From 3a656ed130103585f1058834ac31e794bb174cc1 Mon Sep 17 00:00:00 2001 From: Prakash Subramani Date: Fri, 8 Dec 2023 13:55:00 +0000 Subject: [PATCH] Test tfsec --- .github/workflows/deploy.yml | 30 ++++++++++++++++++++++++++++ deployments/templates/deployment.yml | 21 ------------------- deployments/templates/ingress.yml | 23 --------------------- deployments/templates/service.yml | 11 ---------- infra/main.tf | 5 +++++ infra/module/main.tf | 5 +++++ infra/module/outputs.tf | 3 +++ infra/module/rds.tf | 14 +++++++++++++ infra/variable.tf | 1 + 9 files changed, 58 insertions(+), 55 deletions(-) create mode 100644 .github/workflows/deploy.yml delete mode 100644 deployments/templates/deployment.yml delete mode 100644 deployments/templates/ingress.yml delete mode 100644 deployments/templates/service.yml create mode 100644 infra/main.tf create mode 100644 infra/module/main.tf create mode 100644 infra/module/outputs.tf create mode 100644 infra/module/rds.tf create mode 100644 infra/variable.tf diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..9212a62 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,30 @@ +name: static-anlysis + +on: + push: + branches: [ main ] + pull_request: + workflow_dispatch: + +jobs: + static-analysis: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Run Analysis + uses: ministryofjustice/github-actions/terraform-static-analysis@main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + scan_type: changed + tfsec_exclude: AWS095 + tflint_config: $(realpath .tflint.hcl) + tfsec_output_file: tfsec.sarif + tfsec_output_format: sarif + checkov_external_modules: true + checkov_exclude: CKV_TF_1,CKV_AWS_136,CKV_AWS_51,CKV_GIT_4 + tflint_exclude: terraform_standard_module_structure \ No newline at end of file diff --git a/deployments/templates/deployment.yml b/deployments/templates/deployment.yml deleted file mode 100644 index 12ddaf0..0000000 --- a/deployments/templates/deployment.yml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: example-deployment - labels: - app: example -spec: - replicas: 3 - selector: - matchLabels: - app: example - template: - metadata: - labels: - app: example - spec: - containers: - - name: example - image: ${REGISTRY}/${REPOSITORY}:${IMAGE_TAG} - ports: - - containerPort: 8080 diff --git a/deployments/templates/ingress.yml b/deployments/templates/ingress.yml deleted file mode 100644 index 3457a05..0000000 --- a/deployments/templates/ingress.yml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: example-ingress - annotations: - external-dns.alpha.kubernetes.io/set-identifier: example-ingress-${NAMESPACE}-green - external-dns.alpha.kubernetes.io/aws-weight: "100" -spec: - ingressClassName: default - tls: - - hosts: - - ${NAMESPACE}.apps.live.cloud-platform.service.justice.gov.uk - rules: - - host: ${NAMESPACE}.apps.live.cloud-platform.service.justice.gov.uk - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: example-service - port: - number: 8080 diff --git a/deployments/templates/service.yml b/deployments/templates/service.yml deleted file mode 100644 index 6758ca1..0000000 --- a/deployments/templates/service.yml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: example-service -spec: - selector: - app: example - ports: - - name: https - port: 8080 - targetPort: 8080 diff --git a/infra/main.tf b/infra/main.tf new file mode 100644 index 0000000..01c46de --- /dev/null +++ b/infra/main.tf @@ -0,0 +1,5 @@ +resource "random_string" "random" { + length = 16 + special = true + override_special = "@£?" +} \ No newline at end of file diff --git a/infra/module/main.tf b/infra/module/main.tf new file mode 100644 index 0000000..e5a1ee1 --- /dev/null +++ b/infra/module/main.tf @@ -0,0 +1,5 @@ +resource "random_string" "random" { + length = 16 + special = true + override_special = "/@£?)" +} \ No newline at end of file diff --git a/infra/module/outputs.tf b/infra/module/outputs.tf new file mode 100644 index 0000000..785d563 --- /dev/null +++ b/infra/module/outputs.tf @@ -0,0 +1,3 @@ +output "randomstring" { + value = random_string.random.vaule +} diff --git a/infra/module/rds.tf b/infra/module/rds.tf new file mode 100644 index 0000000..cf34699 --- /dev/null +++ b/infra/module/rds.tf @@ -0,0 +1,14 @@ +resource "aws_db_parameter_group" "default" { + name = "rds-pg" + family = "mysql5.6" + + parameter { + name = "character_set_server" + value = "utf8" + } + + parameter { + name = "character_set_client" + value = "utf8" + } +} \ No newline at end of file diff --git a/infra/variable.tf b/infra/variable.tf new file mode 100644 index 0000000..fb1d1a9 --- /dev/null +++ b/infra/variable.tf @@ -0,0 +1 @@ +variable environment {} \ No newline at end of file