Skip to content

Commit

Permalink
Merge pull request #206 from chapipo/fix/exception-not-loaded-on-builtin
Browse files Browse the repository at this point in the history
Fix/exception not loaded on terraform builtin
  • Loading branch information
Keith Monihen authored Jun 25, 2020
2 parents 5ee9758 + 26a3a16 commit 8e87d18
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,4 @@ cover-cli:
smoke-test:
@$(BUILD_DIR)/config-lint -terraform cli/testdata/smoketest_tf12.tf
@$(BUILD_DIR)/config-lint -tfparser tf11 -terraform cli/testdata/smoketest_tf11.tf

@$(BUILD_DIR)/config-lint -tfparser tf11 -terraform -profile cli/testdata/profile-exceptions.yml cli/testdata/smoketest_exceptions.tf
4 changes: 3 additions & 1 deletion cli/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,6 @@ func main() {
fmt.Printf("Failed to load rules: %v\n", err)
os.Exit(-1)
}
ruleSets = addExceptions(ruleSets, profileOptions.Exceptions)
// Same rule set applies to both TerraformBuiltInRules and Terraform11BuiltInRules
// loadBuiltInRuleSet can be called recursively against a directory, as done here,
// or can be called against a single file, as done with lint-rule.yml
Expand All @@ -152,6 +151,9 @@ func main() {
fmt.Println("No rules")
os.Exit(-1)
}

ruleSets = addExceptions(ruleSets, profileOptions.Exceptions)

os.Exit(applyRules(ruleSets, configFilenames, linterOptions, DefaultReportWriter{Writer: os.Stdout}))
}

Expand Down
16 changes: 16 additions & 0 deletions cli/testdata/profile-exceptions.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---

terraform: true

files:
- "*.tf"

exceptions:
- RuleID: IAM_ROLE_WILDCARD_ACTION
ResourceCategory: resource
ResourceType: aws_iam_role
ResourceID: role2
Comments: Just because

tags:
- iam
2 changes: 1 addition & 1 deletion cli/testdata/profile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ exceptions:
- RuleID: ROLE_WILDCARD_ACTION
ResourceCategory: resource
ResourceType: aws_iam_role
ResouceID: role2
ResourceID: role2
Comments: Just because

tags:
Expand Down
19 changes: 19 additions & 0 deletions cli/testdata/smoketest_exceptions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "aws_iam_role" "role2" {
name = "role2"

assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
2 changes: 1 addition & 1 deletion docs/profiles.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ exceptions:
- RuleID: S3_BUCKET_ACL
ResourceCategory: resource
ResourceType: aws_s3_bucket
ResouceID: simple_website
ResourceID: simple_website
Comments: This bucket hosts a public website
```

0 comments on commit 8e87d18

Please sign in to comment.