Skip to content

Commit

Permalink
refactor: Bump pre-commit and remediate checkov warnings (#35)
Browse files Browse the repository at this point in the history
  • Loading branch information
@acelebanski
acelebanski authored Apr 4, 2024
1 parent 7f01d41 commit cd73452
Show file tree
Hide file tree
Showing 36 changed files with 126 additions and 97 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/help-command.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
name: ChatOPS Help
run-name: "Display ChatOPS help (#${{ github.event.inputs.pr-id }}) ${{ github.event.inputs.pr-title }}"

permissions:
contents: read

on:
workflow_dispatch:
inputs:
Expand Down
6 changes: 3 additions & 3 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ repos:
- --args=--only=terraform_workspace_remote
id: terraform_tflint
repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.83.0
rev: v1.88.4
- hooks:
- args:
- --compact
- --quiet
- --skip-check
- CKV_AZURE_118,CKV_AZURE_119,CKV_AZURE_120,CKV2_AZURE_10,CKV2_AZURE_12,CKV_AZURE_35,CKV_AZURE_206,CKV_AZURE_93,CKV2_AZURE_1,CKV2_AZURE_18,CKV_AZURE_97,CKV_AZURE_59,CKV_AZURE_190,CKV2_AZURE_33,CKV_AZURE_179,CKV_AZURE_1,CKV_AZURE_49,CKV_AZURE_217,CKV_AZURE_218
- CKV_GHA_7,CKV_AZURE_1,CKV_AZURE_35,CKV_AZURE_44,CKV_AZURE_49,CKV_AZURE_59,CKV_AZURE_93,CKV_AZURE_97,CKV_AZURE_118,CKV_AZURE_119,CKV_AZURE_120,CKV_AZURE_179,CKV_AZURE_190,CKV_AZURE_206,CKV_AZURE_217,CKV_AZURE_218,CKV2_AZURE_1,CKV2_AZURE_10,CKV2_AZURE_12,CKV2_AZURE_18,CKV2_AZURE_33,CKV2_AZURE_39,CKV2_AZURE_40,CKV2_AZURE_41
id: checkov
verbose: true
repo: https://github.com/bridgecrewio/checkov.git
rev: 2.4.22
rev: 3.2.50
3 changes: 2 additions & 1 deletion examples/common_vmseries/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -895,6 +895,7 @@ map(object({
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -1073,13 +1074,13 @@ map(object({
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
3 changes: 2 additions & 1 deletion examples/common_vmseries/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,7 @@ variable "bootstrap_storages" {
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -732,13 +733,13 @@ variable "vmseries" {
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
2 changes: 1 addition & 1 deletion examples/common_vmseries_and_autoscale/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,7 @@ map(object({
zones = optional(list(string))
disk_type = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
overprovision = optional(bool)
platform_fault_domain_count = optional(number)
Expand All @@ -932,7 +933,6 @@ map(object({
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string), [])
allow_extension_operations = optional(bool)
}))
autoscaling_configuration = optional(object({
default_count = optional(number)
Expand Down
2 changes: 1 addition & 1 deletion examples/common_vmseries_and_autoscale/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,7 @@ variable "scale_sets" {
zones = optional(list(string))
disk_type = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
overprovision = optional(bool)
platform_fault_domain_count = optional(number)
Expand All @@ -585,7 +586,6 @@ variable "scale_sets" {
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string), [])
allow_extension_operations = optional(bool)
}))
autoscaling_configuration = optional(object({
default_count = optional(number)
Expand Down
3 changes: 2 additions & 1 deletion examples/dedicated_vmseries/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -899,6 +899,7 @@ map(object({
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -1077,13 +1078,13 @@ map(object({
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
3 changes: 2 additions & 1 deletion examples/dedicated_vmseries/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,7 @@ variable "bootstrap_storages" {
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -732,13 +733,13 @@ variable "vmseries" {
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
2 changes: 1 addition & 1 deletion examples/dedicated_vmseries_and_autoscale/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -918,6 +918,7 @@ map(object({
zones = optional(list(string))
disk_type = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
overprovision = optional(bool)
platform_fault_domain_count = optional(number)
Expand All @@ -926,7 +927,6 @@ map(object({
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string), [])
allow_extension_operations = optional(bool)
}))
autoscaling_configuration = optional(object({
default_count = optional(number)
Expand Down
2 changes: 1 addition & 1 deletion examples/dedicated_vmseries_and_autoscale/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,7 @@ variable "scale_sets" {
zones = optional(list(string))
disk_type = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
overprovision = optional(bool)
platform_fault_domain_count = optional(number)
Expand All @@ -585,7 +586,6 @@ variable "scale_sets" {
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string), [])
allow_extension_operations = optional(bool)
}))
autoscaling_configuration = optional(object({
default_count = optional(number)
Expand Down
3 changes: 2 additions & 1 deletion examples/gwlb_with_vmseries/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,6 +549,7 @@ map(object({
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -722,13 +723,13 @@ map(object({
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
3 changes: 2 additions & 1 deletion examples/gwlb_with_vmseries/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,7 @@ variable "bootstrap_storages" {
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -459,13 +460,13 @@ variable "vmseries" {
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
21 changes: 11 additions & 10 deletions examples/standalone_panorama/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,16 +442,17 @@ map(object({
custom_id = optional(string)
})
virtual_machine = object({
size = optional(string)
zone = string
disk_type = optional(string)
disk_name = optional(string)
avset_key = optional(string)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
size = optional(string)
zone = string
disk_type = optional(string)
disk_name = optional(string)
avset_key = optional(string)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
})
interfaces = list(object({
name = string
Expand Down
21 changes: 11 additions & 10 deletions examples/standalone_panorama/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,16 +219,17 @@ variable "panoramas" {
custom_id = optional(string)
})
virtual_machine = object({
size = optional(string)
zone = string
disk_type = optional(string)
disk_name = optional(string)
avset_key = optional(string)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
size = optional(string)
zone = string
disk_type = optional(string)
disk_name = optional(string)
avset_key = optional(string)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
})
interfaces = list(object({
name = string
Expand Down
3 changes: 2 additions & 1 deletion examples/standalone_vmseries/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -830,6 +830,7 @@ map(object({
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -1008,13 +1009,13 @@ map(object({
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
3 changes: 2 additions & 1 deletion examples/standalone_vmseries/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,7 @@ variable "bootstrap_storages" {
replication_type = optional(string)
kind = optional(string)
tier = optional(string)
blob_retention = optional(number)
}), {})
storage_network_security = optional(object({
min_tls_version = optional(string)
Expand Down Expand Up @@ -732,13 +733,13 @@ variable "vmseries" {
disk_name = optional(string)
avset_key = optional(string)
accelerated_networking = optional(bool)
allow_extension_operations = optional(bool)
encryption_at_host_enabled = optional(bool)
disk_encryption_set_id = optional(string)
enable_boot_diagnostics = optional(bool, true)
boot_diagnostics_storage_uri = optional(string)
identity_type = optional(string)
identity_ids = optional(list(string))
allow_extension_operations = optional(bool)
})
interfaces = list(object({
name = string
Expand Down
4 changes: 3 additions & 1 deletion modules/bootstrap/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,8 @@ Following properties are available:
- `tier` - (`string`, optional, defaults to `Standard`) only for newly created Storage Accounts, defines the
account tier. Can be either `Standard` or `Premium`. Note, that for `kind` set to `BlockBlobStorage` or
`FileStorage` the `tier` can only be set to `Premium`.
- `blob_retention` - (`number`, optional, defaults to Azure default) specifies the number of days that the blob should be
retained before irreversibly deleted. When set to `0`, soft delete is disabled for the Storage Account.


