From d3d38ca2c841a1df3facd09c3dfa038c0d2b4679 Mon Sep 17 00:00:00 2001 From: Akash Date: Tue, 25 Feb 2025 17:44:30 +0530 Subject: [PATCH] Fix RDB instance count issue --- .../providers/terraform_plan/handler.py | 9 +- .../fixtures/input_aws_db_instance_count.json | 619 ++++++++++++++++++ .../policy_aws_db_instance_count.json | 22 + 3 files changed, 647 insertions(+), 3 deletions(-) create mode 100644 tests/providers/terraform_plan/fixtures/input_aws_db_instance_count.json create mode 100644 tests/providers/terraform_plan/fixtures/policy_aws_db_instance_count.json diff --git a/src/tirith/providers/terraform_plan/handler.py b/src/tirith/providers/terraform_plan/handler.py index 2235a35..3227813 100644 --- a/src/tirith/providers/terraform_plan/handler.py +++ b/src/tirith/providers/terraform_plan/handler.py @@ -147,10 +147,13 @@ def provide(provider_inputs, input_data): resource_type = provider_inputs["terraform_resource_type"] for resource_change in resource_changes: if resource_type in (resource_change["type"], "*"): - # No need to check if the resource is not found - # because the count of a resource can be zero resource_meta = resource_change - count += 1 + + # Check if the resource has an "index" key + if "index" in resource_change: + count += 1 # Add 1 for each indexed instance + else: + count += 1 # Standard single instance counting outputs.append( { diff --git a/tests/providers/terraform_plan/fixtures/input_aws_db_instance_count.json b/tests/providers/terraform_plan/fixtures/input_aws_db_instance_count.json new file mode 100644 index 0000000..c68cb15 --- /dev/null +++ b/tests/providers/terraform_plan/fixtures/input_aws_db_instance_count.json @@ -0,0 +1,619 @@ +{ + "format_version": "1.2", + "terraform_version": "1.10.1", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "aws_db_instance.example[0]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 0, + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 2, + "values": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "sensitive_values": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + }, + { + "address": "aws_db_instance.example[1]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 1, + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 2, + "values": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "sensitive_values": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + }, + { + "address": "aws_db_instance.example[2]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 2, + "provider_name": "registry.terraform.io/hashicorp/aws", + "schema_version": 2, + "values": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "sensitive_values": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "aws_db_instance.example[0]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 0, + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "after_unknown": { + "address": true, + "arn": true, + "availability_zone": true, + "backup_retention_period": true, + "backup_target": true, + "backup_window": true, + "blue_green_update": [], + "ca_cert_identifier": true, + "character_set_name": true, + "db_name": true, + "db_subnet_group_name": true, + "domain_fqdn": true, + "endpoint": true, + "engine_lifecycle_support": true, + "engine_version_actual": true, + "hosted_zone_id": true, + "id": true, + "identifier": true, + "identifier_prefix": true, + "iops": true, + "kms_key_id": true, + "latest_restorable_time": true, + "license_model": true, + "listener_endpoint": true, + "maintenance_window": true, + "master_user_secret": true, + "master_user_secret_kms_key_id": true, + "monitoring_role_arn": true, + "multi_az": true, + "nchar_character_set_name": true, + "network_type": true, + "option_group_name": true, + "performance_insights_kms_key_id": true, + "performance_insights_retention_period": true, + "port": true, + "replica_mode": true, + "replicas": true, + "resource_id": true, + "restore_to_point_in_time": [], + "s3_import": [], + "snapshot_identifier": true, + "status": true, + "storage_throughput": true, + "tags_all": true, + "timezone": true, + "vpc_security_group_ids": true + }, + "before_sensitive": false, + "after_sensitive": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + } + }, + { + "address": "aws_db_instance.example[1]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 1, + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "after_unknown": { + "address": true, + "arn": true, + "availability_zone": true, + "backup_retention_period": true, + "backup_target": true, + "backup_window": true, + "blue_green_update": [], + "ca_cert_identifier": true, + "character_set_name": true, + "db_name": true, + "db_subnet_group_name": true, + "domain_fqdn": true, + "endpoint": true, + "engine_lifecycle_support": true, + "engine_version_actual": true, + "hosted_zone_id": true, + "id": true, + "identifier": true, + "identifier_prefix": true, + "iops": true, + "kms_key_id": true, + "latest_restorable_time": true, + "license_model": true, + "listener_endpoint": true, + "maintenance_window": true, + "master_user_secret": true, + "master_user_secret_kms_key_id": true, + "monitoring_role_arn": true, + "multi_az": true, + "nchar_character_set_name": true, + "network_type": true, + "option_group_name": true, + "performance_insights_kms_key_id": true, + "performance_insights_retention_period": true, + "port": true, + "replica_mode": true, + "replicas": true, + "resource_id": true, + "restore_to_point_in_time": [], + "s3_import": [], + "snapshot_identifier": true, + "status": true, + "storage_throughput": true, + "tags_all": true, + "timezone": true, + "vpc_security_group_ids": true + }, + "before_sensitive": false, + "after_sensitive": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + } + }, + { + "address": "aws_db_instance.example[2]", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "index": 2, + "provider_name": "registry.terraform.io/hashicorp/aws", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "auto_minor_version_upgrade": true, + "blue_green_update": [], + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": null, + "customer_owned_ip_enabled": null, + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": null, + "domain": null, + "domain_auth_secret_arn": null, + "domain_dns_ips": null, + "domain_iam_role_name": null, + "domain_ou": null, + "enabled_cloudwatch_logs_exports": null, + "engine": "mysql", + "engine_version": "8.0", + "final_snapshot_identifier": null, + "iam_database_authentication_enabled": null, + "instance_class": "db.t2.micro", + "manage_master_user_password": null, + "max_allocated_storage": null, + "monitoring_interval": 0, + "parameter_group_name": "default.mysql8.0", + "password": "YourStrongPassword123", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "publicly_accessible": false, + "replicate_source_db": null, + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": true, + "storage_encrypted": null, + "storage_type": "gp2", + "tags": null, + "timeouts": null, + "upgrade_storage_config": null, + "username": "admin" + }, + "after_unknown": { + "address": true, + "arn": true, + "availability_zone": true, + "backup_retention_period": true, + "backup_target": true, + "backup_window": true, + "blue_green_update": [], + "ca_cert_identifier": true, + "character_set_name": true, + "db_name": true, + "db_subnet_group_name": true, + "domain_fqdn": true, + "endpoint": true, + "engine_lifecycle_support": true, + "engine_version_actual": true, + "hosted_zone_id": true, + "id": true, + "identifier": true, + "identifier_prefix": true, + "iops": true, + "kms_key_id": true, + "latest_restorable_time": true, + "license_model": true, + "listener_endpoint": true, + "maintenance_window": true, + "master_user_secret": true, + "master_user_secret_kms_key_id": true, + "monitoring_role_arn": true, + "multi_az": true, + "nchar_character_set_name": true, + "network_type": true, + "option_group_name": true, + "performance_insights_kms_key_id": true, + "performance_insights_retention_period": true, + "port": true, + "replica_mode": true, + "replicas": true, + "resource_id": true, + "restore_to_point_in_time": [], + "s3_import": [], + "snapshot_identifier": true, + "status": true, + "storage_throughput": true, + "tags_all": true, + "timezone": true, + "vpc_security_group_ids": true + }, + "before_sensitive": false, + "after_sensitive": { + "blue_green_update": [], + "listener_endpoint": [], + "master_user_secret": [], + "password": true, + "password_wo": true, + "replicas": [], + "restore_to_point_in_time": [], + "s3_import": [], + "tags_all": {}, + "vpc_security_group_ids": [] + } + } + } + ], + "configuration": { + "provider_config": { + "aws": { + "name": "aws", + "full_name": "registry.terraform.io/hashicorp/aws", + "expressions": { + "region": { + "constant_value": "us-east-1" + } + } + } + }, + "root_module": { + "resources": [ + { + "address": "aws_db_instance.example", + "mode": "managed", + "type": "aws_db_instance", + "name": "example", + "provider_config_key": "aws", + "expressions": { + "allocated_storage": { + "constant_value": 20 + }, + "engine": { + "constant_value": "mysql" + }, + "engine_version": { + "constant_value": "8.0" + }, + "instance_class": { + "constant_value": "db.t2.micro" + }, + "parameter_group_name": { + "constant_value": "default.mysql8.0" + }, + "password": { + "constant_value": "YourStrongPassword123" + }, + "skip_final_snapshot": { + "constant_value": true + }, + "storage_type": { + "constant_value": "gp2" + }, + "username": { + "constant_value": "admin" + } + }, + "schema_version": 2, + "count_expression": { + "constant_value": 3 + } + } + ] + } + }, + "timestamp": "2025-02-25T11:01:39Z", + "applyable": true, + "complete": true, + "errored": false +} \ No newline at end of file diff --git a/tests/providers/terraform_plan/fixtures/policy_aws_db_instance_count.json b/tests/providers/terraform_plan/fixtures/policy_aws_db_instance_count.json new file mode 100644 index 0000000..02909a6 --- /dev/null +++ b/tests/providers/terraform_plan/fixtures/policy_aws_db_instance_count.json @@ -0,0 +1,22 @@ +{ + "meta": { + "version": "v1", + "required_provider": "stackguardian/terraform_plan" + }, + "evaluators": [ + { + "id": "aws_db_instance_count", + "description": "Make sure that there are less than 2 RDS instances", + "provider_args": { + "operation_type": "count", + "terraform_resource_type": "aws_db_instance" + }, + "condition": { + "type": "LessThan", + "value": 2, + "error_tolerance": 2 + } + } + ], + "eval_expression": "aws_db_instance_count" +} \ No newline at end of file