Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

[BUG] Terraform plan flie is not automatically picked up when it has been included in the gitingore file #369

Open
jperez3 opened this issue Nov 4, 2022 · 0 comments
Open

[BUG] Terraform plan flie is not automatically picked up when it has been included in the gitingore file #369

jperez3 opened this issue Nov 4, 2022 · 0 comments

Comments

@jperez3
Copy link

jperez3 commented Nov 4, 2022

Describe the bug
While throwing together a proof of concept, I noticed that the generated tfplan.json file is ignored by regula run when tfplan.json is included in the .gitignore file. I'm not sure if this is the intention or not, but thought it's worth calling on or making a note of it in documentation. In general practice of putting regula into a build pipeline, it's less of an issue since you're probably not committing code, but as a general practice I would like to keep plan outputs out of git because they might contain sensitive information.

How you're running Regula
Please include versions of all relevant tools. Some examples:

  • I'm using Regula2.9.3, build a58739c, built with OPA v0.43.1 and a Terraform plan JSON input that I generated with Terraform v0.14.11
  • I'm using Regula v2.9.3 as a CLI tool and my Terraform source code as an input:
regula run -i ./rules

.regula.yaml

environment-id: ""
exclude: [FG_R00355,FG_R00354,FG_R00275,FG_R00274,FG_R00101,FG_R00100]
format: table
input-type:
- tf
- tf-plan
no-built-ins: true
no-ignore: false
only: []
severity: critical
sync: false
var-file: []

Operating System
MacOS Monterey 12.6

Steps to reproduce

  1. Add tfplan.json to your repo's .gitignore
  2. Run terraform init
  3. Run terraform plan -out=tfplan
  4. Run terraform show -json ./tfplan > tfplan.json
  5. Run regula run -i ./rules or specifying any other custom rules

The output should have reporting based on the terraform files, but not the tfplan.json

IaC Configuration
If applicable, please include a minimal configuration that we can use to reproduce the issue. Valid configurations save us a lot of time in troubleshooting. So please, try using what you post to reproduce the issue to verify that it demonstrates the problem.

resource "aws_s3_bucket" "tacos" {
  bucket = "abcdefghijk-tacos"
}

resource "aws_security_group" "tacos" {
  name = "tacos"
}

resource "aws_security_group_rule" "tacos" {
  type        = "ingress"
  cidr_blocks = ["0.0.0.0/0"]
  protocol = "tcp"
  from_port = 443
  to_port = 443
  security_group_id = aws_security_group.tacos.id
}


resource "aws_iam_user" "joe" {
  name = "joe"
  path = "/"
}

Additional context
nothing other than thank you for building/maintaining this cool project 🙏🏽
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jperez3