Type:
Expand All @@ -267,6 +269,7 @@ object({
replication_type = optional(string, "LRS")
kind = optional(string, "StorageV2")
tier = optional(string, "Standard")
blob_retention = optional(number)
})
```

Expand Down Expand Up @@ -403,5 +406,4 @@ Default value: `map[]`

<sup>[back to list](#modules-optional-inputs)</sup>


<!-- END_TF_DOCS -->
25 changes: 16 additions & 9 deletions modules/bootstrap/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,26 @@
resource "azurerm_storage_account" "this" {
count = var.storage_account.create ? 1 : 0

name = var.name
location = var.region
resource_group_name = var.resource_group_name
min_tls_version = var.storage_network_security.min_tls_version
account_replication_type = var.storage_account.replication_type
account_tier = var.storage_account.tier
account_kind = var.storage_account.kind
tags = var.tags
name = var.name
location = var.region
resource_group_name = var.resource_group_name
min_tls_version = var.storage_network_security.min_tls_version
allow_nested_items_to_be_public = false
account_replication_type = var.storage_account.replication_type
account_tier = var.storage_account.tier
account_kind = var.storage_account.kind
tags = var.tags

blob_properties {
delete_retention_policy {
days = var.storage_account.blob_retention
}
}

lifecycle {
precondition {
condition = var.region != null
error_message = "When creating a storage account the `location` variable cannot be null."
error_message = "When creating a storage account the `region` variable cannot be null."
}
}
}
Expand Down
Loading

0 comments on commit cd73452

Please sign in to comment.