fix(query): update ebs not optimized queries #5020
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add a list of optimized queries by default on `common.json`; - Add a function on `common.rego` to check if instance type is listed on optimized by default instance's list; - Add this check to ebs optimizes rules on terraform, ansible and cloud formation; - Add new test files to validate cases where instance type is optimized by default; - Fix some minor errors; For this fix is important to note there is an explanation which documentation was used to decide what is default value for instance type. Signed-off-by: Felipe Avelar <[email protected]>
|
Scan submitted to Checkmarx |
|
Cx-SAST SummaryTotal of 5 vulnerabilities Violation SummaryNo policy violation found |
Signed-off-by: Felipe Avelar <[email protected]>
rafaela-soares
suggested changes
Mar 21, 2022
There was a problem hiding this comment.
Hello, @lipeavelar! So glad to see you here ❤️ We miss you a lot!
Thank you so much for continuing to contribute! I hope you are doing well!
Signed-off-by: Felipe Avelar <[email protected]>
rafaela-soares
suggested changes
Mar 24, 2022
There was a problem hiding this comment.
@lipeavelar , sorry for noticing just now, but I think we should check if the field ebs optimized is set to false when there is no instance type with ebs optimized by default.
As mentioned in the documentation, "There is no need to enable EBS optimization and no effect if you disable EBS optimization".
I left some suggestions. The sample applies to the Terraform query.
assets/queries/cloudFormation/aws/ec2_not_ebs_optimized/query.rego
Outdated
Show resolved
Hide resolved
false Signed-off-by: Felipe Avelar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #4968
Proposed Changes
common.json;common.regoto check if instance type is listed onoptimized by default instance's list;
formation;
by default;
For this fix is important to note there is an explanation which
documentation was used to decide what is default value for instance
type.
Signed-off-by: Felipe Avelar [email protected]
I submit this contribution under the Apache-2.0 license.