},
+		"variables": {
+			"ami_id": {
+				"default":     "ami-2e1ef954",
+				"description": "ID of the AMI to provision. Default is Ubuntu 14.04 Base Image",
+			},
+			"aws_region": {
+				"default":     "us-east-1",
+				"description": "AWS region",
+			},
+			"command": {
+				"default":     "ls",
+				"description": "",
+			},
+			"instance_type": {
+				"default":     "t2.micro",
+				"description": "type of EC2 instance to provision.",
+			},
+			"name": {
+				"default":     "Provisioned by Terraform",
+				"description": "name to pass to Name tag",
+			},
+		},
+	},
+}
+
+module_paths = [
+	[],
+]
+
+module = func(path) {
+	if types.type_of(path) is not "list" {
+		error("expected list, got", types.type_of(path))
+	}
+
+	if length(path) < 1 {
+		return _modules.root
+	}
+
+	addr = []
+	for path as p {
+		append(addr, "module")
+		append(addr, p)
+	}
+
+	return _modules[strings.join(addr, ".")]
+}
+
+data = _modules.root.data
+modules = _modules.root.modules
+providers = _modules.root.providers
+resources = _modules.root.resources
+variables = _modules.root.variables
+outputs = _modules.root.outputs

governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/pass.json renamed to governance/second-generation/cloud-agnostic/test/prevent-remote-exec-provisioners-on-null-resources/pass-0.11.json

@@ -1,6 +1,6 @@
 {
   "mock": {
-    "tfconfig": "mock-tfconfig-pass.sentinel"
+    "tfconfig": "mock-tfconfig-pass-0.11.sentinel"
   },
   "test": {
     "main": true